c428254af56e2c9236ee79546e4bfb013fc6744f7043536fcc97d128e4d2adbe

Analysis

max time kernel
150s
max time network
118s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
29/05/2024, 02:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c428254af56e2c9236ee79546e4bfb013fc6744f7043536fcc97d128e4d2adbe.exe
Size

184KB
MD5

4a48a8b4459a83883771ae4a67647df4
SHA1

d229e0b2f13894733c93b2713cb94c7d6bea4a89
SHA256

c428254af56e2c9236ee79546e4bfb013fc6744f7043536fcc97d128e4d2adbe
SHA512

2ecc1f6b79b29025b381b5f452b5ec3397fc6953212e4cdbd92ae3dba544c06a5a542dff9aff81735e5c64d19b735ee39ad709220c89e019972d34f1d07b03ac
SSDEEP

1536:R7S/6jZmu3BxoRxZryhAlJwqHAIzZcpmd8xpLW2Czwtshl5hj5VizpvI:5d73Bxo3pyh43HzzeFpLWF+shlnniFw

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2324	Unicorn-4955.exe
1228	Unicorn-9465.exe
2076	Unicorn-55137.exe
2716	Unicorn-33672.exe
2580	Unicorn-29265.exe
2556	Unicorn-33864.exe
2080	Unicorn-37689.exe
1296	Unicorn-37689.exe
1768	Unicorn-15877.exe
1200	Unicorn-52214.exe
2676	Unicorn-12997.exe
940	Unicorn-54059.exe
756	Unicorn-37853.exe
2860	Unicorn-8387.exe
1404	Unicorn-51044.exe
2208	Unicorn-12362.exe
1620	Unicorn-32228.exe
1240	Unicorn-32228.exe
1864	Unicorn-25320.exe
1032	Unicorn-49867.exe
2904	Unicorn-1927.exe
1440	Unicorn-63058.exe
2004	Unicorn-18155.exe
1844	Unicorn-48559.exe
1976	Unicorn-48559.exe
1980	Unicorn-28273.exe
2116	Unicorn-32680.exe
320	Unicorn-37465.exe
1600	Unicorn-22774.exe
2164	Unicorn-37910.exe
2176	Unicorn-5752.exe
2528	Unicorn-51616.exe
3064	Unicorn-5944.exe
2524	Unicorn-5622.exe
2204	Unicorn-5622.exe
2376	Unicorn-16063.exe
2800	Unicorn-53718.exe
2704	Unicorn-49312.exe
2432	Unicorn-1694.exe
1896	Unicorn-2462.exe
2816	Unicorn-25270.exe
2608	Unicorn-58134.exe
1652	Unicorn-38268.exe
2332	Unicorn-25735.exe
2780	Unicorn-25412.exe
2056	Unicorn-12989.exe
1732	Unicorn-6637.exe
2848	Unicorn-56679.exe
2064	Unicorn-41412.exe
2840	Unicorn-4333.exe
1348	Unicorn-26010.exe
1608	Unicorn-26202.exe
1152	Unicorn-26202.exe
1728	Unicorn-59258.exe
676	Unicorn-54852.exe
1556	Unicorn-39584.exe
1452	Unicorn-59450.exe
1572	Unicorn-22371.exe
1224	Unicorn-42237.exe
2604	Unicorn-31267.exe
2548	Unicorn-50810.exe
2888	Unicorn-732.exe
2448	Unicorn-51002.exe
2420	Unicorn-64001.exe

Loads dropped DLL 64 IoCs

pid	Process
2152	c428254af56e2c9236ee79546e4bfb013fc6744f7043536fcc97d128e4d2adbe.exe
2152	c428254af56e2c9236ee79546e4bfb013fc6744f7043536fcc97d128e4d2adbe.exe
2324	Unicorn-4955.exe
2324	Unicorn-4955.exe
2152	c428254af56e2c9236ee79546e4bfb013fc6744f7043536fcc97d128e4d2adbe.exe
2152	c428254af56e2c9236ee79546e4bfb013fc6744f7043536fcc97d128e4d2adbe.exe
1228	Unicorn-9465.exe
1228	Unicorn-9465.exe
2324	Unicorn-4955.exe
2324	Unicorn-4955.exe
2076	Unicorn-55137.exe
2076	Unicorn-55137.exe
2484	WerFault.exe
2484	WerFault.exe
2484	WerFault.exe
2484	WerFault.exe
2484	WerFault.exe
2580	Unicorn-29265.exe
2556	Unicorn-33864.exe
2556	Unicorn-33864.exe
2580	Unicorn-29265.exe
2076	Unicorn-55137.exe
2076	Unicorn-55137.exe
2716	Unicorn-33672.exe
2716	Unicorn-33672.exe
1228	Unicorn-9465.exe
1228	Unicorn-9465.exe
2668	WerFault.exe
2668	WerFault.exe
2668	WerFault.exe
2668	WerFault.exe
2668	WerFault.exe
2508	WerFault.exe
2508	WerFault.exe
2508	WerFault.exe
2508	WerFault.exe
2508	WerFault.exe
1200	Unicorn-52214.exe
2716	Unicorn-33672.exe
1200	Unicorn-52214.exe
2716	Unicorn-33672.exe
2080	Unicorn-37689.exe
2080	Unicorn-37689.exe
2556	Unicorn-33864.exe
2556	Unicorn-33864.exe
2580	Unicorn-29265.exe
1768	Unicorn-15877.exe
1296	Unicorn-37689.exe
1768	Unicorn-15877.exe
2580	Unicorn-29265.exe
1296	Unicorn-37689.exe
1448	WerFault.exe
1448	WerFault.exe
1448	WerFault.exe
1448	WerFault.exe
1448	WerFault.exe
1808	WerFault.exe
1808	WerFault.exe
1808	WerFault.exe
1808	WerFault.exe
1808	WerFault.exe
1840	WerFault.exe
1840	WerFault.exe
1840	WerFault.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2640	2152	WerFault.exe	27
2484	2324	WerFault.exe	28
2668	1228	WerFault.exe	29
2508	2076	WerFault.exe	30
1448	2580	WerFault.exe	33
1808	2556	WerFault.exe	34
1840	2716	WerFault.exe	32
2932	1200	WerFault.exe	39
2136	2676	WerFault.exe	40
544	2080	WerFault.exe	37
892	1768	WerFault.exe	38
3024	1296	WerFault.exe	36
2768	940	WerFault.exe	44
2488	756	WerFault.exe	43
928	1404	WerFault.exe	46
1852	1620	WerFault.exe	48
2856	1240	WerFault.exe	49
536	2860	WerFault.exe	45
660	2208	WerFault.exe	47
1312	1864	WerFault.exe	53
1800	1032	WerFault.exe	54
1872	2904	WerFault.exe	55
1912	1440	WerFault.exe	56
1992	2004	WerFault.exe	57
1140	1844	WerFault.exe	58
2264	1976	WerFault.exe	59
1988	2116	WerFault.exe	61
2920	1980	WerFault.exe	60
2944	320	WerFault.exe	67
900	1600	WerFault.exe	68
2428	2164	WerFault.exe	69
1096	2176	WerFault.exe	70
2384	2376	WerFault.exe	75
2908	2528	WerFault.exe	72
2592	2432	WerFault.exe	78
2112	2704	WerFault.exe	77
796	3064	WerFault.exe	71
1888	2800	WerFault.exe	76
3096	2816	WerFault.exe	80
3104	2204	WerFault.exe	73
3208	2608	WerFault.exe	82
3404	2524	WerFault.exe	74
3664	1652	WerFault.exe	81
3836	1676	WerFault.exe	118
3900	1896	WerFault.exe	79
3480	1152	WerFault.exe	99
3604	1608	WerFault.exe	98
3600	2056	WerFault.exe	88
3812	2332	WerFault.exe	85
3672	1224	WerFault.exe	105
3772	2888	WerFault.exe	108
3528	1732	WerFault.exe	91
4072	2064	WerFault.exe	95
4044	2772	WerFault.exe	117
3816	2656	WerFault.exe	116
4060	1452	WerFault.exe	103
3136	1080	WerFault.exe	173
3736	1744	WerFault.exe	121
3592	412	WerFault.exe	120
3632	2780	WerFault.exe	86
4040	2624	WerFault.exe	132
3144	2600	WerFault.exe	133
3460	3068	WerFault.exe	130
3524	2144	WerFault.exe	129

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2152	c428254af56e2c9236ee79546e4bfb013fc6744f7043536fcc97d128e4d2adbe.exe
2324	Unicorn-4955.exe
2076	Unicorn-55137.exe
1228	Unicorn-9465.exe
2580	Unicorn-29265.exe
2716	Unicorn-33672.exe
2556	Unicorn-33864.exe
2080	Unicorn-37689.exe
1296	Unicorn-37689.exe
1768	Unicorn-15877.exe
1200	Unicorn-52214.exe
2676	Unicorn-12997.exe
940	Unicorn-54059.exe
756	Unicorn-37853.exe
1404	Unicorn-51044.exe
2860	Unicorn-8387.exe
2208	Unicorn-12362.exe
1620	Unicorn-32228.exe
1240	Unicorn-32228.exe
1864	Unicorn-25320.exe
1032	Unicorn-49867.exe
2904	Unicorn-1927.exe
1440	Unicorn-63058.exe
2004	Unicorn-18155.exe
1844	Unicorn-48559.exe
1976	Unicorn-48559.exe
1980	Unicorn-28273.exe
2116	Unicorn-32680.exe
320	Unicorn-37465.exe
1600	Unicorn-22774.exe
2164	Unicorn-37910.exe
2176	Unicorn-5752.exe
2204	Unicorn-5622.exe
3064	Unicorn-5944.exe
2376	Unicorn-16063.exe
2528	Unicorn-51616.exe
2524	Unicorn-5622.exe
2432	Unicorn-1694.exe
2800	Unicorn-53718.exe
2704	Unicorn-49312.exe
1896	Unicorn-2462.exe
2816	Unicorn-25270.exe
2608	Unicorn-58134.exe
1652	Unicorn-38268.exe
2332	Unicorn-25735.exe
2780	Unicorn-25412.exe
2056	Unicorn-12989.exe
1732	Unicorn-6637.exe
2064	Unicorn-41412.exe
2848	Unicorn-56679.exe
2840	Unicorn-4333.exe
1348	Unicorn-26010.exe
1608	Unicorn-26202.exe
1152	Unicorn-26202.exe
1728	Unicorn-59258.exe
676	Unicorn-54852.exe
1556	Unicorn-39584.exe
1452	Unicorn-59450.exe
1572	Unicorn-22371.exe
1224	Unicorn-42237.exe
2604	Unicorn-31267.exe
2548	Unicorn-50810.exe
2888	Unicorn-732.exe
2448	Unicorn-51002.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2152 wrote to memory of 2324	2152	c428254af56e2c9236ee79546e4bfb013fc6744f7043536fcc97d128e4d2adbe.exe	28
PID 2152 wrote to memory of 2324	2152	c428254af56e2c9236ee79546e4bfb013fc6744f7043536fcc97d128e4d2adbe.exe	28
PID 2152 wrote to memory of 2324	2152	c428254af56e2c9236ee79546e4bfb013fc6744f7043536fcc97d128e4d2adbe.exe	28
PID 2152 wrote to memory of 2324	2152	c428254af56e2c9236ee79546e4bfb013fc6744f7043536fcc97d128e4d2adbe.exe	28
PID 2324 wrote to memory of 1228	2324	Unicorn-4955.exe	29
PID 2324 wrote to memory of 1228	2324	Unicorn-4955.exe	29
PID 2324 wrote to memory of 1228	2324	Unicorn-4955.exe	29
PID 2324 wrote to memory of 1228	2324	Unicorn-4955.exe	29
PID 2152 wrote to memory of 2076	2152	c428254af56e2c9236ee79546e4bfb013fc6744f7043536fcc97d128e4d2adbe.exe	30
PID 2152 wrote to memory of 2076	2152	c428254af56e2c9236ee79546e4bfb013fc6744f7043536fcc97d128e4d2adbe.exe	30
PID 2152 wrote to memory of 2076	2152	c428254af56e2c9236ee79546e4bfb013fc6744f7043536fcc97d128e4d2adbe.exe	30
PID 2152 wrote to memory of 2076	2152	c428254af56e2c9236ee79546e4bfb013fc6744f7043536fcc97d128e4d2adbe.exe	30
PID 2152 wrote to memory of 2640	2152	c428254af56e2c9236ee79546e4bfb013fc6744f7043536fcc97d128e4d2adbe.exe	31
PID 2152 wrote to memory of 2640	2152	c428254af56e2c9236ee79546e4bfb013fc6744f7043536fcc97d128e4d2adbe.exe	31
PID 2152 wrote to memory of 2640	2152	c428254af56e2c9236ee79546e4bfb013fc6744f7043536fcc97d128e4d2adbe.exe	31
PID 2152 wrote to memory of 2640	2152	c428254af56e2c9236ee79546e4bfb013fc6744f7043536fcc97d128e4d2adbe.exe	31
PID 1228 wrote to memory of 2716	1228	Unicorn-9465.exe	32
PID 1228 wrote to memory of 2716	1228	Unicorn-9465.exe	32
PID 1228 wrote to memory of 2716	1228	Unicorn-9465.exe	32
PID 1228 wrote to memory of 2716	1228	Unicorn-9465.exe	32
PID 2324 wrote to memory of 2580	2324	Unicorn-4955.exe	33
PID 2324 wrote to memory of 2580	2324	Unicorn-4955.exe	33
PID 2324 wrote to memory of 2580	2324	Unicorn-4955.exe	33
PID 2324 wrote to memory of 2580	2324	Unicorn-4955.exe	33
PID 2076 wrote to memory of 2556	2076	Unicorn-55137.exe	34
PID 2076 wrote to memory of 2556	2076	Unicorn-55137.exe	34
PID 2076 wrote to memory of 2556	2076	Unicorn-55137.exe	34
PID 2076 wrote to memory of 2556	2076	Unicorn-55137.exe	34
PID 2324 wrote to memory of 2484	2324	Unicorn-4955.exe	35
PID 2324 wrote to memory of 2484	2324	Unicorn-4955.exe	35
PID 2324 wrote to memory of 2484	2324	Unicorn-4955.exe	35
PID 2324 wrote to memory of 2484	2324	Unicorn-4955.exe	35
PID 2556 wrote to memory of 2080	2556	Unicorn-33864.exe	37
PID 2556 wrote to memory of 2080	2556	Unicorn-33864.exe	37
PID 2556 wrote to memory of 2080	2556	Unicorn-33864.exe	37
PID 2556 wrote to memory of 2080	2556	Unicorn-33864.exe	37
PID 2580 wrote to memory of 1296	2580	Unicorn-29265.exe	36
PID 2580 wrote to memory of 1296	2580	Unicorn-29265.exe	36
PID 2580 wrote to memory of 1296	2580	Unicorn-29265.exe	36
PID 2580 wrote to memory of 1296	2580	Unicorn-29265.exe	36
PID 2076 wrote to memory of 1768	2076	Unicorn-55137.exe	38
PID 2076 wrote to memory of 1768	2076	Unicorn-55137.exe	38
PID 2076 wrote to memory of 1768	2076	Unicorn-55137.exe	38
PID 2076 wrote to memory of 1768	2076	Unicorn-55137.exe	38
PID 2716 wrote to memory of 1200	2716	Unicorn-33672.exe	39
PID 2716 wrote to memory of 1200	2716	Unicorn-33672.exe	39
PID 2716 wrote to memory of 1200	2716	Unicorn-33672.exe	39
PID 2716 wrote to memory of 1200	2716	Unicorn-33672.exe	39
PID 1228 wrote to memory of 2676	1228	Unicorn-9465.exe	40
PID 1228 wrote to memory of 2676	1228	Unicorn-9465.exe	40
PID 1228 wrote to memory of 2676	1228	Unicorn-9465.exe	40
PID 1228 wrote to memory of 2676	1228	Unicorn-9465.exe	40
PID 1228 wrote to memory of 2668	1228	Unicorn-9465.exe	41
PID 1228 wrote to memory of 2668	1228	Unicorn-9465.exe	41
PID 1228 wrote to memory of 2668	1228	Unicorn-9465.exe	41
PID 1228 wrote to memory of 2668	1228	Unicorn-9465.exe	41
PID 2076 wrote to memory of 2508	2076	Unicorn-55137.exe	42
PID 2076 wrote to memory of 2508	2076	Unicorn-55137.exe	42
PID 2076 wrote to memory of 2508	2076	Unicorn-55137.exe	42
PID 2076 wrote to memory of 2508	2076	Unicorn-55137.exe	42
PID 1200 wrote to memory of 756	1200	Unicorn-52214.exe	43
PID 1200 wrote to memory of 756	1200	Unicorn-52214.exe	43
PID 1200 wrote to memory of 756	1200	Unicorn-52214.exe	43
PID 1200 wrote to memory of 756	1200	Unicorn-52214.exe	43

C:\Users\Admin\AppData\Local\Temp\c428254af56e2c9236ee79546e4bfb013fc6744f7043536fcc97d128e4d2adbe.exe
"C:\Users\Admin\AppData\Local\Temp\c428254af56e2c9236ee79546e4bfb013fc6744f7043536fcc97d128e4d2adbe.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2152
- C:\Users\Admin\AppData\Local\Temp\Unicorn-4955.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-4955.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2324
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9465.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9465.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33672.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33672.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52214.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37853.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1927.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5752.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56679.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15938.exe
        10⤵
        
        PID:2144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38463.exe
        11⤵
        
        PID:3448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60293.exe
        12⤵
        
        PID:4460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25311.exe
        13⤵
        
        PID:6104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37118.exe
        14⤵
        
        PID:8832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22510.exe
        15⤵
        
        PID:12020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8832 -s 216
        15⤵
        
        PID:12312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6104 -s 216
        14⤵
        
        PID:9924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4460 -s 236
        13⤵
        
        PID:7984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3448 -s 236
        12⤵
        
        PID:5176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2144 -s 236
        11⤵
        Program crash
        
        PID:3524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51462.exe
        10⤵
        
        PID:3484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4699.exe
        11⤵
        
        PID:4728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4982.exe
        12⤵
        
        PID:7244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56416.exe
        13⤵
        
        PID:9692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24616.exe
        14⤵
        
        PID:12336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9692 -s 216
        14⤵
        
        PID:5480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7244 -s 216
        13⤵
        
        PID:10756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4728 -s 216
        12⤵
        
        PID:8456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3484 -s 236
        11⤵
        
        PID:6364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2848 -s 240
        10⤵
        
        PID:4488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9585.exe
        9⤵
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8094.exe
        10⤵
        
        PID:3312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58705.exe
        11⤵
        
        PID:4908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35008.exe
        12⤵
        
        PID:6240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9287.exe
        13⤵
        
        PID:9476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29407.exe
        14⤵
        
        PID:12116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9476 -s 216
        14⤵
        
        PID:12732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6240 -s 216
        13⤵
        
        PID:10576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4908 -s 216
        12⤵
        
        PID:7296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3312 -s 236
        11⤵
        
        PID:5936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2624 -s 216
        10⤵
        Program crash
        
        PID:4040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2176 -s 240
        9⤵
        Program crash
        
        PID:1096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4333.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46472.exe
        9⤵
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8094.exe
        10⤵
        
        PID:3320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50958.exe
        11⤵
        
        PID:5168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8283.exe
        12⤵
        
        PID:7680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48599.exe
        13⤵
        
        PID:10552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43264.exe
        14⤵
        
        PID:7720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10552 -s 216
        14⤵
        
        PID:7468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7680 -s 216
        13⤵
        
        PID:3044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5168 -s 216
        12⤵
        
        PID:8856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3320 -s 216
        11⤵
        
        PID:7108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1700 -s 236
        10⤵
        
        PID:4272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37756.exe
        9⤵
        
        PID:3376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55021.exe
        10⤵
        
        PID:4652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12356.exe
        11⤵
        
        PID:7176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33889.exe
        12⤵
        
        PID:9412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11138.exe
        13⤵
        
        PID:12068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9412 -s 216
        13⤵
        
        PID:13244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7176 -s 216
        12⤵
        
        PID:10636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4652 -s 216
        11⤵
        
        PID:8336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3376 -s 216
        10⤵
        
        PID:6228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2840 -s 240
        9⤵
        
        PID:4356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2904 -s 240
        8⤵
        Program crash
        
        PID:1872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51616.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59663.exe
        8⤵
        
        PID:3068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57814.exe
        9⤵
        
        PID:3416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63443.exe
        10⤵
        
        PID:5084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32704.exe
        11⤵
        
        PID:6312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65198.exe
        12⤵
        
        PID:9608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25269.exe
        13⤵
        
        PID:11620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9608 -s 216
        13⤵
        
        PID:12912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5084 -s 216
        11⤵
        
        PID:8032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3416 -s 236
        10⤵
        
        PID:5624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3068 -s 236
        9⤵
        Program crash
        
        PID:3460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2528 -s 216
        8⤵
        Program crash
        
        PID:2908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 756 -s 240
        7⤵
        Program crash
        
        PID:2488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63058.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5944.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59258.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37806.exe
        9⤵
        
        PID:2364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25100.exe
        10⤵
        
        PID:3280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8809.exe
        11⤵
        
        PID:4416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60130.exe
        12⤵
        
        PID:6268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12451.exe
        13⤵
        
        PID:9260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12124.exe
        14⤵
        
        PID:12252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9260 -s 216
        14⤵
        
        PID:13172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6268 -s 216
        13⤵
        
        PID:10528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4416 -s 216
        12⤵
        
        PID:8396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3280 -s 216
        11⤵
        
        PID:5548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2364 -s 236
        10⤵
        
        PID:4944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5214.exe
        9⤵
        
        PID:4004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24461.exe
        10⤵
        
        PID:4476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36425.exe
        11⤵
        
        PID:7056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51190.exe
        12⤵
        
        PID:9972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27148.exe
        13⤵
        
        PID:12156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9972 -s 216
        13⤵
        
        PID:13144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7056 -s 216
        12⤵
        
        PID:11028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4476 -s 216
        11⤵
        
        PID:7532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4004 -s 216
        10⤵
        
        PID:6152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1728 -s 240
        9⤵
        
        PID:4168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18132.exe
        8⤵
        
        PID:496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55256.exe
        9⤵
        
        PID:4052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27710.exe
        10⤵
        
        PID:5412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19929.exe
        11⤵
        
        PID:7960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2185.exe
        12⤵
        
        PID:10736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49062.exe
        13⤵
        
        PID:8144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7960 -s 216
        12⤵
        
        PID:11344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5412 -s 216
        11⤵
        
        PID:9092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4052 -s 216
        10⤵
        
        PID:6440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 496 -s 216
        9⤵
        
        PID:4420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3064 -s 240
        8⤵
        Program crash
        
        PID:796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39584.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5517.exe
        8⤵
        
        PID:896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53502.exe
        9⤵
        
        PID:3148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12800.exe
        10⤵
        
        PID:5348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52248.exe
        11⤵
        
        PID:8040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61656.exe
        12⤵
        
        PID:10964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2747.exe
        13⤵
        
        PID:7816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8040 -s 216
        12⤵
        
        PID:11512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5348 -s 216
        11⤵
        
        PID:9132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3148 -s 216
        10⤵
        
        PID:6432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 896 -s 216
        9⤵
        
        PID:4392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34596.exe
        8⤵
        
        PID:3384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3384 -s 220
        9⤵
        
        PID:4776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1556 -s 220
        8⤵
        
        PID:4784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1440 -s 240
        7⤵
        Program crash
        
        PID:1912
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1200 -s 240
        6⤵
        Program crash
        
        PID:2932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54059.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49867.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22774.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12989.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45154.exe
        9⤵
        
        PID:412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9272.exe
        10⤵
        
        PID:3180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60293.exe
        11⤵
        
        PID:4448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54517.exe
        12⤵
        
        PID:6676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21825.exe
        13⤵
        
        PID:8692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6754.exe
        14⤵
        
        PID:11932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8692 -s 216
        14⤵
        
        PID:11736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6676 -s 216
        13⤵
        
        PID:9848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4448 -s 236
        12⤵
        
        PID:7664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3180 -s 216
        11⤵
        
        PID:5436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 412 -s 236
        10⤵
        Program crash
        
        PID:3592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7004.exe
        9⤵
        
        PID:3220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-970.exe
        10⤵
        
        PID:4332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45098.exe
        11⤵
        
        PID:5292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29505.exe
        12⤵
        
        PID:8364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59136.exe
        13⤵
        
        PID:11904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8364 -s 216
        13⤵
        
        PID:5672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5292 -s 216
        12⤵
        
        PID:9696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4332 -s 236
        11⤵
        
        PID:7748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3220 -s 236
        10⤵
        
        PID:6052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2056 -s 220
        9⤵
        Program crash
        
        PID:3600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43955.exe
        8⤵
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27062.exe
        9⤵
        
        PID:3260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38986.exe
        10⤵
        
        PID:4544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40037.exe
        11⤵
        
        PID:7096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28082.exe
        12⤵
        
        PID:10200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3769.exe
        13⤵
        
        PID:12260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10200 -s 216
        13⤵
        
        PID:13164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7096 -s 216
        12⤵
        
        PID:10316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4544 -s 216
        11⤵
        
        PID:8420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3260 -s 216
        10⤵
        
        PID:6184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 236
        9⤵
        
        PID:4288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1600 -s 240
        8⤵
        Program crash
        
        PID:900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6637.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45154.exe
        8⤵
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36496.exe
        9⤵
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44590.exe
        10⤵
        
        PID:4836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40786.exe
        11⤵
        
        PID:6620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25629.exe
        12⤵
        
        PID:9080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40849.exe
        13⤵
        
        PID:12168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9080 -s 216
        13⤵
        
        PID:12412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6620 -s 216
        12⤵
        
        PID:9600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4836 -s 216
        11⤵
        
        PID:7572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2792 -s 236
        10⤵
        
        PID:5816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1744 -s 236
        9⤵
        Program crash
        
        PID:3736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47741.exe
        8⤵
        
        PID:1792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37652.exe
        9⤵
        
        PID:4632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24725.exe
        10⤵
        
        PID:6844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48649.exe
        11⤵
        
        PID:9320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58955.exe
        12⤵
        
        PID:11844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9320 -s 216
        12⤵
        
        PID:12608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6844 -s 216
        11⤵
        
        PID:10280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4632 -s 236
        10⤵
        
        PID:7868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1792 -s 236
        9⤵
        
        PID:5652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1732 -s 240
        8⤵
        Program crash
        
        PID:3528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1032 -s 240
        7⤵
        Program crash
        
        PID:1800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37910.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41412.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29451.exe
        8⤵
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25334.exe
        9⤵
        
        PID:3516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43822.exe
        10⤵
        
        PID:4768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46136.exe
        11⤵
        
        PID:6496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62909.exe
        12⤵
        
        PID:8696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54772.exe
        13⤵
        
        PID:12220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8696 -s 220
        13⤵
        
        PID:12428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6496 -s 216
        12⤵
        
        PID:9460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4768 -s 216
        11⤵
        
        PID:7444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3516 -s 216
        10⤵
        
        PID:5780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1568 -s 236
        9⤵
        
        PID:3536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5660.exe
        8⤵
        
        PID:3548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46749.exe
        9⤵
        
        PID:4536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63981.exe
        10⤵
        
        PID:7556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55319.exe
        11⤵
        
        PID:10416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8235.exe
        12⤵
        
        PID:7028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10416 -s 216
        12⤵
        
        PID:6584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7556 -s 216
        11⤵
        
        PID:10900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4536 -s 216
        10⤵
        
        PID:8792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3548 -s 216
        9⤵
        
        PID:6744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2064 -s 240
        8⤵
        Program crash
        
        PID:4072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9777.exe
        7⤵
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5214.exe
        8⤵
        
        PID:3344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31505.exe
        9⤵
        
        PID:4300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2389.exe
        10⤵
        
        PID:6216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1762.exe
        11⤵
        
        PID:8948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7792.exe
        12⤵
        
        PID:12132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8948 -s 216
        12⤵
        
        PID:12396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6216 -s 216
        11⤵
        
        PID:10072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4300 -s 216
        10⤵
        
        PID:8100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3344 -s 236
        9⤵
        
        PID:5328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2600 -s 236
        8⤵
        Program crash
        
        PID:3144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2164 -s 240
        7⤵
        Program crash
        
        PID:2428
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 940 -s 240
        6⤵
        Program crash
        
        PID:2768
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2716 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:1840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12997.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12997.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25320.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37465.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25735.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62917.exe
        8⤵
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34192.exe
        9⤵
        
        PID:1300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45734.exe
        10⤵
        
        PID:3412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1174.exe
        11⤵
        
        PID:5128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45052.exe
        12⤵
        
        PID:8680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57356.exe
        13⤵
        
        PID:11712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8680 -s 216
        13⤵
        
        PID:11828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5128 -s 216
        12⤵
        
        PID:10112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3412 -s 216
        11⤵
        
        PID:7320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1300 -s 216
        10⤵
        
        PID:5784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2656 -s 236
        9⤵
        Program crash
        
        PID:3816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50455.exe
        8⤵
        
        PID:1180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27045.exe
        9⤵
        
        PID:4404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11351.exe
        10⤵
        
        PID:6332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14969.exe
        11⤵
        
        PID:8784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5732.exe
        12⤵
        
        PID:11376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8784 -s 216
        12⤵
        
        PID:12568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6332 -s 216
        11⤵
        
        PID:9868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4404 -s 236
        10⤵
        
        PID:7268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1180 -s 216
        9⤵
        
        PID:5368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2332 -s 240
        8⤵
        Program crash
        
        PID:3812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43051.exe
        7⤵
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48691.exe
        8⤵
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64561.exe
        9⤵
        
        PID:4376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4376 -s 200
        10⤵
        
        PID:5696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2228 -s 236
        9⤵
        
        PID:5336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2772 -s 236
        8⤵
        Program crash
        
        PID:4044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 320 -s 240
        7⤵
        Program crash
        
        PID:2944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25412.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-587.exe
        7⤵
        
        PID:1676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2069.exe
        8⤵
        
        PID:1080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4872.exe
        9⤵
        
        PID:4028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63635.exe
        10⤵
        
        PID:5112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43913.exe
        11⤵
        
        PID:6880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46893.exe
        12⤵
        
        PID:9840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23209.exe
        13⤵
        
        PID:11988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9840 -s 236
        13⤵
        
        PID:12888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6880 -s 216
        12⤵
        
        PID:10828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5112 -s 216
        11⤵
        
        PID:7312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4028 -s 216
        10⤵
        
        PID:5540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1080 -s 236
        9⤵
        Program crash
        
        PID:3136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1676 -s 236
        8⤵
        Program crash
        
        PID:3836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39292.exe
        7⤵
        
        PID:3128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62099.exe
        8⤵
        
        PID:4220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34697.exe
        9⤵
        
        PID:6304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38969.exe
        10⤵
        
        PID:10056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2757.exe
        11⤵
        
        PID:11912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10056 -s 216
        11⤵
        
        PID:13032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6304 -s 216
        10⤵
        
        PID:11096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4220 -s 216
        9⤵
        
        PID:1416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3128 -s 236
        8⤵
        
        PID:5236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2780 -s 240
        7⤵
        Program crash
        
        PID:3632
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1864 -s 240
        6⤵
        Program crash
        
        PID:1312
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2676 -s 216
        5⤵
        Program crash
        
        PID:2136
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1228 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:2668
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29265.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29265.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37689.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37689.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32228.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5622.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50810.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19415.exe
        8⤵
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24504.exe
        9⤵
        
        PID:3968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60766.exe
        10⤵
        
        PID:5444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27093.exe
        11⤵
        
        PID:7188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21589.exe
        12⤵
        
        PID:10932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7188 -s 216
        12⤵
        
        PID:11492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5444 -s 216
        11⤵
        
        PID:9192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3968 -s 216
        10⤵
        
        PID:6472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2696 -s 216
        9⤵
        
        PID:4456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5214.exe
        8⤵
        
        PID:3996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43288.exe
        9⤵
        
        PID:4984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56394.exe
        10⤵
        
        PID:7508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10913.exe
        11⤵
        
        PID:10368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29071.exe
        12⤵
        
        PID:6824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10368 -s 236
        12⤵
        
        PID:6508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7508 -s 216
        11⤵
        
        PID:6324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4984 -s 216
        10⤵
        
        PID:8748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3996 -s 216
        9⤵
        
        PID:6868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2548 -s 240
        8⤵
        
        PID:5028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51957.exe
        7⤵
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24312.exe
        8⤵
        
        PID:3912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42977.exe
        9⤵
        
        PID:5384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35829.exe
        10⤵
        
        PID:8156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47961.exe
        11⤵
        
        PID:10848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49675.exe
        12⤵
        
        PID:13196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8156 -s 216
        11⤵
        
        PID:11432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5384 -s 216
        10⤵
        
        PID:9164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3912 -s 216
        9⤵
        
        PID:6448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2588 -s 236
        8⤵
        
        PID:4396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2204 -s 240
        7⤵
        Program crash
        
        PID:3104
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1240 -s 236
        6⤵
        Program crash
        
        PID:2856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48559.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1694.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26202.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52471.exe
        8⤵
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37161.exe
        9⤵
        
        PID:3932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18477.exe
        10⤵
        
        PID:5228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10587.exe
        11⤵
        
        PID:7620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33140.exe
        12⤵
        
        PID:10520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24157.exe
        13⤵
        
        PID:7604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10520 -s 236
        13⤵
        
        PID:7196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7620 -s 216
        12⤵
        
        PID:11080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5228 -s 216
        11⤵
        
        PID:8844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3932 -s 216
        10⤵
        
        PID:7116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18658.exe
        9⤵
        
        PID:4888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31656.exe
        10⤵
        
        PID:6688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19670.exe
        11⤵
        
        PID:10028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27148.exe
        12⤵
        
        PID:12188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10028 -s 216
        12⤵
        
        PID:13128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6688 -s 216
        11⤵
        
        PID:11084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4888 -s 216
        10⤵
        
        PID:8244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1664 -s 240
        9⤵
        
        PID:6372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1608 -s 236
        8⤵
        Program crash
        
        PID:3604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2432 -s 216
        7⤵
        Program crash
        
        PID:2592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54852.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30318.exe
        7⤵
        
        PID:404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35905.exe
        8⤵
        
        PID:4084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41290.exe
        9⤵
        
        PID:4348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25311.exe
        10⤵
        
        PID:5396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20320.exe
        11⤵
        
        PID:8876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40849.exe
        12⤵
        
        PID:12160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8876 -s 216
        12⤵
        
        PID:12404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5396 -s 220
        11⤵
        
        PID:10220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4348 -s 216
        10⤵
        
        PID:7992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4084 -s 216
        9⤵
        
        PID:5152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 404 -s 216
        8⤵
        
        PID:4976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49864.exe
        7⤵
        
        PID:3300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47289.exe
        8⤵
        
        PID:4736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15383.exe
        9⤵
        
        PID:6384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30979.exe
        10⤵
        
        PID:9052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7522.exe
        11⤵
        
        PID:11972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9052 -s 216
        11⤵
        
        PID:5668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6384 -s 216
        10⤵
        
        PID:10052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4736 -s 236
        9⤵
        
        PID:7336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3300 -s 216
        8⤵
        
        PID:5880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 676 -s 240
        7⤵
        
        PID:4992
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1844 -s 240
        6⤵
        Program crash
        
        PID:1140
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1296 -s 240
        5⤵
        Program crash
        
        PID:3024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12362.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12362.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32680.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25270.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31267.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51703.exe
        8⤵
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48219.exe
        9⤵
        
        PID:3856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62006.exe
        10⤵
        
        PID:4176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2258.exe
        11⤵
        
        PID:7360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39302.exe
        12⤵
        
        PID:9444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9464.exe
        13⤵
        
        PID:13200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9444 -s 236
        13⤵
        
        PID:960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7360 -s 216
        12⤵
        
        PID:11012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4176 -s 216
        11⤵
        
        PID:8644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3856 -s 236
        10⤵
        
        PID:6664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2896 -s 236
        9⤵
        
        PID:4936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28545.exe
        8⤵
        
        PID:3884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10470.exe
        9⤵
        
        PID:5312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21802.exe
        10⤵
        
        PID:7396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50760.exe
        11⤵
        
        PID:9436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24338.exe
        12⤵
        
        PID:6300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9436 -s 236
        12⤵
        
        PID:7520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7396 -s 216
        11⤵
        
        PID:11164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5312 -s 216
        10⤵
        
        PID:8652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3884 -s 216
        9⤵
        
        PID:6408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2604 -s 240
        8⤵
        
        PID:4280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65086.exe
        7⤵
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26014.exe
        8⤵
        
        PID:3748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22453.exe
        9⤵
        
        PID:4760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58122.exe
        10⤵
        
        PID:7424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56416.exe
        11⤵
        
        PID:9624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62911.exe
        12⤵
        
        PID:12464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9624 -s 216
        12⤵
        
        PID:12616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7424 -s 216
        11⤵
        
        PID:10744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4760 -s 216
        10⤵
        
        PID:8668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3748 -s 216
        9⤵
        
        PID:6948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2124 -s 236
        8⤵
        
        PID:4608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2816 -s 240
        7⤵
        Program crash
        
        PID:3096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64001.exe
        6⤵
        Executes dropped EXE
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5517.exe
        7⤵
        
        PID:560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4384.exe
        8⤵
        
        PID:3444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1923.exe
        9⤵
        
        PID:4364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6290.exe
        10⤵
        
        PID:7460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40262.exe
        11⤵
        
        PID:9688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31987.exe
        12⤵
        
        PID:5744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9688 -s 216
        12⤵
        
        PID:7640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7460 -s 216
        11⤵
        
        PID:11116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4364 -s 216
        10⤵
        
        PID:8708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3444 -s 216
        9⤵
        
        PID:7000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 560 -s 236
        8⤵
        
        PID:4708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20647.exe
        7⤵
        
        PID:3500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3776.exe
        8⤵
        
        PID:5612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9827.exe
        9⤵
        
        PID:7484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18948.exe
        10⤵
        
        PID:11204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7484 -s 216
        10⤵
        
        PID:11692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5612 -s 216
        9⤵
        
        PID:8916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3500 -s 216
        8⤵
        
        PID:6316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2420 -s 220
        7⤵
        
        PID:4872
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2116 -s 240
        6⤵
        Program crash
        
        PID:1988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38268.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51002.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44023.exe
        7⤵
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24478.exe
        8⤵
        
        PID:3960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30287.exe
        9⤵
        
        PID:5872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-944.exe
        10⤵
        
        PID:8348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59416.exe
        11⤵
        
        PID:11552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8348 -s 236
        11⤵
        
        PID:4644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5872 -s 216
        10⤵
        
        PID:9816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3960 -s 216
        9⤵
        
        PID:6736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1596 -s 216
        8⤵
        
        PID:5372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27466.exe
        7⤵
        
        PID:3164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5467.exe
        8⤵
        
        PID:4856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29982.exe
        9⤵
        
        PID:6988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20907.exe
        10⤵
        
        PID:9424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34809.exe
        11⤵
        
        PID:11940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9424 -s 220
        11⤵
        
        PID:12656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6988 -s 216
        10⤵
        
        PID:10444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4856 -s 216
        9⤵
        
        PID:8168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3164 -s 236
        8⤵
        
        PID:6412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2448 -s 240
        7⤵
        
        PID:4512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43700.exe
        6⤵
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9724.exe
        7⤵
        
        PID:3352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52584.exe
        8⤵
        
        PID:4144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2389.exe
        9⤵
        
        PID:6208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52608.exe
        10⤵
        
        PID:8516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64419.exe
        11⤵
        
        PID:11992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8516 -s 216
        11⤵
        
        PID:11272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6208 -s 216
        10⤵
        
        PID:10208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4144 -s 236
        9⤵
        
        PID:8092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3352 -s 236
        8⤵
        
        PID:5268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-238.exe
        7⤵
        
        PID:4180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49016.exe
        8⤵
        
        PID:6460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43584.exe
        9⤵
        
        PID:8756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14035.exe
        10⤵
        
        PID:12264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8756 -s 220
        10⤵
        
        PID:12512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6460 -s 216
        9⤵
        
        PID:9528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4180 -s 216
        8⤵
        
        PID:7436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2044 -s 240
        7⤵
        
        PID:5248
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1652 -s 240
        6⤵
        Program crash
        
        PID:3664
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2208 -s 240
        5⤵
        Program crash
        
        PID:660
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2580 -s 220
      4⤵
      Loads dropped DLL
      Program crash
      PID:1448
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2324 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2484
- C:\Users\Admin\AppData\Local\Temp\Unicorn-55137.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-55137.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2076
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33864.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33864.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37689.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37689.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8387.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16063.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26010.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38574.exe
        8⤵
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16030.exe
        9⤵
        
        PID:4080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4595.exe
        10⤵
        
        PID:4600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15960.exe
        11⤵
        
        PID:6424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10553.exe
        12⤵
        
        PID:8880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63127.exe
        13⤵
        
        PID:11296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8880 -s 220
        13⤵
        
        PID:12548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6424 -s 216
        12⤵
        
        PID:9548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4600 -s 216
        11⤵
        
        PID:7408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4080 -s 236
        10⤵
        
        PID:5608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-765.exe
        9⤵
        
        PID:4668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34870.exe
        10⤵
        
        PID:5380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15519.exe
        11⤵
        
        PID:8980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36433.exe
        12⤵
        
        PID:12076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8980 -s 220
        12⤵
        
        PID:12368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4668 -s 236
        10⤵
        
        PID:8080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1584 -s 220
        9⤵
        
        PID:5344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8333.exe
        8⤵
        
        PID:3248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25352.exe
        9⤵
        
        PID:5916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59242.exe
        10⤵
        
        PID:8488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58648.exe
        11⤵
        
        PID:11612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8488 -s 216
        11⤵
        
        PID:12128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5916 -s 216
        10⤵
        
        PID:10016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3248 -s 216
        9⤵
        
        PID:7020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1348 -s 240
        8⤵
        
        PID:5504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32413.exe
        7⤵
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4960.exe
        8⤵
        
        PID:3936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50875.exe
        9⤵
        
        PID:4472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51297.exe
        10⤵
        
        PID:6652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48369.exe
        11⤵
        
        PID:9656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8055.exe
        12⤵
        
        PID:11780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9656 -s 216
        12⤵
        
        PID:12920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6652 -s 236
        11⤵
        
        PID:10688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4472 -s 216
        10⤵
        
        PID:8036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3936 -s 216
        9⤵
        
        PID:6068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2732 -s 216
        8⤵
        
        PID:4208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2376 -s 240
        7⤵
        Program crash
        
        PID:2384
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2860 -s 236
        6⤵
        Program crash
        
        PID:536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28273.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58134.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18522.exe
        7⤵
        
        PID:2440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51511.exe
        8⤵
        
        PID:944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25822.exe
        9⤵
        
        PID:3688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7185.exe
        10⤵
        
        PID:5100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27861.exe
        11⤵
        
        PID:7220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59108.exe
        12⤵
        
        PID:11156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7220 -s 236
        12⤵
        
        PID:11724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5100 -s 216
        11⤵
        
        PID:8208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3688 -s 216
        10⤵
        
        PID:6956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49838.exe
        8⤵
        
        PID:3824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30912.exe
        9⤵
        
        PID:5572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60917.exe
        10⤵
        
        PID:7288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6534.exe
        11⤵
        
        PID:11060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7288 -s 216
        11⤵
        
        PID:11576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5572 -s 216
        10⤵
        
        PID:8304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3824 -s 216
        9⤵
        
        PID:6644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2440 -s 240
        8⤵
        
        PID:4688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64894.exe
        7⤵
        
        PID:1420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58302.exe
        8⤵
        
        PID:3624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49827.exe
        9⤵
        
        PID:5684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29091.exe
        10⤵
        
        PID:8048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-206.exe
        11⤵
        
        PID:10860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8048 -s 216
        11⤵
        
        PID:12108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5684 -s 236
        10⤵
        
        PID:6008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3624 -s 216
        9⤵
        
        PID:6832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1420 -s 216
        8⤵
        
        PID:4564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2608 -s 240
        7⤵
        Program crash
        
        PID:3208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64193.exe
        6⤵
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10966.exe
        7⤵
        
        PID:480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56574.exe
        8⤵
        
        PID:3872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39791.exe
        9⤵
        
        PID:5820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55604.exe
        10⤵
        
        PID:8212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47306.exe
        11⤵
        
        PID:11276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8212 -s 216
        11⤵
        
        PID:12240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5820 -s 216
        10⤵
        
        PID:9644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3872 -s 216
        9⤵
        
        PID:6192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 480 -s 216
        8⤵
        
        PID:5284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4612.exe
        7⤵
        
        PID:3980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15322.exe
        8⤵
        
        PID:4660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14453.exe
        9⤵
        
        PID:7860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27437.exe
        10⤵
        
        PID:10664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29692.exe
        11⤵
        
        PID:9512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7860 -s 236
        10⤵
        
        PID:11316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4660 -s 216
        9⤵
        
        PID:9020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3980 -s 216
        8⤵
        
        PID:6888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2708 -s 240
        7⤵
        
        PID:4236
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1980 -s 240
        6⤵
        Program crash
        
        PID:2920
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2080 -s 240
        5⤵
        Program crash
        
        PID:544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51044.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51044.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18155.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53718.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59450.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6285.exe
        8⤵
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24312.exe
        9⤵
        
        PID:3920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16797.exe
        10⤵
        
        PID:5716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10969.exe
        11⤵
        
        PID:7200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17026.exe
        12⤵
        
        PID:11056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7200 -s 236
        12⤵
        
        PID:11720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5716 -s 236
        11⤵
        
        PID:9328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3920 -s 216
        10⤵
        
        PID:6864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2964 -s 216
        9⤵
        
        PID:4880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5214.exe
        8⤵
        
        PID:4012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30195.exe
        9⤵
        
        PID:5040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59893.exe
        10⤵
        
        PID:6804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63898.exe
        11⤵
        
        PID:9700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25077.exe
        12⤵
        
        PID:11548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9700 -s 216
        12⤵
        
        PID:12900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6804 -s 216
        11⤵
        
        PID:10704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5040 -s 216
        10⤵
        
        PID:7804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4012 -s 236
        9⤵
        
        PID:5580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1452 -s 240
        8⤵
        Program crash
        
        PID:4060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40986.exe
        7⤵
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8032.exe
        8⤵
        
        PID:3540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5286.exe
        9⤵
        
        PID:5184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16182.exe
        10⤵
        
        PID:7768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9310.exe
        11⤵
        
        PID:10764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18852.exe
        12⤵
        
        PID:12460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7768 -s 216
        11⤵
        
        PID:11368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5184 -s 216
        10⤵
        
        PID:9012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3540 -s 216
        9⤵
        
        PID:7100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2688 -s 236
        8⤵
        
        PID:5080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2800 -s 240
        7⤵
        Program crash
        
        PID:1888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22371.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63566.exe
        7⤵
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22968.exe
        8⤵
        
        PID:3200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35442.exe
        9⤵
        
        PID:5036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49134.exe
        10⤵
        
        PID:7280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-962.exe
        11⤵
        
        PID:9512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17553.exe
        12⤵
        
        PID:12256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7280 -s 216
        11⤵
        
        PID:10660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5036 -s 216
        10⤵
        
        PID:8568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3200 -s 236
        9⤵
        
        PID:6912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3048 -s 236
        8⤵
        
        PID:4316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50056.exe
        7⤵
        
        PID:3428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40647.exe
        8⤵
        
        PID:5140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56788.exe
        9⤵
        
        PID:7204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50910.exe
        10⤵
        
        PID:9372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41315.exe
        11⤵
        
        PID:11864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9372 -s 216
        11⤵
        
        PID:13188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7204 -s 216
        10⤵
        
        PID:10440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5140 -s 216
        9⤵
        
        PID:8380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3428 -s 216
        8⤵
        
        PID:7072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1572 -s 240
        7⤵
        
        PID:5056
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2004 -s 240
        6⤵
        Program crash
        
        PID:1992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49312.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26202.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53815.exe
        7⤵
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22869.exe
        8⤵
        
        PID:3692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45926.exe
        9⤵
        
        PID:3468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31569.exe
        10⤵
        
        PID:5456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36635.exe
        11⤵
        
        PID:8868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43407.exe
        12⤵
        
        PID:11808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8868 -s 236
        12⤵
        
        PID:12088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5456 -s 216
        11⤵
        
        PID:10236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3468 -s 216
        10⤵
        
        PID:7384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3692 -s 236
        9⤵
        
        PID:5852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25842.exe
        8⤵
        
        PID:3952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17008.exe
        9⤵
        
        PID:5736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58866.exe
        10⤵
        
        PID:8972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33018.exe
        11⤵
        
        PID:11848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8972 -s 216
        11⤵
        
        PID:1680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5736 -s 216
        10⤵
        
        PID:9308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3952 -s 236
        9⤵
        
        PID:7544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2968 -s 240
        8⤵
        
        PID:5948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6210.exe
        7⤵
        
        PID:3708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36585.exe
        8⤵
        
        PID:3832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63008.exe
        9⤵
        
        PID:5528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35829.exe
        10⤵
        
        PID:8180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59544.exe
        11⤵
        
        PID:11000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8180 -s 236
        11⤵
        
        PID:11520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5528 -s 216
        10⤵
        
        PID:9172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3832 -s 216
        9⤵
        
        PID:6528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3708 -s 216
        8⤵
        
        PID:944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1152 -s 240
        7⤵
        Program crash
        
        PID:3480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53493.exe
        6⤵
        
        PID:1904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36242.exe
        7⤵
        
        PID:3800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56951.exe
        8⤵
        
        PID:4716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49234.exe
        9⤵
        
        PID:6552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-107.exe
        10⤵
        
        PID:9240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61259.exe
        11⤵
        
        PID:11740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9240 -s 216
        11⤵
        
        PID:12600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6552 -s 216
        10⤵
        
        PID:9992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4716 -s 216
        9⤵
        
        PID:7476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3800 -s 216
        8⤵
        
        PID:5488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1904 -s 236
        7⤵
        
        PID:4788
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 240
        6⤵
        Program crash
        
        PID:2112
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1404 -s 240
        5⤵
        Program crash
        
        PID:928
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2556 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1808
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15877.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15877.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32228.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32228.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5622.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42237.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31778.exe
        7⤵
        
        PID:3756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20358.exe
        8⤵
        
        PID:3216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21260.exe
        9⤵
        
        PID:5760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24893.exe
        10⤵
        
        PID:7228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46740.exe
        11⤵
        
        PID:11212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7228 -s 216
        11⤵
        
        PID:11924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5760 -s 236
        10⤵
        
        PID:9360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3216 -s 216
        9⤵
        
        PID:6972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3756 -s 236
        8⤵
        
        PID:4800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1224 -s 236
        7⤵
        Program crash
        
        PID:3672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57214.exe
        6⤵
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16818.exe
        7⤵
        
        PID:3472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27885.exe
        8⤵
        
        PID:5408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12483.exe
        9⤵
        
        PID:8484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7522.exe
        10⤵
        
        PID:11964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8484 -s 216
        10⤵
        
        PID:12296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5408 -s 216
        9⤵
        
        PID:9716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3472 -s 236
        8⤵
        
        PID:7756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2796 -s 216
        7⤵
        
        PID:6060
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2524 -s 240
        6⤵
        Program crash
        
        PID:3404
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1620 -s 236
        5⤵
        Program crash
        
        PID:1852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48559.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48559.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2462.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-732.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30318.exe
        7⤵
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13756.exe
        8⤵
        
        PID:3424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20104.exe
        9⤵
        
        PID:4196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-85.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-85.exe
        10⤵
        
        PID:6280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17824.exe
        11⤵
        
        PID:8992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38545.exe
        12⤵
        
        PID:12048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8992 -s 216
        12⤵
        
        PID:12324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6280 -s 220
        11⤵
        
        PID:10168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4196 -s 216
        10⤵
        
        PID:8188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3424 -s 236
        9⤵
        
        PID:5240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-430.exe
        8⤵
        
        PID:4244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59789.exe
        9⤵
        
        PID:5752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22504.exe
        10⤵
        
        PID:9532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59033.exe
        11⤵
        
        PID:12060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9532 -s 216
        11⤵
        
        PID:12696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5752 -s 216
        10⤵
        
        PID:10588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4244 -s 236
        9⤵
        
        PID:7912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2972 -s 240
        8⤵
        
        PID:6132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45313.exe
        7⤵
        
        PID:3532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52151.exe
        8⤵
        
        PID:4528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38020.exe
        9⤵
        
        PID:6772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50953.exe
        10⤵
        
        PID:9276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4004.exe
        11⤵
        
        PID:11572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9276 -s 216
        11⤵
        
        PID:12576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6772 -s 216
        10⤵
        
        PID:10252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4528 -s 216
        9⤵
        
        PID:7784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3532 -s 236
        8⤵
        
        PID:5524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2888 -s 220
        7⤵
        Program crash
        
        PID:3772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8698.exe
        6⤵
        
        PID:1412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40965.exe
        7⤵
        
        PID:3172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62321.exe
        8⤵
        
        PID:5568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39541.exe
        9⤵
        
        PID:9040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33018.exe
        10⤵
        
        PID:11856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9040 -s 236
        10⤵
        
        PID:11544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3172 -s 236
        8⤵
        
        PID:7492
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1896 -s 240
        6⤵
        Program crash
        
        PID:3900
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1976 -s 236
        5⤵
        Program crash
        
        PID:2264
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1768 -s 240
      4⤵
      Program crash
      PID:892
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2076 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2508
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2152 -s 240
  2⤵
  - Program crash
  PID:2640

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-12356.exe

Filesize
184KB

MD5
816b0044fe7073087933d3b29ec37489

SHA1
fa3279bec0fececd0e83d7f15825c724c483c686

SHA256
84e45852cabdc157f3f02cfbffc5b6b6b99f78ee34daa5c64338ae9d01913cbc

SHA512
078738e6677ccfe335f06b2f32238107e4e983e2311c2703af69ef188d0a18f42052adde8c907df1d0da108d462ae529a0d2b8e047b0f29055823d7636c65554

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15877.exe

Filesize
184KB

MD5
db1765c385299d920f91e88439e519a1

SHA1
31bffc0df73750280e6f18954947167da6356563

SHA256
22399da89ff789806726a735e3570bb71a843a22eb0b3d30c81b5fa1ad5ceea2

SHA512
00719d58398a927edb24699986c4a217e0d4f45c513c835a9999fd081bb0e0512258f809f2a24acae3b009701c3ba36c840a92e1a98d2da426d70b3132b414ef

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18852.exe

Filesize
184KB

MD5
651d2ec680563762c2e1a732e28fa533

SHA1
a035f68c38ae06547319ea105f6094ed1dcea509

SHA256
27f156fa9be77eaa7f1750bcd4184074409a768a67041454613afdb3a30fe592

SHA512
b8bfaf22296402f52181bae5d354d7ad1d750be198a591e96bdee788ccd3ebbf14747807dbfc7d75fe72457dc89cb36c86243ba31f8d34074f3e1d5110ef355f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25334.exe

Filesize
184KB

MD5
58762399e9bfc1e5659efc63d33df00d

SHA1
52716cd2dffbdbf7f35d9ff5a358a7bbca6e7d18

SHA256
e46f1cbfe021ed62940d574b01fd92bc934857f1541c8d677a96186cdc039881

SHA512
d255a242eab86d1e355456f8f2e38aaf0744967a5e9ba0519d23a9c36b9c1489d15566205345707f7f67fbcd20426285d2dd2731f32712dbc420779ec18069ec

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33864.exe

Filesize
184KB

MD5
c3f0f2f13d3c2afdbbd950d284c0f3e2

SHA1
119be977dfb249d661c0a03b62fcc755e266fd60

SHA256
205ced2f15153d659d91971ef1f852655ebea3b0a2bc8692a2f60cbd7cefcbb5

SHA512
ecfd51356b1f38b7194a32ee695c313902131a97d5d203332f5cb621a64bd1cba1e31656944814e987d3cc198ec9571daaf6a7ed55bed04809c0c81b84493acb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37689.exe

Filesize
184KB

MD5
2616f5c0c64335b62ddabe446bf4b32d

SHA1
2bb87c8bbd0aad253bd5388b4b44d2743cac3d8e

SHA256
41d1ca5b2cd3e425d98c8702cc657e94dc5f903743c809f5df162ebbd1b7fc84

SHA512
1706eb9d8b26baeede7b45d7d36a45423bce74d73bb44a9d40cfc26427259b06a4ec4f53ca41fbba624b4ede6937ae7c4142b723a917c4861097700390d05153

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38463.exe

Filesize
184KB

MD5
8d294861189d593bde3362f0e9cd8cb5

SHA1
11046b18708fe11e0fb8bab626c740d2681f87ac

SHA256
caa9b73b66137ee013f788ca171a95ea2b933e24c6e0ce0449e853f8f35f9c91

SHA512
f960ec842908ab8da0edabc36d1289cdfe3dcb53ddfeceb65fc4a109cb2f5ec3ac171ef24757d3baf311fe02200403d76dc7a6760cdc1c23b4dcfc7f6234ab3f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52214.exe

Filesize
184KB

MD5
e773c58054a479f04e0e553fc4e52ac9

SHA1
ba75c143def7b9ef70150911c041deec9310c18c

SHA256
27e0f038a52c32d055179df2e021807561674fa418ce3393516bca36bc1fa534

SHA512
fc7a1912e3c2ed6fdca0102287fc95d5d56809b7de0f95afc2b32fbde4b74eb2a6fd97706d3aa339641d5945c4fbbe34c3e1e024038c2aea35cf684d48f5933a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52471.exe

Filesize
184KB

MD5
31e23d1ac3c4cf0d7f4342333dc6861b

SHA1
29fbcc4c0def21fa426a4e2c1af75b3d9db87c06

SHA256
4b96c8b568ff3aa7797f957c9fbe55fde090d4a03c79c88e55a23563bb795c26

SHA512
21f171e080a6b795716aee8d055d8d9fc1ad19415695058bcc6f99dff518a85d384cf0c2b3c06f274b745feb05964099cc7039b67024860f75841fd62b41c5a4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53502.exe

Filesize
184KB

MD5
b1a96ec5a69c0c8ce10ac80234c5490a

SHA1
7f0d4396e3ebb4a7b307a70a06eaa2a68021e23c

SHA256
ea9dfd6a7fcaef517b4dcec10355182be1b8ded53a5ab923753d84575c4738f9

SHA512
e8f95795140a52b1a9504c54620d8241e38f0df83cfca5b87e3e0b170bb3e5fa0bc88b75580b6e61710af6acc0787b05725ee2f14b1fa65e5dc27c32a7e2a5f3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54059.exe

Filesize
184KB

MD5
1f7ecb2eed8b19408b3061f1d09ea551

SHA1
8b8ad7c732403ec69c2ced4133f52da55a8b347c

SHA256
f40e55019bdf1136ccb3167344fc3ae687b68d1064f3db4a360c0c4f581cd473

SHA512
77991c064e03108dcf76a640a86fdb6486163350736e64875198c73e01192a4e12db1a575e250312fdb81f598f4945779659d50a3a63f3f7941054446c5d8e1a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56394.exe

Filesize
184KB

MD5
98afc942bf542d260e0a14eaa9a12188

SHA1
16f04bdb7b5028009e7c8c0c404431fc457ae37b

SHA256
3e8b06ce46cba3727cf11c77c93d9dc3a77479e97888ff4b347369e08efae707

SHA512
2e6e724821184900cc90678dea0f85589f812e8a0f22afd09ec02a2cfb18770277f6c8355edc221880ea0e692896eed4e30492d0700cd4c41dd0a3c33c204016

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56416.exe

Filesize
184KB

MD5
95a6ba3da8f04edcdcbc1515b43ab45b

SHA1
72c2f50b289202c6ed158722eb1a674c3f69f30e

SHA256
18a6d2390cff6b90d5b95c63a0b2eb4f245053a7f9b653534478009ea6746fdf

SHA512
cf5fd487587935964cd70601030817a151132d436b35e1a946fa5df9d92988c1d209671b4a158c7076d71a886322e976c15541efa3254633ad66d6938a328f15

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5732.exe

Filesize
184KB

MD5
8760a462379ef8856d3aebb743bcbfd1

SHA1
aa19da53abdcc3b804f0671dc31286b7c828a5f4

SHA256
278f8aefc75901346396e33eb520480d405cc9555744dbb72efc42a08bce848b

SHA512
854714a852d1d45e95733f778a937c9f53ec230d0f5a5d76ea247e88cfce9daec57986eb3963a4623f066ff02d11bab1b19278a93ae4a3ff481d7bcd1121e693

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5752.exe

Filesize
184KB

MD5
0326d42ea309292554f243652c6e166e

SHA1
33d18180630a6875b066bf38453e634f5456702a

SHA256
5f9eb19ff547870386b612d3841f4012879015f7561e11fa311456313c279ab5

SHA512
50deb031bd25df9b6a8ede97b39c388598026be89f420d1b128026a9b1b175aaeda5aae124ac69e795c4040f7e1c8a408dc24a74d2083a93c4e6dd5600d36c91

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5944.exe

Filesize
184KB

MD5
1cd6645b5b6a0c5a1d3c9c6a34c9e5fb

SHA1
a3dcb7ad36324784b01b684712561201d2e69ff8

SHA256
c886bf1721080408674183e925ddfbb0c2aeb26be0264951cbdf545afa17af8f

SHA512
61aaa3b9811bcda0468c4d4785bfb49ee12451f4d18ea79c66cb0c51e2de46eb0ba7e5de74ea02a72a02ad2b5491fc136458d83f9e1c2a0a9a7ed278baa3dda6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8387.exe

Filesize
184KB

MD5
58813610bad1d7039c4c2d4c26a4e259

SHA1
d457de4439ffdfdde9fd6719299fb94407007793

SHA256
f5239ec3d2ab7fdb4574e5ad0727f5a435d26c881ceabd6c9555dd666ce6dc72

SHA512
4625b82b44261c7bcecabcb0b19f7eed45ce900921176ff906859c92984db2fc3fc1cd503b876609b0f9e962e08a7ed36cb21f0ef276a95b596e4a75440a1f9c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-12997.exe

Filesize
184KB

MD5
bd90496088acfc665167d8e1ae44e47a

SHA1
d50ff3142496b0403d9a671543f854ef381671e5

SHA256
2b611bc9afe77380abd9ce6fb11b62a2c8ad121049bab65471f40c827bf936af

SHA512
5f88174e48f782872167bdd1669685eab8d524a7af9245684e0afae1a242b0d0bcaf3cda6025937fd9290661a79aa05fb2cd835f8694d36120dee6b65c591bcf

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-29265.exe

Filesize
184KB

MD5
f43e4d8bab28ed8c20082a95ba41f356

SHA1
aa7f8652a508a7bdf3475c8104c769657ee95761

SHA256
9e839066c7be26370ac557b8f765734faa9ce68292129c17f686fb8e643aa6bf

SHA512
440b0c0bb7b78b16350979ec687c708e6cdc3f5cb5b2207ed2bf207ecb2f864b85606892e49ace140ec7bc4ca6f5b2b6287d50b326b122b927a3eee934175fde

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-33672.exe

Filesize
184KB

MD5
21d01d67d953d0ad9aadf9d8832a6565

SHA1
3901d82a4f1101ff5ea3856c77422c261d554d54

SHA256
fb2da1dfeefe38ea508a3172ab855932d02b26dc16d50821fb9ee59a7cba9541

SHA512
186f222e922e04a3675f319ac719e5656c2bbc840e59d0bc722ed444a04cb968781889ef36da4911edcfc1ea4b2f352d7a13b1f382917e56955331e719af03d9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-37853.exe

Filesize
184KB

MD5
c01194fb0959ed9fa30ec668642ccaff

SHA1
1b1c7f2a0f739006edcbcdc9285bf3eb9f1c5bc5

SHA256
ebb95e8cad9e14dddf6bb59696ecb5269c1b6414e0d1c85e10e089e492e16266

SHA512
4aebca241778f2e48b72e4fdad3cc4043d74626a9c24996f43409d9d3cb9f74e98df55fc3bf987affd6f741a2e0283cfba0df973d9da1579303054577099d281

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-4955.exe

Filesize
184KB

MD5
69147dd1b73d4d365a5231025aad3696

SHA1
676fea9cb78d3071bce08300f969134527ebc839

SHA256
b557ff5850b680b2a10f4a832658eea64fb8b466ff3c4777eeec9f8314fbd9b9

SHA512
0ee691dd862d0db9e855f39739af847a47f1faf0a432b3ca92aa0c1854f9f570e4802be5796a4267c226d41fb7b5f82c2c27fd1634e55a1f466aef1b01dd7801

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55137.exe

Filesize
184KB

MD5
ce562d5075eabfcbce7a1586e69bf848

SHA1
af53ac5230afb350fe2040596c629f6a3a34482d

SHA256
ab4bec07329244bd1a8f5d64ec4242aac043413914d0e820d163115bd4a98e0b

SHA512
cf1720d5641aa2670657d76ecc400e500ff05ed1c17a1a06bb5ac22ce18d100c78361934328025bc46b7105531ca1b0ef8c43ba3962dd052496f69a50482ee98

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9465.exe

Filesize
184KB

MD5
690d36406ae88b1a4bbe10b77b779145

SHA1
e70748c04f66a3728b1fa3a4902765f98ecbe1b7

SHA256
ddb3f4b0f0b13117e16a316c983183f38647f1e6a0596a9da6f2c9b79eda4dc7

SHA512
13d8e7e79e0be02a64f70793f0b483ae44ce9a3e65781070b58c2cf706f48bb67ea84440c3a18456a182e1e84890346c94641a76572178b03f8c3c8375bb0858

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads