957f6be6f6c46b94ca088d1cf691aa84746a1df19d1958be7a9a6602f004e87e

Analysis

max time kernel
147s
max time network
124s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
31/05/2024, 00:46

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

957f6be6f6c46b94ca088d1cf691aa84746a1df19d1958be7a9a6602f004e87e.exe
Size

184KB
MD5

9f378168aa871cc85edef07e82e19159
SHA1

49ab2549ce90e1b4228e726535d379d1801e5c00
SHA256

957f6be6f6c46b94ca088d1cf691aa84746a1df19d1958be7a9a6602f004e87e
SHA512

436e1137aecfad4bcae08d069cd173c0ccd8eddb94331fc1a3e68ba4856daaf9389eefd333bb4800774e6521a742344cd3b8dd1f2c902d163f22c3f7b1549cb5
SSDEEP

1536:M7Z/6j5ZuCRxoV04IQyASYwBUMmyGZclOed8SkLb2RzeHphlShj5mizp5d:iwmCRxo27Qy0oUpfe/kLbWqphlowiFb

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2836	Unicorn-8580.exe
2588	Unicorn-37048.exe
2592	Unicorn-23020.exe
2376	Unicorn-31219.exe
2532	Unicorn-25826.exe
2364	Unicorn-45692.exe
2444	Unicorn-59006.exe
2656	Unicorn-13334.exe
1452	Unicorn-46837.exe
1744	Unicorn-1165.exe
2028	Unicorn-10849.exe
2000	Unicorn-21042.exe
1924	Unicorn-23756.exe
2764	Unicorn-33211.exe
572	Unicorn-19506.exe
788	Unicorn-65177.exe
1420	Unicorn-2930.exe
2800	Unicorn-37366.exe
2928	Unicorn-49535.exe
996	Unicorn-30629.exe
2128	Unicorn-51543.exe
1248	Unicorn-5871.exe
3032	Unicorn-11320.exe
956	Unicorn-43286.exe
2784	Unicorn-46899.exe
1716	Unicorn-57568.exe
3020	Unicorn-29110.exe
1916	Unicorn-9784.exe
1928	Unicorn-22170.exe
1564	Unicorn-15433.exe
2624	Unicorn-35770.exe
2748	Unicorn-55636.exe
2604	Unicorn-33763.exe
2396	Unicorn-47956.exe
2404	Unicorn-46420.exe
1660	Unicorn-8765.exe
2420	Unicorn-19534.exe
2328	Unicorn-50068.exe
2340	Unicorn-50068.exe
2412	Unicorn-43331.exe
2692	Unicorn-12413.exe
2676	Unicorn-51028.exe
1020	Unicorn-31162.exe
2236	Unicorn-244.exe
328	Unicorn-32279.exe
2132	Unicorn-20110.exe
1040	Unicorn-3133.exe
1956	Unicorn-15338.exe
1832	Unicorn-61566.exe
2920	Unicorn-31032.exe
1472	Unicorn-11706.exe
1684	Unicorn-57378.exe
992	Unicorn-10206.exe
852	Unicorn-30072.exe
2304	Unicorn-43201.exe
1840	Unicorn-57954.exe
1592	Unicorn-46849.exe
2172	Unicorn-14814.exe
2944	Unicorn-16891.exe
2904	Unicorn-40181.exe
2524	Unicorn-21275.exe
2052	Unicorn-57394.exe
2864	Unicorn-6138.exe
2400	Unicorn-60684.exe

Loads dropped DLL 64 IoCs

pid	Process
2440	957f6be6f6c46b94ca088d1cf691aa84746a1df19d1958be7a9a6602f004e87e.exe
2440	957f6be6f6c46b94ca088d1cf691aa84746a1df19d1958be7a9a6602f004e87e.exe
2836	Unicorn-8580.exe
2836	Unicorn-8580.exe
2440	957f6be6f6c46b94ca088d1cf691aa84746a1df19d1958be7a9a6602f004e87e.exe
2440	957f6be6f6c46b94ca088d1cf691aa84746a1df19d1958be7a9a6602f004e87e.exe
2588	Unicorn-37048.exe
2588	Unicorn-37048.exe
2836	Unicorn-8580.exe
2592	Unicorn-23020.exe
2836	Unicorn-8580.exe
2592	Unicorn-23020.exe
1708	WerFault.exe
1708	WerFault.exe
1708	WerFault.exe
1708	WerFault.exe
1708	WerFault.exe
2588	Unicorn-37048.exe
2376	Unicorn-31219.exe
2588	Unicorn-37048.exe
2376	Unicorn-31219.exe
2592	Unicorn-23020.exe
2592	Unicorn-23020.exe
2532	Unicorn-25826.exe
2532	Unicorn-25826.exe
1448	WerFault.exe
1448	WerFault.exe
1448	WerFault.exe
1448	WerFault.exe
1324	WerFault.exe
1324	WerFault.exe
1324	WerFault.exe
1324	WerFault.exe
1448	WerFault.exe
1324	WerFault.exe
2364	Unicorn-45692.exe
2364	Unicorn-45692.exe
2444	Unicorn-59006.exe
2444	Unicorn-59006.exe
1452	Unicorn-46837.exe
1452	Unicorn-46837.exe
2656	Unicorn-13334.exe
2656	Unicorn-13334.exe
1744	Unicorn-1165.exe
1744	Unicorn-1165.exe
2376	Unicorn-31219.exe
2532	Unicorn-25826.exe
2376	Unicorn-31219.exe
2532	Unicorn-25826.exe
920	WerFault.exe
920	WerFault.exe
920	WerFault.exe
920	WerFault.exe
920	WerFault.exe
2324	WerFault.exe
2324	WerFault.exe
2324	WerFault.exe
2324	WerFault.exe
2320	WerFault.exe
2320	WerFault.exe
2320	WerFault.exe
2320	WerFault.exe
2320	WerFault.exe
2324	WerFault.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2520	2440	WerFault.exe	27
1708	2836	WerFault.exe	28
1448	2588	WerFault.exe	29
1324	2592	WerFault.exe	30
920	2376	WerFault.exe	32
2324	2532	WerFault.exe	33
2320	2364	WerFault.exe	34
2140	2444	WerFault.exe	36
1528	1452	WerFault.exe	38
2912	2656	WerFault.exe	37
1260	1744	WerFault.exe	39
2980	2028	WerFault.exe	42
1624	2000	WerFault.exe	43
336	1924	WerFault.exe	44
1036	2764	WerFault.exe	45
560	572	WerFault.exe	46
3056	788	WerFault.exe	47
700	1420	WerFault.exe	48
1288	2800	WerFault.exe	52
2952	2928	WerFault.exe	53
1320	996	WerFault.exe	54
1520	1248	WerFault.exe	55
2448	956	WerFault.exe	58
2360	1916	WerFault.exe	62
2616	2784	WerFault.exe	59
2608	3032	WerFault.exe	57
2348	3020	WerFault.exe	61
2468	1716	WerFault.exe	60
1996	2116	WerFault.exe	115
576	1928	WerFault.exe	64
2896	1564	WerFault.exe	66
3040	2748	WerFault.exe	70
1428	2604	WerFault.exe	71
3108	2404	WerFault.exe	73
3140	1660	WerFault.exe	74
3172	2676	WerFault.exe	82
3188	2692	WerFault.exe	79
3196	2340	WerFault.exe	77
3204	1020	WerFault.exe	80
3300	328	WerFault.exe	81
3324	2328	WerFault.exe	76
3344	2412	WerFault.exe	78
3728	2236	WerFault.exe	83
3752	2132	WerFault.exe	84
3780	2420	WerFault.exe	75
3816	2624	WerFault.exe	69
3852	2396	WerFault.exe	72
3932	1956	WerFault.exe	88
4088	1040	WerFault.exe	87
4028	1832	WerFault.exe	91
3308	1472	WerFault.exe	96
3696	852	WerFault.exe	99
3372	2052	WerFault.exe	106
3484	2120	WerFault.exe	114
3580	1840	WerFault.exe	101
4144	1684	WerFault.exe	97
4152	2944	WerFault.exe	104
4252	2172	WerFault.exe	103
4280	2556	WerFault.exe	133
4296	280	WerFault.exe	134
4320	1240	WerFault.exe	137
4332	2100	WerFault.exe	135
4360	1636	WerFault.exe	138
4392	1592	WerFault.exe	102

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2440	957f6be6f6c46b94ca088d1cf691aa84746a1df19d1958be7a9a6602f004e87e.exe
2836	Unicorn-8580.exe
2588	Unicorn-37048.exe
2592	Unicorn-23020.exe
2376	Unicorn-31219.exe
2532	Unicorn-25826.exe
2364	Unicorn-45692.exe
2444	Unicorn-59006.exe
2656	Unicorn-13334.exe
1452	Unicorn-46837.exe
1744	Unicorn-1165.exe
2028	Unicorn-10849.exe
2000	Unicorn-21042.exe
1924	Unicorn-23756.exe
2764	Unicorn-33211.exe
572	Unicorn-19506.exe
788	Unicorn-65177.exe
1420	Unicorn-2930.exe
2800	Unicorn-37366.exe
2928	Unicorn-49535.exe
996	Unicorn-30629.exe
2128	Unicorn-51543.exe
1248	Unicorn-5871.exe
3032	Unicorn-11320.exe
956	Unicorn-43286.exe
2784	Unicorn-46899.exe
3020	Unicorn-29110.exe
1716	Unicorn-57568.exe
1916	Unicorn-9784.exe
1928	Unicorn-22170.exe
1564	Unicorn-15433.exe
2624	Unicorn-35770.exe
2748	Unicorn-55636.exe
2604	Unicorn-33763.exe
2396	Unicorn-47956.exe
2404	Unicorn-46420.exe
1660	Unicorn-8765.exe
2420	Unicorn-19534.exe
2340	Unicorn-50068.exe
2236	Unicorn-244.exe
2328	Unicorn-50068.exe
328	Unicorn-32279.exe
1020	Unicorn-31162.exe
2412	Unicorn-43331.exe
2692	Unicorn-12413.exe
2676	Unicorn-51028.exe
2132	Unicorn-20110.exe
1040	Unicorn-3133.exe
1956	Unicorn-15338.exe
1832	Unicorn-61566.exe
2920	Unicorn-31032.exe
1472	Unicorn-11706.exe
1684	Unicorn-57378.exe
992	Unicorn-10206.exe
852	Unicorn-30072.exe
2304	Unicorn-43201.exe
1840	Unicorn-57954.exe
1592	Unicorn-46849.exe
2944	Unicorn-16891.exe
2904	Unicorn-40181.exe
2524	Unicorn-21275.exe
2052	Unicorn-57394.exe
2864	Unicorn-6138.exe
2400	Unicorn-60684.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2440 wrote to memory of 2836	2440	957f6be6f6c46b94ca088d1cf691aa84746a1df19d1958be7a9a6602f004e87e.exe	28
PID 2440 wrote to memory of 2836	2440	957f6be6f6c46b94ca088d1cf691aa84746a1df19d1958be7a9a6602f004e87e.exe	28
PID 2440 wrote to memory of 2836	2440	957f6be6f6c46b94ca088d1cf691aa84746a1df19d1958be7a9a6602f004e87e.exe	28
PID 2440 wrote to memory of 2836	2440	957f6be6f6c46b94ca088d1cf691aa84746a1df19d1958be7a9a6602f004e87e.exe	28
PID 2836 wrote to memory of 2588	2836	Unicorn-8580.exe	29
PID 2836 wrote to memory of 2588	2836	Unicorn-8580.exe	29
PID 2836 wrote to memory of 2588	2836	Unicorn-8580.exe	29
PID 2836 wrote to memory of 2588	2836	Unicorn-8580.exe	29
PID 2440 wrote to memory of 2592	2440	957f6be6f6c46b94ca088d1cf691aa84746a1df19d1958be7a9a6602f004e87e.exe	30
PID 2440 wrote to memory of 2592	2440	957f6be6f6c46b94ca088d1cf691aa84746a1df19d1958be7a9a6602f004e87e.exe	30
PID 2440 wrote to memory of 2592	2440	957f6be6f6c46b94ca088d1cf691aa84746a1df19d1958be7a9a6602f004e87e.exe	30
PID 2440 wrote to memory of 2592	2440	957f6be6f6c46b94ca088d1cf691aa84746a1df19d1958be7a9a6602f004e87e.exe	30
PID 2440 wrote to memory of 2520	2440	957f6be6f6c46b94ca088d1cf691aa84746a1df19d1958be7a9a6602f004e87e.exe	31
PID 2440 wrote to memory of 2520	2440	957f6be6f6c46b94ca088d1cf691aa84746a1df19d1958be7a9a6602f004e87e.exe	31
PID 2440 wrote to memory of 2520	2440	957f6be6f6c46b94ca088d1cf691aa84746a1df19d1958be7a9a6602f004e87e.exe	31
PID 2440 wrote to memory of 2520	2440	957f6be6f6c46b94ca088d1cf691aa84746a1df19d1958be7a9a6602f004e87e.exe	31
PID 2588 wrote to memory of 2376	2588	Unicorn-37048.exe	32
PID 2588 wrote to memory of 2376	2588	Unicorn-37048.exe	32
PID 2588 wrote to memory of 2376	2588	Unicorn-37048.exe	32
PID 2588 wrote to memory of 2376	2588	Unicorn-37048.exe	32
PID 2836 wrote to memory of 2532	2836	Unicorn-8580.exe	33
PID 2836 wrote to memory of 2532	2836	Unicorn-8580.exe	33
PID 2836 wrote to memory of 2532	2836	Unicorn-8580.exe	33
PID 2836 wrote to memory of 2532	2836	Unicorn-8580.exe	33
PID 2592 wrote to memory of 2364	2592	Unicorn-23020.exe	34
PID 2592 wrote to memory of 2364	2592	Unicorn-23020.exe	34
PID 2592 wrote to memory of 2364	2592	Unicorn-23020.exe	34
PID 2592 wrote to memory of 2364	2592	Unicorn-23020.exe	34
PID 2836 wrote to memory of 1708	2836	Unicorn-8580.exe	35
PID 2836 wrote to memory of 1708	2836	Unicorn-8580.exe	35
PID 2836 wrote to memory of 1708	2836	Unicorn-8580.exe	35
PID 2836 wrote to memory of 1708	2836	Unicorn-8580.exe	35
PID 2588 wrote to memory of 2444	2588	Unicorn-37048.exe	36
PID 2588 wrote to memory of 2444	2588	Unicorn-37048.exe	36
PID 2588 wrote to memory of 2444	2588	Unicorn-37048.exe	36
PID 2588 wrote to memory of 2444	2588	Unicorn-37048.exe	36
PID 2376 wrote to memory of 2656	2376	Unicorn-31219.exe	37
PID 2376 wrote to memory of 2656	2376	Unicorn-31219.exe	37
PID 2376 wrote to memory of 2656	2376	Unicorn-31219.exe	37
PID 2376 wrote to memory of 2656	2376	Unicorn-31219.exe	37
PID 2592 wrote to memory of 1452	2592	Unicorn-23020.exe	38
PID 2592 wrote to memory of 1452	2592	Unicorn-23020.exe	38
PID 2592 wrote to memory of 1452	2592	Unicorn-23020.exe	38
PID 2592 wrote to memory of 1452	2592	Unicorn-23020.exe	38
PID 2532 wrote to memory of 1744	2532	Unicorn-25826.exe	39
PID 2532 wrote to memory of 1744	2532	Unicorn-25826.exe	39
PID 2532 wrote to memory of 1744	2532	Unicorn-25826.exe	39
PID 2532 wrote to memory of 1744	2532	Unicorn-25826.exe	39
PID 2588 wrote to memory of 1448	2588	Unicorn-37048.exe	40
PID 2588 wrote to memory of 1448	2588	Unicorn-37048.exe	40
PID 2588 wrote to memory of 1448	2588	Unicorn-37048.exe	40
PID 2588 wrote to memory of 1448	2588	Unicorn-37048.exe	40
PID 2592 wrote to memory of 1324	2592	Unicorn-23020.exe	41
PID 2592 wrote to memory of 1324	2592	Unicorn-23020.exe	41
PID 2592 wrote to memory of 1324	2592	Unicorn-23020.exe	41
PID 2592 wrote to memory of 1324	2592	Unicorn-23020.exe	41
PID 2364 wrote to memory of 2028	2364	Unicorn-45692.exe	42
PID 2364 wrote to memory of 2028	2364	Unicorn-45692.exe	42
PID 2364 wrote to memory of 2028	2364	Unicorn-45692.exe	42
PID 2364 wrote to memory of 2028	2364	Unicorn-45692.exe	42
PID 2444 wrote to memory of 2000	2444	Unicorn-59006.exe	43
PID 2444 wrote to memory of 2000	2444	Unicorn-59006.exe	43
PID 2444 wrote to memory of 2000	2444	Unicorn-59006.exe	43
PID 2444 wrote to memory of 2000	2444	Unicorn-59006.exe	43

C:\Users\Admin\AppData\Local\Temp\957f6be6f6c46b94ca088d1cf691aa84746a1df19d1958be7a9a6602f004e87e.exe
"C:\Users\Admin\AppData\Local\Temp\957f6be6f6c46b94ca088d1cf691aa84746a1df19d1958be7a9a6602f004e87e.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2440
- C:\Users\Admin\AppData\Local\Temp\Unicorn-8580.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-8580.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2836
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37048.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37048.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31219.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31219.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13334.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33211.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11320.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32279.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65292.exe
        9⤵
        
        PID:2116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2116 -s 240
        10⤵
        Program crash
        
        PID:1996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17802.exe
        9⤵
        
        PID:2060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2124.exe
        10⤵
        
        PID:3832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43480.exe
        11⤵
        
        PID:5948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39113.exe
        12⤵
        
        PID:8540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64082.exe
        13⤵
        
        PID:10524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5948 -s 220
        12⤵
        
        PID:10248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3832 -s 216
        11⤵
        
        PID:7424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2060 -s 236
        10⤵
        
        PID:5348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 328 -s 240
        9⤵
        Program crash
        
        PID:3300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25883.exe
        8⤵
        
        PID:868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9245.exe
        9⤵
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17174.exe
        10⤵
        
        PID:3552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65282.exe
        11⤵
        
        PID:5004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58716.exe
        12⤵
        
        PID:8036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60431.exe
        13⤵
        
        PID:12856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8036 -s 236
        13⤵
        
        PID:13136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5004 -s 236
        12⤵
        
        PID:9304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3552 -s 216
        11⤵
        
        PID:7120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2640 -s 236
        10⤵
        
        PID:4948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63421.exe
        9⤵
        
        PID:3648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41944.exe
        10⤵
        
        PID:6000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8554.exe
        11⤵
        
        PID:9036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13805.exe
        12⤵
        
        PID:10308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9036 -s 236
        12⤵
        
        PID:11528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6000 -s 216
        11⤵
        
        PID:9844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3648 -s 216
        10⤵
        
        PID:7388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 868 -s 240
        9⤵
        
        PID:5520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3032 -s 240
        8⤵
        Program crash
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31162.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46927.exe
        8⤵
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57761.exe
        9⤵
        
        PID:1780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22358.exe
        10⤵
        
        PID:4012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41113.exe
        11⤵
        
        PID:5572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28183.exe
        12⤵
        
        PID:9236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41203.exe
        13⤵
        
        PID:12112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9236 -s 216
        13⤵
        
        PID:12896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5572 -s 216
        12⤵
        
        PID:10652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4012 -s 216
        11⤵
        
        PID:7840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1780 -s 236
        10⤵
        
        PID:4160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7749.exe
        9⤵
        
        PID:4048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43480.exe
        10⤵
        
        PID:5896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57557.exe
        11⤵
        
        PID:8572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27551.exe
        12⤵
        
        PID:11680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8572 -s 236
        12⤵
        
        PID:12468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5896 -s 216
        11⤵
        
        PID:9804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4048 -s 216
        10⤵
        
        PID:7356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2680 -s 240
        9⤵
        
        PID:5396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37895.exe
        8⤵
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36255.exe
        9⤵
        
        PID:3976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1876.exe
        10⤵
        
        PID:6136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34392.exe
        11⤵
        
        PID:8704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6136 -s 220
        11⤵
        
        PID:9864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3976 -s 216
        10⤵
        
        PID:7044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1736 -s 236
        9⤵
        
        PID:5148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1020 -s 240
        8⤵
        Program crash
        
        PID:3204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2764 -s 240
        7⤵
        Program crash
        
        PID:1036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43286.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19534.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40181.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35172.exe
        9⤵
        
        PID:2156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14101.exe
        10⤵
        
        PID:4076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19671.exe
        11⤵
        
        PID:5576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35113.exe
        12⤵
        
        PID:8392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27603.exe
        13⤵
        
        PID:11592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8392 -s 216
        13⤵
        
        PID:12416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5576 -s 216
        12⤵
        
        PID:9708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4076 -s 236
        11⤵
        
        PID:6344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2156 -s 236
        10⤵
        
        PID:4424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24770.exe
        9⤵
        
        PID:3088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-221.exe
        10⤵
        
        PID:5432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6445.exe
        11⤵
        
        PID:7276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5432 -s 216
        11⤵
        
        PID:1416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3088 -s 216
        10⤵
        
        PID:7432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2904 -s 220
        9⤵
        
        PID:5556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33287.exe
        8⤵
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61647.exe
        9⤵
        
        PID:3988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2286.exe
        10⤵
        
        PID:5324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20443.exe
        11⤵
        
        PID:8608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5324 -s 220
        11⤵
        
        PID:9812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3988 -s 216
        10⤵
        
        PID:6336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2488 -s 236
        9⤵
        
        PID:5184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2420 -s 240
        8⤵
        Program crash
        
        PID:3780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21275.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22759.exe
        8⤵
        
        PID:2280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6872.exe
        9⤵
        
        PID:3880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10892.exe
        10⤵
        
        PID:5372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35214.exe
        11⤵
        
        PID:8236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48632.exe
        12⤵
        
        PID:11352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8236 -s 216
        12⤵
        
        PID:11436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5372 -s 216
        11⤵
        
        PID:9464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3880 -s 216
        10⤵
        
        PID:6236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2280 -s 236
        9⤵
        
        PID:4100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50432.exe
        8⤵
        
        PID:3936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5272.exe
        9⤵
        
        PID:5204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39513.exe
        10⤵
        
        PID:8876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5204 -s 216
        10⤵
        
        PID:10228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3936 -s 236
        9⤵
        
        PID:6200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2524 -s 240
        8⤵
        
        PID:4652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 956 -s 240
        7⤵
        Program crash
        
        PID:2448
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2656 -s 240
        6⤵
        Program crash
        
        PID:2912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65177.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29110.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51028.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6138.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56801.exe
        9⤵
        
        PID:1952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3915.exe
        10⤵
        
        PID:3684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36205.exe
        11⤵
        
        PID:5792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-722.exe
        12⤵
        
        PID:8332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8332 -s 200
        13⤵
        
        PID:11244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5792 -s 216
        12⤵
        
        PID:10492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3684 -s 216
        11⤵
        
        PID:7712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1952 -s 236
        10⤵
        
        PID:5964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48627.exe
        9⤵
        
        PID:3916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63694.exe
        10⤵
        
        PID:4488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46739.exe
        11⤵
        
        PID:7876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4488 -s 216
        11⤵
        
        PID:8360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3916 -s 216
        10⤵
        
        PID:7064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2864 -s 240
        9⤵
        
        PID:4748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37895.exe
        8⤵
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13141.exe
        9⤵
        
        PID:3472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3472 -s 220
        10⤵
        
        PID:5168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2664 -s 236
        9⤵
        
        PID:5160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2676 -s 240
        8⤵
        Program crash
        
        PID:3172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42712.exe
        7⤵
        
        PID:1280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22183.exe
        8⤵
        
        PID:1988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60993.exe
        9⤵
        
        PID:3448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61545.exe
        10⤵
        
        PID:4128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57716.exe
        11⤵
        
        PID:8120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59100.exe
        12⤵
        
        PID:11808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8120 -s 236
        12⤵
        
        PID:13060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4128 -s 216
        11⤵
        
        PID:8644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3448 -s 236
        10⤵
        
        PID:6780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1988 -s 216
        9⤵
        
        PID:5092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19550.exe
        8⤵
        
        PID:3924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58726.exe
        9⤵
        
        PID:5824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50598.exe
        10⤵
        
        PID:8424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35498.exe
        11⤵
        
        PID:12748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8424 -s 216
        11⤵
        
        PID:12384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5824 -s 216
        10⤵
        
        PID:9716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3924 -s 216
        9⤵
        
        PID:6724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1280 -s 240
        8⤵
        
        PID:4728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3020 -s 240
        7⤵
        Program crash
        
        PID:2348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-244.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60684.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36708.exe
        8⤵
        
        PID:2200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40900.exe
        9⤵
        
        PID:3740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58525.exe
        10⤵
        
        PID:4760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56704.exe
        11⤵
        
        PID:8168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51641.exe
        12⤵
        
        PID:11012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8168 -s 236
        12⤵
        
        PID:11768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4760 -s 216
        11⤵
        
        PID:8788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3740 -s 236
        10⤵
        
        PID:6948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2200 -s 216
        9⤵
        
        PID:4972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4589.exe
        8⤵
        
        PID:3904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50081.exe
        9⤵
        
        PID:6124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42597.exe
        10⤵
        
        PID:9016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6124 -s 216
        10⤵
        
        PID:9760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2400 -s 240
        8⤵
        
        PID:5680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29779.exe
        7⤵
        
        PID:604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3837.exe
        8⤵
        
        PID:3704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30115.exe
        9⤵
        
        PID:6452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12103.exe
        10⤵
        
        PID:10424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6452 -s 216
        10⤵
        
        PID:11180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3704 -s 216
        9⤵
        
        PID:8068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 604 -s 236
        8⤵
        
        PID:5700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2236 -s 240
        7⤵
        Program crash
        
        PID:3728
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 788 -s 240
        6⤵
        Program crash
        
        PID:3056
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2376 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59006.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59006.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21042.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49535.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55636.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31032.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20211.exe
        9⤵
        
        PID:1056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43100.exe
        10⤵
        
        PID:3424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16594.exe
        11⤵
        
        PID:6004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9041.exe
        12⤵
        
        PID:8544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6004 -s 216
        12⤵
        
        PID:9796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3424 -s 216
        11⤵
        
        PID:6152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1056 -s 216
        10⤵
        
        PID:4112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58813.exe
        9⤵
        
        PID:3444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19671.exe
        10⤵
        
        PID:5540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22176.exe
        11⤵
        
        PID:8364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5540 -s 216
        11⤵
        
        PID:9700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3444 -s 216
        10⤵
        
        PID:6304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2920 -s 240
        9⤵
        
        PID:4400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8461.exe
        8⤵
        
        PID:380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12565.exe
        9⤵
        
        PID:3332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17964.exe
        10⤵
        
        PID:5976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14874.exe
        11⤵
        
        PID:8720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8397.exe
        12⤵
        
        PID:11836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54068.exe
        13⤵
        
        PID:11784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11836 -s 236
        13⤵
        
        PID:12980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41955.exe
        12⤵
        
        PID:12004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8720 -s 220
        12⤵
        
        PID:13012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5976 -s 220
        11⤵
        
        PID:9940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3332 -s 216
        10⤵
        
        PID:7112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 380 -s 236
        9⤵
        
        PID:4552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2748 -s 240
        8⤵
        Program crash
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57378.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43900.exe
        8⤵
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11420.exe
        9⤵
        
        PID:3504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17962.exe
        10⤵
        
        PID:4692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21857.exe
        11⤵
        
        PID:7212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31266.exe
        12⤵
        
        PID:11484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7212 -s 236
        12⤵
        
        PID:12948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4692 -s 216
        11⤵
        
        PID:9008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3504 -s 236
        10⤵
        
        PID:6556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2100 -s 236
        9⤵
        Program crash
        
        PID:4332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43578.exe
        8⤵
        
        PID:3532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47920.exe
        9⤵
        
        PID:4592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65377.exe
        10⤵
        
        PID:7136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4903.exe
        11⤵
        
        PID:11304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7136 -s 236
        11⤵
        
        PID:12936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4592 -s 236
        10⤵
        
        PID:8972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3532 -s 236
        9⤵
        
        PID:6544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1684 -s 240
        8⤵
        Program crash
        
        PID:4144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2928 -s 240
        7⤵
        Program crash
        
        PID:2952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35770.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11706.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11305.exe
        8⤵
        
        PID:952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53007.exe
        9⤵
        
        PID:4032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8997.exe
        10⤵
        
        PID:5116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50560.exe
        11⤵
        
        PID:7396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16354.exe
        12⤵
        
        PID:10540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7396 -s 216
        12⤵
        
        PID:11696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5116 -s 216
        11⤵
        
        PID:8936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4032 -s 216
        10⤵
        
        PID:6772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9225.exe
        9⤵
        
        PID:4288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65396.exe
        10⤵
        
        PID:8056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42304.exe
        11⤵
        
        PID:12160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8056 -s 236
        11⤵
        
        PID:12988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4288 -s 216
        10⤵
        
        PID:8600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 952 -s 220
        9⤵
        
        PID:6788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1472 -s 216
        8⤵
        Program crash
        
        PID:3308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38995.exe
        7⤵
        
        PID:552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60687.exe
        8⤵
        
        PID:3228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12390.exe
        9⤵
        
        PID:5648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18180.exe
        10⤵
        
        PID:9108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64506.exe
        11⤵
        
        PID:10720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9108 -s 236
        11⤵
        
        PID:12156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5648 -s 216
        10⤵
        
        PID:10508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3228 -s 216
        9⤵
        
        PID:7456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 552 -s 236
        8⤵
        
        PID:5692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2624 -s 240
        7⤵
        Program crash
        
        PID:3816
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2000 -s 240
        6⤵
        Program crash
        
        PID:1624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30629.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33763.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30072.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59821.exe
        8⤵
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40952.exe
        9⤵
        
        PID:3528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61269.exe
        10⤵
        
        PID:5844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39113.exe
        11⤵
        
        PID:8560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5844 -s 220
        11⤵
        
        PID:9512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3528 -s 216
        10⤵
        
        PID:7404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2176 -s 216
        9⤵
        
        PID:5340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 852 -s 236
        8⤵
        Program crash
        
        PID:3696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55441.exe
        7⤵
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50640.exe
        8⤵
        
        PID:3748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29589.exe
        9⤵
        
        PID:4984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47607.exe
        10⤵
        
        PID:8028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6438.exe
        11⤵
        
        PID:10724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8028 -s 216
        11⤵
        
        PID:12148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4984 -s 216
        10⤵
        
        PID:8568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3748 -s 236
        9⤵
        
        PID:6736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2696 -s 236
        8⤵
        
        PID:4840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2604 -s 240
        7⤵
        Program crash
        
        PID:1428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10206.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11305.exe
        7⤵
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52752.exe
        8⤵
        
        PID:3620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16039.exe
        9⤵
        
        PID:5816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41012.exe
        10⤵
        
        PID:8408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3950.exe
        11⤵
        
        PID:11936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55028.exe
        12⤵
        
        PID:11852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11936 -s 216
        12⤵
        
        PID:12996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23398.exe
        11⤵
        
        PID:12236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8408 -s 240
        11⤵
        
        PID:13036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5816 -s 216
        10⤵
        
        PID:10060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3620 -s 216
        9⤵
        
        PID:7560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2712 -s 216
        8⤵
        
        PID:5808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30774.exe
        7⤵
        
        PID:3720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-217.exe
        8⤵
        
        PID:4992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43905.exe
        9⤵
        
        PID:8048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39027.exe
        10⤵
        
        PID:12796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8048 -s 236
        10⤵
        
        PID:13088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4992 -s 216
        9⤵
        
        PID:8492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3720 -s 236
        8⤵
        
        PID:6980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 992 -s 240
        7⤵
        
        PID:4608
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 996 -s 240
        6⤵
        Program crash
        
        PID:1320
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2444 -s 240
        5⤵
        Program crash
        
        PID:2140
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2588 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1448
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25826.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25826.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1165.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1165.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19506.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46899.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50068.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45749.exe
        8⤵
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56801.exe
        9⤵
        
        PID:1560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51216.exe
        10⤵
        
        PID:3952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-797.exe
        11⤵
        
        PID:5252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60789.exe
        12⤵
        
        PID:8700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5252 -s 216
        12⤵
        
        PID:10328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3952 -s 216
        11⤵
        
        PID:7412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1560 -s 236
        10⤵
        
        PID:5600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23094.exe
        9⤵
        
        PID:4000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4953.exe
        10⤵
        
        PID:5488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64547.exe
        11⤵
        
        PID:8336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30651.exe
        12⤵
        
        PID:11312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8336 -s 236
        12⤵
        
        PID:11512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5488 -s 216
        11⤵
        
        PID:9676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4000 -s 216
        10⤵
        
        PID:6300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2012 -s 220
        9⤵
        
        PID:4104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37895.exe
        8⤵
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54812.exe
        9⤵
        
        PID:3908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57602.exe
        10⤵
        
        PID:5068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45058.exe
        11⤵
        
        PID:7664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5068 -s 216
        11⤵
        
        PID:9400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3908 -s 236
        10⤵
        
        PID:7144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1936 -s 236
        9⤵
        
        PID:4964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2328 -s 240
        8⤵
        Program crash
        
        PID:3324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27637.exe
        7⤵
        
        PID:1896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36708.exe
        8⤵
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12041.exe
        9⤵
        
        PID:4092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25443.exe
        10⤵
        
        PID:4680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43381.exe
        11⤵
        
        PID:8116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56635.exe
        12⤵
        
        PID:12176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8116 -s 216
        12⤵
        
        PID:13048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4092 -s 236
        10⤵
        
        PID:6916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2336 -s 236
        9⤵
        
        PID:4888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6649.exe
        8⤵
        
        PID:3224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14488.exe
        9⤵
        
        PID:5108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49500.exe
        10⤵
        
        PID:7964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-140.exe
        11⤵
        
        PID:11668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7964 -s 236
        11⤵
        
        PID:12476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5108 -s 216
        10⤵
        
        PID:9344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3224 -s 236
        9⤵
        
        PID:6156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1896 -s 220
        8⤵
        
        PID:5016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2784 -s 220
        7⤵
        Program crash
        
        PID:2616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43331.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47503.exe
        7⤵
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53153.exe
        8⤵
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49156.exe
        9⤵
        
        PID:3568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-626.exe
        10⤵
        
        PID:5888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59018.exe
        11⤵
        
        PID:9324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13143.exe
        12⤵
        
        PID:11988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9324 -s 236
        12⤵
        
        PID:12732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3568 -s 216
        10⤵
        
        PID:7904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2084 -s 236
        9⤵
        
        PID:6052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21034.exe
        8⤵
        
        PID:3664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21659.exe
        9⤵
        
        PID:5756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54174.exe
        10⤵
        
        PID:8800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11046.exe
        11⤵
        
        PID:11076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8800 -s 236
        11⤵
        
        PID:12188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5756 -s 216
        10⤵
        
        PID:9992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3664 -s 216
        9⤵
        
        PID:7312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2832 -s 240
        8⤵
        
        PID:5308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54917.exe
        7⤵
        
        PID:2108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17174.exe
        8⤵
        
        PID:3556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4782.exe
        9⤵
        
        PID:5224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13987.exe
        10⤵
        
        PID:8828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5719.exe
        11⤵
        
        PID:13180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8828 -s 216
        11⤵
        
        PID:6904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5224 -s 216
        10⤵
        
        PID:10068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3556 -s 216
        9⤵
        
        PID:6852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2108 -s 236
        8⤵
        
        PID:5172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2412 -s 240
        7⤵
        Program crash
        
        PID:3344
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 572 -s 240
        6⤵
        Program crash
        
        PID:560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57568.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20110.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57394.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35172.exe
        8⤵
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55503.exe
        9⤵
        
        PID:3712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52329.exe
        10⤵
        
        PID:4492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63741.exe
        11⤵
        
        PID:7236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59249.exe
        12⤵
        
        PID:11228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7236 -s 236
        12⤵
        
        PID:11888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4492 -s 216
        11⤵
        
        PID:8664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3712 -s 216
        10⤵
        
        PID:6828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35011.exe
        9⤵
        
        PID:4548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47488.exe
        10⤵
        
        PID:7192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64077.exe
        11⤵
        
        PID:12328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7192 -s 236
        11⤵
        
        PID:13096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4548 -s 216
        10⤵
        
        PID:8812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2128 -s 220
        9⤵
        
        PID:6844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2052 -s 236
        8⤵
        Program crash
        
        PID:3372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33287.exe
        7⤵
        
        PID:804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59509.exe
        8⤵
        
        PID:3480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3611.exe
        9⤵
        
        PID:4344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53532.exe
        10⤵
        
        PID:7300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9670.exe
        11⤵
        
        PID:11504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7300 -s 216
        11⤵
        
        PID:12296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4344 -s 216
        10⤵
        
        PID:8740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3480 -s 236
        9⤵
        
        PID:7104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 804 -s 236
        8⤵
        
        PID:4580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2132 -s 220
        7⤵
        Program crash
        
        PID:3752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51810.exe
        6⤵
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57761.exe
        7⤵
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63193.exe
        8⤵
        
        PID:3180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28192.exe
        9⤵
        
        PID:5748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-546.exe
        10⤵
        
        PID:8292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44800.exe
        11⤵
        
        PID:11964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8292 -s 216
        11⤵
        
        PID:13004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5748 -s 216
        10⤵
        
        PID:9644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3180 -s 216
        9⤵
        
        PID:6592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3000 -s 236
        8⤵
        
        PID:4704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25730.exe
        7⤵
        
        PID:3248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13838.exe
        8⤵
        
        PID:6188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61717.exe
        9⤵
        
        PID:9588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35583.exe
        10⤵
        
        PID:12132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9588 -s 236
        10⤵
        
        PID:12920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6188 -s 216
        9⤵
        
        PID:10732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3248 -s 216
        8⤵
        
        PID:8092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2824 -s 240
        7⤵
        
        PID:4180
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1716 -s 240
        6⤵
        Program crash
        
        PID:2468
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1744 -s 240
        5⤵
        Program crash
        
        PID:1260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2930.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2930.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9784.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50068.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44789.exe
        7⤵
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17575.exe
        8⤵
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51216.exe
        9⤵
        
        PID:3960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34793.exe
        10⤵
        
        PID:6100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41958.exe
        11⤵
        
        PID:8516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17164.exe
        12⤵
        
        PID:11280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8516 -s 236
        12⤵
        
        PID:11448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6100 -s 216
        11⤵
        
        PID:9772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3960 -s 216
        10⤵
        
        PID:7072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2848 -s 236
        9⤵
        
        PID:4876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40691.exe
        8⤵
        
        PID:3964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7901.exe
        9⤵
        
        PID:6072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53598.exe
        10⤵
        
        PID:8772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6072 -s 216
        10⤵
        
        PID:9956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3964 -s 216
        9⤵
        
        PID:7348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1748 -s 220
        8⤵
        
        PID:5472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33287.exe
        7⤵
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42960.exe
        8⤵
        
        PID:4020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40492.exe
        9⤵
        
        PID:5028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19237.exe
        10⤵
        
        PID:7880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59446.exe
        11⤵
        
        PID:11128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7880 -s 236
        11⤵
        
        PID:11872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5028 -s 236
        10⤵
        
        PID:8528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4020 -s 236
        9⤵
        
        PID:6752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2224 -s 236
        8⤵
        
        PID:4880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2340 -s 240
        7⤵
        Program crash
        
        PID:3196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45427.exe
        6⤵
        
        PID:2120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17575.exe
        7⤵
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-581.exe
        8⤵
        
        PID:4024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47028.exe
        9⤵
        
        PID:6264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11253.exe
        10⤵
        
        PID:10004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41203.exe
        11⤵
        
        PID:12100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4024 -s 216
        9⤵
        
        PID:7524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2872 -s 236
        8⤵
        
        PID:6116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2120 -s 236
        7⤵
        Program crash
        
        PID:3484
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1916 -s 240
        6⤵
        Program crash
        
        PID:2360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12413.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10521.exe
        6⤵
        
        PID:768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62484.exe
        7⤵
        
        PID:3392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37696.exe
        8⤵
        
        PID:3876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49524.exe
        9⤵
        
        PID:6228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45696.exe
        10⤵
        
        PID:9480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6228 -s 216
        10⤵
        
        PID:11068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3876 -s 216
        9⤵
        
        PID:7332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3392 -s 236
        8⤵
        
        PID:5232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49325.exe
        7⤵
        
        PID:4164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42368.exe
        8⤵
        
        PID:6388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2292.exe
        9⤵
        
        PID:9232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55028.exe
        10⤵
        
        PID:11844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6388 -s 236
        9⤵
        
        PID:11136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4164 -s 216
        8⤵
        
        PID:7800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 768 -s 240
        7⤵
        
        PID:5464
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2692 -s 216
        6⤵
        Program crash
        
        PID:3188
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1420 -s 240
        5⤵
        Program crash
        
        PID:700
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2532 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:2324
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2836 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:1708
- C:\Users\Admin\AppData\Local\Temp\Unicorn-23020.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-23020.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2592
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45692.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45692.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10849.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10849.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37366.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22170.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3133.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10983.exe
        8⤵
        
        PID:824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26854.exe
        9⤵
        
        PID:1180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8445.exe
        10⤵
        
        PID:4064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43766.exe
        11⤵
        
        PID:5780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64147.exe
        12⤵
        
        PID:8420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19847.exe
        13⤵
        
        PID:11456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8420 -s 216
        13⤵
        
        PID:11332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5780 -s 216
        12⤵
        
        PID:10500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4064 -s 216
        11⤵
        
        PID:7864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1180 -s 236
        10⤵
        
        PID:5264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36519.exe
        9⤵
        
        PID:3136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34840.exe
        10⤵
        
        PID:6132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34392.exe
        11⤵
        
        PID:8692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7385.exe
        12⤵
        
        PID:11876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8692 -s 216
        12⤵
        
        PID:12664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6132 -s 220
        11⤵
        
        PID:9852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3136 -s 216
        10⤵
        
        PID:7368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 824 -s 240
        9⤵
        
        PID:5456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37522.exe
        8⤵
        
        PID:936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22919.exe
        9⤵
        
        PID:3232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16039.exe
        10⤵
        
        PID:5840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63915.exe
        11⤵
        
        PID:9096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5840 -s 216
        11⤵
        
        PID:9616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3232 -s 216
        10⤵
        
        PID:7552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 936 -s 236
        9⤵
        
        PID:5672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1040 -s 240
        8⤵
        Program crash
        
        PID:4088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10085.exe
        7⤵
        
        PID:1424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10408.exe
        8⤵
        
        PID:1992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29499.exe
        9⤵
        
        PID:3656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14050.exe
        10⤵
        
        PID:5868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13987.exe
        11⤵
        
        PID:8840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27392.exe
        12⤵
        
        PID:10580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14371.exe
        13⤵
        
        PID:12676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10580 -s 236
        13⤵
        
        PID:13068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8840 -s 236
        12⤵
        
        PID:12268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5868 -s 216
        11⤵
        
        PID:10168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3656 -s 216
        10⤵
        
        PID:6700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1992 -s 236
        9⤵
        
        PID:4784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39643.exe
        8⤵
        
        PID:3440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38317.exe
        9⤵
        
        PID:5384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49601.exe
        10⤵
        
        PID:8960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13143.exe
        11⤵
        
        PID:11980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8960 -s 216
        11⤵
        
        PID:12724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5384 -s 220
        10⤵
        
        PID:10336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3440 -s 216
        9⤵
        
        PID:7688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1424 -s 240
        8⤵
        
        PID:5904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1928 -s 240
        7⤵
        Program crash
        
        PID:576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15338.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10023.exe
        7⤵
        
        PID:1784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46947.exe
        8⤵
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8445.exe
        9⤵
        
        PID:4044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24155.exe
        10⤵
        
        PID:5592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16121.exe
        11⤵
        
        PID:8916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55477.exe
        12⤵
        
        PID:11396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8916 -s 216
        12⤵
        
        PID:12000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5592 -s 216
        11⤵
        
        PID:9248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4044 -s 216
        10⤵
        
        PID:7268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2088 -s 216
        9⤵
        
        PID:5272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36519.exe
        8⤵
        
        PID:3128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9610.exe
        9⤵
        
        PID:5024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24461.exe
        10⤵
        
        PID:7644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28855.exe
        11⤵
        
        PID:11196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7644 -s 236
        11⤵
        
        PID:11800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5024 -s 216
        10⤵
        
        PID:9172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3128 -s 216
        9⤵
        
        PID:7088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1784 -s 240
        8⤵
        
        PID:4848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40018.exe
        7⤵
        
        PID:1208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26427.exe
        8⤵
        
        PID:3356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48733.exe
        9⤵
        
        PID:4836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52286.exe
        10⤵
        
        PID:8184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6225.exe
        11⤵
        
        PID:10384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8184 -s 236
        11⤵
        
        PID:12068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4836 -s 216
        10⤵
        
        PID:8908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3356 -s 236
        9⤵
        
        PID:6972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1208 -s 236
        8⤵
        
        PID:5084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1956 -s 240
        7⤵
        Program crash
        
        PID:3932
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2800 -s 240
        6⤵
        Program crash
        
        PID:1288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15433.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61566.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25779.exe
        7⤵
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12380.exe
        8⤵
        
        PID:3216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7660.exe
        9⤵
        
        PID:4472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47064.exe
        10⤵
        
        PID:6812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49771.exe
        11⤵
        
        PID:12248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6812 -s 236
        11⤵
        
        PID:12904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4472 -s 216
        10⤵
        
        PID:8952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3216 -s 216
        9⤵
        
        PID:6412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2556 -s 236
        8⤵
        Program crash
        
        PID:4280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9536.exe
        7⤵
        
        PID:3276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2693.exe
        8⤵
        
        PID:4120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44216.exe
        9⤵
        
        PID:6704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55738.exe
        10⤵
        
        PID:10996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35583.exe
        11⤵
        
        PID:12124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10996 -s 216
        11⤵
        
        PID:12912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6704 -s 216
        10⤵
        
        PID:11408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4120 -s 216
        9⤵
        
        PID:7580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3276 -s 236
        8⤵
        
        PID:5380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1832 -s 240
        7⤵
        Program crash
        
        PID:4028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20386.exe
        6⤵
        
        PID:280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59936.exe
        7⤵
        
        PID:3312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8620.exe
        8⤵
        
        PID:4500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5603.exe
        9⤵
        
        PID:7028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10357.exe
        10⤵
        
        PID:11428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7028 -s 236
        10⤵
        
        PID:12928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4500 -s 216
        9⤵
        
        PID:8996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3312 -s 236
        8⤵
        
        PID:6432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 280 -s 236
        7⤵
        Program crash
        
        PID:4296
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1564 -s 240
        6⤵
        Program crash
        
        PID:2896
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2028 -s 240
        5⤵
        Program crash
        
        PID:2980
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2364 -s 216
      4⤵
      Loads dropped DLL
      Program crash
      PID:2320
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46837.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46837.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23756.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23756.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5871.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46420.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46849.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40304.exe
        8⤵
        
        PID:1408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31035.exe
        9⤵
        
        PID:3524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57425.exe
        10⤵
        
        PID:5052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44917.exe
        11⤵
        
        PID:7888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32887.exe
        12⤵
        
        PID:10208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7888 -s 236
        12⤵
        
        PID:12096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5052 -s 216
        11⤵
        
        PID:8388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3524 -s 216
        10⤵
        
        PID:7012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1408 -s 216
        9⤵
        
        PID:5100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34459.exe
        8⤵
        
        PID:4084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4084 -s 240
        9⤵
        
        PID:4480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1592 -s 240
        8⤵
        Program crash
        
        PID:4392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37459.exe
        7⤵
        
        PID:1124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43100.exe
        8⤵
        
        PID:3420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23076.exe
        9⤵
        
        PID:5624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22455.exe
        10⤵
        
        PID:8380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5624 -s 216
        10⤵
        
        PID:10040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3420 -s 220
        9⤵
        
        PID:7696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1124 -s 236
        8⤵
        
        PID:5708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 240
        7⤵
        Program crash
        
        PID:3108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14814.exe
        6⤵
        Executes dropped EXE
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36708.exe
        7⤵
        
        PID:2020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31028.exe
        7⤵
        
        PID:3788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30427.exe
        8⤵
        
        PID:4772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46195.exe
        9⤵
        
        PID:7508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33399.exe
        10⤵
        
        PID:11708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7508 -s 236
        10⤵
        
        PID:12968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4772 -s 216
        9⤵
        
        PID:8232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3788 -s 236
        8⤵
        
        PID:6620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2172 -s 220
        7⤵
        Program crash
        
        PID:4252
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1248 -s 240
        6⤵
        Program crash
        
        PID:1520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8765.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16891.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55789.exe
        7⤵
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22996.exe
        8⤵
        
        PID:3612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31911.exe
        9⤵
        
        PID:4632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6179.exe
        10⤵
        
        PID:6384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42090.exe
        11⤵
        
        PID:10444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6384 -s 236
        11⤵
        
        PID:11424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4632 -s 216
        10⤵
        
        PID:8988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3612 -s 236
        9⤵
        
        PID:6508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1636 -s 236
        8⤵
        Program crash
        
        PID:4360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33664.exe
        7⤵
        
        PID:3640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47920.exe
        8⤵
        
        PID:4600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-416.exe
        9⤵
        
        PID:6660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41638.exe
        10⤵
        
        PID:11216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6660 -s 236
        10⤵
        
        PID:12040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4600 -s 216
        9⤵
        
        PID:9204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3640 -s 216
        8⤵
        
        PID:6536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2944 -s 240
        7⤵
        Program crash
        
        PID:4152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34387.exe
        6⤵
        
        PID:1364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56078.exe
        7⤵
        
        PID:3688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47972.exe
        8⤵
        
        PID:4800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2360.exe
        9⤵
        
        PID:7632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31548.exe
        10⤵
        
        PID:5888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22333.exe
        11⤵
        
        PID:11468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5888 -s 236
        11⤵
        
        PID:13020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7632 -s 236
        10⤵
        
        PID:11600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4800 -s 216
        9⤵
        
        PID:8344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3688 -s 236
        8⤵
        
        PID:6652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1364 -s 236
        7⤵
        
        PID:4408
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1660 -s 240
        6⤵
        Program crash
        
        PID:3140
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1924 -s 240
        5⤵
        Program crash
        
        PID:336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51543.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51543.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47956.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43201.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42800.exe
        7⤵
        
        PID:1900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-728.exe
        8⤵
        
        PID:3632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3246.exe
        9⤵
        
        PID:5388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34153.exe
        10⤵
        
        PID:8452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10630.exe
        11⤵
        
        PID:11532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8452 -s 216
        11⤵
        
        PID:12312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5388 -s 216
        10⤵
        
        PID:9728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3632 -s 216
        9⤵
        
        PID:7200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1900 -s 236
        8⤵
        
        PID:5280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30774.exe
        7⤵
        
        PID:3708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26220.exe
        8⤵
        
        PID:5928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43494.exe
        9⤵
        
        PID:8480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5928 -s 216
        9⤵
        
        PID:9748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3708 -s 216
        8⤵
        
        PID:6720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2304 -s 240
        7⤵
        
        PID:4900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39955.exe
        6⤵
        
        PID:1496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6027.exe
        7⤵
        
        PID:3256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-240.exe
        8⤵
        
        PID:6308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8181.exe
        9⤵
        
        PID:9968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62546.exe
        10⤵
        
        PID:10796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9968 -s 236
        10⤵
        
        PID:12140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6308 -s 216
        9⤵
        
        PID:10944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3256 -s 236
        8⤵
        
        PID:7544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1496 -s 236
        7⤵
        
        PID:5924
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2396 -s 240
        6⤵
        Program crash
        
        PID:3852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57954.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61881.exe
        6⤵
        
        PID:1240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46423.exe
        7⤵
        
        PID:3428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24682.exe
        8⤵
        
        PID:4528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13597.exe
        9⤵
        
        PID:6996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6511.exe
        10⤵
        
        PID:10276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6996 -s 236
        10⤵
        
        PID:11388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4528 -s 216
        9⤵
        
        PID:8964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3428 -s 236
        8⤵
        
        PID:6492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1240 -s 236
        7⤵
        Program crash
        
        PID:4320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57092.exe
        6⤵
        
        PID:3464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37619.exe
        7⤵
        
        PID:4560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17630.exe
        8⤵
        
        PID:6868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7761.exe
        9⤵
        
        PID:11252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6868 -s 236
        9⤵
        
        PID:12060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4560 -s 216
        8⤵
        
        PID:9128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3464 -s 216
        7⤵
        
        PID:6480
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1840 -s 240
        6⤵
        Program crash
        
        PID:3580
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1452 -s 240
      4⤵
      Program crash
      PID:1528
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2592 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:1324
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2440 -s 240
  2⤵
  - Program crash
  PID:2520

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-1165.exe

Filesize
184KB

MD5
f135243d210e647375ef7a818b653134

SHA1
9e0d67416f00eae1dc4fc529b3e62626195aef9c

SHA256
8427230dae1591905eea656867d37d53c342d8d3e0ab9f3cb5f4c184f768198e

SHA512
80fafc9d68eadec0919dc72a0cedbb1cebc4b1b759d93e1ea7e86e56a3920db136451db416095f431409be0b2b1a55f7b465731e5685db909a5aa78fe2f3fc50

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21042.exe

Filesize
184KB

MD5
51e88c25e423ec8c67a2d8cf88074bf4

SHA1
2cf049cde675fbeb9c0d2d5b098c12cd5d8a6499

SHA256
2ecb0a6851358446c6cd9f77155ba541a749a919378f8268816395de3c9e213f

SHA512
0059496a5da86d9aa22e58deb26c9d01b00ab9c3532569fd80117d4f2ced4d24a432b91c348160ea8f60724b719e3083d1591b0c6c347ec299239f9847314249

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23076.exe

Filesize
184KB

MD5
534694ac3b7d90ebf0b87d2c1559d701

SHA1
fd39dd2cf66cf362eaf0ed9bf75b4e0712727d92

SHA256
03dc2fcba511ca46c36601d68bc61c551145c77882730ac69ff4c59510674aee

SHA512
782f7d92635c654aa26e644752622c20c8b468e6f86cf1617ab6c12cb7dcefd5320714093f793cc9e3e3e2bd98c10418d72499b9b745033db6857dfd7a68919c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23756.exe

Filesize
184KB

MD5
2975b8f226a4af4d5a064f2fadfe78b8

SHA1
30e8c1421393a40cbb81f2144922df154f357f42

SHA256
15d3933cbb70c8ca84c5bf6a52eaf84b94d00a46b662e7da93dddf3b3408d114

SHA512
e96d98634b71c60582b182a2e3893b8459eb2e5caaa1692b8f4e0ec191cbfd4676f72653a67a1cd2ddfeef760b59eaaea94a2c8def1f93bf20fa0d89093dd66e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25826.exe

Filesize
184KB

MD5
56bf616f86f8af27c360e6e6f7ab0a70

SHA1
2e6be2535162a542b9e5b0fcdc3cb28a4335b977

SHA256
92560f6a165e56716f5b3357f83ed3ae7cc372a860d344653bb5e98bf581c3a8

SHA512
54796972bd8622b5adad302c15b2718a9ba5f249cd0117a0c8e8ee061ea04940ed78dea4d7b11c44169d874f5302ddce7c1e3241c80e8780e62e20360c309bb9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39643.exe

Filesize
184KB

MD5
bb4838cfdb9a3db9a2d651fe3c93eaa8

SHA1
50be5ef13d93d8188e9a8eda894bf923716cda64

SHA256
8adc9b7a8b86e3018cb5b46ad92c15b309bef47de0d639447ab5b2acb59a261f

SHA512
8a8f888298d613dfa89175a568fc2c6fa9d4b83289430c10733b691ce43453a4625b150818ef1c0e1dc18a90fce4249ddbb56c6188a78202453070e5ea6b0153

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39955.exe

Filesize
184KB

MD5
ece416be32522e5c1383f035f2b6c54f

SHA1
d24d0e5aa7f4edaec6ec86726e6912ae832595b9

SHA256
0f0d570f86dceca0104a6f7ba110e19e139edbd009fa49488598f12b15f40603

SHA512
eb101d33d2cc3ffd3716d9bd8c9be7c18fe47ad248396b37cb4ecbb92f64fb7ec214519401cf13d5b35e4cbebfd98940f650f7863aaa68b842879ec68960854c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40018.exe

Filesize
184KB

MD5
b247a16981e16f0e1f5b9a645ff6d70e

SHA1
d7b01c5f9edee074a2a00baa01acfe10f4ab19bc

SHA256
f089edf4f4ba6c0e81ef8ab27aaf186582220c24b2af3bef544888075c9f6bcd

SHA512
c65a66a8c4180be4dc08502ddb482d86262076c7692b247addf88224b5a878acb638f8d63cec2f043b2f0a156daba285c565b14cd676e0206b3622c51d82f7eb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40900.exe

Filesize
184KB

MD5
9509bf5422fc627a8b0af2a1b8acfc2a

SHA1
826464e75328abaee72205b52b1b09be03dbfa5f

SHA256
609e06a53ea46c2fe65bf109d919b6f3c6a0e58ed40f27ae4fed0fa987a72826

SHA512
49bfd5235082c5453cbd51e3185b71435fc720459aa5ef93ce679cd1648a07d19f141dfa869b1492439cf51a1cd80b2af7cf0072025cd14a1609f43f2e4c27a4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45692.exe

Filesize
184KB

MD5
f4219d20b2c1d7194609089426cd5e5f

SHA1
887ae041a0e4275cc8be7cbef749185e5649a251

SHA256
1bfc1d3d4a3863acf62c3f0a445a7436628cc0fc70bcb3ef1fa9e54dd8506800

SHA512
a5c4e4c3fca3b7a62c64e2d2df46bde037624d6657dbaa8ec63588d816e787b9a9f237e49bbde67f0440e01b60fa254e4c94c77b5184ca6c0b42fd1b6f9c2513

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46837.exe

Filesize
184KB

MD5
1d9044604ab8345a40211b77c52d0514

SHA1
8338d87ecd1d6c9fd8782c450c1c30fedbf89410

SHA256
aedb924bc9f62a049c253a258efd31d72ea0be9a9571fadfdfa29277c787b57c

SHA512
c9ccf39f9d1b80451f9e30b1458485c54c010bf343fb1b3dc90855f38946bed886a9a210a1f69e7b0dc0917c2d0cb805ceef26a83af5cf6eec34ac6511f53c54

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54174.exe

Filesize
184KB

MD5
076df5603b8dcc8119965ed1bc7173e0

SHA1
f3439aae86f62965a72e1be187588fe667bfa379

SHA256
95c92d46814af9614b2917d01db8edf73eea343ed8058fd375e56202fad0521f

SHA512
1bd4924702a2dd1f518dd201fcedbac5ccc3517fd48257bbd821d370ea41628f256c7dbea45a85803405a0ebb92d3ab78f3df67dd14b94c302cf59449341ca0b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5719.exe

Filesize
184KB

MD5
6bbd206cb74d112a0c806339ce2bb579

SHA1
0d6140966c39fd12b9610ae655b9af497c57ee10

SHA256
2498767fe6c180c46220586e97f2112cc5db94fd44de0b74466848255346ad0a

SHA512
13498a48f34a4b323a603fb79b5b7c8ae94bfc8bf98395d5318cb41ef755f9b45df009d4cbf4bbea2796e2ac5af43f5b7b1366921f8a1ec6e0a8a50890cad9e4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5871.exe

Filesize
184KB

MD5
a4a8b2d0c3c6f613912c1a7785d1e46e

SHA1
bcc6ba703fcdd0a952851e21bab4aaddfa25fa55

SHA256
a60db8b81cfed1edae136f581d7f0323a03b5e4c1e955086984c8762f7f44444

SHA512
d38628e4f57a80f0755166086bb597acf802aec3bebd036bd60cc466e449596698d2a48b20cf22903476d9646db56bbdc6863dc3678179e16741b9b257cf6eda

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59446.exe

Filesize
184KB

MD5
09d111dfbd645570a7890bdb778be397

SHA1
d647ecc51f2c386edcd724d74f1e1e3bfbe2ef5c

SHA256
ba85e7fd4099ae00bc27c25da1d2950aa2d26d421d9c2885242939decc749a12

SHA512
dbdeb11d9399978d159afd234b4342b62588a9bdee58512c6ac4e3c02c127a893a74202c36ea74ee2bce006e6b920621c45c39f41d16bcb4f37fe4b68a161b54

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6027.exe

Filesize
184KB

MD5
c05a1b2e18ff826d2891b6d79d71aed2

SHA1
b92070b3c74fc3a7d6d2a02cbe051b0b5c3dbbab

SHA256
ef12af5bbfc6fa3deca6c79c92424b26c897e0818d1da45a70520cc8c85c9c02

SHA512
c9750955233885bb65f3189b0aee8d4158d30921d1bd3045a5f0d34c53a6888a32d9acc3234ae90078255f137f30e5c08333e6da7423165497dc550fd40799d8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6138.exe

Filesize
184KB

MD5
c47aa50d9fdbf92f914da20e511b76ee

SHA1
fd1a5eb832dcefcbd9b763593549bf51728b8b4c

SHA256
0f80559cd540bf5d25b89599dec63487583ab320fb3d98dfc5f8ecfc4cbf99d8

SHA512
782447509d0f981d7c7ad7c97a5adc6a06a5f78bab0f9732e079c919debd30588083f7af784d455e64475787c97f07f70a1f1cd89f91426668701776347c4739

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6225.exe

Filesize
184KB

MD5
66a58a77a4bff1bf4efe1ffc377b9d0a

SHA1
58d4b25662fdd102f39406e7916ecb45157b9813

SHA256
53c33d10d9f8d8c4eb702d343fac10f5e471c0f161661c3c24a3eb4c5e25eb25

SHA512
b91890379ecd3751c42899f8d737a53c137fb39d5cb6ac728d917c4b8db3fe60b5665dcea7a190a1d48309efaee739bba8a62da19d5a8cb778576a672285e700

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6511.exe

Filesize
184KB

MD5
1af23277b34633c40e43314fb9610676

SHA1
4b41628951991df5753aa1dc14adf43138f81e78

SHA256
66b0a84182cd00c789859150a6feb3fec08d4ae44eefa70096284b87da990714

SHA512
e3a2f469861cdfe08fc0c2cca26c8e36c7760ea0b531fb04b084743d747ac60fe5b754de5896e70f51dae1220b3d71602ca044b0542d4262af31f91a20fc0134

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8554.exe

Filesize
184KB

MD5
08e10ce57cd2f8c07ac690c9be717bed

SHA1
b8f426f48542d286720b077afa508d25236d352b

SHA256
592e1650a09476f44e7b09e8e4296a2efb7341353f9840b12fbf24b853b654f2

SHA512
4117b51829892d9f5e3e5e010cee2ec8cf5358de773ba0bec88a70623ae1f07ff21c7406945b41f20295444b9041877e7376eeed68546d600e8e76a17f27ec38

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-10849.exe

Filesize
184KB

MD5
944052330175566c2eee2aaa28528ed1

SHA1
b0d7211068f635cc9b841394b5210e13405be63e

SHA256
e8e08e7d8a3e33a0d9edcd93646c1ae3df2991c3bccf2d112d7c114ed77d43e9

SHA512
fff732d5823d6247ba298625c0bab5f859def473db0c575a90182652f993db00abfcfc7cdc4eb082d81a40522e249bdca9f269ecb5f6c957d702e962ffb45163

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-13334.exe

Filesize
184KB

MD5
84c7bf63a3000b6fcf0bcf2624d843c5

SHA1
4e357fad3a4638e72ace9ec420fcd9fe2557a543

SHA256
449cd18b4f83d79e0ae0fa95933dc798783d87853ece8ef80d85d91b04afb199

SHA512
db591e279198a74cc86a1bc9c7ac0b8854d26b51e288d58e46b090763e6ca9d6d6517bddda7baf7e48c48273bdea880e3f1b5b6685c669af3847af5b30e6b746

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-23020.exe

Filesize
184KB

MD5
4618428e2e3757239b7c4011b3438c50

SHA1
a32315760266705bd37191d5de52a8f4bf956020

SHA256
3b81efea33c5f444e1cd1eace6f05dae30b0db1ebd2aa439913bfdab21754dd2

SHA512
537bc34528455f87dabbf77ce639367bfabbd6a63665678eda5b3aa8e1ea65ee05b5dcc1f2f785cb1e1285dcc3be5d8877799518e8fb7ef1ef24d2fe29d9c7ec

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-31219.exe

Filesize
184KB

MD5
8691d756ae67b69ffcf5035527434464

SHA1
4806949786cb695f676ef2048dfa7c4cb3762791

SHA256
445a99f50a0fb17d147b61ea5f6071aaba0b75741293a46bffa889ac5fca21fb

SHA512
5d9776fccc8fbd37bafd374afb752c8989ab5b8ba1c6df2c753d7f8192d2be5abcbc7d4bfe0fe5f347cb4e697924d28f70be098ab88ec2e83662c060f037dd99

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-37048.exe

Filesize
184KB

MD5
94ce4ee00f3b64e19386cb19b5741796

SHA1
35fe749483d7c6db8d2197cc36691b9f73e2e638

SHA256
732e2bb83056da4d37c603abd8c135a0ae4fb464b022f1f0b9cac6cf9da9d7d8

SHA512
9e9bbc62559c14cf4fcf74c9a33d83e5fad3efeb794cbbfce9d5559f2003243d8d4c1eae6f7a8af1a3d2ad004ddf054d109bfe11631bf61232fbcf7663e5ef09

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-59006.exe

Filesize
184KB

MD5
b1d8678661c71d576e551d61bf7e3c12

SHA1
3083a6df6ad7d14a194fa6c4ad6275ea1181e63d

SHA256
a09726d391749c49b9a133d227e424ab0b859310c81ddf5c27922b483e24fd2c

SHA512
73ecae1e5c28915d371bbc5fdb477cb163379b2a2c8506e68e6f8d563ee007766c67c8b3dd3f6cfbd80a09f046e17c703289663e43994ad8c7f2f2025f5952af

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-8580.exe

Filesize
184KB

MD5
7059baaeadf3ee381a6e65247ddae178

SHA1
7866e19ff0f173f5cd21923996415c0fb432044c

SHA256
feddcac1775d98d0caf919cfa28fbfdc474726a0faf1f7320f87b0280cc5a049

SHA512
ee342e9e0991bd58e93e07101f243557098aef944dc38e6a19543a7c2ce38a191ba4ebae3afdb127545ac91ffcf5561d3c89d28e37b358e5e809e290671f68ea

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads