d5ffe51cafde0518c902574d551660c9685f3f9fb22ec5323f2b7a340b03e113

Analysis

max time kernel
150s
max time network
119s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
30/05/2024, 03:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d5ffe51cafde0518c902574d551660c9685f3f9fb22ec5323f2b7a340b03e113.exe
Size

184KB
MD5

0d798cc8c5472028e90a1d5d41c951e7
SHA1

5d894ef58a380d11512b07596bb420bb0730ff64
SHA256

d5ffe51cafde0518c902574d551660c9685f3f9fb22ec5323f2b7a340b03e113
SHA512

12bf33f2d399e95f3bcb9a8bc1af9a1bf87f8a576cfb539c38ef3d7a9384a924fe30a441aa1544a70f359946fd1b173582a4b309d661a394f01dc2cbf4050817
SSDEEP

3072:VQD3M8ofwRhYdF7WehwLRtsfhlnViFSn3:VQbo4EF7oLbsfhlnViFS

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2420	Unicorn-26614.exe
2224	Unicorn-44154.exe
2120	Unicorn-25907.exe
2656	Unicorn-4935.exe
2924	Unicorn-34593.exe
2520	Unicorn-17742.exe
3024	Unicorn-20831.exe
2856	Unicorn-1157.exe
2892	Unicorn-53695.exe
2484	Unicorn-20447.exe
1920	Unicorn-16917.exe
1624	Unicorn-9746.exe
3064	Unicorn-58433.exe
2000	Unicorn-59933.exe
1604	Unicorn-8272.exe
2944	Unicorn-61194.exe
2236	Unicorn-44666.exe
264	Unicorn-44666.exe
672	Unicorn-43825.exe
2340	Unicorn-28465.exe
448	Unicorn-28465.exe
1964	Unicorn-41655.exe
1532	Unicorn-21688.exe
1332	Unicorn-21688.exe
1324	Unicorn-31479.exe
2964	Unicorn-50961.exe
1932	Unicorn-34110.exe
660	Unicorn-4775.exe
1148	Unicorn-34817.exe
1632	Unicorn-17966.exe
2376	Unicorn-37832.exe
112	Unicorn-47624.exe
1568	Unicorn-49923.exe
1260	Unicorn-20012.exe
1968	Unicorn-36348.exe
3032	Unicorn-16482.exe
2312	Unicorn-55564.exe
2696	Unicorn-34245.exe
2784	Unicorn-54111.exe
2052	Unicorn-22316.exe
2500	Unicorn-2450.exe
1900	Unicorn-5102.exe
2904	Unicorn-2066.exe
3060	Unicorn-21548.exe
1732	Unicorn-613.exe
2512	Unicorn-4334.exe
1528	Unicorn-50006.exe
2824	Unicorn-17141.exe
1428	Unicorn-37007.exe
2072	Unicorn-56223.exe
772	Unicorn-20051.exe
2316	Unicorn-13465.exe
984	Unicorn-43123.exe
1076	Unicorn-7113.exe
1856	Unicorn-7113.exe
2960	Unicorn-29226.exe
2032	Unicorn-9490.exe
1996	Unicorn-8976.exe
2176	Unicorn-28842.exe
2168	Unicorn-28000.exe
2116	Unicorn-64010.exe
2440	Unicorn-64010.exe
2604	Unicorn-43568.exe
2524	Unicorn-43568.exe

Loads dropped DLL 64 IoCs

pid	Process
1612	d5ffe51cafde0518c902574d551660c9685f3f9fb22ec5323f2b7a340b03e113.exe
1612	d5ffe51cafde0518c902574d551660c9685f3f9fb22ec5323f2b7a340b03e113.exe
2420	Unicorn-26614.exe
2420	Unicorn-26614.exe
1612	d5ffe51cafde0518c902574d551660c9685f3f9fb22ec5323f2b7a340b03e113.exe
1612	d5ffe51cafde0518c902574d551660c9685f3f9fb22ec5323f2b7a340b03e113.exe
2120	Unicorn-25907.exe
2120	Unicorn-25907.exe
2224	Unicorn-44154.exe
2224	Unicorn-44154.exe
2420	Unicorn-26614.exe
2420	Unicorn-26614.exe
2516	WerFault.exe
2516	WerFault.exe
2516	WerFault.exe
2516	WerFault.exe
2516	WerFault.exe
2656	Unicorn-4935.exe
2656	Unicorn-4935.exe
2120	Unicorn-25907.exe
2120	Unicorn-25907.exe
2520	Unicorn-17742.exe
2520	Unicorn-17742.exe
2924	Unicorn-34593.exe
2924	Unicorn-34593.exe
2224	Unicorn-44154.exe
2224	Unicorn-44154.exe
1640	WerFault.exe
1640	WerFault.exe
1640	WerFault.exe
1640	WerFault.exe
2144	WerFault.exe
2144	WerFault.exe
2144	WerFault.exe
2144	WerFault.exe
1640	WerFault.exe
2144	WerFault.exe
3024	Unicorn-20831.exe
3024	Unicorn-20831.exe
2656	Unicorn-4935.exe
2656	Unicorn-4935.exe
2892	Unicorn-53695.exe
2892	Unicorn-53695.exe
2520	Unicorn-17742.exe
2520	Unicorn-17742.exe
2856	Unicorn-1157.exe
2856	Unicorn-1157.exe
2484	Unicorn-20447.exe
1920	Unicorn-16917.exe
1920	Unicorn-16917.exe
2484	Unicorn-20447.exe
2924	Unicorn-34593.exe
2924	Unicorn-34593.exe
1080	WerFault.exe
1080	WerFault.exe
1080	WerFault.exe
1080	WerFault.exe
1080	WerFault.exe
824	WerFault.exe
824	WerFault.exe
824	WerFault.exe
824	WerFault.exe
824	WerFault.exe
1100	WerFault.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2704	1612	WerFault.exe	27
2516	2420	WerFault.exe	28
1640	2120	WerFault.exe	30
2144	2224	WerFault.exe	29
1080	2656	WerFault.exe	32
824	2520	WerFault.exe	34
1100	2924	WerFault.exe	33
2444	3024	WerFault.exe	36
1800	2892	WerFault.exe	38
2592	2856	WerFault.exe	37
2652	2484	WerFault.exe	39
2648	1920	WerFault.exe	40
2740	1932	WerFault.exe	61
2068	1624	WerFault.exe	43
2104	3064	WerFault.exe	44
584	1604	WerFault.exe	46
1796	2000	WerFault.exe	45
1296	2944	WerFault.exe	47
316	2236	WerFault.exe	48
2932	264	WerFault.exe	49
1120	672	WerFault.exe	50
2544	2696	WerFault.exe	77
1420	448	WerFault.exe	55
940	1964	WerFault.exe	56
2036	1532	WerFault.exe	58
2452	1332	WerFault.exe	57
2804	1324	WerFault.exe	59
2560	2964	WerFault.exe	60
324	1148	WerFault.exe	63
628	2376	WerFault.exe	65
1712	660	WerFault.exe	62
2096	1632	WerFault.exe	64
1036	112	WerFault.exe	66
3228	1260	WerFault.exe	70
3244	1968	WerFault.exe	71
3288	2400	WerFault.exe	131
3376	3032	WerFault.exe	72
3420	2500	WerFault.exe	79
3428	2312	WerFault.exe	76
3576	1900	WerFault.exe	81
3640	1528	WerFault.exe	87
3668	3060	WerFault.exe	83
3692	1428	WerFault.exe	89
3572	2512	WerFault.exe	86
3620	1732	WerFault.exe	84
3816	2904	WerFault.exe	82
3808	2824	WerFault.exe	88
3336	2784	WerFault.exe	78
3120	984	WerFault.exe	97
3152	2440	WerFault.exe	110
3176	2088	WerFault.exe	125
1568	2524	WerFault.exe	112
3324	2108	WerFault.exe	115
3404	2052	WerFault.exe	80
3412	772	WerFault.exe	93
3564	3012	WerFault.exe	118
3676	2072	WerFault.exe	90
3860	596	WerFault.exe	126
3900	944	WerFault.exe	127
3112	1956	WerFault.exe	130
3208	2272	WerFault.exe	137
4116	2576	WerFault.exe	136
4156	1076	WerFault.exe	98
4244	2984	WerFault.exe	138

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1612	d5ffe51cafde0518c902574d551660c9685f3f9fb22ec5323f2b7a340b03e113.exe
2420	Unicorn-26614.exe
2224	Unicorn-44154.exe
2120	Unicorn-25907.exe
2656	Unicorn-4935.exe
2924	Unicorn-34593.exe
2520	Unicorn-17742.exe
3024	Unicorn-20831.exe
2856	Unicorn-1157.exe
2892	Unicorn-53695.exe
2484	Unicorn-20447.exe
1920	Unicorn-16917.exe
1624	Unicorn-9746.exe
3064	Unicorn-58433.exe
1604	Unicorn-8272.exe
2000	Unicorn-59933.exe
2944	Unicorn-61194.exe
2236	Unicorn-44666.exe
264	Unicorn-44666.exe
672	Unicorn-43825.exe
448	Unicorn-28465.exe
1964	Unicorn-41655.exe
1532	Unicorn-21688.exe
1332	Unicorn-21688.exe
1324	Unicorn-31479.exe
2964	Unicorn-50961.exe
1932	Unicorn-34110.exe
660	Unicorn-4775.exe
1148	Unicorn-34817.exe
1632	Unicorn-17966.exe
2376	Unicorn-37832.exe
112	Unicorn-47624.exe
1568	Unicorn-49923.exe
1260	Unicorn-20012.exe
1968	Unicorn-36348.exe
3032	Unicorn-16482.exe
2312	Unicorn-55564.exe
2784	Unicorn-54111.exe
2696	Unicorn-34245.exe
2052	Unicorn-22316.exe
2500	Unicorn-2450.exe
1900	Unicorn-5102.exe
2904	Unicorn-2066.exe
3060	Unicorn-21548.exe
1732	Unicorn-613.exe
2512	Unicorn-4334.exe
1528	Unicorn-50006.exe
2824	Unicorn-17141.exe
1428	Unicorn-37007.exe
2072	Unicorn-56223.exe
772	Unicorn-20051.exe
2316	Unicorn-13465.exe
984	Unicorn-43123.exe
1076	Unicorn-7113.exe
1856	Unicorn-7113.exe
2960	Unicorn-29226.exe
2032	Unicorn-9490.exe
1996	Unicorn-8976.exe
2176	Unicorn-28842.exe
2168	Unicorn-28000.exe
2440	Unicorn-64010.exe
2116	Unicorn-64010.exe
2524	Unicorn-43568.exe
2604	Unicorn-43568.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1612 wrote to memory of 2420	1612	d5ffe51cafde0518c902574d551660c9685f3f9fb22ec5323f2b7a340b03e113.exe	28
PID 1612 wrote to memory of 2420	1612	d5ffe51cafde0518c902574d551660c9685f3f9fb22ec5323f2b7a340b03e113.exe	28
PID 1612 wrote to memory of 2420	1612	d5ffe51cafde0518c902574d551660c9685f3f9fb22ec5323f2b7a340b03e113.exe	28
PID 1612 wrote to memory of 2420	1612	d5ffe51cafde0518c902574d551660c9685f3f9fb22ec5323f2b7a340b03e113.exe	28
PID 2420 wrote to memory of 2224	2420	Unicorn-26614.exe	29
PID 2420 wrote to memory of 2224	2420	Unicorn-26614.exe	29
PID 2420 wrote to memory of 2224	2420	Unicorn-26614.exe	29
PID 2420 wrote to memory of 2224	2420	Unicorn-26614.exe	29
PID 1612 wrote to memory of 2120	1612	d5ffe51cafde0518c902574d551660c9685f3f9fb22ec5323f2b7a340b03e113.exe	30
PID 1612 wrote to memory of 2120	1612	d5ffe51cafde0518c902574d551660c9685f3f9fb22ec5323f2b7a340b03e113.exe	30
PID 1612 wrote to memory of 2120	1612	d5ffe51cafde0518c902574d551660c9685f3f9fb22ec5323f2b7a340b03e113.exe	30
PID 1612 wrote to memory of 2120	1612	d5ffe51cafde0518c902574d551660c9685f3f9fb22ec5323f2b7a340b03e113.exe	30
PID 1612 wrote to memory of 2704	1612	d5ffe51cafde0518c902574d551660c9685f3f9fb22ec5323f2b7a340b03e113.exe	31
PID 1612 wrote to memory of 2704	1612	d5ffe51cafde0518c902574d551660c9685f3f9fb22ec5323f2b7a340b03e113.exe	31
PID 1612 wrote to memory of 2704	1612	d5ffe51cafde0518c902574d551660c9685f3f9fb22ec5323f2b7a340b03e113.exe	31
PID 1612 wrote to memory of 2704	1612	d5ffe51cafde0518c902574d551660c9685f3f9fb22ec5323f2b7a340b03e113.exe	31
PID 2120 wrote to memory of 2656	2120	Unicorn-25907.exe	32
PID 2120 wrote to memory of 2656	2120	Unicorn-25907.exe	32
PID 2120 wrote to memory of 2656	2120	Unicorn-25907.exe	32
PID 2120 wrote to memory of 2656	2120	Unicorn-25907.exe	32
PID 2224 wrote to memory of 2924	2224	Unicorn-44154.exe	33
PID 2224 wrote to memory of 2924	2224	Unicorn-44154.exe	33
PID 2224 wrote to memory of 2924	2224	Unicorn-44154.exe	33
PID 2224 wrote to memory of 2924	2224	Unicorn-44154.exe	33
PID 2420 wrote to memory of 2520	2420	Unicorn-26614.exe	34
PID 2420 wrote to memory of 2520	2420	Unicorn-26614.exe	34
PID 2420 wrote to memory of 2520	2420	Unicorn-26614.exe	34
PID 2420 wrote to memory of 2520	2420	Unicorn-26614.exe	34
PID 2420 wrote to memory of 2516	2420	Unicorn-26614.exe	35
PID 2420 wrote to memory of 2516	2420	Unicorn-26614.exe	35
PID 2420 wrote to memory of 2516	2420	Unicorn-26614.exe	35
PID 2420 wrote to memory of 2516	2420	Unicorn-26614.exe	35
PID 2656 wrote to memory of 3024	2656	Unicorn-4935.exe	36
PID 2656 wrote to memory of 3024	2656	Unicorn-4935.exe	36
PID 2656 wrote to memory of 3024	2656	Unicorn-4935.exe	36
PID 2656 wrote to memory of 3024	2656	Unicorn-4935.exe	36
PID 2120 wrote to memory of 2856	2120	Unicorn-25907.exe	37
PID 2120 wrote to memory of 2856	2120	Unicorn-25907.exe	37
PID 2120 wrote to memory of 2856	2120	Unicorn-25907.exe	37
PID 2120 wrote to memory of 2856	2120	Unicorn-25907.exe	37
PID 2520 wrote to memory of 2892	2520	Unicorn-17742.exe	38
PID 2520 wrote to memory of 2892	2520	Unicorn-17742.exe	38
PID 2520 wrote to memory of 2892	2520	Unicorn-17742.exe	38
PID 2520 wrote to memory of 2892	2520	Unicorn-17742.exe	38
PID 2924 wrote to memory of 2484	2924	Unicorn-34593.exe	39
PID 2924 wrote to memory of 2484	2924	Unicorn-34593.exe	39
PID 2924 wrote to memory of 2484	2924	Unicorn-34593.exe	39
PID 2924 wrote to memory of 2484	2924	Unicorn-34593.exe	39
PID 2224 wrote to memory of 1920	2224	Unicorn-44154.exe	40
PID 2224 wrote to memory of 1920	2224	Unicorn-44154.exe	40
PID 2224 wrote to memory of 1920	2224	Unicorn-44154.exe	40
PID 2224 wrote to memory of 1920	2224	Unicorn-44154.exe	40
PID 2120 wrote to memory of 1640	2120	Unicorn-25907.exe	41
PID 2120 wrote to memory of 1640	2120	Unicorn-25907.exe	41
PID 2120 wrote to memory of 1640	2120	Unicorn-25907.exe	41
PID 2120 wrote to memory of 1640	2120	Unicorn-25907.exe	41
PID 2224 wrote to memory of 2144	2224	Unicorn-44154.exe	42
PID 2224 wrote to memory of 2144	2224	Unicorn-44154.exe	42
PID 2224 wrote to memory of 2144	2224	Unicorn-44154.exe	42
PID 2224 wrote to memory of 2144	2224	Unicorn-44154.exe	42
PID 3024 wrote to memory of 1624	3024	Unicorn-20831.exe	43
PID 3024 wrote to memory of 1624	3024	Unicorn-20831.exe	43
PID 3024 wrote to memory of 1624	3024	Unicorn-20831.exe	43
PID 3024 wrote to memory of 1624	3024	Unicorn-20831.exe	43

C:\Users\Admin\AppData\Local\Temp\d5ffe51cafde0518c902574d551660c9685f3f9fb22ec5323f2b7a340b03e113.exe
"C:\Users\Admin\AppData\Local\Temp\d5ffe51cafde0518c902574d551660c9685f3f9fb22ec5323f2b7a340b03e113.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1612
- C:\Users\Admin\AppData\Local\Temp\Unicorn-26614.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-26614.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2420
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44154.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44154.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34593.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34593.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20447.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44666.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34817.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21548.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62173.exe
        9⤵
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39387.exe
        10⤵
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3907.exe
        11⤵
        
        PID:3976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44181.exe
        12⤵
        
        PID:5852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1349.exe
        13⤵
        
        PID:9012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13227.exe
        14⤵
        
        PID:11628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9012 -s 216
        14⤵
        
        PID:11708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5852 -s 216
        13⤵
        
        PID:9680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3976 -s 236
        12⤵
        
        PID:7536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2916 -s 216
        11⤵
        
        PID:5956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3012 -s 216
        10⤵
        Program crash
        
        PID:3564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41752.exe
        9⤵
        
        PID:1548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22688.exe
        10⤵
        
        PID:3124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9743.exe
        11⤵
        
        PID:5444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34470.exe
        12⤵
        
        PID:8028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64181.exe
        13⤵
        
        PID:10312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39191.exe
        14⤵
        
        PID:6604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8028 -s 216
        13⤵
        
        PID:11408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5444 -s 216
        12⤵
        
        PID:8348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3124 -s 216
        11⤵
        
        PID:6360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1548 -s 236
        10⤵
        
        PID:5100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3060 -s 220
        9⤵
        Program crash
        
        PID:3668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28467.exe
        8⤵
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61618.exe
        9⤵
        
        PID:828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20576.exe
        10⤵
        
        PID:3904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35094.exe
        11⤵
        
        PID:5172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32306.exe
        12⤵
        
        PID:7444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33665.exe
        13⤵
        
        PID:9768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56383.exe
        14⤵
        
        PID:7716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9768 -s 216
        14⤵
        
        PID:9128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7444 -s 216
        13⤵
        
        PID:10816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5172 -s 216
        12⤵
        
        PID:8820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3904 -s 216
        11⤵
        
        PID:6764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 828 -s 236
        10⤵
        
        PID:4376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16470.exe
        9⤵
        
        PID:4024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9551.exe
        10⤵
        
        PID:5396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-837.exe
        11⤵
        
        PID:8112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4420.exe
        12⤵
        
        PID:10408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12927.exe
        13⤵
        
        PID:12980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8112 -s 236
        12⤵
        
        PID:11448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5396 -s 216
        11⤵
        
        PID:2256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4024 -s 216
        10⤵
        
        PID:6332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2752 -s 240
        9⤵
        
        PID:1680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1148 -s 240
        8⤵
        Program crash
        
        PID:324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-613.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64861.exe
        8⤵
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56491.exe
        9⤵
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13933.exe
        10⤵
        
        PID:4176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59308.exe
        11⤵
        
        PID:5928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10519.exe
        12⤵
        
        PID:9356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24866.exe
        13⤵
        
        PID:11496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9356 -s 216
        13⤵
        
        PID:5544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5928 -s 216
        12⤵
        
        PID:10336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4176 -s 216
        11⤵
        
        PID:8016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2572 -s 216
        10⤵
        
        PID:5428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2088 -s 236
        9⤵
        Program crash
        
        PID:3176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3569.exe
        8⤵
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3139.exe
        9⤵
        
        PID:3660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30149.exe
        10⤵
        
        PID:5988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52854.exe
        11⤵
        
        PID:9080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39782.exe
        12⤵
        
        PID:11764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9080 -s 216
        12⤵
        
        PID:11940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5988 -s 216
        11⤵
        
        PID:9724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3660 -s 216
        10⤵
        
        PID:7596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1700 -s 236
        9⤵
        
        PID:6004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1732 -s 240
        8⤵
        Program crash
        
        PID:3620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 264 -s 240
        7⤵
        Program crash
        
        PID:2932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47624.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56223.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64285.exe
        8⤵
        
        PID:596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58603.exe
        9⤵
        
        PID:992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3331.exe
        10⤵
        
        PID:3104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29381.exe
        11⤵
        
        PID:6108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10799.exe
        12⤵
        
        PID:8316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55140.exe
        13⤵
        
        PID:11980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8316 -s 216
        13⤵
        
        PID:12028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6108 -s 216
        12⤵
        
        PID:9908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3104 -s 216
        11⤵
        
        PID:7624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 992 -s 216
        10⤵
        
        PID:6016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 596 -s 236
        9⤵
        Program crash
        
        PID:3860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5489.exe
        8⤵
        
        PID:2216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52392.exe
        9⤵
        
        PID:4452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38115.exe
        10⤵
        
        PID:6580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7390.exe
        11⤵
        
        PID:9704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58327.exe
        12⤵
        
        PID:12240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9704 -s 216
        12⤵
        
        PID:12828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2216 -s 236
        9⤵
        
        PID:5792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2072 -s 240
        8⤵
        Program crash
        
        PID:3676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60756.exe
        7⤵
        
        PID:944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25355.exe
        8⤵
        
        PID:3080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52916.exe
        9⤵
        
        PID:3148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13620.exe
        10⤵
        
        PID:5880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3762.exe
        11⤵
        
        PID:9160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56100.exe
        12⤵
        
        PID:11928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9160 -s 216
        12⤵
        
        PID:11724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5880 -s 216
        11⤵
        
        PID:9772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3148 -s 236
        10⤵
        
        PID:7564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3080 -s 216
        9⤵
        
        PID:5972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 944 -s 236
        8⤵
        Program crash
        
        PID:3900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 112 -s 240
        7⤵
        Program crash
        
        PID:1036
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2484 -s 240
        6⤵
        Program crash
        
        PID:2652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43825.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37832.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4334.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15468.exe
        8⤵
        
        PID:864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26258.exe
        9⤵
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5775.exe
        10⤵
        
        PID:3296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16013.exe
        11⤵
        
        PID:5616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45264.exe
        12⤵
        
        PID:7588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27311.exe
        13⤵
        
        PID:10760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11438.exe
        14⤵
        
        PID:8936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7588 -s 236
        13⤵
        
        PID:11740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5616 -s 216
        12⤵
        
        PID:1216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3296 -s 216
        11⤵
        
        PID:7020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2640 -s 236
        10⤵
        
        PID:4972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33465.exe
        9⤵
        
        PID:3384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48109.exe
        10⤵
        
        PID:5652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26432.exe
        11⤵
        
        PID:7476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25692.exe
        12⤵
        
        PID:10700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9710.exe
        13⤵
        
        PID:7800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7476 -s 216
        12⤵
        
        PID:11688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5652 -s 216
        11⤵
        
        PID:9032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3384 -s 216
        10⤵
        
        PID:6208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 864 -s 240
        9⤵
        
        PID:4240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41752.exe
        8⤵
        
        PID:352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16762.exe
        9⤵
        
        PID:3236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3978.exe
        10⤵
        
        PID:5512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39167.exe
        11⤵
        
        PID:8856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14083.exe
        12⤵
        
        PID:10888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8856 -s 216
        12⤵
        
        PID:12248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5512 -s 216
        11⤵
        
        PID:10012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3236 -s 216
        10⤵
        
        PID:7404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 352 -s 236
        9⤵
        
        PID:5932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2512 -s 240
        8⤵
        Program crash
        
        PID:3572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46065.exe
        7⤵
        
        PID:1376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12609.exe
        8⤵
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45459.exe
        9⤵
        
        PID:3888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31057.exe
        10⤵
        
        PID:6056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28129.exe
        11⤵
        
        PID:8248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41696.exe
        12⤵
        
        PID:11212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8248 -s 236
        12⤵
        
        PID:12020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6056 -s 216
        11⤵
        
        PID:9300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3888 -s 216
        10⤵
        
        PID:6872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2232 -s 236
        9⤵
        
        PID:5356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43985.exe
        8⤵
        
        PID:4020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29905.exe
        9⤵
        
        PID:5220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42052.exe
        10⤵
        
        PID:8048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25443.exe
        11⤵
        
        PID:11160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8048 -s 216
        11⤵
        
        PID:11908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5220 -s 216
        10⤵
        
        PID:9260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4020 -s 216
        9⤵
        
        PID:5712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1376 -s 240
        8⤵
        
        PID:5588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2376 -s 240
        7⤵
        Program crash
        
        PID:628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50006.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61981.exe
        7⤵
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24892.exe
        8⤵
        
        PID:4060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56972.exe
        9⤵
        
        PID:4396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14059.exe
        10⤵
        
        PID:7480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33665.exe
        11⤵
        
        PID:9692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18646.exe
        12⤵
        
        PID:12896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9692 -s 216
        12⤵
        
        PID:7928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7480 -s 216
        11⤵
        
        PID:10656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4396 -s 216
        10⤵
        
        PID:8844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4060 -s 216
        9⤵
        
        PID:6380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1740 -s 236
        8⤵
        
        PID:4848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21742.exe
        7⤵
        
        PID:296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8494.exe
        8⤵
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22079.exe
        9⤵
        
        PID:4552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4329.exe
        10⤵
        
        PID:6684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1656.exe
        11⤵
        
        PID:10060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14850.exe
        12⤵
        
        PID:12228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10060 -s 216
        12⤵
        
        PID:13108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6684 -s 216
        11⤵
        
        PID:11100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4552 -s 216
        10⤵
        
        PID:7960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1744 -s 216
        9⤵
        
        PID:6176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 296 -s 236
        8⤵
        
        PID:4564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1528 -s 240
        7⤵
        Program crash
        
        PID:3640
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 672 -s 240
        6⤵
        Program crash
        
        PID:1120
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2924 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:1100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16917.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16917.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44666.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4775.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8976.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4384.exe
        8⤵
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44758.exe
        9⤵
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24191.exe
        10⤵
        
        PID:5028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56519.exe
        11⤵
        
        PID:7116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18102.exe
        12⤵
        
        PID:10200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5883.exe
        13⤵
        
        PID:1608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10200 -s 216
        13⤵
        
        PID:13264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7116 -s 216
        12⤵
        
        PID:11196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5028 -s 216
        11⤵
        
        PID:8220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3052 -s 216
        10⤵
        
        PID:6200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 236
        9⤵
        
        PID:4688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54550.exe
        8⤵
        
        PID:3096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28825.exe
        9⤵
        
        PID:4708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36971.exe
        10⤵
        
        PID:7200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25959.exe
        11⤵
        
        PID:10224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48248.exe
        12⤵
        
        PID:12404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10224 -s 216
        12⤵
        
        PID:6800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7200 -s 216
        11⤵
        
        PID:11036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4708 -s 216
        10⤵
        
        PID:8592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3096 -s 216
        9⤵
        
        PID:6660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1996 -s 240
        8⤵
        
        PID:5004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 660 -s 236
        7⤵
        Program crash
        
        PID:1712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17141.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-393.exe
        7⤵
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23932.exe
        8⤵
        
        PID:3476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40339.exe
        9⤵
        
        PID:5368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62425.exe
        10⤵
        
        PID:7836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6397.exe
        11⤵
        
        PID:9864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15345.exe
        12⤵
        
        PID:12388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9864 -s 216
        12⤵
        
        PID:9148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7836 -s 236
        11⤵
        
        PID:11268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5368 -s 216
        10⤵
        
        PID:9052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3476 -s 216
        9⤵
        
        PID:6308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1752 -s 216
        8⤵
        
        PID:4700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41752.exe
        7⤵
        
        PID:1028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37431.exe
        8⤵
        
        PID:3320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31877.exe
        9⤵
        
        PID:5248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26835.exe
        10⤵
        
        PID:9196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13803.exe
        11⤵
        
        PID:11588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9196 -s 216
        11⤵
        
        PID:11660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5248 -s 236
        10⤵
        
        PID:9804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3320 -s 216
        9⤵
        
        PID:7632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1028 -s 216
        8⤵
        
        PID:6116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2824 -s 220
        7⤵
        Program crash
        
        PID:3808
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2236 -s 240
        6⤵
        Program crash
        
        PID:316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17966.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37007.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64669.exe
        7⤵
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38021.exe
        8⤵
        
        PID:3284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54367.exe
        9⤵
        
        PID:4612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54106.exe
        10⤵
        
        PID:6588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1656.exe
        11⤵
        
        PID:10044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63309.exe
        12⤵
        
        PID:4216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10044 -s 216
        12⤵
        
        PID:12968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6588 -s 216
        11⤵
        
        PID:11092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4612 -s 216
        10⤵
        
        PID:7948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3284 -s 216
        9⤵
        
        PID:6160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2380 -s 216
        8⤵
        
        PID:4596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52770.exe
        7⤵
        
        PID:1492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39491.exe
        8⤵
        
        PID:3628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18919.exe
        9⤵
        
        PID:5872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40054.exe
        10⤵
        
        PID:8176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37010.exe
        11⤵
        
        PID:10456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34246.exe
        12⤵
        
        PID:8620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8176 -s 216
        11⤵
        
        PID:11488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5872 -s 216
        10⤵
        
        PID:8464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3628 -s 236
        9⤵
        
        PID:6796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1492 -s 236
        8⤵
        
        PID:5136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1428 -s 240
        7⤵
        Program crash
        
        PID:3692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11939.exe
        6⤵
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42075.exe
        7⤵
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17561.exe
        8⤵
        
        PID:3848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24352.exe
        9⤵
        
        PID:5232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11195.exe
        10⤵
        
        PID:7728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39646.exe
        11⤵
        
        PID:10104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10104 -s 240
        12⤵
        
        PID:12452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7728 -s 216
        11⤵
        
        PID:10448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5232 -s 216
        10⤵
        
        PID:8956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3848 -s 216
        9⤵
        
        PID:6940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2912 -s 216
        8⤵
        
        PID:4588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-134.exe
        7⤵
        
        PID:3980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40496.exe
        8⤵
        
        PID:5276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48201.exe
        9⤵
        
        PID:7940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9386.exe
        10⤵
        
        PID:10040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21454.exe
        11⤵
        
        PID:7660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7940 -s 216
        10⤵
        
        PID:11292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5276 -s 216
        9⤵
        
        PID:8324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3980 -s 216
        8⤵
        
        PID:7060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2736 -s 240
        7⤵
        
        PID:4832
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1632 -s 240
        6⤵
        Program crash
        
        PID:2096
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1920 -s 240
        5⤵
        Program crash
        
        PID:2648
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2224 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:2144
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17742.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17742.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53695.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53695.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59933.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21688.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54111.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30570.exe
        8⤵
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23435.exe
        9⤵
        
        PID:1544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20192.exe
        10⤵
        
        PID:4076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56448.exe
        11⤵
        
        PID:5328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1221.exe
        12⤵
        
        PID:8084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63413.exe
        13⤵
        
        PID:10360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12652.exe
        14⤵
        
        PID:8480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8084 -s 216
        13⤵
        
        PID:11432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5328 -s 216
        12⤵
        
        PID:8344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4076 -s 216
        11⤵
        
        PID:7096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1544 -s 236
        10⤵
        
        PID:5000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35494.exe
        9⤵
        
        PID:3156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59437.exe
        10⤵
        
        PID:5524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7573.exe
        11⤵
        
        PID:7216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23362.exe
        12⤵
        
        PID:10500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52502.exe
        13⤵
        
        PID:13052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7216 -s 216
        12⤵
        
        PID:11508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5524 -s 216
        11⤵
        
        PID:8532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3156 -s 216
        10⤵
        
        PID:6540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2756 -s 240
        9⤵
        
        PID:4312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3761.exe
        8⤵
        
        PID:3008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36279.exe
        9⤵
        
        PID:3596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50626.exe
        10⤵
        
        PID:5760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34074.exe
        11⤵
        
        PID:9180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39546.exe
        12⤵
        
        PID:12148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9180 -s 236
        12⤵
        
        PID:5488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5760 -s 216
        11⤵
        
        PID:836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3596 -s 216
        10⤵
        
        PID:7760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3008 -s 236
        9⤵
        
        PID:5256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2784 -s 220
        8⤵
        Program crash
        
        PID:3336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59028.exe
        7⤵
        
        PID:2108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7290.exe
        8⤵
        
        PID:788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49901.exe
        9⤵
        
        PID:4056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44181.exe
        10⤵
        
        PID:5860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50057.exe
        11⤵
        
        PID:8976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3544.exe
        12⤵
        
        PID:11700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8976 -s 220
        12⤵
        
        PID:11776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5860 -s 216
        11⤵
        
        PID:9636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4056 -s 216
        10⤵
        
        PID:7544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 788 -s 216
        9⤵
        
        PID:5964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2108 -s 236
        8⤵
        Program crash
        
        PID:3324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1332 -s 240
        7⤵
        Program crash
        
        PID:2452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2450.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9490.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14752.exe
        8⤵
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39247.exe
        9⤵
        
        PID:3852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28825.exe
        10⤵
        
        PID:4796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39659.exe
        11⤵
        
        PID:7228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12419.exe
        12⤵
        
        PID:9672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42618.exe
        13⤵
        
        PID:12720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9672 -s 216
        13⤵
        
        PID:8572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7228 -s 216
        12⤵
        
        PID:11172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4796 -s 216
        11⤵
        
        PID:8608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3852 -s 216
        10⤵
        
        PID:6668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2368 -s 216
        9⤵
        
        PID:5020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35525.exe
        8⤵
        
        PID:3940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38991.exe
        9⤵
        
        PID:4212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12188.exe
        10⤵
        
        PID:6956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59196.exe
        11⤵
        
        PID:9828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58327.exe
        12⤵
        
        PID:12256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9828 -s 216
        12⤵
        
        PID:12812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6956 -s 216
        11⤵
        
        PID:10932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4212 -s 216
        10⤵
        
        PID:8128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2032 -s 220
        8⤵
        
        PID:4428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46143.exe
        7⤵
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6766.exe
        8⤵
        
        PID:3880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6510.exe
        9⤵
        
        PID:4264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28141.exe
        10⤵
        
        PID:7032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25948.exe
        11⤵
        
        PID:9844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25847.exe
        12⤵
        
        PID:5804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9844 -s 216
        12⤵
        
        PID:12804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7032 -s 216
        11⤵
        
        PID:10948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4264 -s 216
        10⤵
        
        PID:8172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3880 -s 216
        9⤵
        
        PID:5552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2860 -s 236
        8⤵
        
        PID:4436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2500 -s 220
        7⤵
        Program crash
        
        PID:3420
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2000 -s 220
        6⤵
        Program crash
        
        PID:1796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31479.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22316.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64010.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40155.exe
        8⤵
        
        PID:1904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1608.exe
        9⤵
        
        PID:3632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35862.exe
        10⤵
        
        PID:5104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62072.exe
        11⤵
        
        PID:7380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48081.exe
        12⤵
        
        PID:10164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51401.exe
        13⤵
        
        PID:1152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10164 -s 216
        13⤵
        
        PID:7788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7380 -s 216
        12⤵
        
        PID:10592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5104 -s 216
        11⤵
        
        PID:8760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3632 -s 216
        10⤵
        
        PID:6700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17814.exe
        8⤵
        
        PID:3732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35094.exe
        9⤵
        
        PID:5180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2321.exe
        10⤵
        
        PID:7512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33966.exe
        11⤵
        
        PID:9588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1925.exe
        12⤵
        
        PID:13020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9588 -s 216
        12⤵
        
        PID:7720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7512 -s 216
        11⤵
        
        PID:10992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5180 -s 216
        10⤵
        
        PID:8880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3732 -s 216
        9⤵
        
        PID:6772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2116 -s 220
        8⤵
        
        PID:4360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52770.exe
        7⤵
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63601.exe
        8⤵
        
        PID:4344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5525.exe
        9⤵
        
        PID:6508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3716.exe
        10⤵
        
        PID:9568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35665.exe
        11⤵
        
        PID:12156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9568 -s 216
        11⤵
        
        PID:12652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6508 -s 216
        10⤵
        
        PID:10604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4344 -s 236
        9⤵
        
        PID:7524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2876 -s 216
        8⤵
        
        PID:5644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2052 -s 220
        7⤵
        Program crash
        
        PID:3404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43568.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56683.exe
        7⤵
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15552.exe
        8⤵
        
        PID:4204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61529.exe
        9⤵
        
        PID:6312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51381.exe
        10⤵
        
        PID:9496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18094.exe
        11⤵
        
        PID:11836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9496 -s 216
        11⤵
        
        PID:12564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6312 -s 216
        10⤵
        
        PID:10524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4204 -s 216
        9⤵
        
        PID:8164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2772 -s 216
        8⤵
        
        PID:5456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2524 -s 236
        7⤵
        Program crash
        
        PID:1568
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1324 -s 240
        6⤵
        Program crash
        
        PID:2804
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2892 -s 240
        5⤵
        Program crash
        
        PID:1800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8272.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8272.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21688.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55564.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28842.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31089.exe
        8⤵
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6382.exe
        9⤵
        
        PID:4012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62374.exe
        10⤵
        
        PID:4472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21862.exe
        11⤵
        
        PID:6496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53794.exe
        12⤵
        
        PID:9620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2416.exe
        13⤵
        
        PID:12232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9620 -s 216
        13⤵
        
        PID:12660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6496 -s 216
        12⤵
        
        PID:10636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4472 -s 216
        11⤵
        
        PID:7532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4012 -s 216
        10⤵
        
        PID:5516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1692 -s 236
        9⤵
        
        PID:4984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19189.exe
        8⤵
        
        PID:4044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38031.exe
        9⤵
        
        PID:4948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20858.exe
        10⤵
        
        PID:6780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18185.exe
        11⤵
        
        PID:10088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15776.exe
        11⤵
        
        PID:10092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55788.exe
        12⤵
        
        PID:13120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10092 -s 216
        12⤵
        
        PID:13220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6780 -s 220
        11⤵
        
        PID:10784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4948 -s 216
        10⤵
        
        PID:8152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4044 -s 216
        9⤵
        
        PID:6184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2176 -s 240
        8⤵
        
        PID:4676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62479.exe
        7⤵
        
        PID:3044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39439.exe
        8⤵
        
        PID:3908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54559.exe
        9⤵
        
        PID:4716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63893.exe
        10⤵
        
        PID:6276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16509.exe
        11⤵
        
        PID:9988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-562.exe
        12⤵
        
        PID:12952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9988 -s 216
        12⤵
        
        PID:7824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6276 -s 216
        11⤵
        
        PID:6584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4716 -s 216
        10⤵
        
        PID:8512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3908 -s 216
        9⤵
        
        PID:6136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3044 -s 236
        8⤵
        
        PID:4632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2312 -s 240
        7⤵
        Program crash
        
        PID:3428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28000.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38043.exe
        7⤵
        
        PID:1952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44374.exe
        8⤵
        
        PID:3168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56863.exe
        9⤵
        
        PID:4104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19710.exe
        10⤵
        
        PID:7336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12720.exe
        11⤵
        
        PID:10004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59888.exe
        12⤵
        
        PID:6708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10004 -s 216
        12⤵
        
        PID:8632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7336 -s 216
        11⤵
        
        PID:10308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4104 -s 216
        10⤵
        
        PID:8696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3168 -s 216
        9⤵
        
        PID:6292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1952 -s 236
        8⤵
        
        PID:4788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24508.exe
        7⤵
        
        PID:3184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22079.exe
        8⤵
        
        PID:4508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21351.exe
        9⤵
        
        PID:6844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17609.exe
        10⤵
        
        PID:10124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7948.exe
        11⤵
        
        PID:11856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10124 -s 216
        11⤵
        
        PID:12924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6844 -s 216
        10⤵
        
        PID:11108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4508 -s 216
        9⤵
        
        PID:7440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3184 -s 216
        8⤵
        
        PID:6168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2168 -s 220
        7⤵
        
        PID:4580
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1532 -s 240
        6⤵
        Program crash
        
        PID:2036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34245.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2696
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2696 -s 220
        6⤵
        Program crash
        
        PID:2544
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1604 -s 240
        5⤵
        Program crash
        
        PID:584
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2520 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:824
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2420 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2516
- C:\Users\Admin\AppData\Local\Temp\Unicorn-25907.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-25907.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2120
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4935.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4935.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20831.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20831.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9746.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28465.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20012.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13465.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29169.exe
        9⤵
        
        PID:1556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24364.exe
        10⤵
        
        PID:3720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59961.exe
        11⤵
        
        PID:4872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1885.exe
        12⤵
        
        PID:7148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36602.exe
        13⤵
        
        PID:10052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33894.exe
        14⤵
        
        PID:13032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10052 -s 216
        14⤵
        
        PID:7884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7148 -s 216
        13⤵
        
        PID:10724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4872 -s 216
        12⤵
        
        PID:8496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3720 -s 236
        11⤵
        
        PID:6652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1556 -s 236
        10⤵
        
        PID:4936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52822.exe
        9⤵
        
        PID:3784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6702.exe
        10⤵
        
        PID:4324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41636.exe
        11⤵
        
        PID:7044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5714.exe
        12⤵
        
        PID:9656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3447.exe
        13⤵
        
        PID:12440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9656 -s 236
        13⤵
        
        PID:6300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7044 -s 216
        12⤵
        
        PID:10468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4324 -s 216
        11⤵
        
        PID:8420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3784 -s 216
        10⤵
        
        PID:6364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2316 -s 220
        9⤵
        
        PID:4840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8727.exe
        8⤵
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56351.exe
        9⤵
        
        PID:3756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4865.exe
        10⤵
        
        PID:4304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7746.exe
        11⤵
        
        PID:6628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4593.exe
        12⤵
        
        PID:9648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34814.exe
        13⤵
        
        PID:11864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9648 -s 216
        13⤵
        
        PID:12588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6628 -s 216
        12⤵
        
        PID:10732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4304 -s 216
        11⤵
        
        PID:7848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3756 -s 216
        10⤵
        
        PID:5896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2536 -s 236
        9⤵
        
        PID:4512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1260 -s 240
        8⤵
        Program crash
        
        PID:3228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7113.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29169.exe
        8⤵
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22911.exe
        9⤵
        
        PID:3828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20630.exe
        10⤵
        
        PID:5268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31481.exe
        11⤵
        
        PID:7968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9578.exe
        12⤵
        
        PID:9700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14359.exe
        13⤵
        
        PID:7304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7968 -s 236
        12⤵
        
        PID:11300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5268 -s 216
        11⤵
        
        PID:8408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3828 -s 216
        10⤵
        
        PID:7052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2472 -s 216
        9⤵
        
        PID:4544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35525.exe
        8⤵
        
        PID:3956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55519.exe
        9⤵
        
        PID:4172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35658.exe
        10⤵
        
        PID:7140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25180.exe
        11⤵
        
        PID:9912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58327.exe
        12⤵
        
        PID:11360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9912 -s 216
        12⤵
        
        PID:12820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7140 -s 216
        11⤵
        
        PID:10980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4172 -s 216
        10⤵
        
        PID:7500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3956 -s 236
        9⤵
        
        PID:5324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1856 -s 220
        8⤵
        
        PID:4332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 448 -s 240
        7⤵
        Program crash
        
        PID:1420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16482.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29226.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63953.exe
        8⤵
        
        PID:1388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22911.exe
        9⤵
        
        PID:3836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55519.exe
        10⤵
        
        PID:4192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28141.exe
        11⤵
        
        PID:7024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41215.exe
        12⤵
        
        PID:9856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23076.exe
        13⤵
        
        PID:11604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9856 -s 216
        13⤵
        
        PID:12712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7024 -s 216
        12⤵
        
        PID:10940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4192 -s 236
        11⤵
        
        PID:7196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3836 -s 216
        10⤵
        
        PID:5388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1388 -s 236
        9⤵
        
        PID:4412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35525.exe
        8⤵
        
        PID:3948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38223.exe
        9⤵
        
        PID:4460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35553.exe
        10⤵
        
        PID:7284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44516.exe
        11⤵
        
        PID:9728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9728 -s 220
        12⤵
        
        PID:7688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7284 -s 216
        11⤵
        
        PID:11224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4460 -s 216
        10⤵
        
        PID:8664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3948 -s 216
        9⤵
        
        PID:6100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2960 -s 220
        8⤵
        
        PID:4536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60040.exe
        7⤵
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25542.exe
        8⤵
        
        PID:3984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39100.exe
        9⤵
        
        PID:4816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4630.exe
        10⤵
        
        PID:6916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-888.exe
        11⤵
        
        PID:10152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53356.exe
        12⤵
        
        PID:916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10152 -s 216
        12⤵
        
        PID:13232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6916 -s 216
        11⤵
        
        PID:11148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4816 -s 216
        10⤵
        
        PID:8200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3984 -s 216
        9⤵
        
        PID:6152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2612 -s 236
        8⤵
        
        PID:4668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3032 -s 240
        7⤵
        Program crash
        
        PID:3376
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1624 -s 240
        6⤵
        Program crash
        
        PID:2068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41655.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36348.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43123.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62417.exe
        8⤵
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7067.exe
        9⤵
        
        PID:3480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45192.exe
        10⤵
        
        PID:4960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10652.exe
        11⤵
        
        PID:6784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56399.exe
        12⤵
        
        PID:9732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56791.exe
        13⤵
        
        PID:11924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9732 -s 216
        13⤵
        
        PID:12744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6784 -s 216
        12⤵
        
        PID:10832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4960 -s 216
        11⤵
        
        PID:8052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3480 -s 236
        10⤵
        
        PID:5540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2576 -s 236
        9⤵
        Program crash
        
        PID:4116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36210.exe
        8⤵
        
        PID:3516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65438.exe
        9⤵
        
        PID:4292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47990.exe
        10⤵
        
        PID:6460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6460 -s 188
        11⤵
        
        PID:6812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4292 -s 236
        10⤵
        
        PID:7388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3516 -s 236
        9⤵
        
        PID:5560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 984 -s 240
        8⤵
        Program crash
        
        PID:3120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27092.exe
        7⤵
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50181.exe
        8⤵
        
        PID:3396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43656.exe
        9⤵
        
        PID:4800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7746.exe
        10⤵
        
        PID:6620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37458.exe
        11⤵
        
        PID:9608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33828.exe
        12⤵
        
        PID:12244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9608 -s 236
        12⤵
        
        PID:12636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6620 -s 216
        11⤵
        
        PID:10624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4800 -s 236
        10⤵
        
        PID:7856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3396 -s 216
        9⤵
        
        PID:5340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2272 -s 236
        8⤵
        Program crash
        
        PID:3208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1968 -s 240
        7⤵
        Program crash
        
        PID:3244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7113.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13709.exe
        7⤵
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22828.exe
        8⤵
        
        PID:3548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15425.exe
        9⤵
        
        PID:5108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19130.exe
        10⤵
        
        PID:6216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58044.exe
        11⤵
        
        PID:9964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51809.exe
        12⤵
        
        PID:11988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9964 -s 216
        12⤵
        
        PID:12612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6216 -s 236
        11⤵
        
        PID:11016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5108 -s 216
        10⤵
        
        PID:7508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3548 -s 236
        9⤵
        
        PID:5264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2984 -s 236
        8⤵
        Program crash
        
        PID:4244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52355.exe
        7⤵
        
        PID:3588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32530.exe
        8⤵
        
        PID:5076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26112.exe
        9⤵
        
        PID:6824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6513.exe
        10⤵
        
        PID:9760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57860.exe
        11⤵
        
        PID:11504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9760 -s 216
        11⤵
        
        PID:12752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6824 -s 216
        10⤵
        
        PID:10840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5076 -s 236
        9⤵
        
        PID:8068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1076 -s 240
        7⤵
        Program crash
        
        PID:4156
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1964 -s 240
        6⤵
        Program crash
        
        PID:940
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3024 -s 240
        5⤵
        Program crash
        
        PID:2444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58433.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58433.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28465.exe
        5⤵
        Executes dropped EXE
        
        PID:2340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49923.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20051.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44462.exe
        7⤵
        
        PID:1956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18469.exe
        8⤵
        
        PID:3264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47841.exe
        9⤵
        
        PID:4256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60844.exe
        10⤵
        
        PID:6268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43768.exe
        11⤵
        
        PID:9452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18094.exe
        12⤵
        
        PID:11808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9452 -s 216
        12⤵
        
        PID:12572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6268 -s 216
        11⤵
        
        PID:10480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4256 -s 216
        10⤵
        
        PID:8144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3264 -s 216
        9⤵
        
        PID:5548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1956 -s 236
        8⤵
        Program crash
        
        PID:3112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31659.exe
        7⤵
        
        PID:3300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49761.exe
        8⤵
        
        PID:4380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5525.exe
        9⤵
        
        PID:6520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37458.exe
        10⤵
        
        PID:9596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2416.exe
        11⤵
        
        PID:4736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9596 -s 216
        11⤵
        
        PID:12628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6520 -s 216
        10⤵
        
        PID:10616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4380 -s 216
        9⤵
        
        PID:7556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3300 -s 236
        8⤵
        
        PID:5664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 772 -s 240
        7⤵
        Program crash
        
        PID:3412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41316.exe
        6⤵
        
        PID:2400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2400 -s 240
        7⤵
        Program crash
        
        PID:3288
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3064 -s 220
        5⤵
        Program crash
        
        PID:2104
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2656 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1080
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1157.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1157.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61194.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61194.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50961.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5102.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64010.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40155.exe
        8⤵
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43015.exe
        9⤵
        
        PID:4000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41327.exe
        10⤵
        
        PID:6068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39274.exe
        11⤵
        
        PID:8940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31072.exe
        12⤵
        
        PID:12208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8940 -s 216
        12⤵
        
        PID:11900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6068 -s 216
        11⤵
        
        PID:9980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4000 -s 236
        10⤵
        
        PID:7816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2680 -s 236
        9⤵
        
        PID:5320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2440 -s 216
        8⤵
        Program crash
        
        PID:3152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52770.exe
        7⤵
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52864.exe
        8⤵
        
        PID:4084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9359.exe
        9⤵
        
        PID:5496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40355.exe
        10⤵
        
        PID:7316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39999.exe
        11⤵
        
        PID:10568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42300.exe
        12⤵
        
        PID:8772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7316 -s 216
        11⤵
        
        PID:11524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5496 -s 216
        10⤵
        
        PID:8768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4084 -s 216
        9⤵
        
        PID:6504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2284 -s 236
        8⤵
        
        PID:4200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1900 -s 240
        7⤵
        Program crash
        
        PID:3576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43568.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39387.exe
        7⤵
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4130.exe
        8⤵
        
        PID:3464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51866.exe
        9⤵
        
        PID:5744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64397.exe
        10⤵
        
        PID:7912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43948.exe
        11⤵
        
        PID:10808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27474.exe
        12⤵
        
        PID:9036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7912 -s 236
        11⤵
        
        PID:11780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5744 -s 216
        10⤵
        
        PID:8984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3464 -s 216
        9⤵
        
        PID:6468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2448 -s 236
        8⤵
        
        PID:4488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34534.exe
        7⤵
        
        PID:3544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2473.exe
        8⤵
        
        PID:5844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45705.exe
        9⤵
        
        PID:7904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9578.exe
        10⤵
        
        PID:2204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19707.exe
        11⤵
        
        PID:12460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2204 -s 216
        11⤵
        
        PID:8372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7904 -s 216
        10⤵
        
        PID:11312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5844 -s 216
        9⤵
        
        PID:8236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3544 -s 236
        8⤵
        
        PID:6612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2604 -s 220
        7⤵
        
        PID:5092
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2964 -s 240
        6⤵
        Program crash
        
        PID:2560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2066.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62173.exe
        6⤵
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7098.exe
        7⤵
        
        PID:616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28931.exe
        8⤵
        
        PID:3924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13075.exe
        9⤵
        
        PID:6092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51201.exe
        10⤵
        
        PID:8328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63808.exe
        11⤵
        
        PID:10296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8328 -s 216
        11⤵
        
        PID:12076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6092 -s 216
        10⤵
        
        PID:9344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3924 -s 216
        9⤵
        
        PID:6968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 616 -s 236
        8⤵
        
        PID:5416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11120.exe
        7⤵
        
        PID:4092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16366.exe
        8⤵
        
        PID:5352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20750.exe
        9⤵
        
        PID:8396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33741.exe
        10⤵
        
        PID:10372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8396 -s 236
        10⤵
        
        PID:12116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5352 -s 216
        9⤵
        
        PID:9400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4092 -s 216
        8⤵
        
        PID:7264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2896 -s 220
        7⤵
        
        PID:5728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3761.exe
        6⤵
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22356.exe
        7⤵
        
        PID:4052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17756.exe
        8⤵
        
        PID:6544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19865.exe
        9⤵
        
        PID:9512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14199.exe
        10⤵
        
        PID:12340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9512 -s 236
        10⤵
        
        PID:7084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6544 -s 216
        9⤵
        
        PID:10328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4052 -s 216
        8⤵
        
        PID:7616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2780 -s 236
        7⤵
        
        PID:6124
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2904 -s 240
        6⤵
        Program crash
        
        PID:3816
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2944 -s 240
        5⤵
        Program crash
        
        PID:1296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34110.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34110.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1932
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1932 -s 240
        5⤵
        Program crash
        
        PID:2740
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2856 -s 240
      4⤵
      Program crash
      PID:2592
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2120 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:1640
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1612 -s 240
  2⤵
  - Program crash
  PID:2704

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-23932.exe

Filesize
184KB

MD5
ab5d16eb55f6facd893cdea21f3f6530

SHA1
3cb1915b679beea12da46c3e179306f814f51ccd

SHA256
5bdc69de2f0c49aa2672ea3b498f822ae94f5c3365839067b0fa381d65f4d0a9

SHA512
7488b4d7f1cea33ff3e3a8a074325202cd8e750fd773b414fab867341c947a6e8b2425c2a9b46585c0aa2935613e7b4caa58a979c20f1c90ab555b3b2bd92f58

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34593.exe

Filesize
184KB

MD5
f224f0845b41856f8b0e4c854d694ec5

SHA1
3c08c2b18a5791399ba6ba9d62d9cb05c3be0905

SHA256
37689c0bc7f4ba97c05bb934d3cd664210d475b71fe82d9fb62722f785cf7c95

SHA512
2658acf2d86595a31a9f7d5bba1ee85755ae6df454da86528e2272cbcc2529c849faa99796888f16bd403b136e2e662b6aa25228a9ca59552dcf9ba4c15cadf9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38223.exe

Filesize
184KB

MD5
4d7aed2ddeda507fe1dd90d48e18cc88

SHA1
19e63718aff74e6d02be19652c1b846488cf691f

SHA256
9d8b8ba94ec66d94b4f693ea8aa3a4a4a1d5a7dce5e0a35b812686733b4682d9

SHA512
387bcfee876a1ef5f5311c4f02ed62a699301cf3e103208ea97f3098b74043850d6a9b0d53a608afc952086dc46a0e403dd70c5949a5f4d69f39675c05e08ab0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4935.exe

Filesize
184KB

MD5
65275fdee7be9eb6baf077a54dcf8d5a

SHA1
f123e1be5491969e3927b54534aa3a507717e9d3

SHA256
ebb006f2ef717092f7be559be6358a743edbcc2fc9cd8618ca50f40c6c70a047

SHA512
2f954155ae625c519a5e78afc844d24acdb35aea3f27abd7006dcc2fdbc100ccb6419317df78f982143a02ceb747d845a5cf0b478d19914b9c4af86b7fbc9277

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52864.exe

Filesize
184KB

MD5
0c58b4b1a04c1cc1d0d379c7d5102fa6

SHA1
7cc0deb390c2e1b8555aae41b35de42ef735ee53

SHA256
550136b77dcc8c6c3f4a22b70e384f0b735f7591f4209a3c0ffc159928547f2d

SHA512
ec4d71a3dc7bf7464ee7fa41c05e51cbe5d88da33bda191acfbfbf39bace7ae566ced10c90c5ef73c8732293e28865b5a697065d7a92973b4dd7b52179fdd188

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53356.exe

Filesize
184KB

MD5
396cfff7cc86b67b0e0889d1b388e446

SHA1
80ce9f9579ef3ca36588785456bdf2868fd840ae

SHA256
bb9517de713e25735dd38522f2454f259a923b28c5a97749b6b77cc719951ef0

SHA512
ef80edac8f94c1796139a02328c868513ba218521983335600a94a84bd38d05a0dbee29cdd0ccdabc9f0a71abcce6135ea5fd5ebff24a719833f29b515a24bb0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54106.exe

Filesize
184KB

MD5
85951cf6154f7949f2fe3b0a1eb45c5a

SHA1
647f681c798543569b1365cb7119db42d3a07e5e

SHA256
f28f51fe993d23cfe35ae6c9b44964d17b9643130166cd93824bf6e0dc9244bc

SHA512
e6eb10e219ade75bd5a78b6704345098ca20172f963f7d163f33b73e658cef20437cb3d7637898008aee6e385c6d0a6962d4c9e00187e1c0df8c6816e1ed3182

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56399.exe

Filesize
184KB

MD5
efc46db0e18e49dbe1c92937d305e10e

SHA1
b740be2de0f7ab947b338591bbe8ebbaf573250c

SHA256
f8c9dfabd84e51513cc0d8395e7a1942dcb7cb9ab0a2fb17c725723aeb3f767a

SHA512
ae9938536a318e5be1e8e0b4db72d87cd247a84b20ba1e8013f0fcfeb565eedc8975a8bc1836d91d393e76fbbb6a00d136132fd5bd2f6835e80497637841e3e0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5775.exe

Filesize
184KB

MD5
0c5fdf00bab0e4ce15e78a509428e034

SHA1
50a6f8de574c7fb5e5e52847b470528951465ea3

SHA256
52b6e5324e7572920b1b83144d8d6fce46de9961b7373be3bc6957709112521f

SHA512
6debc7fa8768f24aafb131658633e86bb88e8fef78a47649a402f119ac30c039ed9ab03fd65a402c089c70c76c6e2412f0ab91932b31c1697381f5bceb593096

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58433.exe

Filesize
184KB

MD5
be56f145f4b1827e0778afe85087af31

SHA1
e5fe3080fa99260597951107f95be1b17572302c

SHA256
76b4017b145ca15914bbf68c4357c24a781dac90dcf33e068d98b445c37910be

SHA512
8f6356c964abeb850d053e35f08e4f2f7b6f13f7f257d4243a25cb33794b47c1fe5281edf8328ad9a80f9040e456c283e354cb58162a793af7f2e9b843faf524

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6397.exe

Filesize
184KB

MD5
0301f8430d8880401277ba825db5e0c3

SHA1
85e1ca83f23bfab5d150ab43b9338c36c97638c6

SHA256
b53532042be8066ef529dd5bdb5f9af25038d60857e21cfbe2f63b9ef158ae5f

SHA512
6daddb33f08757fef69b4d0620bdcc403295ab3993b547f5513d6e9129d70ca6938069ef35bd51dd944db66e42dbb61a10df19a68e6547055049bee7748882a8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-1157.exe

Filesize
184KB

MD5
71d5968ee8e29039252ec35c8d26bc39

SHA1
3c8b1cc72eeb6675a45cad8472bcdbfd91f04de5

SHA256
d15742c27585d30253467f5e0bbc65636bebf02f7949e6d423d881dd796e1cee

SHA512
ab3a887ff0d5ca15e3703f1432d1f6066330b25f84d1ac310dc38eeab8f4338708b2c31bc78439975469f068e76e173ee0dbdecbc7237c53832817f5fe380434

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-16917.exe

Filesize
184KB

MD5
ce02bd5c999f16841ae63cb2e06d19d0

SHA1
3927e14f92b5b175dd4a9aa604954ccf9f644ac7

SHA256
e412c8f323d5c0030410d1661d8973b55417279e5fd60e68ee046c97c148e701

SHA512
2b73ec9db1bbb8427e99e1a286460633e1238ccced1e0d1aa1690db24332d884d01ab3a51a2443814cb28285470bcf35cfa6e3760ef6ffdb014a2d2df66785e1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-17742.exe

Filesize
184KB

MD5
c94f89a0712eae90e8ee96ab66a5a1e9

SHA1
15a0cb5d01da66f334451074d4317299e751365d

SHA256
1c291f1f00e6f72611eb1f928686ddbbbc42b8123f65f54716dd473aa90d69b6

SHA512
4f8851dd716ffada41a41e456c15a2514c00b84d5ed9e43b49a9707e0841f5a59c69fab7203a0532d12b0304c167e2794000b5af4c7acb085b2a7fcb81061245

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-20447.exe

Filesize
184KB

MD5
b625e98c33cb82ab9c3ec36dabc88de6

SHA1
c84aee00805a1e16efab469dbf372a65be38d8f0

SHA256
391e2f91b8b50124e4a5f7dbc662d4a5fba732050f40384e1f64e1ea2d250971

SHA512
f46dc5ed56b54e227cebc3abc9e50e1130061e1e4d3b0ee0a6d6d30fa88d21a28b1592420d082d1fb2ec681ffc506cf6522979fd82696372a55a6b7ca4be9366

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-20831.exe

Filesize
184KB

MD5
a031faacdf29cb6dcce388189df6e2a8

SHA1
4d5edae5a3924559ce3b23bc99827e9bedc8be4b

SHA256
12164dfa1f54e089cb26286dc5aa7ae272d38d31d7d88b3c3da3a092f2525e61

SHA512
17b3d724236164a778e18e4f123cb3ac08df40d0d181a95bec7ebdd62b5d24d5c95350659a76c3f047b02c2402bdb672b8e40ea8b68755dd46a237925915df9f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-25907.exe

Filesize
184KB

MD5
4b24ce9d7393b550b861b907293e6eb3

SHA1
8539aab6df105c58763656dca990e2083a7ba777

SHA256
e36d4c6a7467abfcedbfcf48a5a302d808ffdd520c59feca9f841d79dc8cd2bc

SHA512
c4f9b964e3479c3093deb7af9617d38157dde0a9d361aa8204fe90a1f61270393e8f4945b2dffab2780a15588dc2564ef63de5a8e6f3421639e437f0f7954178

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26614.exe

Filesize
184KB

MD5
c0f6ef8ba0723d50a05e0d47b6d185c0

SHA1
b16930dae30222a3fd9e4cc79774ef0e4381a226

SHA256
83daece037289b0cb18c02810aa66f3bb859c9dea995e7f3f53f65331a3c14d2

SHA512
d4f6d2d62e622cc64ba689ad44385519296ea703606dababe7e297c3eb43e78d906bb557026864c5404a1aa1129922fb2c34b52d47406dc1776d38498b7614ad

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-44154.exe

Filesize
184KB

MD5
948e63f995e04b45b8c44482d030b6f5

SHA1
0dac7127f85d2ee1f1474a15f41e2ec49c631e4d

SHA256
839233bd93724522f6386f334dbad447fb838cfb98b1c2b54c926eb7a6efbf7c

SHA512
a163538c8b0764e78ab9f4f3db9276c60c5d2275d609f116af6aa31baad4731a84821473bfb69b3e64a878ad7c181b7e901fb6cfb05f6f08e52c17bca575e6ff

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-53695.exe

Filesize
184KB

MD5
c527b578f48daba251e680d4a23e229d

SHA1
a8fdb3bf712bb03ba93a3d2f6967e56f774c3f10

SHA256
3d0d67d05dd6b565cadde5a4817281d195e2a4e6e8e47d37d7aca9c280083ddc

SHA512
ea1894abc25b950cad8d2681988a29df775caf512107a8be6e1f967c65044f52210ecb425d4a8c8491394994813735de4c7a2c409b513360ee28484f14f25bbf

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-59933.exe

Filesize
184KB

MD5
a651e45dac59181dc52be6fa34a42a26

SHA1
eb582fb464293d22a218c05f3d5aef5328ff5844

SHA256
e106c617c1844eec22bc666b307d0708c0b6966a2c1b0c075bf9972fab2825de

SHA512
76ef22bbf6d2656ff044aa681008fdccd33994ab0cf532c489204517aaf33b9c92c1ee70e5b36085fb04e149eea16736e032e3ca06e79f3dd9569b63f869a0f6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9746.exe

Filesize
184KB

MD5
524531d793ae1ccd6a6e5f4b254e579c

SHA1
27e940afa1573a0f9e6bbbe149a5e50df5f3498b

SHA256
ba04db7876bf464017d6ef1fb479ff6a461ca69265b1dd0a6a5e2086509d58f6

SHA512
2f4ab80bbff1af4c73bdec9b4742295d4962153901660ea6be386bf1aa690fb2273e5b85ddaf76b8d98dfa28dfccbb3371fc06ecfc9211682e0401abeef599ec

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads