fc991f5384b92613b5401e0f77036c63cf677aad48a92f13aa2e399438dd2fb0

Analysis

max time kernel
150s
max time network
121s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
29-05-2024 04:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fc991f5384b92613b5401e0f77036c63cf677aad48a92f13aa2e399438dd2fb0.exe
Size

184KB
MD5

0678ed38ab53c95dee4b4ad12d65e72e
SHA1

50f73b5cedf54a5b4b019daa08964fa224e62c83
SHA256

fc991f5384b92613b5401e0f77036c63cf677aad48a92f13aa2e399438dd2fb0
SHA512

cf908423258677b5c7fd6c2731830e939cfb49c311aadcca6c0a5f94117bbc937b2174d967db01a369112026a79c55edac32e5df48b2c05b89052b7a61be188b
SSDEEP

3072:QJX3DxoTUJD+jM3KenwLJKK5hlnViFYn3:QJ1oKUM3WLAK5hlnViFY

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2100	Unicorn-22068.exe
2948	Unicorn-1842.exe
2440	Unicorn-48583.exe
2752	Unicorn-30182.exe
2636	Unicorn-62278.exe
2748	Unicorn-39397.exe
1012	Unicorn-59362.exe
1516	Unicorn-5755.exe
2788	Unicorn-8708.exe
1656	Unicorn-38043.exe
1608	Unicorn-41573.exe
1324	Unicorn-45600.exe
2960	Unicorn-42262.exe
2464	Unicorn-3327.exe
2868	Unicorn-19856.exe
536	Unicorn-35616.exe
2452	Unicorn-32086.exe
1624	Unicorn-1874.exe
1092	Unicorn-47546.exe
3040	Unicorn-60639.exe
1032	Unicorn-24437.exe
348	Unicorn-27967.exe
568	Unicorn-43919.exe
1748	Unicorn-7717.exe
780	Unicorn-63078.exe
2900	Unicorn-40197.exe
2312	Unicorn-29638.exe
980	Unicorn-62502.exe
2196	Unicorn-26300.exe
1736	Unicorn-46166.exe
2684	Unicorn-60258.exe
2284	Unicorn-43922.exe
2328	Unicorn-24056.exe
2588	Unicorn-56921.exe
2744	Unicorn-27010.exe
2516	Unicorn-38939.exe
2564	Unicorn-43538.exe
2552	Unicorn-10865.exe
1552	Unicorn-22027.exe
2740	Unicorn-44581.exe
2400	Unicorn-28245.exe
1296	Unicorn-41435.exe
2224	Unicorn-60725.exe
2176	Unicorn-24523.exe
2180	Unicorn-28053.exe
1244	Unicorn-57388.exe
2596	Unicorn-11716.exe
2344	Unicorn-23947.exe
808	Unicorn-28742.exe
2880	Unicorn-54384.exe
560	Unicorn-37171.exe
2072	Unicorn-38240.exe
2840	Unicorn-33065.exe
1756	Unicorn-53123.exe
3012	Unicorn-37856.exe
2096	Unicorn-37856.exe
1188	Unicorn-37856.exe
1564	Unicorn-32681.exe
2336	Unicorn-49210.exe
3052	Unicorn-3538.exe
2700	Unicorn-49210.exe
2852	Unicorn-52739.exe
2800	Unicorn-36403.exe
2496	Unicorn-32297.exe

Loads dropped DLL 64 IoCs

pid	Process
848	fc991f5384b92613b5401e0f77036c63cf677aad48a92f13aa2e399438dd2fb0.exe
848	fc991f5384b92613b5401e0f77036c63cf677aad48a92f13aa2e399438dd2fb0.exe
2100	Unicorn-22068.exe
2100	Unicorn-22068.exe
848	fc991f5384b92613b5401e0f77036c63cf677aad48a92f13aa2e399438dd2fb0.exe
848	fc991f5384b92613b5401e0f77036c63cf677aad48a92f13aa2e399438dd2fb0.exe
2440	Unicorn-48583.exe
2440	Unicorn-48583.exe
2948	Unicorn-1842.exe
2948	Unicorn-1842.exe
2100	Unicorn-22068.exe
2100	Unicorn-22068.exe
2932	WerFault.exe
2932	WerFault.exe
2932	WerFault.exe
2932	WerFault.exe
2932	WerFault.exe
2752	Unicorn-30182.exe
2752	Unicorn-30182.exe
2440	Unicorn-48583.exe
2440	Unicorn-48583.exe
2636	Unicorn-62278.exe
2636	Unicorn-62278.exe
2948	Unicorn-1842.exe
2748	Unicorn-39397.exe
2948	Unicorn-1842.exe
2748	Unicorn-39397.exe
2436	WerFault.exe
2436	WerFault.exe
2436	WerFault.exe
2436	WerFault.exe
2256	WerFault.exe
2256	WerFault.exe
2256	WerFault.exe
2256	WerFault.exe
2436	WerFault.exe
2256	WerFault.exe
1012	Unicorn-59362.exe
1012	Unicorn-59362.exe
2752	Unicorn-30182.exe
2752	Unicorn-30182.exe
1516	Unicorn-5755.exe
1516	Unicorn-5755.exe
2788	Unicorn-8708.exe
2788	Unicorn-8708.exe
2636	Unicorn-62278.exe
1608	Unicorn-41573.exe
2636	Unicorn-62278.exe
1608	Unicorn-41573.exe
2748	Unicorn-39397.exe
1656	Unicorn-38043.exe
2748	Unicorn-39397.exe
1656	Unicorn-38043.exe
2456	WerFault.exe
2456	WerFault.exe
2456	WerFault.exe
2456	WerFault.exe
2456	WerFault.exe
2372	WerFault.exe
2372	WerFault.exe
2372	WerFault.exe
2372	WerFault.exe
2372	WerFault.exe
1140	WerFault.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2692	848	WerFault.exe	27
2932	2100	WerFault.exe	28
2436	2440	WerFault.exe	30
2256	2948	WerFault.exe	29
2456	2752	WerFault.exe	32
2372	2636	WerFault.exe	33
1140	2748	WerFault.exe	34
1592	1012	WerFault.exe	36
2000	1516	WerFault.exe	37
2212	2788	WerFault.exe	38
1956	1608	WerFault.exe	40
2776	1656	WerFault.exe	39
1964	1324	WerFault.exe	43
1252	2960	WerFault.exe	44
1108	2868	WerFault.exe	46
596	2464	WerFault.exe	45
636	536	WerFault.exe	48
1500	1092	WerFault.exe	49
3048	1624	WerFault.exe	50
1544	2452	WerFault.exe	47
1688	1564	WerFault.exe	105
820	1032	WerFault.exe	55
908	348	WerFault.exe	56
2052	1748	WerFault.exe	58
1972	568	WerFault.exe	57
1388	780	WerFault.exe	59
1560	2900	WerFault.exe	60
1696	980	WerFault.exe	62
1828	1736	WerFault.exe	64
2996	2312	WerFault.exe	61
1692	1620	WerFault.exe	136
2560	2588	WerFault.exe	73
1600	2684	WerFault.exe	70
864	2328	WerFault.exe	71
3096	2176	WerFault.exe	83
3112	2596	WerFault.exe	86
3176	1552	WerFault.exe	78
3564	2224	WerFault.exe	82
3584	2552	WerFault.exe	77
3608	2284	WerFault.exe	72
3672	1296	WerFault.exe	81
3680	2516	WerFault.exe	75
3728	2180	WerFault.exe	84
3772	2744	WerFault.exe	74
3780	2740	WerFault.exe	79
4068	2344	WerFault.exe	87
3104	808	WerFault.exe	96
3188	1188	WerFault.exe	103
3240	3040	WerFault.exe	54
3260	1756	WerFault.exe	101
3316	832	WerFault.exe	116
3400	2620	WerFault.exe	113
3472	804	WerFault.exe	115
3496	1420	WerFault.exe	119
3688	2880	WerFault.exe	97
3736	3052	WerFault.exe	106
3852	2540	WerFault.exe	133
3912	2928	WerFault.exe	134
3936	1520	WerFault.exe	135
3384	2072	WerFault.exe	99
3632	2840	WerFault.exe	100
3656	2496	WerFault.exe	111
3884	2376	WerFault.exe	122
3980	316	WerFault.exe	143

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
848	fc991f5384b92613b5401e0f77036c63cf677aad48a92f13aa2e399438dd2fb0.exe
2100	Unicorn-22068.exe
2440	Unicorn-48583.exe
2948	Unicorn-1842.exe
2752	Unicorn-30182.exe
2636	Unicorn-62278.exe
2748	Unicorn-39397.exe
1012	Unicorn-59362.exe
1516	Unicorn-5755.exe
2788	Unicorn-8708.exe
1608	Unicorn-41573.exe
1656	Unicorn-38043.exe
1324	Unicorn-45600.exe
2960	Unicorn-42262.exe
2464	Unicorn-3327.exe
2868	Unicorn-19856.exe
536	Unicorn-35616.exe
1624	Unicorn-1874.exe
1092	Unicorn-47546.exe
2452	Unicorn-32086.exe
3040	Unicorn-60639.exe
1032	Unicorn-24437.exe
348	Unicorn-27967.exe
1748	Unicorn-7717.exe
568	Unicorn-43919.exe
780	Unicorn-63078.exe
2900	Unicorn-40197.exe
2312	Unicorn-29638.exe
980	Unicorn-62502.exe
1736	Unicorn-46166.exe
2196	Unicorn-26300.exe
2684	Unicorn-60258.exe
2284	Unicorn-43922.exe
2328	Unicorn-24056.exe
2744	Unicorn-27010.exe
2588	Unicorn-56921.exe
2564	Unicorn-43538.exe
2516	Unicorn-38939.exe
2552	Unicorn-10865.exe
1552	Unicorn-22027.exe
2740	Unicorn-44581.exe
2400	Unicorn-28245.exe
1296	Unicorn-41435.exe
2224	Unicorn-60725.exe
2180	Unicorn-28053.exe
2176	Unicorn-24523.exe
2596	Unicorn-11716.exe
1244	Unicorn-57388.exe
2344	Unicorn-23947.exe
808	Unicorn-28742.exe
2880	Unicorn-54384.exe
560	Unicorn-37171.exe
2072	Unicorn-38240.exe
2840	Unicorn-33065.exe
3012	Unicorn-37856.exe
1756	Unicorn-53123.exe
1188	Unicorn-37856.exe
1564	Unicorn-32681.exe
3052	Unicorn-3538.exe
2852	Unicorn-52739.exe
2800	Unicorn-36403.exe
2700	Unicorn-49210.exe
2576	Unicorn-32297.exe
2496	Unicorn-32297.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 848 wrote to memory of 2100	848	fc991f5384b92613b5401e0f77036c63cf677aad48a92f13aa2e399438dd2fb0.exe	28
PID 848 wrote to memory of 2100	848	fc991f5384b92613b5401e0f77036c63cf677aad48a92f13aa2e399438dd2fb0.exe	28
PID 848 wrote to memory of 2100	848	fc991f5384b92613b5401e0f77036c63cf677aad48a92f13aa2e399438dd2fb0.exe	28
PID 848 wrote to memory of 2100	848	fc991f5384b92613b5401e0f77036c63cf677aad48a92f13aa2e399438dd2fb0.exe	28
PID 2100 wrote to memory of 2948	2100	Unicorn-22068.exe	29
PID 2100 wrote to memory of 2948	2100	Unicorn-22068.exe	29
PID 2100 wrote to memory of 2948	2100	Unicorn-22068.exe	29
PID 2100 wrote to memory of 2948	2100	Unicorn-22068.exe	29
PID 848 wrote to memory of 2440	848	fc991f5384b92613b5401e0f77036c63cf677aad48a92f13aa2e399438dd2fb0.exe	30
PID 848 wrote to memory of 2440	848	fc991f5384b92613b5401e0f77036c63cf677aad48a92f13aa2e399438dd2fb0.exe	30
PID 848 wrote to memory of 2440	848	fc991f5384b92613b5401e0f77036c63cf677aad48a92f13aa2e399438dd2fb0.exe	30
PID 848 wrote to memory of 2440	848	fc991f5384b92613b5401e0f77036c63cf677aad48a92f13aa2e399438dd2fb0.exe	30
PID 848 wrote to memory of 2692	848	fc991f5384b92613b5401e0f77036c63cf677aad48a92f13aa2e399438dd2fb0.exe	31
PID 848 wrote to memory of 2692	848	fc991f5384b92613b5401e0f77036c63cf677aad48a92f13aa2e399438dd2fb0.exe	31
PID 848 wrote to memory of 2692	848	fc991f5384b92613b5401e0f77036c63cf677aad48a92f13aa2e399438dd2fb0.exe	31
PID 848 wrote to memory of 2692	848	fc991f5384b92613b5401e0f77036c63cf677aad48a92f13aa2e399438dd2fb0.exe	31
PID 2440 wrote to memory of 2752	2440	Unicorn-48583.exe	32
PID 2440 wrote to memory of 2752	2440	Unicorn-48583.exe	32
PID 2440 wrote to memory of 2752	2440	Unicorn-48583.exe	32
PID 2440 wrote to memory of 2752	2440	Unicorn-48583.exe	32
PID 2948 wrote to memory of 2636	2948	Unicorn-1842.exe	33
PID 2948 wrote to memory of 2636	2948	Unicorn-1842.exe	33
PID 2948 wrote to memory of 2636	2948	Unicorn-1842.exe	33
PID 2948 wrote to memory of 2636	2948	Unicorn-1842.exe	33
PID 2100 wrote to memory of 2748	2100	Unicorn-22068.exe	34
PID 2100 wrote to memory of 2748	2100	Unicorn-22068.exe	34
PID 2100 wrote to memory of 2748	2100	Unicorn-22068.exe	34
PID 2100 wrote to memory of 2748	2100	Unicorn-22068.exe	34
PID 2100 wrote to memory of 2932	2100	Unicorn-22068.exe	35
PID 2100 wrote to memory of 2932	2100	Unicorn-22068.exe	35
PID 2100 wrote to memory of 2932	2100	Unicorn-22068.exe	35
PID 2100 wrote to memory of 2932	2100	Unicorn-22068.exe	35
PID 2752 wrote to memory of 1012	2752	Unicorn-30182.exe	36
PID 2752 wrote to memory of 1012	2752	Unicorn-30182.exe	36
PID 2752 wrote to memory of 1012	2752	Unicorn-30182.exe	36
PID 2752 wrote to memory of 1012	2752	Unicorn-30182.exe	36
PID 2440 wrote to memory of 1516	2440	Unicorn-48583.exe	37
PID 2440 wrote to memory of 1516	2440	Unicorn-48583.exe	37
PID 2440 wrote to memory of 1516	2440	Unicorn-48583.exe	37
PID 2440 wrote to memory of 1516	2440	Unicorn-48583.exe	37
PID 2636 wrote to memory of 2788	2636	Unicorn-62278.exe	38
PID 2636 wrote to memory of 2788	2636	Unicorn-62278.exe	38
PID 2636 wrote to memory of 2788	2636	Unicorn-62278.exe	38
PID 2636 wrote to memory of 2788	2636	Unicorn-62278.exe	38
PID 2948 wrote to memory of 1656	2948	Unicorn-1842.exe	39
PID 2948 wrote to memory of 1656	2948	Unicorn-1842.exe	39
PID 2948 wrote to memory of 1656	2948	Unicorn-1842.exe	39
PID 2948 wrote to memory of 1656	2948	Unicorn-1842.exe	39
PID 2748 wrote to memory of 1608	2748	Unicorn-39397.exe	40
PID 2748 wrote to memory of 1608	2748	Unicorn-39397.exe	40
PID 2748 wrote to memory of 1608	2748	Unicorn-39397.exe	40
PID 2748 wrote to memory of 1608	2748	Unicorn-39397.exe	40
PID 2440 wrote to memory of 2436	2440	Unicorn-48583.exe	41
PID 2440 wrote to memory of 2436	2440	Unicorn-48583.exe	41
PID 2440 wrote to memory of 2436	2440	Unicorn-48583.exe	41
PID 2440 wrote to memory of 2436	2440	Unicorn-48583.exe	41
PID 2948 wrote to memory of 2256	2948	Unicorn-1842.exe	42
PID 2948 wrote to memory of 2256	2948	Unicorn-1842.exe	42
PID 2948 wrote to memory of 2256	2948	Unicorn-1842.exe	42
PID 2948 wrote to memory of 2256	2948	Unicorn-1842.exe	42
PID 1012 wrote to memory of 1324	1012	Unicorn-59362.exe	43
PID 1012 wrote to memory of 1324	1012	Unicorn-59362.exe	43
PID 1012 wrote to memory of 1324	1012	Unicorn-59362.exe	43
PID 1012 wrote to memory of 1324	1012	Unicorn-59362.exe	43

C:\Users\Admin\AppData\Local\Temp\fc991f5384b92613b5401e0f77036c63cf677aad48a92f13aa2e399438dd2fb0.exe
"C:\Users\Admin\AppData\Local\Temp\fc991f5384b92613b5401e0f77036c63cf677aad48a92f13aa2e399438dd2fb0.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:848
- C:\Users\Admin\AppData\Local\Temp\Unicorn-22068.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-22068.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2100
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1842.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1842.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62278.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62278.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8708.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19856.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24056.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38240.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65126.exe
        9⤵
        
        PID:1620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1620 -s 200
        10⤵
        Program crash
        
        PID:1692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2072 -s 236
        9⤵
        Program crash
        
        PID:3384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29007.exe
        8⤵
        
        PID:304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10435.exe
        9⤵
        
        PID:3208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33283.exe
        10⤵
        
        PID:4592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30205.exe
        11⤵
        
        PID:6980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2376.exe
        12⤵
        
        PID:5292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6980 -s 216
        12⤵
        
        PID:10556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4592 -s 236
        11⤵
        
        PID:7956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3208 -s 236
        10⤵
        
        PID:5724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 304 -s 236
        9⤵
        
        PID:4388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2328 -s 240
        8⤵
        Program crash
        
        PID:864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2868 -s 236
        7⤵
        Program crash
        
        PID:1108
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2788 -s 236
        6⤵
        Program crash
        
        PID:2212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32086.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46166.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28053.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3346.exe
        8⤵
        
        PID:804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34779.exe
        9⤵
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45135.exe
        10⤵
        
        PID:4044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22379.exe
        11⤵
        
        PID:6460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9839.exe
        12⤵
        
        PID:7268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38566.exe
        13⤵
        
        PID:10972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7268 -s 216
        13⤵
        
        PID:10892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6460 -s 236
        12⤵
        
        PID:8384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4044 -s 216
        11⤵
        
        PID:7596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2036 -s 216
        10⤵
        
        PID:4340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 804 -s 236
        9⤵
        Program crash
        
        PID:3472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20616.exe
        8⤵
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35710.exe
        9⤵
        
        PID:3288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9213.exe
        10⤵
        
        PID:7052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23717.exe
        10⤵
        
        PID:6496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4960.exe
        11⤵
        
        PID:9676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-246.exe
        12⤵
        
        PID:11376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9676 -s 236
        12⤵
        
        PID:11724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6496 -s 216
        11⤵
        
        PID:10016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3288 -s 220
        10⤵
        
        PID:7732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2232 -s 216
        9⤵
        
        PID:5392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2180 -s 240
        8⤵
        Program crash
        
        PID:3728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18649.exe
        7⤵
        
        PID:832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36123.exe
        8⤵
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57052.exe
        9⤵
        
        PID:3796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63553.exe
        10⤵
        
        PID:5660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55081.exe
        11⤵
        
        PID:7420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30775.exe
        12⤵
        
        PID:11220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7420 -s 236
        12⤵
        
        PID:11508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5660 -s 236
        11⤵
        
        PID:8692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3796 -s 216
        10⤵
        
        PID:7004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1744 -s 216
        9⤵
        
        PID:5060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 832 -s 236
        8⤵
        Program crash
        
        PID:3316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1736 -s 240
        7⤵
        Program crash
        
        PID:1828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57388.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38515.exe
        7⤵
        
        PID:1792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51224.exe
        8⤵
        
        PID:2924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17696.exe
        9⤵
        
        PID:3868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5647.exe
        10⤵
        
        PID:5292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60696.exe
        11⤵
        
        PID:8428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42129.exe
        12⤵
        
        PID:4856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13405.exe
        13⤵
        
        PID:12156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8428 -s 236
        12⤵
        
        PID:11364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3868 -s 216
        10⤵
        
        PID:6404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2924 -s 236
        9⤵
        
        PID:4380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62106.exe
        8⤵
        
        PID:3928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20139.exe
        9⤵
        
        PID:5272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17233.exe
        10⤵
        
        PID:5716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49850.exe
        11⤵
        
        PID:7472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42749.exe
        12⤵
        
        PID:11240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7472 -s 216
        12⤵
        
        PID:5968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5716 -s 216
        11⤵
        
        PID:8652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5272 -s 236
        10⤵
        
        PID:7040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45608.exe
        9⤵
        
        PID:5820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29871.exe
        10⤵
        
        PID:8036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52873.exe
        11⤵
        
        PID:11000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8036 -s 216
        11⤵
        
        PID:5832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5820 -s 236
        10⤵
        
        PID:8328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3928 -s 220
        9⤵
        
        PID:7136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1792 -s 240
        8⤵
        
        PID:4508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13569.exe
        7⤵
        
        PID:1676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52224.exe
        8⤵
        
        PID:4928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38243.exe
        9⤵
        
        PID:6592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38328.exe
        10⤵
        
        PID:8684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44925.exe
        11⤵
        
        PID:11952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8684 -s 216
        11⤵
        
        PID:12024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6592 -s 236
        10⤵
        
        PID:10124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1676 -s 216
        8⤵
        
        PID:5300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1244 -s 220
        7⤵
        
        PID:4216
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2452 -s 240
        6⤵
        Program crash
        
        PID:1544
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2636 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:2372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38043.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38043.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1874.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62502.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60725.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55043.exe
        8⤵
        
        PID:1420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18443.exe
        9⤵
        
        PID:2484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56668.exe
        10⤵
        
        PID:3904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31041.exe
        11⤵
        
        PID:4864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21421.exe
        12⤵
        
        PID:7712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29871.exe
        13⤵
        
        PID:7992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7619.exe
        14⤵
        
        PID:11024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7992 -s 236
        14⤵
        
        PID:11412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7712 -s 216
        13⤵
        
        PID:8408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4864 -s 236
        12⤵
        
        PID:8028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3904 -s 216
        11⤵
        
        PID:6108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2484 -s 236
        10⤵
        
        PID:4780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1420 -s 236
        9⤵
        Program crash
        
        PID:3496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17601.exe
        8⤵
        
        PID:1152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10041.exe
        9⤵
        
        PID:3128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45156.exe
        10⤵
        
        PID:4484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56654.exe
        11⤵
        
        PID:5980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60303.exe
        12⤵
        
        PID:7048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29231.exe
        13⤵
        
        PID:8672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59405.exe
        14⤵
        
        PID:5436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8672 -s 216
        14⤵
        
        PID:12112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7048 -s 236
        13⤵
        
        PID:9476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5980 -s 236
        12⤵
        
        PID:7588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4484 -s 236
        11⤵
        
        PID:6300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3128 -s 216
        10⤵
        
        PID:5340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1152 -s 216
        9⤵
        
        PID:4372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2224 -s 240
        8⤵
        Program crash
        
        PID:3564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51706.exe
        7⤵
        
        PID:1404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51608.exe
        8⤵
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46609.exe
        9⤵
        
        PID:4920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58360.exe
        10⤵
        
        PID:7476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29024.exe
        11⤵
        
        PID:9948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12719.exe
        12⤵
        
        PID:12060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9948 -s 216
        12⤵
        
        PID:12128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7476 -s 216
        11⤵
        
        PID:10304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4920 -s 216
        10⤵
        
        PID:8728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1512 -s 216
        9⤵
        
        PID:5324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1404 -s 216
        8⤵
        
        PID:3460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 980 -s 240
        7⤵
        Program crash
        
        PID:1696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24523.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14700.exe
        7⤵
        
        PID:1868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13476.exe
        8⤵
        
        PID:3132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44559.exe
        9⤵
        
        PID:3464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-320.exe
        10⤵
        
        PID:5752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47034.exe
        11⤵
        
        PID:7060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21380.exe
        12⤵
        
        PID:9648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41625.exe
        13⤵
        
        PID:11828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7060 -s 216
        12⤵
        
        PID:9992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5752 -s 236
        11⤵
        
        PID:8108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3132 -s 216
        9⤵
        
        PID:5128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60739.exe
        8⤵
        
        PID:3756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44309.exe
        9⤵
        
        PID:6620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27951.exe
        10⤵
        
        PID:7832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6768.exe
        11⤵
        
        PID:10944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7832 -s 216
        11⤵
        
        PID:11356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6620 -s 236
        10⤵
        
        PID:8452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3756 -s 236
        9⤵
        
        PID:7744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1868 -s 240
        8⤵
        
        PID:5220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2176 -s 236
        7⤵
        Program crash
        
        PID:3096
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1624 -s 240
        6⤵
        Program crash
        
        PID:3048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26300.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28742.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11182.exe
        7⤵
        
        PID:2540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13585.exe
        8⤵
        
        PID:992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5223.exe
        9⤵
        
        PID:3292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36131.exe
        10⤵
        
        PID:6332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12412.exe
        11⤵
        
        PID:10032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12802.exe
        12⤵
        
        PID:12160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10032 -s 216
        12⤵
        
        PID:7648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6332 -s 216
        11⤵
        
        PID:10356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3292 -s 216
        10⤵
        
        PID:7216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 992 -s 236
        9⤵
        
        PID:5448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2540 -s 236
        8⤵
        Program crash
        
        PID:3852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25515.exe
        7⤵
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1253.exe
        8⤵
        
        PID:3224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6349.exe
        8⤵
        
        PID:4328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22830.exe
        9⤵
        
        PID:6068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30546.exe
        10⤵
        
        PID:8612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22633.exe
        11⤵
        
        PID:10328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8612 -s 216
        11⤵
        
        PID:11832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6068 -s 216
        10⤵
        
        PID:9488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4328 -s 216
        9⤵
        
        PID:6532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1752 -s 240
        8⤵
        
        PID:5360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 808 -s 240
        7⤵
        Program crash
        
        PID:3104
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1656 -s 240
        5⤵
        Program crash
        
        PID:2776
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2948 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:2256
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39397.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39397.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41573.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41573.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35616.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63078.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44581.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37856.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35355.exe
        9⤵
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48723.exe
        10⤵
        
        PID:3964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12108.exe
        11⤵
        
        PID:5800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2035.exe
        12⤵
        
        PID:9032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60095.exe
        13⤵
        
        PID:4480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9032 -s 216
        13⤵
        
        PID:11920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5800 -s 216
        12⤵
        
        PID:9748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3964 -s 216
        11⤵
        
        PID:6216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2024 -s 216
        10⤵
        
        PID:4536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35785.exe
        9⤵
        
        PID:4020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63137.exe
        10⤵
        
        PID:4948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2850.exe
        11⤵
        
        PID:5864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5143.exe
        12⤵
        
        PID:8364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6768.exe
        13⤵
        
        PID:10904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61325.exe
        14⤵
        
        PID:6284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10904 -s 236
        14⤵
        
        PID:12192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8364 -s 216
        13⤵
        
        PID:5748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5864 -s 216
        12⤵
        
        PID:9400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4948 -s 236
        11⤵
        
        PID:6856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4020 -s 216
        10⤵
        
        PID:5524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3012 -s 240
        9⤵
        
        PID:3876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31441.exe
        8⤵
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61471.exe
        9⤵
        
        PID:4048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41128.exe
        10⤵
        
        PID:6536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44351.exe
        11⤵
        
        PID:6584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2376.exe
        12⤵
        
        PID:1344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43685.exe
        13⤵
        
        PID:6192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6584 -s 216
        12⤵
        
        PID:10548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6536 -s 216
        11⤵
        
        PID:7944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4048 -s 236
        10⤵
        
        PID:6952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2760 -s 236
        9⤵
        
        PID:4696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2740 -s 240
        8⤵
        Program crash
        
        PID:3780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 780 -s 216
        7⤵
        Program crash
        
        PID:1388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41435.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19491.exe
        7⤵
        
        PID:1128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3066.exe
        8⤵
        
        PID:1260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14393.exe
        9⤵
        
        PID:4772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33386.exe
        10⤵
        
        PID:7112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2536.exe
        11⤵
        
        PID:9060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45456.exe
        12⤵
        
        PID:6380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9060 -s 236
        12⤵
        
        PID:12268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7112 -s 236
        11⤵
        
        PID:9836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4772 -s 216
        10⤵
        
        PID:7280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1260 -s 216
        9⤵
        
        PID:5904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1128 -s 236
        8⤵
        
        PID:4244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64498.exe
        7⤵
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59517.exe
        8⤵
        
        PID:3548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46722.exe
        9⤵
        
        PID:6724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17794.exe
        10⤵
        
        PID:9432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26145.exe
        11⤵
        
        PID:6828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9432 -s 216
        11⤵
        
        PID:7688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6724 -s 216
        10⤵
        
        PID:9616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3548 -s 216
        9⤵
        
        PID:7816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2556 -s 216
        8⤵
        
        PID:5008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1296 -s 240
        7⤵
        Program crash
        
        PID:3672
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 536 -s 240
        6⤵
        Program crash
        
        PID:636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40197.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28245.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52739.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56382.exe
        8⤵
        
        PID:3444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36272.exe
        9⤵
        
        PID:4804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37744.exe
        10⤵
        
        PID:5264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63036.exe
        11⤵
        
        PID:7360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42640.exe
        12⤵
        
        PID:3356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7360 -s 216
        12⤵
        
        PID:11296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5264 -s 216
        11⤵
        
        PID:8584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4804 -s 236
        10⤵
        
        PID:6364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3444 -s 216
        9⤵
        
        PID:5632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2852 -s 236
        8⤵
        
        PID:4652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46626.exe
        7⤵
        
        PID:1316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34.exe
        8⤵
        
        PID:4672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27522.exe
        8⤵
        
        PID:4904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48900.exe
        9⤵
        
        PID:7936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48812.exe
        10⤵
        
        PID:7500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9666.exe
        11⤵
        
        PID:10612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7500 -s 236
        11⤵
        
        PID:11280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7936 -s 236
        10⤵
        
        PID:892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12719.exe
        9⤵
        
        PID:7464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25108.exe
        10⤵
        
        PID:5136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7464 -s 216
        10⤵
        
        PID:11492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4904 -s 220
        9⤵
        
        PID:8972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1316 -s 220
        8⤵
        
        PID:6372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2400 -s 240
        7⤵
        
        PID:3944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32297.exe
        6⤵
        Suspicious use of SetWindowsHookEx
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55147.exe
        7⤵
        
        PID:3344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15977.exe
        8⤵
        
        PID:4636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62866.exe
        9⤵
        
        PID:6752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46527.exe
        10⤵
        
        PID:8588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47983.exe
        11⤵
        
        PID:5488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8588 -s 216
        11⤵
        
        PID:12032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6752 -s 236
        10⤵
        
        PID:9444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4636 -s 216
        9⤵
        
        PID:7848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3344 -s 216
        8⤵
        
        PID:6352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2576 -s 236
        7⤵
        
        PID:4300
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2900 -s 240
        6⤵
        Program crash
        
        PID:1560
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1608 -s 240
        5⤵
        Program crash
        
        PID:1956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47546.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47546.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29638.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11716.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22371.exe
        7⤵
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32968.exe
        8⤵
        
        PID:2480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60103.exe
        9⤵
        
        PID:3372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3023.exe
        10⤵
        
        PID:4872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19785.exe
        11⤵
        
        PID:7080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23752.exe
        12⤵
        
        PID:9984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7080 -s 216
        12⤵
        
        PID:10792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4872 -s 216
        11⤵
        
        PID:8272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3372 -s 216
        10⤵
        
        PID:4472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2480 -s 236
        9⤵
        
        PID:4840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40429.exe
        8⤵
        
        PID:3404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63916.exe
        9⤵
        
        PID:4432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38672.exe
        10⤵
        
        PID:8112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23221.exe
        11⤵
        
        PID:10896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8112 -s 216
        11⤵
        
        PID:11048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4432 -s 236
        10⤵
        
        PID:8280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3404 -s 216
        9⤵
        
        PID:6304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2164 -s 240
        8⤵
        
        PID:5100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15598.exe
        7⤵
        
        PID:316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21230.exe
        8⤵
        
        PID:3636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31041.exe
        9⤵
        
        PID:4892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50588.exe
        10⤵
        
        PID:6196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55766.exe
        11⤵
        
        PID:7632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48556.exe
        12⤵
        
        PID:8928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29388.exe
        13⤵
        
        PID:11768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8928 -s 236
        13⤵
        
        PID:11964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7632 -s 236
        12⤵
        
        PID:9720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6196 -s 216
        11⤵
        
        PID:9200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4892 -s 216
        10⤵
        
        PID:7176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3636 -s 216
        9⤵
        
        PID:6128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 316 -s 236
        8⤵
        Program crash
        
        PID:3980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2596 -s 240
        7⤵
        Program crash
        
        PID:3112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21280.exe
        6⤵
        
        PID:2376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19211.exe
        7⤵
        
        PID:1968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7794.exe
        8⤵
        
        PID:4076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55502.exe
        9⤵
        
        PID:5284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63420.exe
        10⤵
        
        PID:8132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42640.exe
        11⤵
        
        PID:10372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8132 -s 216
        11⤵
        
        PID:6180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5284 -s 236
        10⤵
        
        PID:8464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4076 -s 236
        9⤵
        
        PID:6660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1968 -s 236
        8⤵
        
        PID:4880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21779.exe
        7⤵
        
        PID:3284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14019.exe
        8⤵
        
        PID:4812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18555.exe
        9⤵
        
        PID:7400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17260.exe
        10⤵
        
        PID:9288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10396.exe
        11⤵
        
        PID:6220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9288 -s 216
        11⤵
        
        PID:12076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7400 -s 216
        10⤵
        
        PID:10512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4812 -s 216
        9⤵
        
        PID:8576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3284 -s 236
        8⤵
        
        PID:6116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2376 -s 240
        7⤵
        Program crash
        
        PID:3884
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2312 -s 220
        6⤵
        Program crash
        
        PID:2996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23947.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58058.exe
        6⤵
        
        PID:1644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17483.exe
        7⤵
        
        PID:1248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41342.exe
        8⤵
        
        PID:4516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50801.exe
        9⤵
        
        PID:6972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45149.exe
        10⤵
        
        PID:8436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46043.exe
        11⤵
        
        PID:11664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8436 -s 236
        11⤵
        
        PID:7016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6972 -s 216
        10⤵
        
        PID:9324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4516 -s 236
        9⤵
        
        PID:8060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1248 -s 216
        8⤵
        
        PID:5624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1644 -s 216
        7⤵
        
        PID:3184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47311.exe
        6⤵
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-568.exe
        7⤵
        
        PID:4060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41399.exe
        8⤵
        
        PID:4412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40646.exe
        9⤵
        
        PID:7248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5225.exe
        10⤵
        
        PID:10116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60545.exe
        11⤵
        
        PID:11276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7248 -s 216
        10⤵
        
        PID:10396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4412 -s 236
        9⤵
        
        PID:8396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4060 -s 236
        8⤵
        
        PID:5684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38253.exe
        7⤵
        
        PID:4456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5861.exe
        8⤵
        
        PID:7220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48972.exe
        9⤵
        
        PID:10224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7220 -s 216
        9⤵
        
        PID:10496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4456 -s 216
        8⤵
        
        PID:8336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2864 -s 240
        7⤵
        
        PID:5704
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2344 -s 240
        6⤵
        Program crash
        
        PID:4068
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1092 -s 240
        5⤵
        Program crash
        
        PID:1500
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2748 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1140
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2100 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2932
- C:\Users\Admin\AppData\Local\Temp\Unicorn-48583.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-48583.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2440
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30182.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30182.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59362.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59362.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45600.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60639.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43922.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53123.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18168.exe
        9⤵
        
        PID:2220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12462.exe
        10⤵
        
        PID:3148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39208.exe
        11⤵
        
        PID:6488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36515.exe
        12⤵
        
        PID:6148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53595.exe
        13⤵
        
        PID:8200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19774.exe
        14⤵
        
        PID:6252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8200 -s 236
        14⤵
        
        PID:11352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6148 -s 216
        13⤵
        
        PID:10168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6488 -s 216
        12⤵
        
        PID:6664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3148 -s 236
        11⤵
        
        PID:6844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2220 -s 236
        10⤵
        
        PID:4792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1756 -s 236
        9⤵
        Program crash
        
        PID:3260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16257.exe
        8⤵
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59709.exe
        9⤵
        
        PID:3424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19563.exe
        10⤵
        
        PID:5308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48753.exe
        11⤵
        
        PID:5896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22710.exe
        12⤵
        
        PID:7468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23074.exe
        13⤵
        
        PID:10464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7468 -s 236
        13⤵
        
        PID:11576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5896 -s 236
        12⤵
        
        PID:9236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5308 -s 236
        11⤵
        
        PID:7144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19191.exe
        10⤵
        
        PID:5952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9061.exe
        11⤵
        
        PID:7608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22100.exe
        12⤵
        
        PID:10704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7608 -s 236
        12⤵
        
        PID:11256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5952 -s 236
        11⤵
        
        PID:9332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3424 -s 220
        10⤵
        
        PID:6256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2488 -s 236
        9⤵
        
        PID:4972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2284 -s 240
        8⤵
        Program crash
        
        PID:3608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32681.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1564 -s 240
        8⤵
        Program crash
        
        PID:1688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3040 -s 240
        7⤵
        Program crash
        
        PID:3240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56921.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54384.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62879.exe
        8⤵
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44997.exe
        9⤵
        
        PID:872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25317.exe
        10⤵
        
        PID:4108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35555.exe
        11⤵
        
        PID:6552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24992.exe
        12⤵
        
        PID:9808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5241.exe
        13⤵
        
        PID:11864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9808 -s 236
        13⤵
        
        PID:11996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6552 -s 236
        12⤵
        
        PID:9896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4108 -s 216
        11⤵
        
        PID:7312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 872 -s 236
        10⤵
        
        PID:5480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2928 -s 236
        9⤵
        Program crash
        
        PID:3912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57228.exe
        8⤵
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18934.exe
        9⤵
        
        PID:3436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28052.exe
        10⤵
        
        PID:4676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42005.exe
        11⤵
        
        PID:6576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1834.exe
        12⤵
        
        PID:7364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15443.exe
        13⤵
        
        PID:2076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7364 -s 236
        13⤵
        
        PID:10948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6576 -s 216
        12⤵
        
        PID:8552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4676 -s 236
        11⤵
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57387.exe
        9⤵
        
        PID:4660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44994.exe
        10⤵
        
        PID:6652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23720.exe
        11⤵
        
        PID:9276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44157.exe
        12⤵
        
        PID:12008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9276 -s 216
        12⤵
        
        PID:7424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6652 -s 216
        11⤵
        
        PID:10148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4660 -s 216
        10⤵
        
        PID:7752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2872 -s 220
        9⤵
        
        PID:5920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2880 -s 240
        8⤵
        Program crash
        
        PID:3688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9573.exe
        7⤵
        
        PID:1520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44421.exe
        8⤵
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8596.exe
        9⤵
        
        PID:4192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2560.exe
        10⤵
        
        PID:6908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35092.exe
        11⤵
        
        PID:9000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30775.exe
        12⤵
        
        PID:11232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9000 -s 216
        12⤵
        
        PID:11516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6908 -s 216
        11⤵
        
        PID:9740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4192 -s 216
        10⤵
        
        PID:8040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2548 -s 216
        9⤵
        
        PID:5512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1520 -s 236
        8⤵
        Program crash
        
        PID:3936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2588 -s 240
        7⤵
        Program crash
        
        PID:2560
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1324 -s 240
        6⤵
        Program crash
        
        PID:1964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24437.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60258.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37171.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-295.exe
        8⤵
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55531.exe
        8⤵
        
        PID:3276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19168.exe
        9⤵
        
        PID:4980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38809.exe
        10⤵
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5225.exe
        11⤵
        
        PID:10104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1720 -s 216
        11⤵
        
        PID:10412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4980 -s 216
        10⤵
        
        PID:8300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3276 -s 236
        9⤵
        
        PID:5776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 560 -s 240
        8⤵
        
        PID:5088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51312.exe
        7⤵
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25620.exe
        8⤵
        
        PID:3304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20128.exe
        9⤵
        
        PID:4752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62140.exe
        10⤵
        
        PID:6616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44006.exe
        11⤵
        
        PID:9696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22026.exe
        12⤵
        
        PID:5988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9696 -s 236
        12⤵
        
        PID:12052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6616 -s 216
        11⤵
        
        PID:10652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4752 -s 236
        10⤵
        
        PID:8256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3304 -s 216
        9⤵
        
        PID:6032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2276 -s 236
        8⤵
        
        PID:4444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2684 -s 240
        7⤵
        Program crash
        
        PID:1600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33065.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5069.exe
        7⤵
        
        PID:3244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44388.exe
        8⤵
        
        PID:4640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19131.exe
        9⤵
        
        PID:7292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8923.exe
        10⤵
        
        PID:9316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7292 -s 216
        10⤵
        
        PID:11144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4640 -s 216
        9⤵
        
        PID:8488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3244 -s 216
        8⤵
        
        PID:5928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2840 -s 216
        7⤵
        Program crash
        
        PID:3632
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1032 -s 220
        6⤵
        Program crash
        
        PID:820
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1012 -s 240
        5⤵
        Program crash
        
        PID:1592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42262.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42262.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27967.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27010.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3538.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53995.exe
        8⤵
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62205.exe
        9⤵
        
        PID:3760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35321.exe
        10⤵
        
        PID:6320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59149.exe
        11⤵
        
        PID:7388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25754.exe
        12⤵
        
        PID:11184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7388 -s 216
        12⤵
        
        PID:6268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6320 -s 216
        11⤵
        
        PID:8508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3760 -s 216
        10⤵
        
        PID:7352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2572 -s 216
        9⤵
        
        PID:5080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3052 -s 236
        8⤵
        Program crash
        
        PID:3736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20232.exe
        7⤵
        
        PID:1916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44943.exe
        8⤵
        
        PID:3228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12099.exe
        9⤵
        
        PID:4580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5861.exe
        10⤵
        
        PID:7228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24217.exe
        11⤵
        
        PID:10232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10232 -s 220
        12⤵
        
        PID:6176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7228 -s 216
        11⤵
        
        PID:11120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4580 -s 216
        10⤵
        
        PID:8344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3228 -s 216
        9⤵
        
        PID:5844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57771.exe
        8⤵
        
        PID:4560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19131.exe
        9⤵
        
        PID:7316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30415.exe
        10⤵
        
        PID:10128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7316 -s 216
        10⤵
        
        PID:10404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4560 -s 216
        9⤵
        
        PID:8480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1916 -s 220
        8⤵
        
        PID:5852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2744 -s 240
        7⤵
        Program crash
        
        PID:3772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32297.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19320.exe
        7⤵
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48256.exe
        8⤵
        
        PID:3748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30772.exe
        9⤵
        
        PID:5608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46124.exe
        10⤵
        
        PID:7452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24423.exe
        11⤵
        
        PID:11136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7452 -s 216
        11⤵
        
        PID:11456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5608 -s 216
        10⤵
        
        PID:8624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3748 -s 216
        9⤵
        
        PID:6888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2512 -s 236
        8⤵
        
        PID:5068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31078.exe
        7⤵
        
        PID:3820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11331.exe
        8⤵
        
        PID:4732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19323.exe
        9⤵
        
        PID:7328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30093.exe
        10⤵
        
        PID:9964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20946.exe
        11⤵
        
        PID:7720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7328 -s 216
        10⤵
        
        PID:10312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4732 -s 216
        9⤵
        
        PID:8512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3820 -s 236
        8⤵
        
        PID:6008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2496 -s 240
        7⤵
        Program crash
        
        PID:3656
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 348 -s 240
        6⤵
        Program crash
        
        PID:908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38939.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35827.exe
        6⤵
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18827.exe
        7⤵
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24380.exe
        8⤵
        
        PID:3856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42232.exe
        9⤵
        
        PID:6788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35604.exe
        10⤵
        
        PID:9584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56930.exe
        11⤵
        
        PID:11528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9584 -s 236
        11⤵
        
        PID:11780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6788 -s 216
        10⤵
        
        PID:9784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3856 -s 236
        9⤵
        
        PID:7880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2196 -s 216
        8⤵
        
        PID:4116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2620 -s 236
        7⤵
        Program crash
        
        PID:3400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64114.exe
        6⤵
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26845.exe
        7⤵
        
        PID:3644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45156.exe
        8⤵
        
        PID:4496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9182.exe
        9⤵
        
        PID:6936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62895.exe
        10⤵
        
        PID:10156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45335.exe
        11⤵
        
        PID:7032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6936 -s 216
        10⤵
        
        PID:10428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4496 -s 236
        9⤵
        
        PID:7672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3644 -s 236
        8⤵
        
        PID:5740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40941.exe
        7⤵
        
        PID:4520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11169.exe
        8⤵
        
        PID:6692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60421.exe
        9⤵
        
        PID:8500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4568.exe
        10⤵
        
        PID:10828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8500 -s 236
        10⤵
        
        PID:11812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6692 -s 216
        9⤵
        
        PID:9412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4520 -s 236
        8⤵
        
        PID:7784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2292 -s 220
        7⤵
        
        PID:5788
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2516 -s 240
        6⤵
        Program crash
        
        PID:3680
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2960 -s 240
        5⤵
        Program crash
        
        PID:1252
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2752 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:2456
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5755.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5755.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3327.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3327.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43919.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10865.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37856.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50648.exe
        8⤵
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12462.exe
        9⤵
        
        PID:3084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12099.exe
        10⤵
        
        PID:4572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50707.exe
        11⤵
        
        PID:5604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48034.exe
        12⤵
        
        PID:8756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43676.exe
        13⤵
        
        PID:5460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8756 -s 236
        13⤵
        
        PID:11928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5604 -s 236
        12⤵
        
        PID:9572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4572 -s 236
        11⤵
        
        PID:6716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3084 -s 236
        10⤵
        
        PID:5408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24029.exe
        9⤵
        
        PID:4608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39291.exe
        10⤵
        
        PID:6432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29285.exe
        11⤵
        
        PID:8644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58273.exe
        12⤵
        
        PID:10988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8644 -s 216
        12⤵
        
        PID:11400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6432 -s 216
        11⤵
        
        PID:9524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4608 -s 216
        10⤵
        
        PID:7576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2104 -s 220
        9⤵
        
        PID:5940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1188 -s 236
        8⤵
        Program crash
        
        PID:3188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63839.exe
        7⤵
        
        PID:1300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45402.exe
        8⤵
        
        PID:3340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6877.exe
        9⤵
        
        PID:6016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49658.exe
        10⤵
        
        PID:7568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26636.exe
        11⤵
        
        PID:11076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7568 -s 216
        11⤵
        
        PID:10928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6016 -s 216
        10⤵
        
        PID:8696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3340 -s 216
        9⤵
        
        PID:6452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1300 -s 216
        8⤵
        
        PID:4956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2552 -s 220
        7⤵
        Program crash
        
        PID:3584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49210.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18168.exe
        7⤵
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25712.exe
        8⤵
        
        PID:5032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17937.exe
        9⤵
        
        PID:6944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1225.exe
        10⤵
        
        PID:7432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26553.exe
        11⤵
        
        PID:11028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7432 -s 236
        11⤵
        
        PID:5840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6944 -s 236
        10⤵
        
        PID:8536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5032 -s 236
        9⤵
        
        PID:7976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2336 -s 236
        8⤵
        
        PID:5696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2700 -s 216
        7⤵
        
        PID:4136
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 568 -s 240
        6⤵
        Program crash
        
        PID:1972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22027.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36403.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2791.exe
        7⤵
        
        PID:1340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10134.exe
        8⤵
        
        PID:3480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33465.exe
        9⤵
        
        PID:5180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-546.exe
        10⤵
        
        PID:5676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27823.exe
        11⤵
        
        PID:6668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33180.exe
        12⤵
        
        PID:8804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59405.exe
        13⤵
        
        PID:6264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8804 -s 216
        13⤵
        
        PID:12104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6668 -s 236
        12⤵
        
        PID:9568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5676 -s 216
        11⤵
        
        PID:7288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5180 -s 236
        10⤵
        
        PID:6208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3480 -s 216
        9⤵
        
        PID:5520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1340 -s 236
        8⤵
        
        PID:4208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22557.exe
        7⤵
        
        PID:3512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11788.exe
        8⤵
        
        PID:4668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22446.exe
        9⤵
        
        PID:6140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30354.exe
        10⤵
        
        PID:8660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22902.exe
        11⤵
        
        PID:10604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8660 -s 216
        11⤵
        
        PID:12232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6140 -s 216
        10⤵
        
        PID:9516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4668 -s 236
        9⤵
        
        PID:6640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3512 -s 216
        8⤵
        
        PID:5572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2800 -s 240
        7⤵
        
        PID:4348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64991.exe
        6⤵
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50944.exe
        7⤵
        
        PID:3808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38704.exe
        8⤵
        
        PID:6036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49892.exe
        9⤵
        
        PID:8900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27615.exe
        10⤵
        
        PID:11064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8900 -s 216
        10⤵
        
        PID:11912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6036 -s 236
        9⤵
        
        PID:9700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3808 -s 236
        8⤵
        
        PID:7072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2820 -s 236
        7⤵
        
        PID:5096
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1552 -s 240
        6⤵
        Program crash
        
        PID:3176
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2464 -s 240
        5⤵
        Program crash
        
        PID:596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7717.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7717.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43538.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37856.exe
        6⤵
        Executes dropped EXE
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49579.exe
        7⤵
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52769.exe
        8⤵
        
        PID:5048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24590.exe
        9⤵
        
        PID:7104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43440.exe
        10⤵
        
        PID:9884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60385.exe
        11⤵
        
        PID:12208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7104 -s 216
        10⤵
        
        PID:10276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5048 -s 216
        9⤵
        
        PID:8160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2920 -s 236
        8⤵
        
        PID:6104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 216
        7⤵
        
        PID:3544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62770.exe
        6⤵
        
        PID:1864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36625.exe
        7⤵
        
        PID:4992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60965.exe
        8⤵
        
        PID:7524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3720.exe
        9⤵
        
        PID:9604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7524 -s 216
        9⤵
        
        PID:10636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4992 -s 216
        8⤵
        
        PID:8780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1864 -s 216
        7⤵
        
        PID:5912
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2564 -s 220
        6⤵
        
        PID:3224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49210.exe
        5⤵
        Executes dropped EXE
        
        PID:2336
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1748 -s 240
        5⤵
        Program crash
        
        PID:2052
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1516 -s 240
      4⤵
      Program crash
      PID:2000
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2440 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2436
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 848 -s 240
  2⤵
  - Program crash
  PID:2692

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-22100.exe

Filesize
184KB

MD5
4e9a49de340a9c6df974e1f410d1d1fe

SHA1
f29bf15aeacd64b3f5a991ffb0fd0fd66a39a6fe

SHA256
59c276a9b451d9e90534383afa69836d1f2171112158e093aa4a3d88de02e247

SHA512
18a6684b3c38e84c4638f77a631323ab0005659e9e96decccf348c13aa6ae50d8e042eaec6550477b0aa088290d534dc27a0abef04898a53060f7ce6addae462

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22371.exe

Filesize
184KB

MD5
258252f384f048059affc62eb496ec1a

SHA1
9049a914dd03e6122b4bd210cac5376ea13b53e8

SHA256
7966ee10c0b38a64762ba397794af1f7ca4ae8f00a39d08ea171fa36c4450473

SHA512
3ad585ab212a68ee29034a727333c2d224898f44ac9b2a8af1b9a5cb93cec94d247c599c1af798826bb7dae9614141f923358983a4791274957fcf488a3d62e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22710.exe

Filesize
184KB

MD5
c66cc0de686322d7554c9b57a2cf0a4d

SHA1
3dd9068bf1f76a87d36136689b2ed472a9a15e20

SHA256
7c53cc01ffff5cfa7d399a610a896a8b229aaab07f2e577c96f31f98ddfe0e67

SHA512
1e20ac3cb29f2eba73bd338d46d8a9378e9788b5788ab51f413d8bf2083371d99336e3309ae5c6486f27f6df987ef2ec5b624cc782ae69026e682d9fa5bb7c13

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22830.exe

Filesize
184KB

MD5
5c3c85177f989b8e0eccbb4508dd85f3

SHA1
8eea81c8391e11f9c733d8b9a1500436ba136039

SHA256
2503dcce6c35e1272e4e1d0f9fe0d8c22023046dce08b7326c77882e13f279de

SHA512
dd79e5d9b5b9bc2c73462136bce950fb5e44a132ea036d7a34d849e491872035df63afd5ccd99ea7431243ae08769c1c040ed5016a1602f83fe653d69deb57df

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23074.exe

Filesize
184KB

MD5
9ef6b3596e7f80feb43e0d2911bc17bb

SHA1
1a43c4b3cfc91c6ba747295a67dbe97b751f88dc

SHA256
454a7e40141a3a7c45b50647b05060933fe47f4b28709bbf55d98f6ffbebd15b

SHA512
7d5e12f0973cd9efba1290df3d31ab6307cbfa606da4627dcd0fe4aceac8cc7895b17c1b3936f3eed6ac64fb88a033f18b3b5694791e98ad9dc1da0afcce6de6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39208.exe

Filesize
184KB

MD5
b3d97f6ce51e8bde7af9e334976ccff4

SHA1
3c442b162e29ab7c1a4c82bb5cc5241c31545cdf

SHA256
01e2db28c80a4ce15aaebff79037eaebce563eb3b1e30c111632a14c1bd362c0

SHA512
c4d4a064bcd27be93cbb767c0e29a851803357d5e7629eb7ad42457624efb036f17df66fd68a29a38b6568d30b9b1de3e83ea2f145a851d00e4e9d1d9980aef5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40197.exe

Filesize
184KB

MD5
b79efdc958c47bc212c164cd524ff289

SHA1
73b14d244f716d22bbc0897e4961447b5d78597f

SHA256
7135d12631290de7c4e51a723b24ab28a203c97059f9f63b547daebd65e04936

SHA512
99cb10eb3d2eeec4d80fede612431dd8e13123b95044bf50b3067cfde887a93c0d7fd3cd2511eb0c0bfb09fab4bf19de9b4893614b7e5c23e9f53c9aec59d4c7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40429.exe

Filesize
184KB

MD5
a6b1f9cff32fdf5b56726e1e8d0e53f8

SHA1
273ccb7062f0558687e8886b6f2591fa021739e2

SHA256
8e28821c02f56cfb22a1d54b9e6e2dc8b5eb718e56707eb6774de76f61cdea7f

SHA512
daaad555dbfd231f04c63299fe63682710d4b41ba17c352b497060da6ee59936fde3bd82b184813d167106387cb4bc2e00b61824f82a852be6e41b320957bf37

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40941.exe

Filesize
184KB

MD5
dec73313f4486621342c677f5c60ba32

SHA1
75b16dafbac13187615901e1253b9250556e0d83

SHA256
ed53b29e68aaf9a27ebea3ed778521f17b21f73259d537df8598bf5043b15b1f

SHA512
954c7c9ca240c8f3451884cb64d017be1f80cbde489a5aee48a48c87d3fcc44fae1a25c387a42b9a12c03af54688ca82197a6a4cc58dfada8c027ceaf3f0abf3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42262.exe

Filesize
184KB

MD5
5129036578834411c3d5a68b774fa9af

SHA1
e39c00e65fba7afd563819906ec83a577537c7b7

SHA256
d60fafca52bfd3c4cda1db1565b05aade0644b34752ffc4a3d422e0546987798

SHA512
2b8bdeaf9c9cab0c68eb622d556ec2f173d26bd2ee1b736e3a80912072691681ebc962fc8d8d165a2cd7ffd9fb4fe58e362ff61cdd4b897f86ca03b45e7759fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45600.exe

Filesize
184KB

MD5
491a1c094967ee08784257377770eb39

SHA1
41684be110827d30b0287a81669fc76e13950509

SHA256
b781923139211fb48c06c3397b75c69d2589a7634f1b62b83203dbf2a9f6aac3

SHA512
8ec3301a06ee7609c2f778bc332c931c5153930a7d6b048c44df6a497a8273989106982858d796016e8c850605633d6dada668efeebc3242550de1d45d0a7c9f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4568.exe

Filesize
184KB

MD5
2b190efa0c92d88b3c08f298e24704ba

SHA1
fb4f35e0d4de9cd70a75f8da136ef9e53421e20c

SHA256
5d5f2f6aac4140c7e331cfac449b9e0dae4153c94f8619ac66bc0e1e3a0c4ed3

SHA512
530d75e2e2663610ffb5d362965cd93ba2e02d1ad2a8d4dfa16f86d9be7d81d6e1cf818c1987a6b53a3c39c33356cf201fe95bdedf4b4cfee159cab9a4e6e8c9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48583.exe

Filesize
184KB

MD5
bfa1ba8e27083466cafde29c39d471db

SHA1
c1e02cf18cf8de86c0964de522a416008c7a053f

SHA256
987965f4ac82663deaef9b75f14eed40133eb3f04d384dba12e3821924588449

SHA512
5728db1490964cbfe20a0058d939557a94d703402916941c44322d88260cd3620af66ed40524cd977a48364bde5a6ffed3222e2b1359ec3e59435ae73200323d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48972.exe

Filesize
184KB

MD5
589dd0d57f8efb73f57b65a70d33a876

SHA1
bc5774333fbb86bfb191eb719c7fb5ef8f8fdaf9

SHA256
94ccfd4ce73b6f72bc1edf0c6d4785e9702353339ae22943e8cbf9da0b475c3a

SHA512
01b359bfd2f088b5650ca0d85b033f83217bcc7d5ece31fc4d868d2fa441b149d67e05a35e6cd9fb3f412c50583681bd49a093b004957bfd467bcfd4c6d9b95b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55766.exe

Filesize
184KB

MD5
09c9bd7186e9dac7fc72a17c59303383

SHA1
ca44cb69fb38201fc72e85f119d3b4a9adcd97b1

SHA256
269ee6e26e9bae98661acd808f80230a7e5921bca91e6abe1d658a594ade77eb

SHA512
c23bbf6b4c2f065e7b27e4fdefe4f1a2362cd0e536dd44613b44a32002bd68dfa871af49b8dd1689c92503dc26b0f8320918b2e9c5efdc8ca4714fb9945a9805

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56921.exe

Filesize
184KB

MD5
953faef33142e3618f9d2f16f220fde1

SHA1
aa13cbd687a8703675660f445eae045cc844ad22

SHA256
9513c24bc7b4e6fdbc26cb8f634eb07b1cd5660bc088b34249bc634ee5c08e91

SHA512
42550de9f949b1fd8e307db3bd5b00ff5985bfe8ff70554df011e914aac45cd460ba5466f42336b6e034795a32236d05109f43611a334502d3cb80fd2ee9b519

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57228.exe

Filesize
184KB

MD5
f550aea5633ec1f23d37ed25943f91d3

SHA1
374e5a366dbd43c098f4675970533c2c2aaac85a

SHA256
2e1ad836e487aa1fab10a75c02a0eb134df083fb42508585748a881b88e82446

SHA512
7c74f2844e5250dc5893c03d918ea66db5a627865652e9010b25a2ff910823dc4482a9d414ee54c4aa4ead9a1fe981ed58d1ff21ceb1c3b95695cb2d2921c996

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-1842.exe

Filesize
184KB

MD5
e0776db4c2471463b825220bdf2b10b9

SHA1
fae15a8da6917d61bb1d4f64880f5d8e4113160e

SHA256
ec4c286a89608568184443218abb6e5dc0c623a36bf442b33146df60c5c6f774

SHA512
1fdd2d557cc7e6eee51408051fb0f1c14a3fbdbe94c71fd6c4aa0295c30c84247c8aa97175402115bc25d9cef436459d3ebb18a5dd1c2965a8e89fd85f2a51bf

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-22068.exe

Filesize
184KB

MD5
dbc616b489f2b9e15dca02c43bce4be1

SHA1
1aac6e3251a0106b5b3851aaf370fdfa8c60c4f2

SHA256
dcf5090a2b7b0a2a8a8908ed1e20075bc585304f5b388fd8326a09a0d98ec216

SHA512
67789dad1293a4d48a0de51a7a3353c717b03ee6df406210dd938b608b6338baa2a0b491151f6582673c762344a8be5b81d3d946f7229d9dbea2f2a599a08464

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-30182.exe

Filesize
184KB

MD5
2fa4a32191f631a0babf197947143b45

SHA1
c6fac86e9e6ac8ac2cb7f917a6f092c4ada54c42

SHA256
c45486f01ade29e725422af1f753660a731d54c1b9a143ffac9c73dabbcf79ee

SHA512
a4a62eae66041db05676b532e327a5c826125666d6688f5f0201b295a881feadb61649cc172fd97ed82352c7f8a14a72c41ca32c0804c99bac207db1c00e90a7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3327.exe

Filesize
184KB

MD5
1f93cd9e7fa45273396d36ec5e275318

SHA1
fd821c24771c3aaed4ed20d95e09515ecb0ce2f2

SHA256
0be7d0cf801e43b6035fcc911f5ad44ac6929cdbdab3971a3ab7e52c313742c7

SHA512
0bada2797192ebca494842cff8513fbeb529ff96f8c1a70ce53177191e508aed9140af97759ca27528dd5d7b8cf68b4c0066ca0726ee422c724b0c89969e9bdc

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-38043.exe

Filesize
184KB

MD5
67fd8aa56c0f98fea9fb778a2208de16

SHA1
ffca4a6d369905f65e8874ae7b9b1c6c15b06912

SHA256
b3b1003631bec0b9dbcb808a7f1b4b43187f56605d31bb0eb60c5f2e5230d38b

SHA512
80b8081536484da06b3c7763ca015b861ea329c146a977a1b9be721eccdebfe014c24eb35b70e8b5dd7203e47d4f49717ce388a8cf72e6cae657035979ca3f8f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-39397.exe

Filesize
184KB

MD5
b04c4c9bd00a53c0bccfb64ae190d5d5

SHA1
2ae0811749f95a48ab9cebeb4b073a831bbadc27

SHA256
2e68a59677e714626a30b74961877ef67c9c2d05095f7fe17290a42f7f51df50

SHA512
9606e1219e1933bef381b9761637e04a5c2efa9151641de9f17b7de37ab9d6c2786442048a484aafe99586dab4154154b5349bb7b6c1dc98ca5dc9a339072fd6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-41573.exe

Filesize
184KB

MD5
7741971a39c39d34de010163299b49e0

SHA1
b7c2f6a29e0e5d0fe98f95e9e2196bd82d842fca

SHA256
764ff4c4477a2dd07c2750f359ebd363d422c5f05b2f858dfbd977fa15f5e876

SHA512
30525aa4f9fd85c82d2bed5624f98c3725db037b57a65cff3cc992c3b5bc15669967c92d8022ec3d40c3cf3aafe21d8394a14d96bdab3c65a84f02e0f68f99e6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-5755.exe

Filesize
184KB

MD5
73d0e70785bb72ac3be6e73b296c9a45

SHA1
27b46165fb90d1a89d82eea6f855fa9d589d1652

SHA256
2ba02f2059c85743178655ffb5b81437b6c451561bee88f526102b4446bdc70f

SHA512
4f7140c01e9d3e3b15a6a4ee983977001fcc8376d9979ed6ab922511ebf19731618d4af79b049c548a441f3020da109c23675f22e90121a518944fd515ff21e7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-59362.exe

Filesize
184KB

MD5
d9c83fd52edb9056ddc04421b2361917

SHA1
5a9c7c1d5eb21213038d1602a54a5ee4b4cc10aa

SHA256
3c42651c54f5459ccd157903e1a80b5a8a07b330c000934aa87806ddf6c053fb

SHA512
3246d097267d6060fb9bafe5ddb25caaf8ca9a38b90c97594e3e080c7408c8e568a8d7527fdc668a5c30a280b9c4c67bb1becf84fc5e75b1925dfd8ca794a882

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-62278.exe

Filesize
184KB

MD5
60db59da4c757caef11d5828d14d1366

SHA1
5cbc44c8169767d6d174e80e7ec07a456b2477d7

SHA256
7cfff06602d319c331e247c5b57d575bb32fb455806cbc67b0945d82b4b7e7b7

SHA512
9175f3016949694a5fb33f4a9c2c439c1d3ed9c3138d4cd9d982ecf95dc7da92f6647a613aca5c2b47f5ba0556206c217ad7b3d38199e85166fbf3afecb6e59f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-8708.exe

Filesize
184KB

MD5
b6e19258bad12514762373cc4ae66387

SHA1
7b73ffd37db729a205d933b6bb681319aa451f06

SHA256
41ffe4cf77baf97c4707b8fcabeb7ab3adc0e0be63777a0d503fcbaa0e32dee8

SHA512
576dd5ddb27bbb979c54e8d0be9ee1023f59c7e0ad52f11eefce811d9128ff55bdca28b61e90010d96c001dc1b7d24a3914abffc9cbcdd5bdf488267e085dcef

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads