bea637fa858e748455e7b9d721089f171b7d8a6f828d976fb617c13e0eb79965

Analysis

max time kernel
150s
max time network
124s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
29/05/2024, 01:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bea637fa858e748455e7b9d721089f171b7d8a6f828d976fb617c13e0eb79965.exe
Size

184KB
MD5

5c44fd0f11fce3ca8c670df558b03331
SHA1

fbd68f21f2563a97d6028f90b459e5436f2ecaee
SHA256

bea637fa858e748455e7b9d721089f171b7d8a6f828d976fb617c13e0eb79965
SHA512

dadd71589f6668a59f1d4dd842850b47e93514aa8ed69d3d62e4a9c2266b163d4a4c86227a84a30d961a67d65060f1c99db51fabde69b8976a7a26ce70257650
SSDEEP

1536:U7Srf9Z3uHfxo7xlt44rlawMySIyv1cl6bd8xcLG20z3t/hl5hj5nizpvt:a4aHfxolr44MdyRWqhcLGDd/hlnViFV

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
3040	Unicorn-4651.exe
2616	Unicorn-58232.exe
2604	Unicorn-45041.exe
848	Unicorn-4722.exe
2392	Unicorn-35091.exe
2512	Unicorn-17171.exe
2808	Unicorn-13451.exe
2452	Unicorn-9813.exe
1456	Unicorn-27602.exe
1240	Unicorn-62543.exe
816	Unicorn-38444.exe
332	Unicorn-19415.exe
2924	Unicorn-18900.exe
2080	Unicorn-30318.exe
1920	Unicorn-64334.exe
2860	Unicorn-59736.exe
1176	Unicorn-14064.exe
1764	Unicorn-24375.exe
1012	Unicorn-44241.exe
108	Unicorn-37747.exe
1716	Unicorn-2806.exe
1292	Unicorn-55536.exe
1760	Unicorn-38323.exe
2268	Unicorn-3382.exe
2252	Unicorn-36787.exe
2364	Unicorn-7762.exe
980	Unicorn-53626.exe
636	Unicorn-9900.exe
2196	Unicorn-9900.exe
896	Unicorn-60554.exe
2292	Unicorn-40688.exe
1524	Unicorn-7824.exe
2592	Unicorn-47986.exe
2556	Unicorn-14955.exe
2504	Unicorn-28469.exe
2468	Unicorn-8603.exe
2064	Unicorn-47820.exe
1956	Unicorn-27954.exe
2744	Unicorn-41467.exe
2920	Unicorn-48012.exe
1628	Unicorn-51660.exe
1728	Unicorn-14773.exe
2688	Unicorn-18028.exe
2580	Unicorn-18028.exe
1896	Unicorn-46678.exe
784	Unicorn-33871.exe
1572	Unicorn-57389.exe
292	Unicorn-11717.exe
1228	Unicorn-58095.exe
2996	Unicorn-38421.exe
2972	Unicorn-58287.exe
1932	Unicorn-5557.exe
1440	Unicorn-25615.exe
1880	Unicorn-52343.exe
756	Unicorn-17402.exe
2344	Unicorn-40340.exe
1812	Unicorn-42286.exe
2332	Unicorn-42286.exe
1636	Unicorn-57937.exe
2236	Unicorn-38839.exe
2632	Unicorn-23380.exe
2436	Unicorn-205.exe
2464	Unicorn-35592.exe
2732	Unicorn-64242.exe

Loads dropped DLL 64 IoCs

pid	Process
996	bea637fa858e748455e7b9d721089f171b7d8a6f828d976fb617c13e0eb79965.exe
996	bea637fa858e748455e7b9d721089f171b7d8a6f828d976fb617c13e0eb79965.exe
3040	Unicorn-4651.exe
996	bea637fa858e748455e7b9d721089f171b7d8a6f828d976fb617c13e0eb79965.exe
996	bea637fa858e748455e7b9d721089f171b7d8a6f828d976fb617c13e0eb79965.exe
3040	Unicorn-4651.exe
2616	Unicorn-58232.exe
2616	Unicorn-58232.exe
2604	Unicorn-45041.exe
2604	Unicorn-45041.exe
3040	Unicorn-4651.exe
3040	Unicorn-4651.exe
2752	WerFault.exe
2752	WerFault.exe
2752	WerFault.exe
2752	WerFault.exe
2752	WerFault.exe
848	Unicorn-4722.exe
848	Unicorn-4722.exe
2616	Unicorn-58232.exe
2616	Unicorn-58232.exe
2604	Unicorn-45041.exe
2604	Unicorn-45041.exe
2392	Unicorn-35091.exe
2392	Unicorn-35091.exe
2512	Unicorn-17171.exe
2512	Unicorn-17171.exe
384	WerFault.exe
384	WerFault.exe
384	WerFault.exe
384	WerFault.exe
384	WerFault.exe
616	WerFault.exe
616	WerFault.exe
616	WerFault.exe
616	WerFault.exe
616	WerFault.exe
2808	Unicorn-13451.exe
2808	Unicorn-13451.exe
848	Unicorn-4722.exe
848	Unicorn-4722.exe
2452	Unicorn-9813.exe
2452	Unicorn-9813.exe
1240	Unicorn-62543.exe
1240	Unicorn-62543.exe
2392	Unicorn-35091.exe
2392	Unicorn-35091.exe
1456	Unicorn-27602.exe
1456	Unicorn-27602.exe
2512	Unicorn-17171.exe
2512	Unicorn-17171.exe
816	Unicorn-38444.exe
816	Unicorn-38444.exe
1620	WerFault.exe
1620	WerFault.exe
1620	WerFault.exe
1620	WerFault.exe
1620	WerFault.exe
2648	WerFault.exe
2648	WerFault.exe
2648	WerFault.exe
2648	WerFault.exe
2648	WerFault.exe
1140	WerFault.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2508	996	WerFault.exe	27
2752	3040	WerFault.exe	28
384	2616	WerFault.exe	30
616	2604	WerFault.exe	29
1620	848	WerFault.exe	32
2648	2392	WerFault.exe	33
1140	2512	WerFault.exe	34
2520	2808	WerFault.exe	36
1900	2452	WerFault.exe	37
1732	1240	WerFault.exe	39
2700	1456	WerFault.exe	38
2240	816	WerFault.exe	40
2044	332	WerFault.exe	43
1144	2924	WerFault.exe	44
284	2080	WerFault.exe	45
956	2860	WerFault.exe	47
1496	1176	WerFault.exe	48
2128	1764	WerFault.exe	49
1924	1920	WerFault.exe	46
3008	1012	WerFault.exe	50
2928	1716	WerFault.exe	55
1544	108	WerFault.exe	54
1548	1760	WerFault.exe	57
1604	1292	WerFault.exe	56
1660	2268	WerFault.exe	58
1648	2252	WerFault.exe	59
2220	2364	WerFault.exe	60
2852	980	WerFault.exe	61
2076	636	WerFault.exe	63
1004	2292	WerFault.exe	65
948	896	WerFault.exe	64
1884	2196	WerFault.exe	62
1528	1524	WerFault.exe	66
3728	2592	WerFault.exe	70
3824	2744	WerFault.exe	78
3872	2688	WerFault.exe	83
3932	784	WerFault.exe	85
3944	292	WerFault.exe	86
3952	2504	WerFault.exe	74
1756	1572	WerFault.exe	87
488	2064	WerFault.exe	77
3108	2468	WerFault.exe	75
3204	1956	WerFault.exe	76
3300	2920	WerFault.exe	79
3372	1812	WerFault.exe	105
3412	2236	WerFault.exe	107
3432	2632	WerFault.exe	108
3524	2332	WerFault.exe	104
3572	2436	WerFault.exe	109
3636	2464	WerFault.exe	110
3864	2580	WerFault.exe	82
3928	1932	WerFault.exe	91
3248	2584	WerFault.exe	128
3584	2148	WerFault.exe	127
3620	2248	WerFault.exe	120
3776	696	WerFault.exe	117
3736	2916	WerFault.exe	122
3352	952	WerFault.exe	125
4052	1724	WerFault.exe	124
3076	1260	WerFault.exe	118
3508	852	WerFault.exe	119
3164	1896	WerFault.exe	84
3564	2500	WerFault.exe	129
4152	1440	WerFault.exe	92

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
996	bea637fa858e748455e7b9d721089f171b7d8a6f828d976fb617c13e0eb79965.exe
3040	Unicorn-4651.exe
2616	Unicorn-58232.exe
2604	Unicorn-45041.exe
848	Unicorn-4722.exe
2392	Unicorn-35091.exe
2512	Unicorn-17171.exe
2808	Unicorn-13451.exe
2452	Unicorn-9813.exe
1456	Unicorn-27602.exe
1240	Unicorn-62543.exe
816	Unicorn-38444.exe
332	Unicorn-19415.exe
2924	Unicorn-18900.exe
2080	Unicorn-30318.exe
2860	Unicorn-59736.exe
1920	Unicorn-64334.exe
1176	Unicorn-14064.exe
1764	Unicorn-24375.exe
1012	Unicorn-44241.exe
1716	Unicorn-2806.exe
108	Unicorn-37747.exe
1292	Unicorn-55536.exe
1760	Unicorn-38323.exe
2268	Unicorn-3382.exe
2252	Unicorn-36787.exe
2364	Unicorn-7762.exe
980	Unicorn-53626.exe
636	Unicorn-9900.exe
2196	Unicorn-9900.exe
1524	Unicorn-7824.exe
896	Unicorn-60554.exe
2292	Unicorn-40688.exe
2592	Unicorn-47986.exe
2556	Unicorn-14955.exe
2504	Unicorn-28469.exe
2468	Unicorn-8603.exe
2064	Unicorn-47820.exe
2744	Unicorn-41467.exe
1956	Unicorn-27954.exe
2920	Unicorn-48012.exe
1628	Unicorn-51660.exe
1728	Unicorn-14773.exe
2688	Unicorn-18028.exe
2580	Unicorn-18028.exe
1896	Unicorn-46678.exe
784	Unicorn-33871.exe
1572	Unicorn-57389.exe
1932	Unicorn-5557.exe
292	Unicorn-11717.exe
1228	Unicorn-58095.exe
2996	Unicorn-38421.exe
2972	Unicorn-58287.exe
1440	Unicorn-25615.exe
1880	Unicorn-52343.exe
756	Unicorn-17402.exe
2344	Unicorn-40340.exe
2332	Unicorn-42286.exe
1812	Unicorn-42286.exe
1636	Unicorn-57937.exe
2236	Unicorn-38839.exe
2632	Unicorn-23380.exe
2436	Unicorn-205.exe
2464	Unicorn-35592.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 996 wrote to memory of 3040	996	bea637fa858e748455e7b9d721089f171b7d8a6f828d976fb617c13e0eb79965.exe	28
PID 996 wrote to memory of 3040	996	bea637fa858e748455e7b9d721089f171b7d8a6f828d976fb617c13e0eb79965.exe	28
PID 996 wrote to memory of 3040	996	bea637fa858e748455e7b9d721089f171b7d8a6f828d976fb617c13e0eb79965.exe	28
PID 996 wrote to memory of 3040	996	bea637fa858e748455e7b9d721089f171b7d8a6f828d976fb617c13e0eb79965.exe	28
PID 996 wrote to memory of 2616	996	bea637fa858e748455e7b9d721089f171b7d8a6f828d976fb617c13e0eb79965.exe	30
PID 996 wrote to memory of 2616	996	bea637fa858e748455e7b9d721089f171b7d8a6f828d976fb617c13e0eb79965.exe	30
PID 996 wrote to memory of 2616	996	bea637fa858e748455e7b9d721089f171b7d8a6f828d976fb617c13e0eb79965.exe	30
PID 996 wrote to memory of 2616	996	bea637fa858e748455e7b9d721089f171b7d8a6f828d976fb617c13e0eb79965.exe	30
PID 3040 wrote to memory of 2604	3040	Unicorn-4651.exe	29
PID 3040 wrote to memory of 2604	3040	Unicorn-4651.exe	29
PID 3040 wrote to memory of 2604	3040	Unicorn-4651.exe	29
PID 3040 wrote to memory of 2604	3040	Unicorn-4651.exe	29
PID 996 wrote to memory of 2508	996	bea637fa858e748455e7b9d721089f171b7d8a6f828d976fb617c13e0eb79965.exe	31
PID 996 wrote to memory of 2508	996	bea637fa858e748455e7b9d721089f171b7d8a6f828d976fb617c13e0eb79965.exe	31
PID 996 wrote to memory of 2508	996	bea637fa858e748455e7b9d721089f171b7d8a6f828d976fb617c13e0eb79965.exe	31
PID 996 wrote to memory of 2508	996	bea637fa858e748455e7b9d721089f171b7d8a6f828d976fb617c13e0eb79965.exe	31
PID 2616 wrote to memory of 848	2616	Unicorn-58232.exe	32
PID 2616 wrote to memory of 848	2616	Unicorn-58232.exe	32
PID 2616 wrote to memory of 848	2616	Unicorn-58232.exe	32
PID 2616 wrote to memory of 848	2616	Unicorn-58232.exe	32
PID 2604 wrote to memory of 2392	2604	Unicorn-45041.exe	33
PID 2604 wrote to memory of 2392	2604	Unicorn-45041.exe	33
PID 2604 wrote to memory of 2392	2604	Unicorn-45041.exe	33
PID 2604 wrote to memory of 2392	2604	Unicorn-45041.exe	33
PID 3040 wrote to memory of 2512	3040	Unicorn-4651.exe	34
PID 3040 wrote to memory of 2512	3040	Unicorn-4651.exe	34
PID 3040 wrote to memory of 2512	3040	Unicorn-4651.exe	34
PID 3040 wrote to memory of 2512	3040	Unicorn-4651.exe	34
PID 3040 wrote to memory of 2752	3040	Unicorn-4651.exe	35
PID 3040 wrote to memory of 2752	3040	Unicorn-4651.exe	35
PID 3040 wrote to memory of 2752	3040	Unicorn-4651.exe	35
PID 3040 wrote to memory of 2752	3040	Unicorn-4651.exe	35
PID 848 wrote to memory of 2808	848	Unicorn-4722.exe	36
PID 848 wrote to memory of 2808	848	Unicorn-4722.exe	36
PID 848 wrote to memory of 2808	848	Unicorn-4722.exe	36
PID 848 wrote to memory of 2808	848	Unicorn-4722.exe	36
PID 2616 wrote to memory of 2452	2616	Unicorn-58232.exe	37
PID 2616 wrote to memory of 2452	2616	Unicorn-58232.exe	37
PID 2616 wrote to memory of 2452	2616	Unicorn-58232.exe	37
PID 2616 wrote to memory of 2452	2616	Unicorn-58232.exe	37
PID 2604 wrote to memory of 1456	2604	Unicorn-45041.exe	38
PID 2604 wrote to memory of 1456	2604	Unicorn-45041.exe	38
PID 2604 wrote to memory of 1456	2604	Unicorn-45041.exe	38
PID 2604 wrote to memory of 1456	2604	Unicorn-45041.exe	38
PID 2392 wrote to memory of 1240	2392	Unicorn-35091.exe	39
PID 2392 wrote to memory of 1240	2392	Unicorn-35091.exe	39
PID 2392 wrote to memory of 1240	2392	Unicorn-35091.exe	39
PID 2392 wrote to memory of 1240	2392	Unicorn-35091.exe	39
PID 2512 wrote to memory of 816	2512	Unicorn-17171.exe	40
PID 2512 wrote to memory of 816	2512	Unicorn-17171.exe	40
PID 2512 wrote to memory of 816	2512	Unicorn-17171.exe	40
PID 2512 wrote to memory of 816	2512	Unicorn-17171.exe	40
PID 2616 wrote to memory of 384	2616	Unicorn-58232.exe	41
PID 2616 wrote to memory of 384	2616	Unicorn-58232.exe	41
PID 2616 wrote to memory of 384	2616	Unicorn-58232.exe	41
PID 2616 wrote to memory of 384	2616	Unicorn-58232.exe	41
PID 2604 wrote to memory of 616	2604	Unicorn-45041.exe	42
PID 2604 wrote to memory of 616	2604	Unicorn-45041.exe	42
PID 2604 wrote to memory of 616	2604	Unicorn-45041.exe	42
PID 2604 wrote to memory of 616	2604	Unicorn-45041.exe	42
PID 2808 wrote to memory of 332	2808	Unicorn-13451.exe	43
PID 2808 wrote to memory of 332	2808	Unicorn-13451.exe	43
PID 2808 wrote to memory of 332	2808	Unicorn-13451.exe	43
PID 2808 wrote to memory of 332	2808	Unicorn-13451.exe	43

C:\Users\Admin\AppData\Local\Temp\bea637fa858e748455e7b9d721089f171b7d8a6f828d976fb617c13e0eb79965.exe
"C:\Users\Admin\AppData\Local\Temp\bea637fa858e748455e7b9d721089f171b7d8a6f828d976fb617c13e0eb79965.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:996
- C:\Users\Admin\AppData\Local\Temp\Unicorn-4651.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-4651.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3040
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45041.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45041.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35091.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35091.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62543.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64334.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9900.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33871.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7937.exe
        9⤵
        
        PID:952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53304.exe
        10⤵
        
        PID:3452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20127.exe
        11⤵
        
        PID:3176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57062.exe
        12⤵
        
        PID:5880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64984.exe
        13⤵
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12667.exe
        14⤵
        
        PID:11256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21158.exe
        15⤵
        
        PID:7216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2876 -s 216
        14⤵
        
        PID:11588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5880 -s 216
        13⤵
        
        PID:8572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3176 -s 216
        12⤵
        
        PID:6956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3452 -s 236
        11⤵
        
        PID:5296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 952 -s 236
        10⤵
        Program crash
        
        PID:3352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 784 -s 236
        9⤵
        Program crash
        
        PID:3932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3531.exe
        8⤵
        
        PID:2148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13594.exe
        9⤵
        
        PID:3192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14060.exe
        10⤵
        
        PID:4308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4308 -s 200
        11⤵
        
        PID:6004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3192 -s 216
        10⤵
        
        PID:5764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2148 -s 236
        9⤵
        Program crash
        
        PID:3584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 636 -s 240
        8⤵
        Program crash
        
        PID:2076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57389.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5415.exe
        8⤵
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5338.exe
        9⤵
        
        PID:3376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51097.exe
        10⤵
        
        PID:3580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64088.exe
        11⤵
        
        PID:5988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19468.exe
        12⤵
        
        PID:8120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57200.exe
        13⤵
        
        PID:10952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61100.exe
        14⤵
        
        PID:7508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10952 -s 216
        14⤵
        
        PID:12400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8120 -s 216
        13⤵
        
        PID:11292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5988 -s 216
        12⤵
        
        PID:8616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3580 -s 216
        11⤵
        
        PID:7108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3376 -s 236
        10⤵
        
        PID:5560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2916 -s 236
        9⤵
        Program crash
        
        PID:3736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33438.exe
        8⤵
        
        PID:3424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27205.exe
        9⤵
        
        PID:3364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59916.exe
        10⤵
        
        PID:5544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35145.exe
        11⤵
        
        PID:7180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37081.exe
        12⤵
        
        PID:11028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25356.exe
        13⤵
        
        PID:7436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11028 -s 216
        13⤵
        
        PID:12352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7180 -s 216
        12⤵
        
        PID:11384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5544 -s 236
        11⤵
        
        PID:9080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3364 -s 216
        10⤵
        
        PID:7060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3424 -s 216
        9⤵
        
        PID:5188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1572 -s 240
        8⤵
        Program crash
        
        PID:1756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1920 -s 240
        7⤵
        Program crash
        
        PID:1924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40688.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11717.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38856.exe
        8⤵
        
        PID:3024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53304.exe
        9⤵
        
        PID:3444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6343.exe
        10⤵
        
        PID:3964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48053.exe
        11⤵
        
        PID:5968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59569.exe
        12⤵
        
        PID:8544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61038.exe
        13⤵
        
        PID:10748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45835.exe
        14⤵
        
        PID:6152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10748 -s 216
        14⤵
        
        PID:7676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8544 -s 216
        13⤵
        
        PID:11876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5968 -s 236
        12⤵
        
        PID:9604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3964 -s 216
        11⤵
        
        PID:7132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3444 -s 216
        10⤵
        
        PID:5032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5035.exe
        9⤵
        
        PID:3172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13268.exe
        10⤵
        
        PID:6028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58191.exe
        11⤵
        
        PID:7700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56598.exe
        12⤵
        
        PID:11084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24661.exe
        13⤵
        
        PID:7456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7700 -s 216
        12⤵
        
        PID:11476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6028 -s 236
        11⤵
        
        PID:9172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3172 -s 216
        10⤵
        
        PID:7124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3024 -s 240
        9⤵
        
        PID:4840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 292 -s 236
        8⤵
        Program crash
        
        PID:3944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21128.exe
        7⤵
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60932.exe
        8⤵
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54719.exe
        9⤵
        
        PID:3880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49859.exe
        10⤵
        
        PID:5832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24917.exe
        11⤵
        
        PID:8132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42244.exe
        12⤵
        
        PID:10688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34240.exe
        13⤵
        
        PID:7460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10688 -s 216
        13⤵
        
        PID:8680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8132 -s 216
        12⤵
        
        PID:10724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5832 -s 216
        11⤵
        
        PID:8468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3880 -s 216
        10⤵
        
        PID:6620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2532 -s 216
        9⤵
        
        PID:5256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2584 -s 216
        8⤵
        Program crash
        
        PID:3248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2292 -s 240
        7⤵
        Program crash
        
        PID:1004
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1240 -s 240
        6⤵
        Program crash
        
        PID:1732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59736.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36787.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51660.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6951.exe
        8⤵
        
        PID:808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10688.exe
        9⤵
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42953.exe
        10⤵
        
        PID:4548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21903.exe
        11⤵
        
        PID:6700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57072.exe
        12⤵
        
        PID:9296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25884.exe
        13⤵
        
        PID:11116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9296 -s 216
        13⤵
        
        PID:5484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6700 -s 216
        12⤵
        
        PID:9908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4548 -s 216
        11⤵
        
        PID:8144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1980 -s 216
        10⤵
        
        PID:5720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 808 -s 216
        9⤵
        
        PID:4508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8612.exe
        8⤵
        
        PID:3084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27468.exe
        9⤵
        
        PID:4228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13573.exe
        10⤵
        
        PID:7112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62043.exe
        11⤵
        
        PID:9036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28432.exe
        12⤵
        
        PID:10792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49885.exe
        13⤵
        
        PID:8796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9036 -s 220
        12⤵
        
        PID:11708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7112 -s 216
        11⤵
        
        PID:9380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4228 -s 216
        10⤵
        
        PID:7828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3084 -s 216
        9⤵
        
        PID:6112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1628 -s 240
        8⤵
        
        PID:4464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52815.exe
        7⤵
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38011.exe
        8⤵
        
        PID:3284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63046.exe
        9⤵
        
        PID:4192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61321.exe
        10⤵
        
        PID:7084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40489.exe
        11⤵
        
        PID:9188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3273.exe
        12⤵
        
        PID:11040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9188 -s 216
        12⤵
        
        PID:5628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7084 -s 216
        11⤵
        
        PID:10120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4192 -s 216
        10⤵
        
        PID:7832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3284 -s 216
        9⤵
        
        PID:5636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2748 -s 236
        8⤵
        
        PID:4476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2252 -s 240
        7⤵
        Program crash
        
        PID:1648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14773.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39624.exe
        7⤵
        
        PID:1552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43745.exe
        8⤵
        
        PID:3112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28646.exe
        9⤵
        
        PID:4580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21903.exe
        10⤵
        
        PID:6616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17654.exe
        11⤵
        
        PID:9520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14337.exe
        12⤵
        
        PID:11312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16440.exe
        13⤵
        
        PID:12316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9520 -s 216
        12⤵
        
        PID:6400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6616 -s 216
        11⤵
        
        PID:9968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4580 -s 216
        10⤵
        
        PID:7548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3112 -s 216
        9⤵
        
        PID:5584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1552 -s 236
        8⤵
        
        PID:4624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8804.exe
        7⤵
        
        PID:3132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3010.exe
        8⤵
        
        PID:4996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36210.exe
        9⤵
        
        PID:6888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22553.exe
        10⤵
        
        PID:9700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23627.exe
        11⤵
        
        PID:11496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9700 -s 240
        11⤵
        
        PID:6552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6888 -s 216
        10⤵
        
        PID:10320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4996 -s 216
        9⤵
        
        PID:7992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3132 -s 216
        8⤵
        
        PID:5808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1728 -s 240
        7⤵
        
        PID:4832
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2860 -s 240
        6⤵
        Program crash
        
        PID:956
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2392 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:2648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27602.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27602.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14064.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7762.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18028.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60916.exe
        8⤵
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43790.exe
        9⤵
        
        PID:3540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25889.exe
        10⤵
        
        PID:5776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19110.exe
        11⤵
        
        PID:7928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9268.exe
        12⤵
        
        PID:10796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46524.exe
        13⤵
        
        PID:7904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7928 -s 216
        12⤵
        
        PID:11884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5776 -s 216
        11⤵
        
        PID:8536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3540 -s 236
        10⤵
        
        PID:7160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2456 -s 236
        9⤵
        
        PID:4324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2688 -s 216
        8⤵
        Program crash
        
        PID:3872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2763.exe
        7⤵
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38011.exe
        8⤵
        
        PID:3328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7547.exe
        9⤵
        
        PID:3212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43357.exe
        10⤵
        
        PID:6140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65176.exe
        11⤵
        
        PID:7716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23469.exe
        12⤵
        
        PID:10704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19001.exe
        13⤵
        
        PID:2020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10704 -s 216
        13⤵
        
        PID:8652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7716 -s 216
        12⤵
        
        PID:10896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6140 -s 216
        11⤵
        
        PID:2420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3212 -s 236
        10⤵
        
        PID:7204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3328 -s 236
        9⤵
        
        PID:5400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2248 -s 236
        8⤵
        Program crash
        
        PID:3620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2364 -s 240
        7⤵
        Program crash
        
        PID:2220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46678.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14756.exe
        7⤵
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27902.exe
        8⤵
        
        PID:992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45496.exe
        9⤵
        
        PID:4884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34388.exe
        10⤵
        
        PID:6608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8537.exe
        11⤵
        
        PID:8908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11267.exe
        12⤵
        
        PID:11244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57506.exe
        13⤵
        
        PID:6952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11244 -s 216
        13⤵
        
        PID:7772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8908 -s 216
        12⤵
        
        PID:12232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6608 -s 216
        11⤵
        
        PID:9960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4884 -s 216
        10⤵
        
        PID:7764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 992 -s 216
        9⤵
        
        PID:6424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2720 -s 236
        8⤵
        
        PID:4376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58498.exe
        7⤵
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34398.exe
        8⤵
        
        PID:4528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42551.exe
        9⤵
        
        PID:6692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47069.exe
        10⤵
        
        PID:8988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15876.exe
        11⤵
        
        PID:10512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15240.exe
        12⤵
        
        PID:8844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8988 -s 216
        11⤵
        
        PID:12276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6692 -s 216
        10⤵
        
        PID:10028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4528 -s 216
        9⤵
        
        PID:7880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1944 -s 236
        8⤵
        
        PID:6088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1896 -s 240
        7⤵
        Program crash
        
        PID:3164
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1176 -s 240
        6⤵
        Program crash
        
        PID:1496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53626.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18028.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58181.exe
        7⤵
        
        PID:1260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54264.exe
        8⤵
        
        PID:3496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57817.exe
        9⤵
        
        PID:3988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13180.exe
        10⤵
        
        PID:5684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47553.exe
        11⤵
        
        PID:8300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48386.exe
        12⤵
        
        PID:10548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14022.exe
        13⤵
        
        PID:7912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8300 -s 216
        12⤵
        
        PID:11660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5684 -s 216
        11⤵
        
        PID:9248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3988 -s 216
        10⤵
        
        PID:7260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3496 -s 216
        9⤵
        
        PID:5408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1260 -s 236
        8⤵
        Program crash
        
        PID:3076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1534.exe
        7⤵
        
        PID:3512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33910.exe
        8⤵
        
        PID:4108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52750.exe
        9⤵
        
        PID:6316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40135.exe
        10⤵
        
        PID:8512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29134.exe
        11⤵
        
        PID:10824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20624.exe
        12⤵
        
        PID:7628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8512 -s 236
        11⤵
        
        PID:11892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6316 -s 236
        10⤵
        
        PID:9568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4108 -s 216
        9⤵
        
        PID:7376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3512 -s 236
        8⤵
        
        PID:5668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2580 -s 220
        7⤵
        Program crash
        
        PID:3864
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 980 -s 216
        6⤵
        Program crash
        
        PID:2852
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1456 -s 240
        5⤵
        Program crash
        
        PID:2700
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2604 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:616
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17171.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17171.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38444.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38444.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44241.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60554.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58095.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5415.exe
        8⤵
        
        PID:1072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20030.exe
        9⤵
        
        PID:3220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18854.exe
        10⤵
        
        PID:5072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7377.exe
        11⤵
        
        PID:7008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21932.exe
        12⤵
        
        PID:8316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3081.exe
        13⤵
        
        PID:10964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8316 -s 216
        13⤵
        
        PID:11424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7008 -s 216
        12⤵
        
        PID:10148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5072 -s 216
        11⤵
        
        PID:7724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3220 -s 216
        10⤵
        
        PID:6052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1072 -s 236
        9⤵
        
        PID:4824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33220.exe
        8⤵
        
        PID:3260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14260.exe
        9⤵
        
        PID:4956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57024.exe
        10⤵
        
        PID:6940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58623.exe
        11⤵
        
        PID:8868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28432.exe
        12⤵
        
        PID:10740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8868 -s 220
        12⤵
        
        PID:11732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6940 -s 216
        11⤵
        
        PID:9340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4956 -s 216
        10⤵
        
        PID:8168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3260 -s 216
        9⤵
        
        PID:5664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1228 -s 240
        8⤵
        
        PID:4256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51279.exe
        7⤵
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36475.exe
        8⤵
        
        PID:3464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-853.exe
        9⤵
        
        PID:4076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10928.exe
        10⤵
        
        PID:6280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48923.exe
        11⤵
        
        PID:7520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45916.exe
        12⤵
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19041.exe
        13⤵
        
        PID:4056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7520 -s 216
        12⤵
        
        PID:11620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6280 -s 216
        11⤵
        
        PID:8904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4076 -s 216
        10⤵
        
        PID:7368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3464 -s 216
        9⤵
        
        PID:5612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1724 -s 236
        8⤵
        Program crash
        
        PID:4052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 896 -s 240
        7⤵
        Program crash
        
        PID:948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38421.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56645.exe
        7⤵
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41249.exe
        8⤵
        
        PID:1068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32094.exe
        9⤵
        
        PID:4588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5244.exe
        10⤵
        
        PID:6756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39316.exe
        11⤵
        
        PID:8848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25575.exe
        12⤵
        
        PID:11200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62220.exe
        13⤵
        
        PID:8892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8848 -s 216
        12⤵
        
        PID:12252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6756 -s 216
        11⤵
        
        PID:9920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4588 -s 216
        10⤵
        
        PID:7916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1068 -s 216
        9⤵
        
        PID:6120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2500 -s 236
        8⤵
        Program crash
        
        PID:3564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40298.exe
        7⤵
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43913.exe
        8⤵
        
        PID:4432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7019.exe
        9⤵
        
        PID:6708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16310.exe
        10⤵
        
        PID:9624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19138.exe
        11⤵
        
        PID:11396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9624 -s 216
        11⤵
        
        PID:11268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6708 -s 220
        10⤵
        
        PID:10288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4432 -s 216
        9⤵
        
        PID:7536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2528 -s 216
        8⤵
        
        PID:5860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2996 -s 240
        7⤵
        
        PID:4632
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1012 -s 240
        6⤵
        Program crash
        
        PID:3008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7824.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25615.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14756.exe
        7⤵
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8576.exe
        8⤵
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42953.exe
        9⤵
        
        PID:4524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-740.exe
        10⤵
        
        PID:7156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30809.exe
        11⤵
        
        PID:9580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29605.exe
        12⤵
        
        PID:11340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9580 -s 216
        12⤵
        
        PID:6420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7156 -s 216
        11⤵
        
        PID:10248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4524 -s 216
        10⤵
        
        PID:8500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2488 -s 216
        9⤵
        
        PID:5572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2588 -s 236
        8⤵
        
        PID:4516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40298.exe
        7⤵
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26456.exe
        8⤵
        
        PID:4724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55898.exe
        9⤵
        
        PID:6792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21527.exe
        10⤵
        
        PID:8820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28071.exe
        11⤵
        
        PID:11172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8820 -s 216
        11⤵
        
        PID:12224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6792 -s 216
        10⤵
        
        PID:9888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4724 -s 216
        9⤵
        
        PID:7964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2764 -s 216
        8⤵
        
        PID:5152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1440 -s 240
        7⤵
        Program crash
        
        PID:4152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60620.exe
        6⤵
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42977.exe
        7⤵
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32050.exe
        8⤵
        
        PID:4984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16288.exe
        9⤵
        
        PID:6976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37417.exe
        10⤵
        
        PID:9092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4617.exe
        11⤵
        
        PID:10864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9092 -s 216
        11⤵
        
        PID:11416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6976 -s 216
        10⤵
        
        PID:10104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4984 -s 216
        9⤵
        
        PID:7736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2608 -s 216
        8⤵
        
        PID:5688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2432 -s 216
        7⤵
        
        PID:4284
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1524 -s 240
        6⤵
        Program crash
        
        PID:1528
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 816 -s 240
        5⤵
        Program crash
        
        PID:2240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24375.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24375.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9900.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58287.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7911.exe
        7⤵
        
        PID:852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53086.exe
        8⤵
        
        PID:3276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21793.exe
        9⤵
        
        PID:4408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41902.exe
        10⤵
        
        PID:6476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21527.exe
        11⤵
        
        PID:8828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38465.exe
        12⤵
        
        PID:11044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59916.exe
        13⤵
        
        PID:8700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8828 -s 236
        12⤵
        
        PID:12196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6476 -s 216
        11⤵
        
        PID:9896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4408 -s 216
        10⤵
        
        PID:7600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3276 -s 236
        9⤵
        
        PID:5896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 852 -s 236
        8⤵
        Program crash
        
        PID:3508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18145.exe
        7⤵
        
        PID:3340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53254.exe
        8⤵
        
        PID:4856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19599.exe
        9⤵
        
        PID:6764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8008.exe
        10⤵
        
        PID:8200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3273.exe
        11⤵
        
        PID:11064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19086.exe
        12⤵
        
        PID:8676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8200 -s 216
        11⤵
        
        PID:5596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6764 -s 216
        10⤵
        
        PID:10128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4856 -s 216
        9⤵
        
        PID:7392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3340 -s 216
        8⤵
        
        PID:5796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2972 -s 240
        7⤵
        
        PID:4660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51087.exe
        6⤵
        
        PID:2372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10880.exe
        7⤵
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54022.exe
        8⤵
        
        PID:4964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2961.exe
        9⤵
        
        PID:6824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22726.exe
        10⤵
        
        PID:9132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36138.exe
        11⤵
        
        PID:11168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9132 -s 216
        11⤵
        
        PID:11468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6824 -s 216
        10⤵
        
        PID:10112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4964 -s 216
        9⤵
        
        PID:7792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2760 -s 216
        8⤵
        
        PID:5828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2372 -s 236
        7⤵
        
        PID:4796
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2196 -s 240
        6⤵
        Program crash
        
        PID:1884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5557.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7719.exe
        6⤵
        
        PID:696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5338.exe
        7⤵
        
        PID:3388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9083.exe
        8⤵
        
        PID:3916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10082.exe
        9⤵
        
        PID:6020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-407.exe
        10⤵
        
        PID:8016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25989.exe
        11⤵
        
        PID:11228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12486.exe
        12⤵
        
        PID:7504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8016 -s 216
        11⤵
        
        PID:11596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6020 -s 216
        10⤵
        
        PID:8856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3916 -s 216
        9⤵
        
        PID:6328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3388 -s 236
        8⤵
        
        PID:5344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 696 -s 216
        7⤵
        Program crash
        
        PID:3776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33438.exe
        6⤵
        
        PID:3416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14828.exe
        7⤵
        
        PID:4208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56091.exe
        8⤵
        
        PID:5912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21613.exe
        9⤵
        
        PID:8476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1481.exe
        10⤵
        
        PID:10900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56492.exe
        11⤵
        
        PID:7844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10900 -s 216
        11⤵
        
        PID:12376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8476 -s 216
        10⤵
        
        PID:11060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5912 -s 236
        9⤵
        
        PID:9468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4208 -s 236
        8⤵
        
        PID:6992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3416 -s 236
        7⤵
        
        PID:5360
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1932 -s 240
        6⤵
        Program crash
        
        PID:3928
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1764 -s 240
        5⤵
        Program crash
        
        PID:2128
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2512 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1140
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3040 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2752
- C:\Users\Admin\AppData\Local\Temp\Unicorn-58232.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-58232.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2616
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4722.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4722.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13451.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13451.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19415.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37747.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14955.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18571.exe
        8⤵
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60164.exe
        9⤵
        
        PID:2992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20198.exe
        10⤵
        
        PID:4776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36210.exe
        11⤵
        
        PID:6880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34509.exe
        12⤵
        
        PID:9384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7300.exe
        13⤵
        
        PID:10476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9384 -s 216
        13⤵
        
        PID:12036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6880 -s 236
        12⤵
        
        PID:10068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4776 -s 216
        11⤵
        
        PID:7824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2992 -s 216
        10⤵
        
        PID:5656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2800 -s 236
        9⤵
        
        PID:4708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7626.exe
        8⤵
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42709.exe
        9⤵
        
        PID:4868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56256.exe
        10⤵
        
        PID:6896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47069.exe
        11⤵
        
        PID:8980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26701.exe
        12⤵
        
        PID:4352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28119.exe
        13⤵
        
        PID:7384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4352 -s 216
        13⤵
        
        PID:8772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8980 -s 216
        12⤵
        
        PID:10872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6896 -s 216
        11⤵
        
        PID:10020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4868 -s 216
        10⤵
        
        PID:8156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1744 -s 216
        9⤵
        
        PID:5428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2556 -s 240
        8⤵
        
        PID:4240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48975.exe
        7⤵
        
        PID:1444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60932.exe
        8⤵
        
        PID:1268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28838.exe
        9⤵
        
        PID:4684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21135.exe
        10⤵
        
        PID:6472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41997.exe
        11⤵
        
        PID:9328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48740.exe
        12⤵
        
        PID:10592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9328 -s 216
        12⤵
        
        PID:12284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6472 -s 216
        11⤵
        
        PID:9988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4684 -s 216
        10⤵
        
        PID:8068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1268 -s 216
        9⤵
        
        PID:5876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1444 -s 236
        8⤵
        
        PID:4640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 108 -s 240
        7⤵
        Program crash
        
        PID:1544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8603.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57937.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57424.exe
        8⤵
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15429.exe
        9⤵
        
        PID:4032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33125.exe
        10⤵
        
        PID:4896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61745.exe
        11⤵
        
        PID:7524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50168.exe
        12⤵
        
        PID:10464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10464 -s 240
        13⤵
        
        PID:7336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7524 -s 236
        12⤵
        
        PID:11144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4896 -s 216
        11⤵
        
        PID:8940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4032 -s 236
        10⤵
        
        PID:6452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2820 -s 236
        9⤵
        
        PID:4600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65133.exe
        8⤵
        
        PID:4064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59103.exe
        9⤵
        
        PID:5136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35508.exe
        10⤵
        
        PID:7576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26017.exe
        11⤵
        
        PID:10528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34240.exe
        12⤵
        
        PID:7468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10528 -s 216
        12⤵
        
        PID:8964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7576 -s 236
        11⤵
        
        PID:11196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5136 -s 236
        10⤵
        
        PID:9004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4064 -s 216
        9⤵
        
        PID:6500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1636 -s 240
        8⤵
        
        PID:4720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37750.exe
        7⤵
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3873.exe
        8⤵
        
        PID:3644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34566.exe
        9⤵
        
        PID:5788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58549.exe
        10⤵
        
        PID:7068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42244.exe
        11⤵
        
        PID:10680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37312.exe
        12⤵
        
        PID:6876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10680 -s 216
        12⤵
        
        PID:9120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7068 -s 216
        11⤵
        
        PID:4316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5788 -s 216
        10⤵
        
        PID:8264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3644 -s 216
        9⤵
        
        PID:6412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2740 -s 216
        8⤵
        
        PID:5228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2468 -s 240
        7⤵
        Program crash
        
        PID:3108
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 332 -s 240
        6⤵
        Program crash
        
        PID:2044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2806.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47986.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52343.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44793.exe
        8⤵
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51794.exe
        9⤵
        
        PID:3756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57836.exe
        10⤵
        
        PID:5076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16288.exe
        11⤵
        
        PID:6984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3400.exe
        12⤵
        
        PID:8280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53491.exe
        13⤵
        
        PID:10484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62220.exe
        14⤵
        
        PID:8956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8280 -s 216
        13⤵
        
        PID:11584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6984 -s 216
        12⤵
        
        PID:10136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5076 -s 216
        11⤵
        
        PID:2360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3756 -s 216
        10⤵
        
        PID:5928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2460 -s 216
        9⤵
        
        PID:4368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21295.exe
        8⤵
        
        PID:3848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56736.exe
        9⤵
        
        PID:4492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59448.exe
        10⤵
        
        PID:6492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22892.exe
        11⤵
        
        PID:8444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36023.exe
        12⤵
        
        PID:11712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8444 -s 216
        12⤵
        
        PID:6644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6492 -s 216
        11⤵
        
        PID:10224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4492 -s 216
        10⤵
        
        PID:8336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3848 -s 216
        9⤵
        
        PID:6196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25119.exe
        7⤵
        
        PID:500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-598.exe
        8⤵
        
        PID:3216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52199.exe
        9⤵
        
        PID:5712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12674.exe
        10⤵
        
        PID:7776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44787.exe
        11⤵
        
        PID:10800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52771.exe
        12⤵
        
        PID:6536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10800 -s 216
        12⤵
        
        PID:7356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7776 -s 216
        11⤵
        
        PID:10696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5712 -s 236
        10⤵
        
        PID:9156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3216 -s 236
        9⤵
        
        PID:6928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 500 -s 236
        8⤵
        
        PID:4976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2592 -s 240
        7⤵
        Program crash
        
        PID:3728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17402.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47315.exe
        7⤵
        
        PID:1372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-974.exe
        8⤵
        
        PID:3784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61100.exe
        9⤵
        
        PID:4400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-584.exe
        10⤵
        
        PID:6296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27835.exe
        11⤵
        
        PID:9112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42905.exe
        12⤵
        
        PID:10968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10968 -s 220
        13⤵
        
        PID:12360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9112 -s 236
        12⤵
        
        PID:11804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6296 -s 216
        11⤵
        
        PID:9512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4400 -s 216
        10⤵
        
        PID:8040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3784 -s 216
        9⤵
        
        PID:5368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1372 -s 236
        8⤵
        
        PID:4456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17045.exe
        7⤵
        
        PID:3896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3778.exe
        8⤵
        
        PID:4216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6801.exe
        9⤵
        
        PID:6924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2386.exe
        10⤵
        
        PID:9504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14337.exe
        11⤵
        
        PID:11320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9504 -s 216
        11⤵
        
        PID:6388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6924 -s 216
        10⤵
        
        PID:9644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4216 -s 216
        9⤵
        
        PID:8028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3896 -s 216
        8⤵
        
        PID:6096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 756 -s 240
        7⤵
        
        PID:4848
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1716 -s 240
        6⤵
        Program crash
        
        PID:2928
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2808 -s 240
        5⤵
        Program crash
        
        PID:2520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18900.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18900.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55536.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47820.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42286.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42733.exe
        8⤵
        
        PID:1888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31403.exe
        9⤵
        
        PID:3812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61.exe
        10⤵
        
        PID:5852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31881.exe
        11⤵
        
        PID:7984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-303.exe
        12⤵
        
        PID:10916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52771.exe
        13⤵
        
        PID:6668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10916 -s 216
        13⤵
        
        PID:7940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7984 -s 216
        12⤵
        
        PID:11280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5852 -s 216
        11⤵
        
        PID:8564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3812 -s 236
        10⤵
        
        PID:6352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1888 -s 236
        9⤵
        
        PID:4648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2332 -s 236
        8⤵
        Program crash
        
        PID:3524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22867.exe
        7⤵
        
        PID:1056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44994.exe
        8⤵
        
        PID:3536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26860.exe
        9⤵
        
        PID:5488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44434.exe
        10⤵
        
        PID:7996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55420.exe
        11⤵
        
        PID:11120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28838.exe
        12⤵
        
        PID:7024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11120 -s 216
        12⤵
        
        PID:12476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7996 -s 216
        11⤵
        
        PID:11524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5488 -s 216
        10⤵
        
        PID:8372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3536 -s 216
        9⤵
        
        PID:6920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1056 -s 216
        8⤵
        
        PID:5208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2064 -s 220
        7⤵
        Program crash
        
        PID:488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23380.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9868.exe
        7⤵
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12228.exe
        8⤵
        
        PID:4572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37917.exe
        9⤵
        
        PID:6728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31750.exe
        10⤵
        
        PID:9016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18925.exe
        11⤵
        
        PID:10764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54666.exe
        12⤵
        
        PID:7664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9016 -s 216
        11⤵
        
        PID:11360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6728 -s 216
        10⤵
        
        PID:10036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4572 -s 216
        9⤵
        
        PID:7864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2276 -s 216
        8⤵
        
        PID:6104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2632 -s 236
        7⤵
        Program crash
        
        PID:3432
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1292 -s 240
        6⤵
        Program crash
        
        PID:1604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41467.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-205.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60522.exe
        7⤵
        
        PID:2408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22379.exe
        8⤵
        
        PID:4092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46517.exe
        9⤵
        
        PID:6056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36489.exe
        10⤵
        
        PID:8072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3256.exe
        11⤵
        
        PID:11004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35465.exe
        12⤵
        
        PID:7196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8072 -s 216
        11⤵
        
        PID:10884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6056 -s 216
        10⤵
        
        PID:8524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4092 -s 236
        9⤵
        
        PID:7072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2408 -s 236
        8⤵
        
        PID:4892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2436 -s 236
        7⤵
        Program crash
        
        PID:3572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11440.exe
        6⤵
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58481.exe
        7⤵
        
        PID:3480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10831.exe
        8⤵
        
        PID:5420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62368.exe
        9⤵
        
        PID:7708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59047.exe
        10⤵
        
        PID:10624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25822.exe
        11⤵
        
        PID:7332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7708 -s 216
        10⤵
        
        PID:11252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5420 -s 216
        9⤵
        
        PID:8508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3480 -s 236
        8⤵
        
        PID:6680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2912 -s 236
        7⤵
        
        PID:5088
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2744 -s 240
        6⤵
        Program crash
        
        PID:3824
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2924 -s 240
        5⤵
        Program crash
        
        PID:1144
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 848 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1620
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9813.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9813.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30318.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30318.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38323.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28469.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42286.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27248.exe
        8⤵
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54719.exe
        9⤵
        
        PID:3844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49859.exe
        10⤵
        
        PID:5864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47963.exe
        11⤵
        
        PID:7648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62143.exe
        12⤵
        
        PID:11152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24661.exe
        13⤵
        
        PID:7432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7648 -s 216
        12⤵
        
        PID:11552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5864 -s 216
        11⤵
        
        PID:1436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3844 -s 216
        10⤵
        
        PID:6864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3052 -s 236
        9⤵
        
        PID:5252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1812 -s 236
        8⤵
        Program crash
        
        PID:3372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37558.exe
        7⤵
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48398.exe
        8⤵
        
        PID:3692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11791.exe
        9⤵
        
        PID:5508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29696.exe
        10⤵
        
        PID:7740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44787.exe
        11⤵
        
        PID:10772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52195.exe
        12⤵
        
        PID:7316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10772 -s 216
        12⤵
        
        PID:12300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7740 -s 216
        11⤵
        
        PID:10888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5508 -s 216
        10⤵
        
        PID:8484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3692 -s 216
        9⤵
        
        PID:6780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2476 -s 236
        8⤵
        
        PID:4320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2504 -s 220
        7⤵
        Program crash
        
        PID:3952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38839.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59562.exe
        7⤵
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54859.exe
        8⤵
        
        PID:4044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48053.exe
        9⤵
        
        PID:5960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51372.exe
        10⤵
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3256.exe
        11⤵
        
        PID:10996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53373.exe
        12⤵
        
        PID:7248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10996 -s 216
        12⤵
        
        PID:8752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2004 -s 216
        11⤵
        
        PID:11376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5960 -s 216
        10⤵
        
        PID:9088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4044 -s 216
        9⤵
        
        PID:7100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2664 -s 236
        8⤵
        
        PID:4420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2236 -s 236
        7⤵
        Program crash
        
        PID:3412
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1760 -s 240
        6⤵
        Program crash
        
        PID:1548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27954.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40340.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44077.exe
        7⤵
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65149.exe
        8⤵
        
        PID:3152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43888.exe
        9⤵
        
        PID:5460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42301.exe
        10⤵
        
        PID:7680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-521.exe
        11⤵
        
        PID:10732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-415.exe
        12⤵
        
        PID:7496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10732 -s 216
        12⤵
        
        PID:8896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7680 -s 216
        11⤵
        
        PID:10868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5460 -s 216
        10⤵
        
        PID:8240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3152 -s 216
        9⤵
        
        PID:6716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2256 -s 236
        8⤵
        
        PID:4780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47038.exe
        7⤵
        
        PID:3292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36714.exe
        8⤵
        
        PID:5640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60832.exe
        9⤵
        
        PID:7816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64714.exe
        10⤵
        
        PID:10812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12828.exe
        11⤵
        
        PID:7344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10812 -s 216
        11⤵
        
        PID:12328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7816 -s 216
        10⤵
        
        PID:11192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3292 -s 236
        8⤵
        
        PID:6908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2344 -s 240
        7⤵
        
        PID:5040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40054.exe
        6⤵
        
        PID:2524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41564.exe
        7⤵
        
        PID:3560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24800.exe
        8⤵
        
        PID:6072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24917.exe
        9⤵
        
        PID:8112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28293.exe
        10⤵
        
        PID:11184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33929.exe
        11⤵
        
        PID:7320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8112 -s 216
        10⤵
        
        PID:11560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6072 -s 216
        9⤵
        
        PID:8412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3560 -s 216
        8⤵
        
        PID:6744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2524 -s 236
        7⤵
        
        PID:5320
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1956 -s 220
        6⤵
        Program crash
        
        PID:3204
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2080 -s 240
        5⤵
        Program crash
        
        PID:284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3382.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3382.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48012.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35592.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46573.exe
        7⤵
        
        PID:1060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42228.exe
        8⤵
        
        PID:3608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2365.exe
        9⤵
        
        PID:5820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36131.exe
        10⤵
        
        PID:7892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41172.exe
        11⤵
        
        PID:10720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61100.exe
        12⤵
        
        PID:7512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10720 -s 216
        12⤵
        
        PID:12392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7892 -s 216
        11⤵
        
        PID:11868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5820 -s 216
        10⤵
        
        PID:8532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3608 -s 216
        9⤵
        
        PID:6252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1060 -s 236
        8⤵
        
        PID:4428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2464 -s 236
        7⤵
        Program crash
        
        PID:3636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27475.exe
        6⤵
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40220.exe
        7⤵
        
        PID:3528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28064.exe
        8⤵
        
        PID:5948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16993.exe
        9⤵
        
        PID:8272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1647.exe
        10⤵
        
        PID:10852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5892.exe
        11⤵
        
        PID:7304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10852 -s 216
        11⤵
        
        PID:7860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8272 -s 216
        10⤵
        
        PID:4292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5948 -s 216
        9⤵
        
        PID:9060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3528 -s 216
        8⤵
        
        PID:7252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1652 -s 216
        7⤵
        
        PID:5392
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2920 -s 240
        6⤵
        Program crash
        
        PID:3300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64242.exe
        5⤵
        Executes dropped EXE
        
        PID:2732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60932.exe
        6⤵
        
        PID:2376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59704.exe
        7⤵
        
        PID:4756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6012.exe
        8⤵
        
        PID:6828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14370.exe
        9⤵
        
        PID:9048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4041.exe
        10⤵
        
        PID:10784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30197.exe
        11⤵
        
        PID:12444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9048 -s 216
        10⤵
        
        PID:11356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6828 -s 216
        9⤵
        
        PID:10072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4756 -s 216
        8⤵
        
        PID:8008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2376 -s 236
        7⤵
        
        PID:5196
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2732 -s 216
        6⤵
        
        PID:4168
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2268 -s 240
        5⤵
        Program crash
        
        PID:1660
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2452 -s 240
      4⤵
      Program crash
      PID:1900
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2616 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:384
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 996 -s 240
  2⤵
  - Program crash
  PID:2508

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-15240.exe

Filesize
184KB

MD5
ede0389cbd818a7fd06c629dd88e9805

SHA1
c2631bfd2cc62c8bf1a5f3066307f3bb18331c5a

SHA256
985a143d93720e63ca71f4d064d553bf6c3162c8e42fcfd224a35e22e52cf77f

SHA512
7b0515bf24e83907965106b53d3ff6e334bbbb413ee5f986b985a4b088505a2b299a860c674763e9bc8403c4af853fb9e88803462ce57101ad36f2e877882e35

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21135.exe

Filesize
184KB

MD5
4b4056bcf142368df35caccaab4601ee

SHA1
04940bbd99f7efdf1aec4f07d76dcf9458bd5941

SHA256
bac7dcd359f207c112f33cf11165598e4a2925992f8721689a1efc51445ab5ca

SHA512
631703354d9741e0f23cfd607db1e30ce358006645d242905788bc4f63b6426d6ebf91427fe0b88b0076959b1d41420e7094b777c28ba682d42bdb645ef98d72

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22553.exe

Filesize
184KB

MD5
475bd90f61bf7e17ff240e3e1d9d57a0

SHA1
f848be9586b43173812c4d7e84ffb4b889d4b954

SHA256
47c9750bfc38b0c94155715a5067f0aff22182cfe26068836b05155ac1a3b101

SHA512
08e1af0994ca8ec4a31a3e199d7fd6b0c8cfb56eeb140c7265e287741c63f84873361b9c35a89573af39ff195ad665ccaff0ffe024506d794ad554a40ba7975e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26456.exe

Filesize
184KB

MD5
c52c733104ccd6d7edc640d2b137353a

SHA1
dfa51d5fdf0ee3cb64889608fd06ee38978f1dbe

SHA256
a385c64e191692f34f453cd92786480b1b2f4e88f22c9cca2a210f87cccea7a7

SHA512
c839d593c25d83e8eaf830e4bb0cf4494f7400ee1d2fce34edba6496c379c314105fe67c4df96f7784990fc0416f2c99066404c1d8399b93830740b4e7088b47

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40054.exe

Filesize
184KB

MD5
a5c6b49a2957c21bdb0c5ff6f09ca4e0

SHA1
2fec2cd8f886a02e7596b657acc5c388b2cb8356

SHA256
a5ad935dd1a6c104abceeb32fe72d82774f19b8ef2d1b5ab00f64565a4d3592c

SHA512
054e9cde31c3a1650f3c1b4c7e694e9c572600b6445f16e8f842e27a7e8d08e4aec9f685512e93ccb9de7bb77ef59afd18184f844726f236a03ec3465324eba3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40688.exe

Filesize
184KB

MD5
f4426bba44689eb34dd6346c308e7c3b

SHA1
c95e52e4b0957fb6016a2bd5e3246fb63ee0cc37

SHA256
fdba72532927afd817ebddbe3fade59af035550c0db3db154d29b42f9811366b

SHA512
a29c0986a9b76530f852405d56a9619daea92bc3c2cd9e8a667b4280b03dc1ec641aa17b645e41931d9d1fd16124db9d55fe4114ffd426568257dcb678b61d8c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5244.exe

Filesize
184KB

MD5
081eec7df5bb324264e398cb70a9aeaa

SHA1
e776e884da1d3e2fecdb5e52eabac72c65906343

SHA256
d495f329e22e6938e4b4b5d6d108447adaf165a119640757d2f1542dc2a4772b

SHA512
a673080fa7aa970118c8f772551c39370cf54732e010785d1fe50d4644a7238b5a12988ed173815b100a8added78a9cc632d8aad3e2b536e65b14fecfbc0c176

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56645.exe

Filesize
184KB

MD5
7e2bd127d00cb7799778f5095fc45665

SHA1
05121f529fab027d97f5c288c6057cfe7ad22a7f

SHA256
e282bd190ac649ef2c0a98e66bd54a58513c5e8a0d66ef5ff91ab1c28bf8d7d5

SHA512
50034d1fe9e6772d80df9a48c6ae1425c6ade86698b2b98bc633abb47fd0460d6b34ba9ce8fefd5efc4b3e2a87adc58d0934da992c3a68bfb5261ed6ac562768

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57506.exe

Filesize
184KB

MD5
5c8a757742aee992c6808a799b5b931d

SHA1
537f6a530c9a21850df6f943456a5a69fca96324

SHA256
2ba40dcd78b2bc8d8d01f2647bd9351800b0a4842bfc8de66b05055141cc418d

SHA512
28418fbbdd75b7334c56d1b51728d049b6b7f7f95a09865acac63a09bbbabec921c619c2b8d98499e7640cefd7e2f2a05dcaca56f2162f484b8350120a70a4c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58232.exe

Filesize
184KB

MD5
e80917d0e8217e649d4063cf62a4d3ec

SHA1
82279e30e14b0f13529c816b3cd978e96071ee06

SHA256
b5daa2cbe4a42b606610a71b3c5689e6b895a1468298287b4b0d21e9884ee781

SHA512
5678c9ec5c6f1be07395aa2eb24146ad4b91a66b0187933b8b5164ed0178d82863d2bee7c3eff83b22a3d96da0f1f51856d6688ece2b4aac7fb4a633637f1914

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6012.exe

Filesize
184KB

MD5
758d453d9c4271230f343822db2b9681

SHA1
70ca7336ede95dfc698b069a231991fe077cf822

SHA256
808cb8f2f0fc816246c968bd7126d1746092039d18a116f1d201ee2fe18584c2

SHA512
81024f363301c995c52896144ae5a133d303551a6fc5f360462f14379a0b54012d4fe33be3d53ce891ca849d9b58402191531c5afa642cb89b5d72533d27525f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62543.exe

Filesize
184KB

MD5
acae935f69a0f337f9c23b72bf761761

SHA1
0d8a95e0cba4878545b73ca81c99c3e60bc21e3f

SHA256
a307d803210b90955974c8e5ab43cc9aed683ffaac8616a1bf9b933ee4cd522c

SHA512
8cb71c8f48b94aef40219ef0619eb73e4263522317d3f461e918f49cd903bc01fd6cb9705c0f787e378f8f7560a915f5334606931c3ab819ca3bc585907b0742

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6343.exe

Filesize
184KB

MD5
e341bdcea8d5be677acdf62a44f61a0a

SHA1
8c4c750daf296c5a31bc53932c98dd33fe196f02

SHA256
39d4d44a57a8ca6c96ef30d46b6762d7f533121a3ab8f66fd3610afc150a8ed2

SHA512
a3fc1846be5142a1214a2582103c30838b5c91c255c04f79587fa5a5165ba18b1b1094e8a5445f3fc67586113334ce597c02ee1404b5dc59287f95e2ea8de755

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6801.exe

Filesize
184KB

MD5
3b2089396de7d0c3d7c4b70be4aab441

SHA1
d8c55607b7db50d605d749a00af8ac9812230477

SHA256
2abf2019a422e870ef0e3d2cc0e720b6b14b06dc9c6097c02187287a4bacc1c1

SHA512
e04fbb0ba9861e1e454a3cad435505885881fa9ea51aa0c2cce937bd224cf6ad307621783dd64c2c2cae41e8bb12b238f26d45d8c6695a99d2c82b083eaea617

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8537.exe

Filesize
184KB

MD5
821176953dd60eccebb7e518d79f3284

SHA1
1eecd8e50a14aced0f800659e59f95d969950a52

SHA256
57966b3e74cd096c50f6b0b8273e8a430a360457cbc2fc20c4e9a19871ea786f

SHA512
4b00171ba09c838a463cdb63f3e1780823cc2f477b3612d2f7cce088ba44be66899b5dde15793b18e71b5d3f70d5feadd88dd0385739e0a2803ee46701c8dfb4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-13451.exe

Filesize
184KB

MD5
dab97db546cc20b24d2768c3b5d28fba

SHA1
ab6a1278d832438d0c092d3e8b84d2d526648671

SHA256
8e1bbc5caa079e4a21ceaefa300c44179711e55950b565ec1c7a1d295649fcd1

SHA512
929fee230ec0be0e80d52fe1f03d250ba0b04dbaba835ba5fd3aa250848b093a8eaa68ac5c9b897281b25b4ba936ed6576cd9bb44c62a140f2f03f956a61f888

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-17171.exe

Filesize
184KB

MD5
c173f70f7bc456d77c8c9e6c9a534aac

SHA1
f2b1ac7205174685afcce3ab721dada324cf72a7

SHA256
54f7fc872e0e5f5fcd2083e67d705cdcd8cc7b26a591a9eeeb5c630fcf6a00d3

SHA512
b2fbf179e6d4b6d7d4efb0e2bd9e33c168191da619f062e3d1b50cd5ee9245487925cba09bc47d61eaa46bdae952bff188eb7c740075e08ff68e71a550ba3e15

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-18900.exe

Filesize
184KB

MD5
c33218940593855b795c273170fb023a

SHA1
2b43d1007563218229abc751a501f46501c17703

SHA256
5fa4acdc26ce5ca8b3aef10a1ce2f5050e23894b39df15f6f12c07d6834dc8d0

SHA512
a2a26d71929600cd394b5f9eaa8a47efb6e1d88c1145c5009edde458d65258d6e92855db06e902a4281202e6e39a50b018d0dbc6584a48515f3a17fd1cc97bd1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-19415.exe

Filesize
184KB

MD5
31302034d9b98022a869ad6e80e4d806

SHA1
19de9639520cef7ca6d22d694edb34cbc66f0f22

SHA256
cfbc4e103af0e286f2c75ff3519b155b33fcbd7df2e2015aa2d932b46938798c

SHA512
6848aaea86244a071b6d0b5928790f909c0afe328191134e6278a77556a0c5ec2e7879647e116cca8224c1eca40b0f5c7dd6edc14e6ee37063ede395a054590e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-27602.exe

Filesize
184KB

MD5
05f597af724073c2aba394a966401a36

SHA1
4e062444ad4d13b428976f92cda0d88b63919676

SHA256
3060fbb396cc6d0529b451376febfac67ba8fe7ee7cb2689cf07593b620d0d33

SHA512
1a3efdbc5874e04416f142a9b5d328e0e91966026554b4aaa34b569adbf653b9bc528c8f806573abc2292833c3eb68c73c3144dbcd9dc65c2eef892ecd0e9d8c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-30318.exe

Filesize
184KB

MD5
59d5d20ba3de693e0af5c706f1038c81

SHA1
30ee49ab70696c47d431aeae8b5c156facd45139

SHA256
7161065ea1b5ad9369814f9c682b571dc79b82e70f64e5ce7deed092d6521c97

SHA512
defd70967260ab3efb369ee8d3f6d78df102231dd740c0bc829cbc1fd3c644b951efb2681cbd2031b767f8f9b3622c475083c0b36ff8730b00e1f75955c29040

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-35091.exe

Filesize
184KB

MD5
1c151f5eaee886b86d9f407a2fd2b930

SHA1
063344c8cd3db6c540af19dec0d572d06334430b

SHA256
486afcbd2c77e279c42581eeb1927127fd5134ab829f5b6072da81f5fb018b96

SHA512
96f3e5b8196e00325e30704213eda5207d9cd17d953fe8bc7f32855e95f9ad12cf6686540a42ae812fb33352493516a5350e3e7687f7230730d6730e51991adc

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-38444.exe

Filesize
184KB

MD5
7acf5adbc40e0646f50d9c7662f658f9

SHA1
cc2adbde5b21dbcc04e88a1d2c02b8e87bd8fea8

SHA256
999a9f752d54b6278f95cec27c1337028b9fe1a37088f2a5cf6c174659caf5cc

SHA512
063f5e42a4c40eb3228284cb9cad1100afdaf1b6b28a2596546497992e7d29e782f1861afe18e6f3606e288f4902909b9ea2a8c0dfebfe1211b638b0fb9ddd0a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-45041.exe

Filesize
184KB

MD5
f2be77cee30bf0612841e918edf0bd5a

SHA1
2fb280a1dcf97af31c4593299d54f63893fa0944

SHA256
db0c6c3527395c3bb226aca6cb6f0527577676247603ee15d3b5b812abbfd9e1

SHA512
3d6da04825b926b0689f0ab79d8a7398194230123529facb9fed44bc8654be2bc3e8d3c29efe870dae63572461fc98b99fd4325acc503c13015cfbd8ccfcc460

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-4651.exe

Filesize
184KB

MD5
247c7ce91dc644b5fa8bb0e3e59424e7

SHA1
45e1f43e9dba8ac27182e3f4fc1486014b4ca191

SHA256
eb573852017c86d4f13d1791a9669e3022d13842485bf4023328f2f6b6564310

SHA512
91077a93f3db8a2b89000946484d8d30d08230db8e6f91b6ae9b4576cb83282d66ce6215a6a055b044848b9d02f0931bf9220f4d7a2eb8844891dc8340321e5a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-4722.exe

Filesize
184KB

MD5
c1c01fb603d7739953493405c34301e3

SHA1
774e9136eb52949ccdd3e4d558cffb1e0b259de9

SHA256
6ce3bd9814bb12e611d37c3c46c1b8b7e675211df6ab7f911ddf9e31d0f5174b

SHA512
a8c9c919958292196f10f61ec6198b3c9b20dcda29b4d4abc6a60e22b7de80bc65294f73d8439eae631072b3a7d3f4510f71f39554c4a1c31b3e0f56f7c60455

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9813.exe

Filesize
184KB

MD5
e6169b213dbe581c030bd6afb4bf17ac

SHA1
3d8f4309854661dc3dff775be9a2e6efdf8b12fa

SHA256
5ab939898490e1ca63065b2ba1d548ea92cf2b5ff6232e84057d81eb09ceb04f

SHA512
a1e849a974cc3d56a2a6c2e0056afc1b3552e006e6de66499c316c2dd28346a7ecf7103bb24f6ea91f024a94e3a6ccb5aee6ff1ae5512a0eedd2a19b615e350e

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads