d7398bfdaaf374686d8857a3d3f9e08d30cc3da34d6091a49f7f0f3c19092c93

Analysis

max time kernel
150s
max time network
120s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
29/05/2024, 02:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d7398bfdaaf374686d8857a3d3f9e08d30cc3da34d6091a49f7f0f3c19092c93.exe
Size

184KB
MD5

14923ffad8694cecbd76e44ad680a706
SHA1

0db3e5dd8cd5b3d1d5c5eabebf885a8a4f25820e
SHA256

d7398bfdaaf374686d8857a3d3f9e08d30cc3da34d6091a49f7f0f3c19092c93
SHA512

7c8590f45265d0396783c8a137a6610696dd5eb17995458f75a85966a3a28fcdbf9965da35a309d0a3a54eb5408df3f265750b7659226ac33793987dc4af6649
SSDEEP

3072:lEm/XaolwfaSdXxTeW4LyxiEIK4uuPi6FHL/65vIBOhhlnVOFT:lEvoT+XxqLqiEIPp2JhlnVOF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2488	Unicorn-31923.exe
2632	Unicorn-30282.exe
2616	Unicorn-50148.exe
1680	Unicorn-14232.exe
2448	Unicorn-28108.exe
2508	Unicorn-47974.exe
648	Unicorn-29059.exe
1504	Unicorn-9193.exe
2144	Unicorn-25529.exe
2184	Unicorn-45395.exe
2464	Unicorn-14253.exe
2964	Unicorn-1939.exe
1224	Unicorn-1747.exe
324	Unicorn-14362.exe
380	Unicorn-14362.exe
568	Unicorn-17892.exe
920	Unicorn-52344.exe
2092	Unicorn-20527.exe
2988	Unicorn-7720.exe
852	Unicorn-27551.exe
780	Unicorn-47417.exe
1564	Unicorn-11215.exe
784	Unicorn-47033.exe
1016	Unicorn-63369.exe
576	Unicorn-14360.exe
1720	Unicorn-10831.exe
1980	Unicorn-10800.exe
1012	Unicorn-30666.exe
2008	Unicorn-297.exe
2524	Unicorn-49114.exe
2352	Unicorn-16058.exe
2520	Unicorn-64874.exe
2712	Unicorn-61345.exe
2628	Unicorn-45523.exe
1736	Unicorn-28672.exe
2560	Unicorn-32010.exe
1052	Unicorn-41801.exe
2796	Unicorn-61667.exe
2668	Unicorn-61667.exe
2292	Unicorn-60961.exe
1896	Unicorn-60961.exe
2312	Unicorn-61143.exe
1692	Unicorn-28087.exe
1764	Unicorn-41085.exe
1332	Unicorn-47822.exe
700	Unicorn-34631.exe
108	Unicorn-17911.exe
1428	Unicorn-63582.exe
1688	Unicorn-14573.exe
2860	Unicorn-47931.exe
1708	Unicorn-998.exe
1264	Unicorn-13997.exe
300	Unicorn-36551.exe
716	Unicorn-4563.exe
2676	Unicorn-842.exe
1448	Unicorn-36167.exe
1964	Unicorn-36167.exe
2756	Unicorn-20516.exe
2228	Unicorn-16986.exe
2184	Unicorn-36852.exe
2536	Unicorn-49851.exe
2544	Unicorn-4179.exe
2600	Unicorn-20324.exe
3016	Unicorn-50744.exe

Loads dropped DLL 64 IoCs

pid	Process
2172	d7398bfdaaf374686d8857a3d3f9e08d30cc3da34d6091a49f7f0f3c19092c93.exe
2172	d7398bfdaaf374686d8857a3d3f9e08d30cc3da34d6091a49f7f0f3c19092c93.exe
2172	d7398bfdaaf374686d8857a3d3f9e08d30cc3da34d6091a49f7f0f3c19092c93.exe
2488	Unicorn-31923.exe
2172	d7398bfdaaf374686d8857a3d3f9e08d30cc3da34d6091a49f7f0f3c19092c93.exe
2488	Unicorn-31923.exe
2616	Unicorn-50148.exe
2488	Unicorn-31923.exe
2632	Unicorn-30282.exe
2616	Unicorn-50148.exe
2488	Unicorn-31923.exe
2632	Unicorn-30282.exe
1808	WerFault.exe
1808	WerFault.exe
1808	WerFault.exe
1808	WerFault.exe
1808	WerFault.exe
2616	Unicorn-50148.exe
1680	Unicorn-14232.exe
1680	Unicorn-14232.exe
2616	Unicorn-50148.exe
2632	Unicorn-30282.exe
2632	Unicorn-30282.exe
2448	Unicorn-28108.exe
2448	Unicorn-28108.exe
1576	WerFault.exe
1576	WerFault.exe
1576	WerFault.exe
1576	WerFault.exe
1560	WerFault.exe
1560	WerFault.exe
1560	WerFault.exe
1560	WerFault.exe
1560	WerFault.exe
1576	WerFault.exe
2508	Unicorn-47974.exe
2508	Unicorn-47974.exe
1504	Unicorn-9193.exe
1504	Unicorn-9193.exe
2144	Unicorn-25529.exe
2144	Unicorn-25529.exe
2448	Unicorn-28108.exe
1680	Unicorn-14232.exe
1680	Unicorn-14232.exe
2448	Unicorn-28108.exe
2184	Unicorn-45395.exe
2184	Unicorn-45395.exe
1592	WerFault.exe
1592	WerFault.exe
1592	WerFault.exe
1592	WerFault.exe
1592	WerFault.exe
632	WerFault.exe
632	WerFault.exe
632	WerFault.exe
632	WerFault.exe
632	WerFault.exe
2384	WerFault.exe
2384	WerFault.exe
2384	WerFault.exe
2384	WerFault.exe
2384	WerFault.exe
2464	Unicorn-14253.exe
2464	Unicorn-14253.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2556	2172	WerFault.exe	27
1808	2488	WerFault.exe	28
1560	2616	WerFault.exe	29
1576	2632	WerFault.exe	30
1592	1680	WerFault.exe	32
632	2448	WerFault.exe	33
2384	2508	WerFault.exe	34
1916	1504	WerFault.exe	37
2824	2144	WerFault.exe	38
2776	648	WerFault.exe	36
2328	2464	WerFault.exe	42
1524	1224	WerFault.exe	44
2196	2964	WerFault.exe	43
1208	2008	WerFault.exe	66
3056	324	WerFault.exe	46
2240	380	WerFault.exe	45
2732	568	WerFault.exe	47
2440	920	WerFault.exe	51
2468	2092	WerFault.exe	52
2140	1764	WerFault.exe	84
1596	1564	WerFault.exe	56
1280	852	WerFault.exe	54
2692	780	WerFault.exe	55
604	2988	WerFault.exe	53
2956	784	WerFault.exe	57
2968	576	WerFault.exe	59
2840	1720	WerFault.exe	60
1124	1016	WerFault.exe	58
1748	1980	WerFault.exe	61
2852	1012	WerFault.exe	62
312	2524	WerFault.exe	67
1528	2352	WerFault.exe	68
2868	2520	WerFault.exe	69
2304	2712	WerFault.exe	70
2200	2628	WerFault.exe	71
2764	1736	WerFault.exe	72
320	1896	WerFault.exe	77
2936	2560	WerFault.exe	73
2880	2796	WerFault.exe	75
2832	2668	WerFault.exe	76
2336	2292	WerFault.exe	78
2188	1052	WerFault.exe	74
4052	1556	WerFault.exe	144
3648	2312	WerFault.exe	80
3704	1692	WerFault.exe	81
3224	1708	WerFault.exe	95
3364	108	WerFault.exe	91
3384	1688	WerFault.exe	93
3664	2756	WerFault.exe	102
3712	2600	WerFault.exe	107
3752	1332	WerFault.exe	86
3728	2676	WerFault.exe	99
3904	1428	WerFault.exe	92
3336	2184	WerFault.exe	104
3448	2860	WerFault.exe	94
3520	700	WerFault.exe	90
3640	300	WerFault.exe	97
3884	1664	WerFault.exe	111
3920	3016	WerFault.exe	109
3184	1924	WerFault.exe	112
3276	776	WerFault.exe	113
3676	1448	WerFault.exe	101
4304	3048	WerFault.exe	117
4592	1264	WerFault.exe	96

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2172	d7398bfdaaf374686d8857a3d3f9e08d30cc3da34d6091a49f7f0f3c19092c93.exe
2488	Unicorn-31923.exe
2632	Unicorn-30282.exe
2616	Unicorn-50148.exe
1680	Unicorn-14232.exe
2448	Unicorn-28108.exe
2508	Unicorn-47974.exe
1504	Unicorn-9193.exe
648	Unicorn-29059.exe
2184	Unicorn-45395.exe
2144	Unicorn-25529.exe
2464	Unicorn-14253.exe
2964	Unicorn-1939.exe
1224	Unicorn-1747.exe
380	Unicorn-14362.exe
324	Unicorn-14362.exe
568	Unicorn-17892.exe
920	Unicorn-52344.exe
2092	Unicorn-20527.exe
2988	Unicorn-7720.exe
780	Unicorn-47417.exe
852	Unicorn-27551.exe
1564	Unicorn-11215.exe
784	Unicorn-47033.exe
1016	Unicorn-63369.exe
576	Unicorn-14360.exe
1720	Unicorn-10831.exe
1012	Unicorn-30666.exe
1980	Unicorn-10800.exe
2008	Unicorn-297.exe
2524	Unicorn-49114.exe
2352	Unicorn-16058.exe
2520	Unicorn-64874.exe
2712	Unicorn-61345.exe
1736	Unicorn-28672.exe
2628	Unicorn-45523.exe
2560	Unicorn-32010.exe
1052	Unicorn-41801.exe
2668	Unicorn-61667.exe
1896	Unicorn-60961.exe
2796	Unicorn-61667.exe
2292	Unicorn-60961.exe
2312	Unicorn-61143.exe
1692	Unicorn-28087.exe
1764	Unicorn-41085.exe
1332	Unicorn-47822.exe
700	Unicorn-34631.exe
108	Unicorn-17911.exe
1428	Unicorn-63582.exe
1688	Unicorn-14573.exe
2860	Unicorn-47931.exe
1708	Unicorn-998.exe
1264	Unicorn-13997.exe
300	Unicorn-36551.exe
716	Unicorn-4563.exe
2676	Unicorn-842.exe
1448	Unicorn-36167.exe
1964	Unicorn-36167.exe
2228	Unicorn-16986.exe
2544	Unicorn-4179.exe
2756	Unicorn-20516.exe
2184	Unicorn-36852.exe
2536	Unicorn-49851.exe
2600	Unicorn-20324.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2172 wrote to memory of 2488	2172	d7398bfdaaf374686d8857a3d3f9e08d30cc3da34d6091a49f7f0f3c19092c93.exe	28
PID 2172 wrote to memory of 2488	2172	d7398bfdaaf374686d8857a3d3f9e08d30cc3da34d6091a49f7f0f3c19092c93.exe	28
PID 2172 wrote to memory of 2488	2172	d7398bfdaaf374686d8857a3d3f9e08d30cc3da34d6091a49f7f0f3c19092c93.exe	28
PID 2172 wrote to memory of 2488	2172	d7398bfdaaf374686d8857a3d3f9e08d30cc3da34d6091a49f7f0f3c19092c93.exe	28
PID 2172 wrote to memory of 2632	2172	d7398bfdaaf374686d8857a3d3f9e08d30cc3da34d6091a49f7f0f3c19092c93.exe	30
PID 2172 wrote to memory of 2632	2172	d7398bfdaaf374686d8857a3d3f9e08d30cc3da34d6091a49f7f0f3c19092c93.exe	30
PID 2172 wrote to memory of 2632	2172	d7398bfdaaf374686d8857a3d3f9e08d30cc3da34d6091a49f7f0f3c19092c93.exe	30
PID 2172 wrote to memory of 2632	2172	d7398bfdaaf374686d8857a3d3f9e08d30cc3da34d6091a49f7f0f3c19092c93.exe	30
PID 2488 wrote to memory of 2616	2488	Unicorn-31923.exe	29
PID 2488 wrote to memory of 2616	2488	Unicorn-31923.exe	29
PID 2488 wrote to memory of 2616	2488	Unicorn-31923.exe	29
PID 2488 wrote to memory of 2616	2488	Unicorn-31923.exe	29
PID 2172 wrote to memory of 2556	2172	d7398bfdaaf374686d8857a3d3f9e08d30cc3da34d6091a49f7f0f3c19092c93.exe	31
PID 2172 wrote to memory of 2556	2172	d7398bfdaaf374686d8857a3d3f9e08d30cc3da34d6091a49f7f0f3c19092c93.exe	31
PID 2172 wrote to memory of 2556	2172	d7398bfdaaf374686d8857a3d3f9e08d30cc3da34d6091a49f7f0f3c19092c93.exe	31
PID 2172 wrote to memory of 2556	2172	d7398bfdaaf374686d8857a3d3f9e08d30cc3da34d6091a49f7f0f3c19092c93.exe	31
PID 2616 wrote to memory of 1680	2616	Unicorn-50148.exe	32
PID 2616 wrote to memory of 1680	2616	Unicorn-50148.exe	32
PID 2616 wrote to memory of 1680	2616	Unicorn-50148.exe	32
PID 2616 wrote to memory of 1680	2616	Unicorn-50148.exe	32
PID 2488 wrote to memory of 2448	2488	Unicorn-31923.exe	33
PID 2488 wrote to memory of 2448	2488	Unicorn-31923.exe	33
PID 2488 wrote to memory of 2448	2488	Unicorn-31923.exe	33
PID 2488 wrote to memory of 2448	2488	Unicorn-31923.exe	33
PID 2632 wrote to memory of 2508	2632	Unicorn-30282.exe	34
PID 2632 wrote to memory of 2508	2632	Unicorn-30282.exe	34
PID 2632 wrote to memory of 2508	2632	Unicorn-30282.exe	34
PID 2632 wrote to memory of 2508	2632	Unicorn-30282.exe	34
PID 2488 wrote to memory of 1808	2488	Unicorn-31923.exe	35
PID 2488 wrote to memory of 1808	2488	Unicorn-31923.exe	35
PID 2488 wrote to memory of 1808	2488	Unicorn-31923.exe	35
PID 2488 wrote to memory of 1808	2488	Unicorn-31923.exe	35
PID 1680 wrote to memory of 648	1680	Unicorn-14232.exe	36
PID 1680 wrote to memory of 648	1680	Unicorn-14232.exe	36
PID 1680 wrote to memory of 648	1680	Unicorn-14232.exe	36
PID 1680 wrote to memory of 648	1680	Unicorn-14232.exe	36
PID 2616 wrote to memory of 1504	2616	Unicorn-50148.exe	37
PID 2616 wrote to memory of 1504	2616	Unicorn-50148.exe	37
PID 2616 wrote to memory of 1504	2616	Unicorn-50148.exe	37
PID 2616 wrote to memory of 1504	2616	Unicorn-50148.exe	37
PID 2632 wrote to memory of 2144	2632	Unicorn-30282.exe	38
PID 2632 wrote to memory of 2144	2632	Unicorn-30282.exe	38
PID 2632 wrote to memory of 2144	2632	Unicorn-30282.exe	38
PID 2632 wrote to memory of 2144	2632	Unicorn-30282.exe	38
PID 2448 wrote to memory of 2184	2448	Unicorn-28108.exe	39
PID 2448 wrote to memory of 2184	2448	Unicorn-28108.exe	39
PID 2448 wrote to memory of 2184	2448	Unicorn-28108.exe	39
PID 2448 wrote to memory of 2184	2448	Unicorn-28108.exe	39
PID 2632 wrote to memory of 1576	2632	Unicorn-30282.exe	40
PID 2632 wrote to memory of 1576	2632	Unicorn-30282.exe	40
PID 2632 wrote to memory of 1576	2632	Unicorn-30282.exe	40
PID 2632 wrote to memory of 1576	2632	Unicorn-30282.exe	40
PID 2616 wrote to memory of 1560	2616	Unicorn-50148.exe	41
PID 2616 wrote to memory of 1560	2616	Unicorn-50148.exe	41
PID 2616 wrote to memory of 1560	2616	Unicorn-50148.exe	41
PID 2616 wrote to memory of 1560	2616	Unicorn-50148.exe	41
PID 2508 wrote to memory of 2464	2508	Unicorn-47974.exe	42
PID 2508 wrote to memory of 2464	2508	Unicorn-47974.exe	42
PID 2508 wrote to memory of 2464	2508	Unicorn-47974.exe	42
PID 2508 wrote to memory of 2464	2508	Unicorn-47974.exe	42
PID 1504 wrote to memory of 2964	1504	Unicorn-9193.exe	43
PID 1504 wrote to memory of 2964	1504	Unicorn-9193.exe	43
PID 1504 wrote to memory of 2964	1504	Unicorn-9193.exe	43
PID 1504 wrote to memory of 2964	1504	Unicorn-9193.exe	43

C:\Users\Admin\AppData\Local\Temp\d7398bfdaaf374686d8857a3d3f9e08d30cc3da34d6091a49f7f0f3c19092c93.exe
"C:\Users\Admin\AppData\Local\Temp\d7398bfdaaf374686d8857a3d3f9e08d30cc3da34d6091a49f7f0f3c19092c93.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2172
- C:\Users\Admin\AppData\Local\Temp\Unicorn-31923.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-31923.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2488
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50148.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50148.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14232.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14232.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29059.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20527.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-297.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2008 -s 240
        8⤵
        Program crash
        
        PID:1208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47822.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36520.exe
        8⤵
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65290.exe
        9⤵
        
        PID:3136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3136 -s 240
        10⤵
        
        PID:4808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3048 -s 236
        9⤵
        Program crash
        
        PID:4304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61761.exe
        8⤵
        
        PID:3172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62361.exe
        9⤵
        
        PID:4524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45642.exe
        10⤵
        
        PID:6388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5701.exe
        11⤵
        
        PID:9864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53579.exe
        12⤵
        
        PID:8020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6388 -s 216
        11⤵
        
        PID:11036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4524 -s 216
        10⤵
        
        PID:7248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3172 -s 236
        9⤵
        
        PID:5596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1332 -s 240
        8⤵
        Program crash
        
        PID:3752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2092 -s 240
        7⤵
        Program crash
        
        PID:2468
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 648 -s 236
        6⤵
        Program crash
        
        PID:2776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14362.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47033.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61667.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36852.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31881.exe
        9⤵
        
        PID:1556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1556 -s 240
        10⤵
        Program crash
        
        PID:4052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19462.exe
        9⤵
        
        PID:3212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13897.exe
        10⤵
        
        PID:4232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22252.exe
        11⤵
        
        PID:7960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54314.exe
        12⤵
        
        PID:10440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7960 -s 216
        12⤵
        
        PID:11104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4232 -s 216
        11⤵
        
        PID:8752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3212 -s 216
        10⤵
        
        PID:7008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2184 -s 240
        9⤵
        Program crash
        
        PID:3336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62285.exe
        8⤵
        
        PID:1588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23184.exe
        9⤵
        
        PID:4040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21708.exe
        10⤵
        
        PID:4948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52578.exe
        11⤵
        
        PID:6396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8273.exe
        12⤵
        
        PID:10360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6396 -s 236
        12⤵
        
        PID:11948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4948 -s 216
        11⤵
        
        PID:8740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4040 -s 236
        10⤵
        
        PID:6708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1588 -s 236
        9⤵
        
        PID:4856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2668 -s 240
        8⤵
        Program crash
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49851.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-469.exe
        8⤵
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56240.exe
        9⤵
        
        PID:3852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35631.exe
        10⤵
        
        PID:4336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51182.exe
        11⤵
        
        PID:6744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50.exe
        12⤵
        
        PID:10080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19755.exe
        13⤵
        
        PID:7584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6744 -s 216
        12⤵
        
        PID:11072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4336 -s 216
        11⤵
        
        PID:8288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3852 -s 216
        10⤵
        
        PID:6428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1728 -s 216
        9⤵
        
        PID:4796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52519.exe
        8⤵
        
        PID:3944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13892.exe
        9⤵
        
        PID:5140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61061.exe
        10⤵
        
        PID:8824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64520.exe
        11⤵
        
        PID:11888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8824 -s 236
        11⤵
        
        PID:12720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5140 -s 216
        10⤵
        
        PID:9828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3944 -s 216
        9⤵
        
        PID:6276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2536 -s 240
        8⤵
        
        PID:4896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 784 -s 220
        7⤵
        Program crash
        
        PID:2956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60961.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36167.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-469.exe
        8⤵
        
        PID:1956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58972.exe
        9⤵
        
        PID:4072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38984.exe
        10⤵
        
        PID:5832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48571.exe
        11⤵
        
        PID:9356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2611.exe
        12⤵
        
        PID:12440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9356 -s 216
        12⤵
        
        PID:13308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5832 -s 216
        11⤵
        
        PID:10416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4072 -s 236
        10⤵
        
        PID:7632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1956 -s 216
        9⤵
        
        PID:5304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52519.exe
        8⤵
        
        PID:3936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-156.exe
        9⤵
        
        PID:4260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51094.exe
        10⤵
        
        PID:7676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40614.exe
        11⤵
        
        PID:10844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7676 -s 216
        11⤵
        
        PID:12140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4260 -s 216
        10⤵
        
        PID:9048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3936 -s 216
        9⤵
        
        PID:6940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1964 -s 220
        8⤵
        
        PID:4612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62285.exe
        7⤵
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39712.exe
        8⤵
        
        PID:3980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51962.exe
        9⤵
        
        PID:4548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53087.exe
        10⤵
        
        PID:7856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-562.exe
        11⤵
        
        PID:11244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7856 -s 216
        11⤵
        
        PID:12264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4548 -s 216
        10⤵
        
        PID:4256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3980 -s 216
        9⤵
        
        PID:6264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 236
        8⤵
        
        PID:4756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1896 -s 240
        7⤵
        Program crash
        
        PID:320
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 324 -s 240
        6⤵
        Program crash
        
        PID:3056
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1680 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:1592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9193.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9193.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1939.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47417.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64874.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-998.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43209.exe
        9⤵
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34730.exe
        10⤵
        
        PID:3280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3674.exe
        11⤵
        
        PID:3604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51706.exe
        12⤵
        
        PID:6572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31488.exe
        13⤵
        
        PID:10196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38739.exe
        14⤵
        
        PID:12700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10196 -s 216
        14⤵
        
        PID:12464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6572 -s 220
        13⤵
        
        PID:11256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3604 -s 216
        12⤵
        
        PID:7296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3280 -s 216
        11⤵
        
        PID:6028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-638.exe
        10⤵
        
        PID:4192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41096.exe
        11⤵
        
        PID:5992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31659.exe
        12⤵
        
        PID:9424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51703.exe
        13⤵
        
        PID:12468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9424 -s 216
        13⤵
        
        PID:12376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5992 -s 236
        12⤵
        
        PID:10444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4192 -s 236
        11⤵
        
        PID:7764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1740 -s 240
        10⤵
        
        PID:5428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47729.exe
        9⤵
        
        PID:3312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29637.exe
        10⤵
        
        PID:3196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20536.exe
        11⤵
        
        PID:5760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7792.exe
        12⤵
        
        PID:9292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8013.exe
        13⤵
        
        PID:12540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9292 -s 216
        13⤵
        
        PID:12428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5760 -s 216
        12⤵
        
        PID:10328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3196 -s 236
        11⤵
        
        PID:7520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3312 -s 236
        10⤵
        
        PID:5216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1708 -s 240
        9⤵
        Program crash
        
        PID:3224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6815.exe
        8⤵
        
        PID:2316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63811.exe
        9⤵
        
        PID:3464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17707.exe
        10⤵
        
        PID:3320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34877.exe
        11⤵
        
        PID:6460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44342.exe
        12⤵
        
        PID:9996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26117.exe
        13⤵
        
        PID:8716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6460 -s 216
        12⤵
        
        PID:11124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3320 -s 236
        11⤵
        
        PID:7264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3464 -s 236
        10⤵
        
        PID:5884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31390.exe
        9⤵
        
        PID:3932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2313.exe
        10⤵
        
        PID:6696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65312.exe
        11⤵
        
        PID:9604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3547.exe
        12⤵
        
        PID:7216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9604 -s 204
        12⤵
        
        PID:9236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6696 -s 216
        11⤵
        
        PID:10696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3932 -s 216
        10⤵
        
        PID:7332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2316 -s 220
        9⤵
        
        PID:5980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2520 -s 240
        8⤵
        Program crash
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13997.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16697.exe
        8⤵
        
        PID:2408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56624.exe
        9⤵
        
        PID:3656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-156.exe
        10⤵
        
        PID:4600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18370.exe
        11⤵
        
        PID:6780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40702.exe
        12⤵
        
        PID:9640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6780 -s 220
        12⤵
        
        PID:11740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4600 -s 220
        11⤵
        
        PID:8664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3656 -s 216
        10⤵
        
        PID:6924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2408 -s 236
        9⤵
        
        PID:4760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53095.exe
        8⤵
        
        PID:3684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49549.exe
        9⤵
        
        PID:4180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55832.exe
        10⤵
        
        PID:7300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16764.exe
        11⤵
        
        PID:10548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7300 -s 236
        11⤵
        
        PID:12056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4180 -s 216
        10⤵
        
        PID:8880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3684 -s 216
        9⤵
        
        PID:6868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1264 -s 240
        8⤵
        Program crash
        
        PID:4592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 780 -s 240
        7⤵
        Program crash
        
        PID:2692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61345.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36551.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17382.exe
        8⤵
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39027.exe
        9⤵
        
        PID:3744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36700.exe
        10⤵
        
        PID:4244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13361.exe
        11⤵
        
        PID:6636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24174.exe
        12⤵
        
        PID:9504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20439.exe
        13⤵
        
        PID:7476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9504 -s 204
        13⤵
        
        PID:8072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6636 -s 220
        12⤵
        
        PID:11700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4244 -s 216
        11⤵
        
        PID:8732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3744 -s 216
        10⤵
        
        PID:6400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2308 -s 236
        9⤵
        
        PID:4776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3894.exe
        8⤵
        
        PID:3804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53254.exe
        9⤵
        
        PID:4556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54368.exe
        10⤵
        
        PID:6348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33491.exe
        11⤵
        
        PID:9992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19476.exe
        12⤵
        
        PID:12576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9992 -s 216
        12⤵
        
        PID:12432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6348 -s 216
        11⤵
        
        PID:10988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4556 -s 216
        10⤵
        
        PID:7352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3804 -s 236
        9⤵
        
        PID:5528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 300 -s 240
        8⤵
        Program crash
        
        PID:3640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29996.exe
        7⤵
        
        PID:2148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39712.exe
        8⤵
        
        PID:3992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19487.exe
        9⤵
        
        PID:4152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15957.exe
        10⤵
        
        PID:6836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25601.exe
        11⤵
        
        PID:9300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51812.exe
        12⤵
        
        PID:12412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9300 -s 216
        12⤵
        
        PID:12312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6836 -s 220
        11⤵
        
        PID:11776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4152 -s 216
        10⤵
        
        PID:8612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3992 -s 216
        9⤵
        
        PID:6376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2148 -s 216
        8⤵
        
        PID:4848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2712 -s 240
        7⤵
        Program crash
        
        PID:2304
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2964 -s 240
        6⤵
        Program crash
        
        PID:2196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11215.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49114.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34631.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11112.exe
        8⤵
        
        PID:1260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2441.exe
        9⤵
        
        PID:3216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62501.exe
        10⤵
        
        PID:4028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20536.exe
        11⤵
        
        PID:5748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57569.exe
        12⤵
        
        PID:9220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32788.exe
        13⤵
        
        PID:12380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9220 -s 216
        13⤵
        
        PID:12296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5748 -s 216
        12⤵
        
        PID:10292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4028 -s 216
        11⤵
        
        PID:7528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3216 -s 236
        10⤵
        
        PID:5208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11992.exe
        9⤵
        
        PID:3596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47401.exe
        10⤵
        
        PID:5492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35691.exe
        11⤵
        
        PID:9476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37152.exe
        12⤵
        
        PID:11384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9476 -s 216
        12⤵
        
        PID:13188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5492 -s 216
        11⤵
        
        PID:10524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3596 -s 216
        10⤵
        
        PID:7936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1260 -s 240
        9⤵
        
        PID:5572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31392.exe
        8⤵
        
        PID:3244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18470.exe
        9⤵
        
        PID:4156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17171.exe
        10⤵
        
        PID:6880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-818.exe
        11⤵
        
        PID:9984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9984 -s 208
        12⤵
        
        PID:7688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6880 -s 216
        11⤵
        
        PID:11024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4156 -s 216
        10⤵
        
        PID:7672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3244 -s 216
        9⤵
        
        PID:5920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 700 -s 240
        8⤵
        Program crash
        
        PID:3520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23727.exe
        7⤵
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2057.exe
        8⤵
        
        PID:3328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50955.exe
        9⤵
        
        PID:4020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12284.exe
        10⤵
        
        PID:6340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16527.exe
        11⤵
        
        PID:9804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9804 -s 208
        12⤵
        
        PID:12956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6340 -s 216
        11⤵
        
        PID:10952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4020 -s 236
        10⤵
        
        PID:8156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3328 -s 236
        9⤵
        
        PID:5856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14369.exe
        8⤵
        
        PID:3628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21548.exe
        9⤵
        
        PID:6180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49692.exe
        10⤵
        
        PID:9624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50840.exe
        11⤵
        
        PID:13212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9624 -s 216
        11⤵
        
        PID:12664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6180 -s 216
        10⤵
        
        PID:10772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3628 -s 216
        9⤵
        
        PID:8100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2256 -s 240
        8⤵
        
        PID:5876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2524 -s 240
        7⤵
        Program crash
        
        PID:312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63582.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38248.exe
        7⤵
        
        PID:1444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47283.exe
        8⤵
        
        PID:3500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52875.exe
        9⤵
        
        PID:3348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18131.exe
        10⤵
        
        PID:6760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53942.exe
        11⤵
        
        PID:9928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9012.exe
        12⤵
        
        PID:7612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6760 -s 216
        11⤵
        
        PID:11080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3348 -s 216
        10⤵
        
        PID:7396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3500 -s 236
        9⤵
        
        PID:6052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65106.exe
        8⤵
        
        PID:4248
        
        C:\Users\Admin\AppData\Local\Temp\Ãnicorn-57432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Ãnicorn-57432.exe
        9⤵
        
        PID:5956
        
        C:\Users\Admin\AppData\Local\Temp\Ãnicorn-48571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Ãnicorn-48571.exe
        10⤵
        
        PID:9364
        
        C:\Users\Admin\AppData\Local\Temp\Ãnicorn-8042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Ãnicorn-8042.exe
        11⤵
        
        PID:12640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9364 -s 216
        11⤵
        
        PID:12524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5956 -s 216
        10⤵
        
        PID:10424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4248 -s 216
        9⤵
        
        PID:7752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1444 -s 240
        8⤵
        
        PID:5416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30406.exe
        7⤵
        
        PID:3620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13653.exe
        8⤵
        
        PID:4652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19086.exe
        9⤵
        
        PID:6584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41514.exe
        10⤵
        
        PID:9332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7419.exe
        11⤵
        
        PID:6968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6584 -s 204
        10⤵
        
        PID:11268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4652 -s 216
        9⤵
        
        PID:8240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3620 -s 236
        8⤵
        
        PID:5800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1428 -s 240
        7⤵
        Program crash
        
        PID:3904
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1564 -s 240
        6⤵
        Program crash
        
        PID:1596
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1504 -s 240
        5⤵
        Program crash
        
        PID:1916
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2616 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1560
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28108.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28108.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45395.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45395.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17892.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14360.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32010.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36167.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33334.exe
        9⤵
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39328.exe
        10⤵
        
        PID:3236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19871.exe
        11⤵
        
        PID:4996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15553.exe
        12⤵
        
        PID:5508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28628.exe
        13⤵
        
        PID:9072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49321.exe
        14⤵
        
        PID:5036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9072 -s 236
        14⤵
        
        PID:13088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5508 -s 216
        13⤵
        
        PID:10044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4996 -s 236
        12⤵
        
        PID:7272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3236 -s 236
        11⤵
        
        PID:5484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2416 -s 236
        10⤵
        
        PID:4980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40759.exe
        9⤵
        
        PID:3412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35631.exe
        10⤵
        
        PID:4380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29989.exe
        11⤵
        
        PID:6568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30004.exe
        12⤵
        
        PID:10236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6568 -s 216
        12⤵
        
        PID:11496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4380 -s 216
        11⤵
        
        PID:8588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3412 -s 236
        10⤵
        
        PID:6420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1448 -s 240
        9⤵
        Program crash
        
        PID:3676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2560 -s 216
        8⤵
        Program crash
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16986.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49094.exe
        8⤵
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56240.exe
        9⤵
        
        PID:3844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15340.exe
        10⤵
        
        PID:5108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53875.exe
        11⤵
        
        PID:6200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4692.exe
        12⤵
        
        PID:9880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5108 -s 216
        11⤵
        
        PID:8052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3844 -s 216
        10⤵
        
        PID:5184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2212 -s 236
        9⤵
        
        PID:4296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19846.exe
        8⤵
        
        PID:4004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-457.exe
        9⤵
        
        PID:4576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33938.exe
        10⤵
        
        PID:6244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46807.exe
        11⤵
        
        PID:9548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3610.exe
        12⤵
        
        PID:7500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6244 -s 220
        11⤵
        
        PID:11580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4576 -s 216
        10⤵
        
        PID:8704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4004 -s 216
        9⤵
        
        PID:7052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2228 -s 240
        8⤵
        
        PID:4788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 576 -s 240
        7⤵
        Program crash
        
        PID:2968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41801.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20324.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16614.exe
        8⤵
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55472.exe
        9⤵
        
        PID:3288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46757.exe
        10⤵
        
        PID:5168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2597.exe
        11⤵
        
        PID:9012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41381.exe
        12⤵
        
        PID:12088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9012 -s 236
        12⤵
        
        PID:12832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5168 -s 216
        11⤵
        
        PID:9392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3288 -s 216
        10⤵
        
        PID:6468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2664 -s 216
        9⤵
        
        PID:4292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40567.exe
        8⤵
        
        PID:3484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10280.exe
        9⤵
        
        PID:4468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54944.exe
        10⤵
        
        PID:6224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31187.exe
        11⤵
        
        PID:9720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61918.exe
        12⤵
        
        PID:6588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6224 -s 216
        11⤵
        
        PID:10980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4468 -s 216
        10⤵
        
        PID:8184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3484 -s 216
        9⤵
        
        PID:5700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2600 -s 240
        8⤵
        Program crash
        
        PID:3712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12892.exe
        7⤵
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22800.exe
        8⤵
        
        PID:3296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51962.exe
        9⤵
        
        PID:4492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16886.exe
        10⤵
        
        PID:7776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7776 -s 212
        11⤵
        
        PID:11064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4492 -s 216
        10⤵
        
        PID:9164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3296 -s 216
        9⤵
        
        PID:7148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2528 -s 236
        8⤵
        
        PID:4716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1052 -s 240
        7⤵
        Program crash
        
        PID:2188
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 568 -s 240
        6⤵
        Program crash
        
        PID:2732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10831.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61667.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20516.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32758.exe
        8⤵
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60625.exe
        9⤵
        
        PID:3416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3067.exe
        10⤵
        
        PID:4520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51182.exe
        11⤵
        
        PID:6680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32832.exe
        12⤵
        
        PID:9472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9472 -s 208
        13⤵
        
        PID:12808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6680 -s 216
        12⤵
        
        PID:10568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4520 -s 216
        11⤵
        
        PID:8272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3416 -s 216
        10⤵
        
        PID:6524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2392 -s 236
        9⤵
        
        PID:5092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59784.exe
        8⤵
        
        PID:3492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5895.exe
        9⤵
        
        PID:4412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2697.exe
        10⤵
        
        PID:6608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43273.exe
        11⤵
        
        PID:10012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9657.exe
        12⤵
        
        PID:6896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10012 -s 216
        12⤵
        
        PID:8536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6608 -s 216
        11⤵
        
        PID:11160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4412 -s 216
        10⤵
        
        PID:7312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3492 -s 236
        9⤵
        
        PID:5636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2756 -s 240
        8⤵
        Program crash
        
        PID:3664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62093.exe
        7⤵
        
        PID:1288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6463.exe
        8⤵
        
        PID:3148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35766.exe
        9⤵
        
        PID:4812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55704.exe
        10⤵
        
        PID:5780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47014.exe
        11⤵
        
        PID:9660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9689.exe
        12⤵
        
        PID:11452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9660 -s 216
        12⤵
        
        PID:13280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5780 -s 236
        11⤵
        
        PID:10880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4812 -s 236
        10⤵
        
        PID:7572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3148 -s 216
        9⤵
        
        PID:5276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31852.exe
        8⤵
        
        PID:4908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54368.exe
        9⤵
        
        PID:6304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65312.exe
        10⤵
        
        PID:9600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35331.exe
        11⤵
        
        PID:9132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6304 -s 216
        10⤵
        
        PID:10712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4908 -s 216
        9⤵
        
        PID:7536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1288 -s 240
        8⤵
        
        PID:5524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2796 -s 240
        7⤵
        Program crash
        
        PID:2880
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1720 -s 216
        6⤵
        Program crash
        
        PID:2840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14362.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14362.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63369.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47931.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17766.exe
        7⤵
        
        PID:1468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40288.exe
        8⤵
        
        PID:3716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49549.exe
        9⤵
        
        PID:4220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52007.exe
        10⤵
        
        PID:6292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63444.exe
        11⤵
        
        PID:10092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18611.exe
        12⤵
        
        PID:1904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6292 -s 216
        11⤵
        
        PID:11424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4220 -s 220
        10⤵
        
        PID:8416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3716 -s 216
        9⤵
        
        PID:6860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1468 -s 236
        8⤵
        
        PID:4768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52903.exe
        7⤵
        
        PID:3776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31983.exe
        8⤵
        
        PID:5080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51182.exe
        9⤵
        
        PID:6748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57274.exe
        10⤵
        
        PID:9552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9113.exe
        11⤵
        
        PID:12324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9552 -s 216
        11⤵
        
        PID:13288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6748 -s 216
        10⤵
        
        PID:11340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5080 -s 216
        9⤵
        
        PID:8280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3776 -s 216
        8⤵
        
        PID:5272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2860 -s 240
        7⤵
        Program crash
        
        PID:3448
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1016 -s 236
        6⤵
        Program crash
        
        PID:1124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60961.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4179.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49478.exe
        7⤵
        
        PID:924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6847.exe
        8⤵
        
        PID:3956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18029.exe
        9⤵
        
        PID:4620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35791.exe
        10⤵
        
        PID:7908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-562.exe
        11⤵
        
        PID:11236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7908 -s 216
        11⤵
        
        PID:12272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4620 -s 216
        10⤵
        
        PID:856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3956 -s 216
        9⤵
        
        PID:6476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41143.exe
        7⤵
        
        PID:4088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15340.exe
        8⤵
        
        PID:4080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48105.exe
        9⤵
        
        PID:7488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-702.exe
        10⤵
        
        PID:10688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7488 -s 216
        10⤵
        
        PID:12080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4080 -s 216
        9⤵
        
        PID:8972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4088 -s 216
        8⤵
        
        PID:7128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2544 -s 220
        7⤵
        
        PID:4112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12015.exe
        6⤵
        
        PID:1440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39904.exe
        7⤵
        
        PID:3872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51962.exe
        8⤵
        
        PID:4504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13882.exe
        9⤵
        
        PID:5612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39422.exe
        10⤵
        
        PID:9044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9113.exe
        11⤵
        
        PID:12316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9044 -s 216
        11⤵
        
        PID:13296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5612 -s 216
        10⤵
        
        PID:9308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4504 -s 236
        9⤵
        
        PID:7364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33534.exe
        8⤵
        
        PID:5672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57569.exe
        9⤵
        
        PID:9240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51319.exe
        10⤵
        
        PID:12496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9240 -s 216
        10⤵
        
        PID:12400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5672 -s 216
        9⤵
        
        PID:10300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3872 -s 220
        8⤵
        
        PID:7440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1440 -s 216
        7⤵
        
        PID:4784
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2292 -s 240
        6⤵
        Program crash
        
        PID:2336
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 380 -s 240
        5⤵
        Program crash
        
        PID:2240
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2448 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:632
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2488 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:1808
- C:\Users\Admin\AppData\Local\Temp\Unicorn-30282.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-30282.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2632
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47974.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47974.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14253.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14253.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52344.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30666.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28087.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19691.exe
        8⤵
        
        PID:776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29629.exe
        9⤵
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46567.exe
        10⤵
        
        PID:3456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53638.exe
        11⤵
        
        PID:4464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2614.exe
        12⤵
        
        PID:6548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63444.exe
        13⤵
        
        PID:10084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6548 -s 216
        13⤵
        
        PID:11436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4464 -s 216
        12⤵
        
        PID:8472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3456 -s 236
        11⤵
        
        PID:6072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63238.exe
        10⤵
        
        PID:4580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65463.exe
        11⤵
        
        PID:6204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11145.exe
        12⤵
        
        PID:9528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6204 -s 216
        12⤵
        
        PID:11348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4580 -s 216
        11⤵
        
        PID:8392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2032 -s 240
        10⤵
        
        PID:6160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51131.exe
        9⤵
        
        PID:3568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3150.exe
        10⤵
        
        PID:5072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51815.exe
        11⤵
        
        PID:6456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8732.exe
        12⤵
        
        PID:9708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13092.exe
        13⤵
        
        PID:12344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9708 -s 216
        13⤵
        
        PID:12968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6456 -s 220
        12⤵
        
        PID:11376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5072 -s 216
        11⤵
        
        PID:8464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3568 -s 236
        10⤵
        
        PID:6320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 776 -s 240
        9⤵
        Program crash
        
        PID:3276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61844.exe
        8⤵
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60197.exe
        9⤵
        
        PID:3868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50914.exe
        10⤵
        
        PID:5548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30356.exe
        11⤵
        
        PID:9076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52995.exe
        12⤵
        
        PID:12220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9076 -s 216
        12⤵
        
        PID:13172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5548 -s 216
        11⤵
        
        PID:9892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3868 -s 236
        10⤵
        
        PID:7284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2728 -s 236
        9⤵
        
        PID:4484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1692 -s 240
        8⤵
        Program crash
        
        PID:3704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33758.exe
        7⤵
        
        PID:1924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46541.exe
        8⤵
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34014.exe
        9⤵
        
        PID:3232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51526.exe
        10⤵
        
        PID:4988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61794.exe
        11⤵
        
        PID:7232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3722.exe
        12⤵
        
        PID:10268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7232 -s 220
        12⤵
        
        PID:11924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4988 -s 216
        11⤵
        
        PID:8792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3232 -s 236
        10⤵
        
        PID:5936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34156.exe
        9⤵
        
        PID:4224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42417.exe
        10⤵
        
        PID:6416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4308.exe
        11⤵
        
        PID:10176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30282.exe
        12⤵
        
        PID:9492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6416 -s 220
        11⤵
        
        PID:11676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2128 -s 240
        9⤵
        
        PID:5820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11133.exe
        8⤵
        
        PID:3292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19238.exe
        9⤵
        
        PID:4868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53875.exe
        10⤵
        
        PID:6188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52873.exe
        11⤵
        
        PID:9964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55140.exe
        12⤵
        
        PID:7588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9964 -s 204
        12⤵
        
        PID:948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6188 -s 216
        11⤵
        
        PID:11092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4868 -s 216
        10⤵
        
        PID:8040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3292 -s 236
        9⤵
        
        PID:5756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1924 -s 240
        8⤵
        Program crash
        
        PID:3184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1012 -s 220
        7⤵
        Program crash
        
        PID:2852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41085.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1764 -s 220
        7⤵
        Program crash
        
        PID:2140
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 920 -s 240
        6⤵
        Program crash
        
        PID:2440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10800.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61143.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50744.exe
        7⤵
        Executes dropped EXE
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58108.exe
        8⤵
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48046.exe
        9⤵
        
        PID:4000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51007.exe
        10⤵
        
        PID:4212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54368.exe
        11⤵
        
        PID:6332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9033.exe
        12⤵
        
        PID:9228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6332 -s 204
        12⤵
        
        PID:10280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4212 -s 216
        11⤵
        
        PID:7416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4000 -s 216
        10⤵
        
        PID:5688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30757.exe
        9⤵
        
        PID:4408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14264.exe
        10⤵
        
        PID:6504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29192.exe
        11⤵
        
        PID:9288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6504 -s 216
        11⤵
        
        PID:11872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4408 -s 216
        10⤵
        
        PID:8680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2584 -s 240
        9⤵
        
        PID:6148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28045.exe
        8⤵
        
        PID:4036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45750.exe
        9⤵
        
        PID:4736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35803.exe
        10⤵
        
        PID:5712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60200.exe
        11⤵
        
        PID:9260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2611.exe
        12⤵
        
        PID:12452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9260 -s 216
        12⤵
        
        PID:12300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5712 -s 216
        11⤵
        
        PID:10320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4736 -s 236
        10⤵
        
        PID:7468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4036 -s 216
        9⤵
        
        PID:5240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3016 -s 240
        8⤵
        Program crash
        
        PID:3920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27059.exe
        7⤵
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64055.exe
        8⤵
        
        PID:3144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34806.exe
        9⤵
        
        PID:5116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52339.exe
        10⤵
        
        PID:6992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49360.exe
        11⤵
        
        PID:9496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9496 -s 220
        12⤵
        
        PID:11932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6992 -s 216
        11⤵
        
        PID:10600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5116 -s 216
        10⤵
        
        PID:7724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3144 -s 216
        9⤵
        
        PID:5952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1292.exe
        8⤵
        
        PID:4340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61986.exe
        9⤵
        
        PID:7204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1610.exe
        10⤵
        
        PID:10020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7204 -s 220
        10⤵
        
        PID:11880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4340 -s 216
        9⤵
        
        PID:8776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2324 -s 240
        8⤵
        
        PID:6172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2312 -s 240
        7⤵
        Program crash
        
        PID:3648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29809.exe
        6⤵
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30589.exe
        7⤵
        
        PID:2160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16142.exe
        8⤵
        
        PID:3860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45449.exe
        9⤵
        
        PID:4560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65297.exe
        10⤵
        
        PID:6516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32064.exe
        11⤵
        
        PID:9704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61309.exe
        12⤵
        
        PID:6932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6516 -s 216
        11⤵
        
        PID:10964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4560 -s 216
        10⤵
        
        PID:8248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3860 -s 236
        9⤵
        
        PID:5768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58941.exe
        8⤵
        
        PID:4708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50497.exe
        9⤵
        
        PID:6660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46672.exe
        10⤵
        
        PID:9768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27760.exe
        11⤵
        
        PID:6888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6660 -s 216
        10⤵
        
        PID:10860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4708 -s 216
        9⤵
        
        PID:8264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2160 -s 240
        8⤵
        
        PID:5892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61621.exe
        7⤵
        
        PID:3896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45257.exe
        8⤵
        
        PID:4624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35811.exe
        9⤵
        
        PID:7088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28473.exe
        10⤵
        
        PID:10180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37936.exe
        11⤵
        
        PID:9020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7088 -s 220
        10⤵
        
        PID:10004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4624 -s 216
        9⤵
        
        PID:7932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3896 -s 216
        8⤵
        
        PID:5792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1664 -s 240
        7⤵
        Program crash
        
        PID:3884
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1980 -s 240
        6⤵
        Program crash
        
        PID:1748
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2464 -s 240
        5⤵
        Program crash
        
        PID:2328
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2508 -s 236
      4⤵
      Loads dropped DLL
      Program crash
      PID:2384
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25529.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25529.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1747.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1747.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7720.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45523.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4563.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33334.exe
        8⤵
        
        PID:2132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6847.exe
        9⤵
        
        PID:3964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16602.exe
        10⤵
        
        PID:4668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1509.exe
        11⤵
        
        PID:7712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39462.exe
        12⤵
        
        PID:10912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7712 -s 216
        12⤵
        
        PID:12188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4668 -s 216
        11⤵
        
        PID:8256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3964 -s 216
        10⤵
        
        PID:7068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2132 -s 216
        9⤵
        
        PID:4940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41143.exe
        8⤵
        
        PID:3076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65501.exe
        9⤵
        
        PID:4440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11820.exe
        10⤵
        
        PID:7644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61465.exe
        11⤵
        
        PID:10968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7644 -s 216
        11⤵
        
        PID:12212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4440 -s 216
        10⤵
        
        PID:9036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3076 -s 216
        9⤵
        
        PID:6952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 716 -s 220
        8⤵
        
        PID:4604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62669.exe
        7⤵
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61393.exe
        8⤵
        
        PID:3908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19871.exe
        9⤵
        
        PID:4976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22700.exe
        10⤵
        
        PID:5516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63532.exe
        11⤵
        
        PID:9592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40851.exe
        12⤵
        
        PID:12828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9592 -s 204
        12⤵
        
        PID:8644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5516 -s 216
        11⤵
        
        PID:10752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4976 -s 216
        10⤵
        
        PID:8080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3908 -s 216
        9⤵
        
        PID:5680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2736 -s 216
        8⤵
        
        PID:4840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2628 -s 240
        7⤵
        Program crash
        
        PID:2200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-842.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49478.exe
        7⤵
        
        PID:1988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60625.exe
        8⤵
        
        PID:3388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51962.exe
        9⤵
        
        PID:4136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45609.exe
        10⤵
        
        PID:7400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17231.exe
        11⤵
        
        PID:10660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7400 -s 216
        11⤵
        
        PID:12072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4136 -s 216
        10⤵
        
        PID:8952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3388 -s 216
        9⤵
        
        PID:7156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1988 -s 236
        8⤵
        
        PID:4508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40567.exe
        7⤵
        
        PID:3496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40680.exe
        8⤵
        
        PID:4496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28048.exe
        9⤵
        
        PID:6408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57658.exe
        10⤵
        
        PID:9432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6408 -s 204
        10⤵
        
        PID:11296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4496 -s 216
        9⤵
        
        PID:8216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3496 -s 236
        8⤵
        
        PID:5704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2676 -s 240
        7⤵
        Program crash
        
        PID:3728
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2988 -s 240
        6⤵
        Program crash
        
        PID:604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28672.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56208.exe
        6⤵
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64003.exe
        7⤵
        
        PID:3428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17515.exe
        8⤵
        
        PID:3976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24236.exe
        9⤵
        
        PID:6236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49967.exe
        10⤵
        
        PID:9740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20899.exe
        11⤵
        
        PID:11980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9740 -s 236
        11⤵
        
        PID:13240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6236 -s 216
        10⤵
        
        PID:10896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3976 -s 216
        9⤵
        
        PID:8128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3428 -s 236
        8⤵
        
        PID:5912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16865.exe
        7⤵
        
        PID:3668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2990.exe
        8⤵
        
        PID:6024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38405.exe
        9⤵
        
        PID:9536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59542.exe
        10⤵
        
        PID:12796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9536 -s 216
        10⤵
        
        PID:7608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6024 -s 236
        9⤵
        
        PID:10632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3668 -s 236
        8⤵
        
        PID:8032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2604 -s 220
        7⤵
        
        PID:5640
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1736 -s 236
        6⤵
        Program crash
        
        PID:2764
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1224 -s 240
        5⤵
        Program crash
        
        PID:1524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27551.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27551.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16058.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17911.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27065.exe
        7⤵
        
        PID:328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64003.exe
        8⤵
        
        PID:3436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20888.exe
        9⤵
        
        PID:3192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37098.exe
        10⤵
        
        PID:6816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60486.exe
        11⤵
        
        PID:10072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58921.exe
        12⤵
        
        PID:12160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10072 -s 216
        12⤵
        
        PID:13080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6816 -s 216
        11⤵
        
        PID:11144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3192 -s 236
        10⤵
        
        PID:7512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3436 -s 216
        9⤵
        
        PID:6060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16782.exe
        8⤵
        
        PID:4280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4617.exe
        9⤵
        
        PID:6788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30336.exe
        10⤵
        
        PID:9372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62205.exe
        11⤵
        
        PID:7060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9372 -s 204
        11⤵
        
        PID:8788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6788 -s 216
        10⤵
        
        PID:10484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4280 -s 216
        9⤵
        
        PID:7496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 328 -s 240
        8⤵
        
        PID:5148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45866.exe
        7⤵
        
        PID:3584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37032.exe
        8⤵
        
        PID:4140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21338.exe
        9⤵
        
        PID:6732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9256.exe
        10⤵
        
        PID:10136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13796.exe
        11⤵
        
        PID:8168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10136 -s 216
        11⤵
        
        PID:9212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6732 -s 220
        10⤵
        
        PID:11220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4140 -s 216
        9⤵
        
        PID:7360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3584 -s 216
        8⤵
        
        PID:6076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 108 -s 240
        7⤵
        Program crash
        
        PID:3364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56400.exe
        6⤵
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34026.exe
        7⤵
        
        PID:3612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3612 -s 240
        8⤵
        
        PID:2024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3052 -s 216
        7⤵
        
        PID:5028
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2352 -s 240
        6⤵
        Program crash
        
        PID:1528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14573.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22104.exe
        6⤵
        
        PID:1048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31715.exe
        7⤵
        
        PID:3368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1370.exe
        8⤵
        
        PID:3256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11581.exe
        9⤵
        
        PID:6772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49552.exe
        10⤵
        
        PID:9444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13241.exe
        11⤵
        
        PID:12812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6772 -s 216
        10⤵
        
        PID:10504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3256 -s 216
        9⤵
        
        PID:8352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3368 -s 216
        8⤵
        
        PID:5864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62994.exe
        7⤵
        
        PID:3472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2505.exe
        8⤵
        
        PID:6652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11560.exe
        9⤵
        
        PID:9272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2466.exe
        10⤵
        
        PID:8376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6652 -s 216
        9⤵
        
        PID:10384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3472 -s 216
        8⤵
        
        PID:7316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1048 -s 240
        7⤵
        
        PID:5944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63873.exe
        6⤵
        
        PID:3396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20504.exe
        7⤵
        
        PID:4204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2313.exe
        8⤵
        
        PID:6684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5317.exe
        9⤵
        
        PID:9896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54691.exe
        10⤵
        
        PID:12760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6684 -s 216
        9⤵
        
        PID:11056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4204 -s 216
        8⤵
        
        PID:7344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3396 -s 236
        7⤵
        
        PID:6140
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1688 -s 240
        6⤵
        Program crash
        
        PID:3384
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 852 -s 240
        5⤵
        Program crash
        
        PID:1280
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2144 -s 240
      4⤵
      Program crash
      PID:2824
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2632 -s 220
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:1576
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2172 -s 240
  2⤵
  - Program crash
  PID:2556

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-13241.exe

Filesize
184KB

MD5
769a01b1b27f3ef2c7c8dff3216fccbb

SHA1
ec45ab43dca4d73d46d8a5b145f8932938638804

SHA256
a4bc08bd6f89086196d7af41dc0284d157d2bf5b570d7634bf412de60dbfb904

SHA512
16f4dca706b006ae3aaafbecffeae50fef20297f6fdd49f7204100a90d62ec1a5061a24a355a3daec462b5a148dc0e0d45feda6b122d63478afde8151c7d9008

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20439.exe

Filesize
184KB

MD5
5f11aad0b8f0967038121283a52cad63

SHA1
b68af30ac38a244f5470ae7ece925ec1f0967326

SHA256
a372a1812154f7dfd4b1998c1f795477a2729f59cc586b9b6e4a0b65764fcf2b

SHA512
5f4de81b3e48b2725cc116017bb0eeb13882a62a24096a570e6c9f87d82a75f3f4120d288d3198aef47af0fa392ff88e1b3c29ec35706da2345f94d052c51433

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25529.exe

Filesize
184KB

MD5
32caa20e4c5446634c770aef28566cdc

SHA1
85fd2fb6a2d82e057c61fd2438d37aff6c470a01

SHA256
0d5edbd1452025b7e89a2d27331603f0778b6ce84182d7bb957621e10b0f2d3d

SHA512
a2731258eded92d7a59438d70db50ae221adb25d2216530cf01f3842d3a45e1ef406ac5731938719152f3d9ce55a458c40003e387650a5bd80a621b5097b2bcf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3067.exe

Filesize
184KB

MD5
106c64889f755e3236ebfb8e91a75f57

SHA1
47c8f872f425e804e6d6044f9a20d72e141c7569

SHA256
891bb34811db06c09fc4dc2c38b40bfd638fa481ceb8499440920c0c44f2fdb6

SHA512
06b794a0939f1922a79b6a3b4a20fee19ee6a3792a105bbfb71a23c3f60a780977e0aa6e570736816ecff710f71b2f477fc485d48fa0144cad67798f22ccd057

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-14232.exe

Filesize
184KB

MD5
644a5f6ca5fe270929d60ca5ece80058

SHA1
9c470d6c2935c1537e6e40162784ac5351d9d432

SHA256
56bb0fbdeb85d3f4cc621b3fff2917f4001d7a25958184839611c2aaef3f6242

SHA512
bf46bd82f23cbcc9f953280a937e47e6e891f8d3b4978fafa93de81ca0ff6f5d8bbe7f28d42cbe9772d67a5728a5e8f2b45afd87f9dfe98ba52539e3bead6754

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-14253.exe

Filesize
184KB

MD5
a34c3f3f720cb095607b271526578a7f

SHA1
6ddc771962876429dfd15edc96328540423c8bf2

SHA256
686fb76aa099bb4416f4aa336e463febc76c669e001b0c0286faf9b8bbef7be0

SHA512
6c5b906d9d7bcae67ff276214dd8a997d309fa0425954c65fe5af3ea405dc7b2ad45465938d55c2dee5be9869132fe4afd51c9315c3f1d982a6458d130225a87

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-1747.exe

Filesize
184KB

MD5
fbc3bdb633fab73b8b10198aea8a26db

SHA1
4259c56809beb878f33e0f05925a043cdb838ec0

SHA256
476ae9c3262f0953a048d2d42851a2ec06a9266924fded4498bb4f154a352fc6

SHA512
55f365d0d34a1b8a0e4f8f94370e62452065e84d93ab91b666d1d56e27667551e50fad9a27e839fe1e3a6d3d2bf8ca36917e5785be9eb39c30cd4db7ec5794b1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-1939.exe

Filesize
184KB

MD5
414542551346b2ac941899633e138e1a

SHA1
086a2461e81a2d90e976929bc60b2b8d1c504825

SHA256
c35618dff36187f218a3e5ed2ccd0f957944c7d396950400ecb1f3ce938be98b

SHA512
d2760728456bda40eee323f418f29ecc9b9caa52d00fad12e658f0a1fe60352abc1be08fbdc1d618663501ff0fd106e03b94d31a5a001ae804274230eff3267a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-28108.exe

Filesize
184KB

MD5
bc16cc7230f99d3132a014ef8a0ae5f6

SHA1
b2d554170f2cd63ac473b3d91c5ab0b84f46487f

SHA256
4efb1dff52a57ffbb7c0f15e76d631252a221a53045e546e479afa08d8fb4f41

SHA512
80954cdb50137ebd9013f673b987df9a52d933f7e1708d6b1d62314d7755afe08eadfb303f1927873152b8ce3523808326a12ea6a2154dd5538c1e1e12479a1b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-29059.exe

Filesize
184KB

MD5
f0d190b1aad87aa23dd4868b4ed340f5

SHA1
ecfd54f7dc0eca60770dc5b3b57dcd7d04b02b97

SHA256
2ee92edd5fd4c44f3796e62e9e2637b79efe271893e587b1570188711b7a9c9d

SHA512
88d2e49ac7a89dad8d712d47c902ffa939a2dfb8bc3aebf7d8ad4e72d4a4c26a50872fdd837d24b87910b3fd7425a30f99c2a3c12eacc489b16bd4075d444b94

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-30282.exe

Filesize
184KB

MD5
0dfdba48e03f55f121b8f7a37567a0b2

SHA1
2f02318f41f4193d9f94fbca41e81f7d8a1073b8

SHA256
214ea57945a53051b17070f44dd5e216077f66c6e317d0ce97646bb5b6b9465f

SHA512
038e181a99921bf773ce65b36cc180847ee826d2f024588facfb07dedc6ad1c494e3c8097e02ace70fbda20154bf17757961a042e1054b7073936cebae07c7af

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-31923.exe

Filesize
184KB

MD5
3b38a5972ce8c9a1d9fed19b3860ffe2

SHA1
785162b98298d94e8538636d06ba368a0075223a

SHA256
2eea8f4f04ced0d29ba8682190351947d162d7e1d4902ab7b1c69715af11002c

SHA512
dcb56caa8808f10d16eb235330b353032ed1fd6dd581034bce0e620d193c9a1f68d3363b802d75749d088874377c9360990ae797d36b93e326f4386f0019b23c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-45395.exe

Filesize
184KB

MD5
cfc18c8c3fa6ab1662a76aa0eb31cb84

SHA1
f96cff6bc3ea8108df426f8a5dab2f9f30802e5a

SHA256
4dc2cba0ca7d81a594e9d95d81828ea2352b0f30bdd003b1a097c78e47722d4a

SHA512
6a8c97a60ade432325126849e7fb2828c7bbee0b7d053c702604ff32e12b03cb94140046a702c4ea8a27faa3791a9eef5304bab4e24f29d48f26e88382093f50

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-47974.exe

Filesize
184KB

MD5
8790c82264364644df585ff9aea80403

SHA1
3c4a6e96d003f6199455d30d709ed7d28ad91604

SHA256
0375e12cf648b6717a83cffb332565d182f90e758bcbb06432f9058a83e18aef

SHA512
3872d5947d7b29e4c0adefd4bc043a1f996c9215e3092898d1141cb54dffd3fce7f2ed5d1ba427dae003b2733ca9936dfec2942ebe9b00c9f2fde8bd483dd25d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-50148.exe

Filesize
184KB

MD5
e9719ae327818a3d612652acb8991aff

SHA1
136f077ffce3c91b6b965c899029052ece0f02d7

SHA256
bacba92cbb97bd8e2efb570dfcc655c79c73623ebdd69de659711d252f8d377f

SHA512
4da381a2b43e7612a8b2fb36e128f11de6418b14dd205ce49e78fcc39d4d251384cafdf920d7e6945e2961af74a18d59725927aeedb00b73f1585392960a962f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9193.exe

Filesize
184KB

MD5
20aaf081c91c951e981423c0dec6d8e2

SHA1
35900b10602b37ded1cb059bff6bd084680f04a0

SHA256
c9e32a5e331db02ff888e71d9c2fe2ddf92a3f2cdbe33ec6cf055814579a4686

SHA512
76ac9067708c7a4d9566afcf86d5b925c11a5836054333e2dbf392e9a541a9a58e0d54d806951dccb792849e2888768dcb6830fc382d7213d6d9963b57006ae0

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads