1e4f77ad439573222c077d129dd87113cade01979f2882432b30b9ca8bec0484

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
31-05-2024 19:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1e4f77ad439573222c077d129dd87113cade01979f2882432b30b9ca8bec0484.exe
Size

184KB
MD5

7c18b6d45226cd5de14257cd0f7c6a5d
SHA1

f1e64af6b44ace6b30cd7e4edf77cfd1fad0acf7
SHA256

1e4f77ad439573222c077d129dd87113cade01979f2882432b30b9ca8bec0484
SHA512

012fc23cdf7aad4cc3d8177b5c26ed60f4153bbf9a76c83579c1d1cc30e1debf1789528dd2f05302f888cc9446934c5afcc5ed59c2cd7acbd21a6f5deb93ed89
SSDEEP

1536:x7S/6GZAuc+goPx1zF1AlqwFHjIyvZclumdHxqLi2VzYBZlshj5Vizpvz:ZdUc+goZlF1DEH8WepqLiKYBZl6niFL

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2860	Unicorn-52596.exe
3024	Unicorn-19971.exe
2636	Unicorn-105.exe
2604	Unicorn-30914.exe
2512	Unicorn-50780.exe
2496	Unicorn-33375.exe
1896	Unicorn-2731.exe
2808	Unicorn-52487.exe
2828	Unicorn-27236.exe
272	Unicorn-62046.exe
1976	Unicorn-46265.exe
1672	Unicorn-45793.exe
1120	Unicorn-48486.exe
2192	Unicorn-31403.exe
2196	Unicorn-23235.exe
1504	Unicorn-38179.exe
672	Unicorn-44423.exe
588	Unicorn-59368.exe
1636	Unicorn-13696.exe
1284	Unicorn-28471.exe
1748	Unicorn-63281.exe
944	Unicorn-12689.exe
2864	Unicorn-59197.exe
1244	Unicorn-25709.exe
2220	Unicorn-49659.exe
2088	Unicorn-56436.exe
568	Unicorn-31185.exe
1832	Unicorn-35269.exe
1864	Unicorn-3151.exe
3004	Unicorn-23017.exe
2932	Unicorn-37961.exe
2676	Unicorn-30656.exe
2704	Unicorn-45601.exe
2756	Unicorn-51844.exe
2136	Unicorn-55928.exe
2752	Unicorn-5336.exe
2520	Unicorn-2643.exe
2536	Unicorn-37454.exe
2724	Unicorn-21672.exe
2780	Unicorn-33370.exe
1840	Unicorn-38008.exe
660	Unicorn-4589.exe
1992	Unicorn-19534.exe
2020	Unicorn-8673.exe
2140	Unicorn-7282.exe
280	Unicorn-61958.exe
1664	Unicorn-31786.exe
2056	Unicorn-20926.exe
2060	Unicorn-51652.exe
792	Unicorn-13032.exe
840	Unicorn-52482.exe
1708	Unicorn-53873.exe
2928	Unicorn-47651.exe
2420	Unicorn-62596.exe
1064	Unicorn-6618.exe
2424	Unicorn-9311.exe
1580	Unicorn-29177.exe
2700	Unicorn-44122.exe
2716	Unicorn-13395.exe
2532	Unicorn-53681.exe
2484	Unicorn-57765.exe
2952	Unicorn-35975.exe
2672	Unicorn-5248.exe
2844	Unicorn-55004.exe

Loads dropped DLL 64 IoCs

pid	Process
1200	1e4f77ad439573222c077d129dd87113cade01979f2882432b30b9ca8bec0484.exe
1200	1e4f77ad439573222c077d129dd87113cade01979f2882432b30b9ca8bec0484.exe
2860	Unicorn-52596.exe
2860	Unicorn-52596.exe
1200	1e4f77ad439573222c077d129dd87113cade01979f2882432b30b9ca8bec0484.exe
1200	1e4f77ad439573222c077d129dd87113cade01979f2882432b30b9ca8bec0484.exe
3024	Unicorn-19971.exe
2860	Unicorn-52596.exe
2860	Unicorn-52596.exe
3024	Unicorn-19971.exe
2636	Unicorn-105.exe
2636	Unicorn-105.exe
2608	WerFault.exe
2608	WerFault.exe
2608	WerFault.exe
2608	WerFault.exe
2608	WerFault.exe
2512	Unicorn-50780.exe
2512	Unicorn-50780.exe
2636	Unicorn-105.exe
2636	Unicorn-105.exe
2604	Unicorn-30914.exe
2604	Unicorn-30914.exe
2496	Unicorn-33375.exe
2496	Unicorn-33375.exe
3024	Unicorn-19971.exe
3024	Unicorn-19971.exe
2044	WerFault.exe
2044	WerFault.exe
2044	WerFault.exe
2044	WerFault.exe
284	WerFault.exe
284	WerFault.exe
284	WerFault.exe
284	WerFault.exe
2044	WerFault.exe
284	WerFault.exe
1896	Unicorn-2731.exe
1896	Unicorn-2731.exe
2512	Unicorn-50780.exe
2512	Unicorn-50780.exe
2808	Unicorn-52487.exe
2808	Unicorn-52487.exe
2828	Unicorn-27236.exe
2828	Unicorn-27236.exe
2604	Unicorn-30914.exe
2604	Unicorn-30914.exe
1976	Unicorn-46265.exe
1976	Unicorn-46265.exe
2496	Unicorn-33375.exe
2496	Unicorn-33375.exe
272	Unicorn-62046.exe
272	Unicorn-62046.exe
2460	WerFault.exe
2460	WerFault.exe
2460	WerFault.exe
2460	WerFault.exe
2460	WerFault.exe
2204	WerFault.exe
2204	WerFault.exe
2204	WerFault.exe
2204	WerFault.exe
2204	WerFault.exe
1084	WerFault.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2684	1200	WerFault.exe	27
2608	2860	WerFault.exe	28
2044	3024	WerFault.exe	29
284	2636	WerFault.exe	30
2460	2512	WerFault.exe	34
2204	2604	WerFault.exe	33
1084	2496	WerFault.exe	32
1400	1896	WerFault.exe	36
2572	2808	WerFault.exe	37
1028	2828	WerFault.exe	38
2616	272	WerFault.exe	39
2580	1976	WerFault.exe	40
532	1120	WerFault.exe	44
700	1672	WerFault.exe	43
640	2192	WerFault.exe	45
2528	2196	WerFault.exe	46
632	1504	WerFault.exe	47
2328	672	WerFault.exe	48
2040	1636	WerFault.exe	50
1536	588	WerFault.exe	49
2164	1284	WerFault.exe	54
2764	944	WerFault.exe	56
2648	1748	WerFault.exe	55
2500	1244	WerFault.exe	58
2980	2220	WerFault.exe	59
1044	2864	WerFault.exe	57
2804	568	WerFault.exe	61
1888	1832	WerFault.exe	62
2180	2088	WerFault.exe	60
2308	2932	WerFault.exe	65
2072	3004	WerFault.exe	64
1100	1864	WerFault.exe	63
1712	2676	WerFault.exe	69
2692	2704	WerFault.exe	72
3124	2756	WerFault.exe	73
3172	2136	WerFault.exe	74
3184	2520	WerFault.exe	76
3216	2536	WerFault.exe	77
3240	2724	WerFault.exe	78
3272	1840	WerFault.exe	80
3304	2060	WerFault.exe	89
3312	1992	WerFault.exe	82
3296	1584	WerFault.exe	86
3328	660	WerFault.exe	81
3368	280	WerFault.exe	85
3376	2056	WerFault.exe	88
3384	2752	WerFault.exe	75
3400	1664	WerFault.exe	87
3392	2020	WerFault.exe	83
3432	2140	WerFault.exe	84
3788	2380	WerFault.exe	148
3796	2280	WerFault.exe	149
3884	2780	WerFault.exe	79
4012	792	WerFault.exe	98
3656	2928	WerFault.exe	101
4044	548	WerFault.exe	114
4064	2672	WerFault.exe	111
4084	484	WerFault.exe	121
3352	1592	WerFault.exe	122
3624	2892	WerFault.exe	120
3868	2300	WerFault.exe	116
3856	1708	WerFault.exe	100
3204	840	WerFault.exe	99
3696	2420	WerFault.exe	102

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1200	1e4f77ad439573222c077d129dd87113cade01979f2882432b30b9ca8bec0484.exe
2860	Unicorn-52596.exe
3024	Unicorn-19971.exe
2636	Unicorn-105.exe
2512	Unicorn-50780.exe
2604	Unicorn-30914.exe
2496	Unicorn-33375.exe
1896	Unicorn-2731.exe
2808	Unicorn-52487.exe
2828	Unicorn-27236.exe
272	Unicorn-62046.exe
1976	Unicorn-46265.exe
1672	Unicorn-45793.exe
1120	Unicorn-48486.exe
2192	Unicorn-31403.exe
2196	Unicorn-23235.exe
1504	Unicorn-38179.exe
672	Unicorn-44423.exe
588	Unicorn-59368.exe
1636	Unicorn-13696.exe
1284	Unicorn-28471.exe
1748	Unicorn-63281.exe
944	Unicorn-12689.exe
1244	Unicorn-25709.exe
2864	Unicorn-59197.exe
2220	Unicorn-49659.exe
2088	Unicorn-56436.exe
568	Unicorn-31185.exe
1832	Unicorn-35269.exe
1864	Unicorn-3151.exe
3004	Unicorn-23017.exe
2676	Unicorn-30656.exe
2704	Unicorn-45601.exe
2756	Unicorn-51844.exe
2136	Unicorn-55928.exe
2752	Unicorn-5336.exe
2520	Unicorn-2643.exe
2536	Unicorn-37454.exe
2724	Unicorn-21672.exe
2780	Unicorn-33370.exe
1840	Unicorn-38008.exe
2020	Unicorn-8673.exe
660	Unicorn-4589.exe
1992	Unicorn-19534.exe
2140	Unicorn-7282.exe
280	Unicorn-61958.exe
1584	Unicorn-31232.exe
1664	Unicorn-31786.exe
2060	Unicorn-51652.exe
2056	Unicorn-20926.exe
792	Unicorn-13032.exe
840	Unicorn-52482.exe
1708	Unicorn-53873.exe
2928	Unicorn-47651.exe
2420	Unicorn-62596.exe
1064	Unicorn-6618.exe
2716	Unicorn-13395.exe
2424	Unicorn-9311.exe
2700	Unicorn-44122.exe
1580	Unicorn-29177.exe
2484	Unicorn-57765.exe
2532	Unicorn-53681.exe
2952	Unicorn-35975.exe
2672	Unicorn-5248.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1200 wrote to memory of 2860	1200	1e4f77ad439573222c077d129dd87113cade01979f2882432b30b9ca8bec0484.exe	28
PID 1200 wrote to memory of 2860	1200	1e4f77ad439573222c077d129dd87113cade01979f2882432b30b9ca8bec0484.exe	28
PID 1200 wrote to memory of 2860	1200	1e4f77ad439573222c077d129dd87113cade01979f2882432b30b9ca8bec0484.exe	28
PID 1200 wrote to memory of 2860	1200	1e4f77ad439573222c077d129dd87113cade01979f2882432b30b9ca8bec0484.exe	28
PID 2860 wrote to memory of 3024	2860	Unicorn-52596.exe	29
PID 2860 wrote to memory of 3024	2860	Unicorn-52596.exe	29
PID 2860 wrote to memory of 3024	2860	Unicorn-52596.exe	29
PID 2860 wrote to memory of 3024	2860	Unicorn-52596.exe	29
PID 1200 wrote to memory of 2636	1200	1e4f77ad439573222c077d129dd87113cade01979f2882432b30b9ca8bec0484.exe	30
PID 1200 wrote to memory of 2636	1200	1e4f77ad439573222c077d129dd87113cade01979f2882432b30b9ca8bec0484.exe	30
PID 1200 wrote to memory of 2636	1200	1e4f77ad439573222c077d129dd87113cade01979f2882432b30b9ca8bec0484.exe	30
PID 1200 wrote to memory of 2636	1200	1e4f77ad439573222c077d129dd87113cade01979f2882432b30b9ca8bec0484.exe	30
PID 1200 wrote to memory of 2684	1200	1e4f77ad439573222c077d129dd87113cade01979f2882432b30b9ca8bec0484.exe	31
PID 1200 wrote to memory of 2684	1200	1e4f77ad439573222c077d129dd87113cade01979f2882432b30b9ca8bec0484.exe	31
PID 1200 wrote to memory of 2684	1200	1e4f77ad439573222c077d129dd87113cade01979f2882432b30b9ca8bec0484.exe	31
PID 1200 wrote to memory of 2684	1200	1e4f77ad439573222c077d129dd87113cade01979f2882432b30b9ca8bec0484.exe	31
PID 2860 wrote to memory of 2604	2860	Unicorn-52596.exe	33
PID 2860 wrote to memory of 2604	2860	Unicorn-52596.exe	33
PID 2860 wrote to memory of 2604	2860	Unicorn-52596.exe	33
PID 2860 wrote to memory of 2604	2860	Unicorn-52596.exe	33
PID 3024 wrote to memory of 2496	3024	Unicorn-19971.exe	32
PID 3024 wrote to memory of 2496	3024	Unicorn-19971.exe	32
PID 3024 wrote to memory of 2496	3024	Unicorn-19971.exe	32
PID 3024 wrote to memory of 2496	3024	Unicorn-19971.exe	32
PID 2636 wrote to memory of 2512	2636	Unicorn-105.exe	34
PID 2636 wrote to memory of 2512	2636	Unicorn-105.exe	34
PID 2636 wrote to memory of 2512	2636	Unicorn-105.exe	34
PID 2636 wrote to memory of 2512	2636	Unicorn-105.exe	34
PID 2860 wrote to memory of 2608	2860	Unicorn-52596.exe	35
PID 2860 wrote to memory of 2608	2860	Unicorn-52596.exe	35
PID 2860 wrote to memory of 2608	2860	Unicorn-52596.exe	35
PID 2860 wrote to memory of 2608	2860	Unicorn-52596.exe	35
PID 2512 wrote to memory of 1896	2512	Unicorn-50780.exe	36
PID 2512 wrote to memory of 1896	2512	Unicorn-50780.exe	36
PID 2512 wrote to memory of 1896	2512	Unicorn-50780.exe	36
PID 2512 wrote to memory of 1896	2512	Unicorn-50780.exe	36
PID 2636 wrote to memory of 2808	2636	Unicorn-105.exe	37
PID 2636 wrote to memory of 2808	2636	Unicorn-105.exe	37
PID 2636 wrote to memory of 2808	2636	Unicorn-105.exe	37
PID 2636 wrote to memory of 2808	2636	Unicorn-105.exe	37
PID 2604 wrote to memory of 2828	2604	Unicorn-30914.exe	38
PID 2604 wrote to memory of 2828	2604	Unicorn-30914.exe	38
PID 2604 wrote to memory of 2828	2604	Unicorn-30914.exe	38
PID 2604 wrote to memory of 2828	2604	Unicorn-30914.exe	38
PID 2496 wrote to memory of 272	2496	Unicorn-33375.exe	39
PID 2496 wrote to memory of 272	2496	Unicorn-33375.exe	39
PID 2496 wrote to memory of 272	2496	Unicorn-33375.exe	39
PID 2496 wrote to memory of 272	2496	Unicorn-33375.exe	39
PID 3024 wrote to memory of 1976	3024	Unicorn-19971.exe	40
PID 3024 wrote to memory of 1976	3024	Unicorn-19971.exe	40
PID 3024 wrote to memory of 1976	3024	Unicorn-19971.exe	40
PID 3024 wrote to memory of 1976	3024	Unicorn-19971.exe	40
PID 3024 wrote to memory of 2044	3024	Unicorn-19971.exe	41
PID 3024 wrote to memory of 2044	3024	Unicorn-19971.exe	41
PID 3024 wrote to memory of 2044	3024	Unicorn-19971.exe	41
PID 3024 wrote to memory of 2044	3024	Unicorn-19971.exe	41
PID 2636 wrote to memory of 284	2636	Unicorn-105.exe	42
PID 2636 wrote to memory of 284	2636	Unicorn-105.exe	42
PID 2636 wrote to memory of 284	2636	Unicorn-105.exe	42
PID 2636 wrote to memory of 284	2636	Unicorn-105.exe	42
PID 1896 wrote to memory of 1672	1896	Unicorn-2731.exe	43
PID 1896 wrote to memory of 1672	1896	Unicorn-2731.exe	43
PID 1896 wrote to memory of 1672	1896	Unicorn-2731.exe	43
PID 1896 wrote to memory of 1672	1896	Unicorn-2731.exe	43

C:\Users\Admin\AppData\Local\Temp\1e4f77ad439573222c077d129dd87113cade01979f2882432b30b9ca8bec0484.exe
"C:\Users\Admin\AppData\Local\Temp\1e4f77ad439573222c077d129dd87113cade01979f2882432b30b9ca8bec0484.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1200
- C:\Users\Admin\AppData\Local\Temp\Unicorn-52596.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-52596.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2860
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19971.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19971.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33375.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33375.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62046.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13696.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23017.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51652.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62617.exe
        9⤵
        
        PID:548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5715.exe
        10⤵
        
        PID:2148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30687.exe
        11⤵
        
        PID:3528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3528 -s 220
        12⤵
        
        PID:5500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2148 -s 236
        11⤵
        
        PID:4152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 548 -s 216
        10⤵
        Program crash
        
        PID:4044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2186.exe
        9⤵
        
        PID:1756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38771.exe
        10⤵
        
        PID:3212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1216.exe
        11⤵
        
        PID:5564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30843.exe
        12⤵
        
        PID:8104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31134.exe
        13⤵
        
        PID:10776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42460.exe
        14⤵
        
        PID:12952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10776 -s 216
        14⤵
        
        PID:13072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8104 -s 216
        13⤵
        
        PID:11312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5564 -s 216
        12⤵
        
        PID:9260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3212 -s 236
        11⤵
        
        PID:7260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1756 -s 216
        10⤵
        
        PID:6012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2060 -s 240
        9⤵
        Program crash
        
        PID:3304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32445.exe
        8⤵
        
        PID:2300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3577.exe
        9⤵
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62181.exe
        10⤵
        
        PID:3700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21253.exe
        11⤵
        
        PID:5256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40573.exe
        12⤵
        
        PID:7428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38534.exe
        13⤵
        
        PID:10640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55916.exe
        14⤵
        
        PID:12656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10640 -s 236
        14⤵
        
        PID:13036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7428 -s 216
        13⤵
        
        PID:10384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5256 -s 216
        12⤵
        
        PID:8712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3700 -s 216
        11⤵
        
        PID:6868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2004 -s 236
        10⤵
        
        PID:5816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2300 -s 236
        9⤵
        Program crash
        
        PID:3868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3004 -s 240
        8⤵
        Program crash
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31786.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25669.exe
        8⤵
        
        PID:1592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1592 -s 224
        9⤵
        Program crash
        
        PID:3352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1664 -s 248
        8⤵
        Program crash
        
        PID:3400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1636 -s 240
        7⤵
        Program crash
        
        PID:2040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37961.exe
        6⤵
        Executes dropped EXE
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31232.exe
        7⤵
        Suspicious use of SetWindowsHookEx
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13177.exe
        8⤵
        
        PID:2800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2800 -s 244
        9⤵
        
        PID:4400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1584 -s 236
        8⤵
        Program crash
        
        PID:3296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2932 -s 248
        7⤵
        Program crash
        
        PID:2308
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 272 -s 240
        6⤵
        Program crash
        
        PID:2616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59368.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:588
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 588 -s 244
        6⤵
        Program crash
        
        PID:1536
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2496 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:1084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46265.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46265.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44423.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35269.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8673.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44143.exe
        8⤵
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34474.exe
        8⤵
        
        PID:2380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2380 -s 240
        9⤵
        Program crash
        
        PID:3788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2020 -s 240
        8⤵
        Program crash
        
        PID:3392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59088.exe
        7⤵
        
        PID:1032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50832.exe
        8⤵
        
        PID:1588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42939.exe
        9⤵
        
        PID:3520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33230.exe
        10⤵
        
        PID:5416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54029.exe
        11⤵
        
        PID:6424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26697.exe
        12⤵
        
        PID:9204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23132.exe
        13⤵
        
        PID:10668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50732.exe
        14⤵
        
        PID:8052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10668 -s 216
        14⤵
        
        PID:13336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9204 -s 216
        13⤵
        
        PID:12128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6424 -s 216
        12⤵
        
        PID:10220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5416 -s 216
        11⤵
        
        PID:8236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3520 -s 216
        10⤵
        
        PID:6856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1588 -s 216
        9⤵
        
        PID:5036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4599.exe
        8⤵
        
        PID:3648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28461.exe
        9⤵
        
        PID:5724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38954.exe
        10⤵
        
        PID:6956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10744.exe
        11⤵
        
        PID:9012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11263.exe
        12⤵
        
        PID:10648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16306.exe
        13⤵
        
        PID:12460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10648 -s 220
        13⤵
        
        PID:13444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9012 -s 216
        12⤵
        
        PID:12268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6956 -s 216
        11⤵
        
        PID:9868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5724 -s 216
        10⤵
        
        PID:8560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3648 -s 236
        9⤵
        
        PID:6320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1032 -s 220
        8⤵
        
        PID:4976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1832 -s 240
        7⤵
        Program crash
        
        PID:1888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7282.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13416.exe
        7⤵
        
        PID:2372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34474.exe
        7⤵
        
        PID:2280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2280 -s 240
        8⤵
        Program crash
        
        PID:3796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2140 -s 240
        7⤵
        Program crash
        
        PID:3432
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 672 -s 240
        6⤵
        Program crash
        
        PID:2328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3151.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20926.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21585.exe
        7⤵
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7661.exe
        8⤵
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33209.exe
        9⤵
        
        PID:3160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52773.exe
        10⤵
        
        PID:5828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8611.exe
        11⤵
        
        PID:7316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64366.exe
        12⤵
        
        PID:9280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59045.exe
        13⤵
        
        PID:11472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1588.exe
        14⤵
        
        PID:12764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9280 -s 236
        13⤵
        
        PID:12536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7316 -s 216
        12⤵
        
        PID:10464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 216
        11⤵
        
        PID:9056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3160 -s 216
        10⤵
        
        PID:6636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3040 -s 216
        9⤵
        
        PID:5188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25403.exe
        8⤵
        
        PID:3688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43427.exe
        9⤵
        
        PID:6104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29883.exe
        10⤵
        
        PID:8088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8108.exe
        11⤵
        
        PID:10388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5708.exe
        12⤵
        
        PID:12348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10388 -s 236
        12⤵
        
        PID:12840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8088 -s 216
        11⤵
        
        PID:11228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6104 -s 216
        10⤵
        
        PID:8328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3688 -s 216
        9⤵
        
        PID:6664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2252 -s 240
        8⤵
        
        PID:5648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2056 -s 236
        7⤵
        Program crash
        
        PID:3376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36529.exe
        6⤵
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7661.exe
        7⤵
        
        PID:2548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2548 -s 224
        8⤵
        
        PID:4664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2892 -s 216
        7⤵
        Program crash
        
        PID:3624
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1864 -s 240
        6⤵
        Program crash
        
        PID:1100
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1976 -s 240
        5⤵
        Program crash
        
        PID:2580
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3024 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:2044
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30914.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30914.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27236.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27236.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23235.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49659.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37454.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29177.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24190.exe
        9⤵
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36909.exe
        10⤵
        
        PID:4024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61242.exe
        11⤵
        
        PID:5376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16505.exe
        12⤵
        
        PID:7140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18913.exe
        13⤵
        
        PID:8844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25654.exe
        14⤵
        
        PID:10488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48791.exe
        15⤵
        
        PID:12852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10488 -s 216
        15⤵
        
        PID:12868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8844 -s 216
        14⤵
        
        PID:12212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7140 -s 216
        13⤵
        
        PID:9836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5376 -s 216
        12⤵
        
        PID:7408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4024 -s 216
        11⤵
        
        PID:6880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2116 -s 236
        10⤵
        
        PID:4924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6737.exe
        9⤵
        
        PID:4092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18840.exe
        10⤵
        
        PID:5464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63759.exe
        11⤵
        
        PID:6964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3837.exe
        12⤵
        
        PID:8280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14086.exe
        13⤵
        
        PID:11132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12138.exe
        14⤵
        
        PID:6400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11132 -s 216
        14⤵
        
        PID:7572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8280 -s 220
        13⤵
        
        PID:11944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6964 -s 216
        12⤵
        
        PID:9232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5464 -s 216
        11⤵
        
        PID:7280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4092 -s 216
        10⤵
        
        PID:6948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1580 -s 240
        9⤵
        
        PID:5052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8408.exe
        8⤵
        
        PID:2924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39348.exe
        9⤵
        
        PID:3440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59104.exe
        10⤵
        
        PID:4300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61045.exe
        11⤵
        
        PID:6892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10661.exe
        12⤵
        
        PID:9152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30039.exe
        13⤵
        
        PID:1348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3778.exe
        14⤵
        
        PID:6260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1348 -s 216
        14⤵
        
        PID:7828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9152 -s 216
        13⤵
        
        PID:11884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6892 -s 216
        12⤵
        
        PID:9968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4300 -s 236
        11⤵
        
        PID:8148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3440 -s 216
        10⤵
        
        PID:6148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2924 -s 236
        9⤵
        
        PID:5004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2536 -s 240
        8⤵
        Program crash
        
        PID:3216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13395.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41896.exe
        8⤵
        
        PID:2996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60152.exe
        9⤵
        
        PID:4048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51922.exe
        10⤵
        
        PID:4940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38632.exe
        11⤵
        
        PID:6516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49810.exe
        12⤵
        
        PID:9144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29354.exe
        13⤵
        
        PID:10500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9076.exe
        14⤵
        
        PID:13228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10500 -s 216
        14⤵
        
        PID:7692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9144 -s 216
        13⤵
        
        PID:11992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6516 -s 216
        12⤵
        
        PID:10212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4940 -s 216
        11⤵
        
        PID:7892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4048 -s 216
        10⤵
        
        PID:5584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2996 -s 236
        9⤵
        
        PID:4616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28034.exe
        8⤵
        
        PID:4076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29124.exe
        9⤵
        
        PID:5276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53645.exe
        10⤵
        
        PID:6812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29904.exe
        11⤵
        
        PID:8988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50843.exe
        12⤵
        
        PID:10380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42756.exe
        13⤵
        
        PID:7652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10380 -s 216
        13⤵
        
        PID:9524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8988 -s 216
        12⤵
        
        PID:11964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6812 -s 216
        11⤵
        
        PID:10188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5276 -s 216
        10⤵
        
        PID:7716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4076 -s 216
        9⤵
        
        PID:6764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2716 -s 240
        8⤵
        
        PID:3848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2220 -s 240
        7⤵
        Program crash
        
        PID:2980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21672.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57765.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1392.exe
        8⤵
        
        PID:3084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44330.exe
        9⤵
        
        PID:4552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38440.exe
        10⤵
        
        PID:6652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53832.exe
        11⤵
        
        PID:9004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56105.exe
        12⤵
        
        PID:10592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58085.exe
        13⤵
        
        PID:13292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10592 -s 216
        13⤵
        
        PID:13104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9004 -s 216
        12⤵
        
        PID:11800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6652 -s 216
        11⤵
        
        PID:9860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4552 -s 216
        10⤵
        
        PID:8024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3084 -s 236
        9⤵
        
        PID:5608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2484 -s 216
        8⤵
        
        PID:4196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16576.exe
        7⤵
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46146.exe
        8⤵
        
        PID:3704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3704 -s 224
        9⤵
        
        PID:5460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2948 -s 216
        8⤵
        
        PID:4340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2724 -s 240
        7⤵
        Program crash
        
        PID:3240
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2196 -s 240
        6⤵
        Program crash
        
        PID:2528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56436.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61958.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56395.exe
        7⤵
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11745.exe
        8⤵
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47215.exe
        9⤵
        
        PID:3784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26624.exe
        10⤵
        
        PID:5144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4060.exe
        11⤵
        
        PID:6504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4823.exe
        12⤵
        
        PID:8792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8792 -s 224
        13⤵
        
        PID:11336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6504 -s 216
        12⤵
        
        PID:10100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5144 -s 220
        11⤵
        
        PID:8056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3784 -s 216
        10⤵
        
        PID:6700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1980 -s 236
        9⤵
        
        PID:4304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21127.exe
        8⤵
        
        PID:3872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65518.exe
        9⤵
        
        PID:4408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18451.exe
        10⤵
        
        PID:6116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19214.exe
        11⤵
        
        PID:8724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56489.exe
        12⤵
        
        PID:11076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11076 -s 224
        13⤵
        
        PID:6364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8724 -s 216
        12⤵
        
        PID:11936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6116 -s 216
        11⤵
        
        PID:10068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4408 -s 216
        10⤵
        
        PID:5864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3872 -s 216
        9⤵
        
        PID:6744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1720 -s 240
        8⤵
        
        PID:5076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14438.exe
        7⤵
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43131.exe
        8⤵
        
        PID:3572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34216.exe
        9⤵
        
        PID:4288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26043.exe
        10⤵
        
        PID:7032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20776.exe
        11⤵
        
        PID:8208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56681.exe
        12⤵
        
        PID:10816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59585.exe
        13⤵
        
        PID:12876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10816 -s 220
        13⤵
        
        PID:12808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8208 -s 216
        12⤵
        
        PID:11972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7032 -s 216
        11⤵
        
        PID:9996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4288 -s 216
        10⤵
        
        PID:7324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3572 -s 216
        9⤵
        
        PID:6460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1512 -s 216
        8⤵
        
        PID:5096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 280 -s 240
        7⤵
        Program crash
        
        PID:3368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5803.exe
        6⤵
        
        PID:484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 484 -s 244
        7⤵
        Program crash
        
        PID:4084
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2088 -s 240
        6⤵
        Program crash
        
        PID:2180
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2828 -s 240
        5⤵
        Program crash
        
        PID:1028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38179.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38179.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31185.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4589.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1164.exe
        7⤵
        
        PID:1996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58569.exe
        8⤵
        
        PID:3264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35970.exe
        9⤵
        
        PID:4840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20158.exe
        10⤵
        
        PID:6596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20392.exe
        11⤵
        
        PID:8872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64465.exe
        12⤵
        
        PID:11180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9232.exe
        13⤵
        
        PID:5492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11180 -s 216
        13⤵
        
        PID:7288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8872 -s 216
        12⤵
        
        PID:11668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6596 -s 216
        11⤵
        
        PID:9800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4840 -s 216
        10⤵
        
        PID:7940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3264 -s 216
        9⤵
        
        PID:5132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1996 -s 216
        8⤵
        
        PID:4236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 660 -s 236
        7⤵
        Program crash
        
        PID:3328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1719.exe
        6⤵
        
        PID:1556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13883.exe
        7⤵
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26795.exe
        8⤵
        
        PID:3908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14646.exe
        9⤵
        
        PID:6136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56525.exe
        10⤵
        
        PID:8120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56624.exe
        11⤵
        
        PID:10532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41479.exe
        12⤵
        
        PID:12504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10532 -s 236
        12⤵
        
        PID:12920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8120 -s 216
        11⤵
        
        PID:10636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6136 -s 216
        10⤵
        
        PID:8540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3908 -s 236
        9⤵
        
        PID:7044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2896 -s 216
        8⤵
        
        PID:5684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1475.exe
        7⤵
        
        PID:3168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31559.exe
        8⤵
        
        PID:5184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65269.exe
        9⤵
        
        PID:7212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5184 -s 236
        9⤵
        
        PID:8584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3168 -s 236
        8⤵
        
        PID:6584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1556 -s 240
        7⤵
        
        PID:5796
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 568 -s 240
        6⤵
        Program crash
        
        PID:2804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19534.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27807.exe
        6⤵
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9799.exe
        7⤵
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14350.exe
        8⤵
        
        PID:3152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51128.exe
        9⤵
        
        PID:5172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30703.exe
        10⤵
        
        PID:6440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52078.exe
        11⤵
        
        PID:8656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5342.exe
        12⤵
        
        PID:10936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10936 -s 224
        13⤵
        
        PID:13300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8656 -s 216
        12⤵
        
        PID:11900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6440 -s 216
        11⤵
        
        PID:10040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5172 -s 216
        10⤵
        
        PID:7696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3152 -s 216
        9⤵
        
        PID:6728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2320 -s 236
        8⤵
        
        PID:4648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64106.exe
        7⤵
        
        PID:3232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55212.exe
        8⤵
        
        PID:5244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15134.exe
        9⤵
        
        PID:6212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7921.exe
        10⤵
        
        PID:8332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43552.exe
        11⤵
        
        PID:10796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44126.exe
        12⤵
        
        PID:7548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10796 -s 220
        12⤵
        
        PID:6344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8332 -s 216
        11⤵
        
        PID:12120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6212 -s 216
        10⤵
        
        PID:9276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5244 -s 216
        9⤵
        
        PID:8076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3232 -s 236
        8⤵
        
        PID:6780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2944 -s 220
        7⤵
        
        PID:4796
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1992 -s 216
        6⤵
        Program crash
        
        PID:3312
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1504 -s 240
        5⤵
        Program crash
        
        PID:632
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2604 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:2204
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2860 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2608
- C:\Users\Admin\AppData\Local\Temp\Unicorn-105.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-105.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2636
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50780.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50780.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2731.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2731.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45793.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63281.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55928.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6618.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35866.exe
        9⤵
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14459.exe
        10⤵
        
        PID:3860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27418.exe
        11⤵
        
        PID:4908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12181.exe
        12⤵
        
        PID:6404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39058.exe
        13⤵
        
        PID:8616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45415.exe
        14⤵
        
        PID:11124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55947.exe
        15⤵
        
        PID:12368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11124 -s 216
        15⤵
        
        PID:13124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8616 -s 236
        14⤵
        
        PID:11576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6404 -s 216
        13⤵
        
        PID:9616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4908 -s 216
        12⤵
        
        PID:7780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3860 -s 216
        11⤵
        
        PID:5156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1532 -s 236
        10⤵
        
        PID:4564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64215.exe
        9⤵
        
        PID:3896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38300.exe
        10⤵
        
        PID:4116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22296.exe
        11⤵
        
        PID:6476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47034.exe
        12⤵
        
        PID:8928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-874.exe
        13⤵
        
        PID:10368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3202.exe
        14⤵
        
        PID:12544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10368 -s 216
        14⤵
        
        PID:7200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8928 -s 216
        13⤵
        
        PID:11720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6476 -s 216
        12⤵
        
        PID:9828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4116 -s 236
        11⤵
        
        PID:7856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3896 -s 236
        10⤵
        
        PID:5424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1064 -s 240
        9⤵
        
        PID:4160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5694.exe
        8⤵
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38964.exe
        9⤵
        
        PID:3940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11081.exe
        10⤵
        
        PID:4820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13551.exe
        11⤵
        
        PID:6248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61616.exe
        12⤵
        
        PID:8644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8644 -s 224
        13⤵
        
        PID:10744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6248 -s 236
        12⤵
        
        PID:9632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4820 -s 216
        11⤵
        
        PID:7708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3940 -s 216
        10⤵
        
        PID:5804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2472 -s 236
        9⤵
        
        PID:4588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2136 -s 220
        8⤵
        Program crash
        
        PID:3172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9311.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7085.exe
        8⤵
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56068.exe
        9⤵
        
        PID:3988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29364.exe
        10⤵
        
        PID:5020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55160.exe
        11⤵
        
        PID:6372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38866.exe
        12⤵
        
        PID:8804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23433.exe
        13⤵
        
        PID:10404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48703.exe
        14⤵
        
        PID:6312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10404 -s 216
        14⤵
        
        PID:5744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8804 -s 216
        13⤵
        
        PID:11760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6372 -s 216
        12⤵
        
        PID:9788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5020 -s 216
        11⤵
        
        PID:7756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3988 -s 236
        10⤵
        
        PID:5152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2036 -s 236
        9⤵
        
        PID:4608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5476.exe
        8⤵
        
        PID:4004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5435.exe
        9⤵
        
        PID:4452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7905.exe
        10⤵
        
        PID:6540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57340.exe
        11⤵
        
        PID:8820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64273.exe
        12⤵
        
        PID:10508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36835.exe
        13⤵
        
        PID:12736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10508 -s 220
        13⤵
        
        PID:12968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8820 -s 216
        12⤵
        
        PID:11780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4452 -s 216
        10⤵
        
        PID:7932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4004 -s 216
        9⤵
        
        PID:5592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2424 -s 240
        8⤵
        
        PID:4180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1748 -s 240
        7⤵
        Program crash
        
        PID:2648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5336.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53681.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30220.exe
        8⤵
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43131.exe
        9⤵
        
        PID:3568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21964.exe
        10⤵
        
        PID:4744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38295.exe
        11⤵
        
        PID:7072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43334.exe
        12⤵
        
        PID:8428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8428 -s 220
        13⤵
        
        PID:11000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7072 -s 216
        12⤵
        
        PID:10004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4744 -s 216
        11⤵
        
        PID:7328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3568 -s 236
        10⤵
        
        PID:6532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2232 -s 236
        9⤵
        
        PID:5088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52923.exe
        8⤵
        
        PID:3640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53266.exe
        9⤵
        
        PID:4952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27989.exe
        10⤵
        
        PID:6172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31082.exe
        11⤵
        
        PID:9208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44237.exe
        12⤵
        
        PID:10988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53555.exe
        13⤵
        
        PID:6904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10988 -s 216
        13⤵
        
        PID:12716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9208 -s 216
        12⤵
        
        PID:11916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6172 -s 216
        11⤵
        
        PID:9988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4952 -s 216
        10⤵
        
        PID:7388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3640 -s 216
        9⤵
        
        PID:6716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2532 -s 240
        8⤵
        
        PID:4996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49249.exe
        7⤵
        
        PID:1000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39431.exe
        8⤵
        
        PID:4032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5326.exe
        9⤵
        
        PID:5596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37501.exe
        10⤵
        
        PID:6940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4906.exe
        11⤵
        
        PID:8892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24476.exe
        12⤵
        
        PID:11100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12989.exe
        13⤵
        
        PID:6876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8892 -s 236
        12⤵
        
        PID:12056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6940 -s 220
        11⤵
        
        PID:10320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5596 -s 236
        10⤵
        
        PID:8356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4032 -s 236
        9⤵
        
        PID:7104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1000 -s 216
        8⤵
        
        PID:4584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2752 -s 240
        7⤵
        Program crash
        
        PID:3384
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1672 -s 240
        6⤵
        Program crash
        
        PID:700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12689.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51844.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47651.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54833.exe
        8⤵
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7121.exe
        9⤵
        
        PID:3464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47319.exe
        10⤵
        
        PID:5900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7049.exe
        11⤵
        
        PID:7412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55150.exe
        12⤵
        
        PID:9532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10804.exe
        13⤵
        
        PID:11608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37022.exe
        14⤵
        
        PID:13396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9532 -s 216
        13⤵
        
        PID:12624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7412 -s 216
        12⤵
        
        PID:10688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5900 -s 216
        11⤵
        
        PID:8740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3464 -s 216
        10⤵
        
        PID:6692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1716 -s 236
        9⤵
        
        PID:5224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23374.exe
        8⤵
        
        PID:3660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17797.exe
        9⤵
        
        PID:4508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17252.exe
        10⤵
        
        PID:5232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2254.exe
        11⤵
        
        PID:8308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45223.exe
        12⤵
        
        PID:11004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16669.exe
        13⤵
        
        PID:13188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11004 -s 236
        13⤵
        
        PID:7636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8308 -s 236
        12⤵
        
        PID:11428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5232 -s 236
        11⤵
        
        PID:9476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4508 -s 216
        10⤵
        
        PID:7520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3660 -s 236
        9⤵
        
        PID:5452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2928 -s 240
        8⤵
        Program crash
        
        PID:3656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52072.exe
        7⤵
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12513.exe
        8⤵
        
        PID:3676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39670.exe
        9⤵
        
        PID:4968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46992.exe
        10⤵
        
        PID:6432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14361.exe
        11⤵
        
        PID:8776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25571.exe
        12⤵
        
        PID:11208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31983.exe
        13⤵
        
        PID:932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11208 -s 216
        13⤵
        
        PID:13240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8776 -s 216
        12⤵
        
        PID:11684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6432 -s 216
        11⤵
        
        PID:9772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4968 -s 236
        10⤵
        
        PID:7788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3676 -s 216
        9⤵
        
        PID:5212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2624 -s 236
        8⤵
        
        PID:4392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2756 -s 240
        7⤵
        Program crash
        
        PID:3124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62596.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30329.exe
        7⤵
        
        PID:872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14651.exe
        8⤵
        
        PID:3540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42000.exe
        9⤵
        
        PID:4652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9467.exe
        10⤵
        
        PID:6220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36920.exe
        11⤵
        
        PID:8688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60381.exe
        12⤵
        
        PID:11236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30229.exe
        13⤵
        
        PID:12664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11236 -s 216
        13⤵
        
        PID:12564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8688 -s 216
        12⤵
        
        PID:11692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6220 -s 216
        11⤵
        
        PID:9688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4652 -s 216
        10⤵
        
        PID:7700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3540 -s 236
        9⤵
        
        PID:5964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 872 -s 216
        8⤵
        
        PID:4328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29596.exe
        7⤵
        
        PID:3556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58144.exe
        8⤵
        
        PID:4880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29888.exe
        9⤵
        
        PID:6324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24668.exe
        10⤵
        
        PID:8716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23433.exe
        11⤵
        
        PID:10428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40436.exe
        12⤵
        
        PID:11500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10428 -s 216
        12⤵
        
        PID:12728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8716 -s 216
        11⤵
        
        PID:11728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6324 -s 216
        10⤵
        
        PID:9696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4880 -s 216
        9⤵
        
        PID:7748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3556 -s 216
        8⤵
        
        PID:6112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2420 -s 240
        7⤵
        Program crash
        
        PID:3696
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 944 -s 240
        6⤵
        Program crash
        
        PID:2764
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1896 -s 240
        5⤵
        Program crash
        
        PID:1400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48486.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48486.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28471.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30656.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13032.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20215.exe
        8⤵
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3961.exe
        9⤵
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26711.exe
        10⤵
        
        PID:4368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62560.exe
        11⤵
        
        PID:5788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28897.exe
        12⤵
        
        PID:8212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43277.exe
        13⤵
        
        PID:10968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28044.exe
        14⤵
        
        PID:13156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10968 -s 216
        14⤵
        
        PID:7616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8212 -s 216
        13⤵
        
        PID:11412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5788 -s 216
        12⤵
        
        PID:9428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4368 -s 236
        11⤵
        
        PID:7468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1596 -s 216
        10⤵
        
        PID:5364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43878.exe
        9⤵
        
        PID:3808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39343.exe
        10⤵
        
        PID:6076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25799.exe
        11⤵
        
        PID:8060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18415.exe
        12⤵
        
        PID:10360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46165.exe
        13⤵
        
        PID:11540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10360 -s 236
        13⤵
        
        PID:12816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8060 -s 216
        12⤵
        
        PID:11200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6076 -s 216
        11⤵
        
        PID:8268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3808 -s 216
        10⤵
        
        PID:6604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2812 -s 240
        9⤵
        
        PID:5640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61885.exe
        8⤵
        
        PID:3092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32633.exe
        9⤵
        
        PID:3840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17579.exe
        10⤵
        
        PID:5568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35555.exe
        11⤵
        
        PID:6468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33879.exe
        12⤵
        
        PID:8320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43936.exe
        13⤵
        
        PID:10800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3669.exe
        14⤵
        
        PID:7864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10800 -s 216
        14⤵
        
        PID:11220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8320 -s 220
        13⤵
        
        PID:11376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6468 -s 216
        12⤵
        
        PID:9548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5568 -s 216
        11⤵
        
        PID:8272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3840 -s 216
        10⤵
        
        PID:7112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3092 -s 236
        9⤵
        
        PID:4560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 792 -s 240
        8⤵
        Program crash
        
        PID:4012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35159.exe
        7⤵
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32550.exe
        8⤵
        
        PID:3140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37485.exe
        9⤵
        
        PID:3652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52555.exe
        10⤵
        
        PID:5324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23661.exe
        11⤵
        
        PID:8172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62846.exe
        12⤵
        
        PID:10476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40903.exe
        13⤵
        
        PID:12428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10476 -s 216
        13⤵
        
        PID:12896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8172 -s 216
        12⤵
        
        PID:11156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5324 -s 236
        11⤵
        
        PID:8772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3652 -s 236
        10⤵
        
        PID:7204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3140 -s 236
        9⤵
        
        PID:5956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33955.exe
        8⤵
        
        PID:3892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42249.exe
        9⤵
        
        PID:5516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58855.exe
        10⤵
        
        PID:7816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28612.exe
        11⤵
        
        PID:10724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37717.exe
        12⤵
        
        PID:12776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10724 -s 216
        12⤵
        
        PID:6352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7816 -s 216
        11⤵
        
        PID:10960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5516 -s 236
        10⤵
        
        PID:9224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3892 -s 216
        9⤵
        
        PID:7248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2296 -s 220
        8⤵
        
        PID:5992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2676 -s 240
        7⤵
        Program crash
        
        PID:1712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52482.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12046.exe
        7⤵
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37210.exe
        8⤵
        
        PID:3484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64859.exe
        9⤵
        
        PID:4540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13743.exe
        10⤵
        
        PID:6160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20044.exe
        11⤵
        
        PID:8532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-490.exe
        12⤵
        
        PID:11084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21329.exe
        13⤵
        
        PID:13256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11084 -s 216
        13⤵
        
        PID:7800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8532 -s 236
        12⤵
        
        PID:11544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6160 -s 236
        11⤵
        
        PID:9564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4540 -s 236
        10⤵
        
        PID:7592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3484 -s 236
        9⤵
        
        PID:5628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2276 -s 216
        8⤵
        
        PID:4260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7038.exe
        7⤵
        
        PID:3512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56198.exe
        8⤵
        
        PID:4784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4784 -s 224
        9⤵
        
        PID:6696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3512 -s 236
        8⤵
        
        PID:5548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 840 -s 240
        7⤵
        Program crash
        
        PID:3204
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1284 -s 240
        6⤵
        Program crash
        
        PID:2164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45601.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53873.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16131.exe
        7⤵
        
        PID:2200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2200 -s 244
        8⤵
        
        PID:4320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64407.exe
        7⤵
        
        PID:3592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58336.exe
        8⤵
        
        PID:4724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7329.exe
        9⤵
        
        PID:6284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63562.exe
        10⤵
        
        PID:8744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5150.exe
        11⤵
        
        PID:11160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11160 -s 224
        12⤵
        
        PID:11384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8744 -s 216
        11⤵
        
        PID:11640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6284 -s 216
        10⤵
        
        PID:9704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4724 -s 216
        9⤵
        
        PID:7732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3592 -s 236
        8⤵
        
        PID:6084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1708 -s 240
        7⤵
        Program crash
        
        PID:3856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31075.exe
        6⤵
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37210.exe
        7⤵
        
        PID:3476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9820.exe
        8⤵
        
        PID:4280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55762.exe
        9⤵
        
        PID:5320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25005.exe
        10⤵
        
        PID:7420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65067.exe
        11⤵
        
        PID:10928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10928 -s 224
        12⤵
        
        PID:7824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7420 -s 216
        11⤵
        
        PID:11396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5320 -s 216
        10⤵
        
        PID:9384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4280 -s 236
        9⤵
        
        PID:7440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3476 -s 236
        8⤵
        
        PID:5288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2248 -s 236
        7⤵
        
        PID:4268
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 240
        6⤵
        Program crash
        
        PID:2692
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1120 -s 240
        5⤵
        Program crash
        
        PID:532
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2512 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:2460
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52487.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52487.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31403.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31403.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59197.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33370.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5248.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2672 -s 224
        8⤵
        Program crash
        
        PID:4064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2186.exe
        7⤵
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37293.exe
        8⤵
        
        PID:3340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9794.exe
        9⤵
        
        PID:5856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49644.exe
        10⤵
        
        PID:7272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14034.exe
        11⤵
        
        PID:9236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54961.exe
        12⤵
        
        PID:11440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38968.exe
        13⤵
        
        PID:13460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9236 -s 216
        12⤵
        
        PID:12528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7272 -s 216
        11⤵
        
        PID:10412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5856 -s 216
        10⤵
        
        PID:8952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3340 -s 216
        9⤵
        
        PID:6648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2584 -s 236
        8⤵
        
        PID:5196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2780 -s 240
        7⤵
        Program crash
        
        PID:3884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55004.exe
        6⤵
        Executes dropped EXE
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20106.exe
        7⤵
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16213.exe
        8⤵
        
        PID:4100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40111.exe
        9⤵
        
        PID:5692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14314.exe
        10⤵
        
        PID:7332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49992.exe
        11⤵
        
        PID:10824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19300.exe
        12⤵
        
        PID:13108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10824 -s 216
        12⤵
        
        PID:13012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7332 -s 216
        11⤵
        
        PID:11360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5692 -s 236
        10⤵
        
        PID:9308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4100 -s 236
        9⤵
        
        PID:7348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2884 -s 216
        8⤵
        
        PID:6028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62160.exe
        7⤵
        
        PID:3820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57350.exe
        8⤵
        
        PID:4992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47423.exe
        9⤵
        
        PID:6908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54600.exe
        10⤵
        
        PID:8868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64657.exe
        11⤵
        
        PID:11056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48210.exe
        12⤵
        
        PID:7588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11056 -s 220
        12⤵
        
        PID:9472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8868 -s 216
        11⤵
        
        PID:11908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6908 -s 236
        10⤵
        
        PID:10148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4992 -s 216
        9⤵
        
        PID:7884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3820 -s 216
        8⤵
        
        PID:6752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2844 -s 220
        7⤵
        
        PID:4212
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2864 -s 240
        6⤵
        Program crash
        
        PID:1044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38008.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35975.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60946.exe
        7⤵
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2098.exe
        8⤵
        
        PID:3972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61242.exe
        9⤵
        
        PID:5384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54029.exe
        10⤵
        
        PID:6392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22997.exe
        11⤵
        
        PID:8936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62602.exe
        12⤵
        
        PID:11144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9891.exe
        13⤵
        
        PID:7664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11144 -s 216
        13⤵
        
        PID:9608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8936 -s 216
        12⤵
        
        PID:12144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5384 -s 216
        10⤵
        
        PID:8244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3972 -s 216
        9⤵
        
        PID:6840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1724 -s 216
        8⤵
        
        PID:4936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37463.exe
        7⤵
        
        PID:4056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57158.exe
        8⤵
        
        PID:5332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2690.exe
        9⤵
        
        PID:6244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45555.exe
        10⤵
        
        PID:8220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23708.exe
        11⤵
        
        PID:11092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4053.exe
        12⤵
        
        PID:12512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11092 -s 220
        12⤵
        
        PID:13436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8220 -s 216
        11⤵
        
        PID:12152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6244 -s 216
        10⤵
        
        PID:10024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5332 -s 216
        9⤵
        
        PID:8344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4056 -s 216
        8⤵
        
        PID:6820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2952 -s 220
        7⤵
        
        PID:4904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32912.exe
        6⤵
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52368.exe
        7⤵
        
        PID:3604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3604 -s 224
        8⤵
        
        PID:5368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1608 -s 236
        7⤵
        
        PID:4108
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1840 -s 240
        6⤵
        Program crash
        
        PID:3272
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2192 -s 240
        5⤵
        Program crash
        
        PID:640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25709.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25709.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2643.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22715.exe
        6⤵
        
        PID:604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39156.exe
        7⤵
        
        PID:3628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-775.exe
        8⤵
        
        PID:4848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30464.exe
        9⤵
        
        PID:6576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16308.exe
        10⤵
        
        PID:9084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3396.exe
        11⤵
        
        PID:10768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26622.exe
        12⤵
        
        PID:12032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10768 -s 216
        12⤵
        
        PID:12752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9084 -s 216
        11⤵
        
        PID:11892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6576 -s 216
        10⤵
        
        PID:9908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4848 -s 216
        9⤵
        
        PID:7948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3628 -s 216
        8⤵
        
        PID:5712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 604 -s 216
        7⤵
        
        PID:4356
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2520 -s 236
        6⤵
        Program crash
        
        PID:3184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44122.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40526.exe
        6⤵
        
        PID:2092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26411.exe
        7⤵
        
        PID:3928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48305.exe
        8⤵
        
        PID:5540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34979.exe
        9⤵
        
        PID:7048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43801.exe
        10⤵
        
        PID:8652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65233.exe
        11⤵
        
        PID:11216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63285.exe
        12⤵
        
        PID:12772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8652 -s 220
        11⤵
        
        PID:11952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7048 -s 236
        10⤵
        
        PID:9292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5540 -s 216
        9⤵
        
        PID:3032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3928 -s 216
        8⤵
        
        PID:7056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2092 -s 236
        7⤵
        
        PID:4524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19565.exe
        6⤵
        
        PID:3984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55103.exe
        7⤵
        
        PID:5696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55290.exe
        8⤵
        
        PID:7028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9182.exe
        9⤵
        
        PID:8944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3095.exe
        10⤵
        
        PID:11244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51116.exe
        11⤵
        
        PID:12548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11244 -s 216
        11⤵
        
        PID:13504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8944 -s 216
        10⤵
        
        PID:12176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7028 -s 220
        9⤵
        
        PID:10272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5696 -s 236
        8⤵
        
        PID:8592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3984 -s 216
        7⤵
        
        PID:6296
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2700 -s 220
        6⤵
        
        PID:5012
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1244 -s 240
        5⤵
        Program crash
        
        PID:2500
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2808 -s 240
      4⤵
      Program crash
      PID:2572
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2636 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:284
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1200 -s 240
  2⤵
  - Program crash
  PID:2684

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-105.exe

Filesize
184KB

MD5
a5153f0a90ad201d83ba5db38598b045

SHA1
2f44ee20158e20f8c2e813da406b2f7ec050cd43

SHA256
a0b483f745934ac06023c95281d7b336f54bf2a4894e11ccb610c2c466d332f9

SHA512
870dcc0ef087ed4a9d7d8124adacd3defff217a39658d65fbab970e35e525f329dfac50a8c99ada52242d14ee9e654e6f331383ba57ec7943cf4c2d07eec8e93

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16669.exe

Filesize
184KB

MD5
221f312b7e1fb2395191fc2ad70d81d3

SHA1
26ad14505e1c3b8f5b4d9bd3644dfe11bd70c844

SHA256
52d0e637c5f136fae282d8d859cfb95d8163e097ad6ea49eaa206304e470bfc9

SHA512
c04efcb7e31baabd5cd2256924d2684162857f36e49f3dd881a00fdf2ca0ecd2457ace66491e29795b1fc5971e1a9ed9715bb936db24150c564d1a4827a33368

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2254.exe

Filesize
184KB

MD5
86c2193af5bd861a09c5972542437ce9

SHA1
e83a93f16f411633193c2c3bbd9034d7a9bff282

SHA256
d5123525f12efc8e1c3048fd79680a1366a086617c73e10f97ff12ce39991b70

SHA512
96e51a78c57d8c887ed7a830bf05c97af4767d65e170553f28a5402bb60dcb1758608452b051fad555715cf1db59d6fdf5a1178dae9a5b38f0cce327d0753824

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27989.exe

Filesize
184KB

MD5
91c120085580be36c996498f6f8aca1d

SHA1
8e20d104638dd35979fd201aceec625e0ea86a16

SHA256
4ca7b924227dae86071f23ab9f860c4ed02a3352e8ba047d249bb44a5c38d319

SHA512
ec49a6501c42246104be2236ce924f36e2a77bae7d90dc8eb5fc0f4807c37b4c23f596925c5174a7a43229fa051a987684a8a8f73945dbb47418bf27ba809681

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36920.exe

Filesize
184KB

MD5
ab4f38baeba21af7f1eea8773ee6c817

SHA1
cb4de1bfb05259975ba8d9106d2989894551e38f

SHA256
934df1af8ebd44be2be02e5ba96780595f517a0254a833e61fb4e25529e10511

SHA512
cf19ca5326e321407364ab35b38e7a783e9c2e8dacec910ae6709742533a87d2ca5a554e81b8f24f274f5042354098e3a1ea6c42041d437e7462d73d8c386ecb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52487.exe

Filesize
184KB

MD5
07e6ea9ceacf1f3e0ec777c890d368a9

SHA1
ad0c9b07c5b55c7c8bd0c9b58365140afa32bbe1

SHA256
d83f0685a7eb7ce37aad11f7a6315ece111046f9be2f7404498952e8c46447a8

SHA512
631a1a7985fae7264d257b84aad45211d45540c0a55fadc78cec258c29773c09858bd65e55ddcc41209023cc80e907d1b4dd03c66a34c019191eb5d95634f585

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52773.exe

Filesize
184KB

MD5
1a7538845d8118112984600e7b96e471

SHA1
c3fbaecc8c8f39ca207d07d4f3009e4c69c07b1c

SHA256
7330a17212d57b00e5a49348c6dc676a5f30f3bd6bde9b19d107ba5a807a5d56

SHA512
f7ceb49b6d7b2f5f4350ceaa44a09289870bb1c17a67beb8e20c85c074b762755ee681c3030a07d02573b02cc45ca33bb2e2a56fbd0a82727bff0e90f685c5ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5715.exe

Filesize
184KB

MD5
eb4afbcf735f2753d3342b7764ab56b7

SHA1
2f4036b8e92f20a1045fb7a10615caefc9312790

SHA256
3eff0ec3c8c146744ad1f3344b4d4790e9877e3d8031c85abb0c2d5340f88afd

SHA512
1ab9471c1863714217e9e77d18dffba2acbb5e45dd1e7345b2b51ce4f0842e3c494d166f1b8dbe45d77914a6a62fb58607853ef97c41ee8fbd9e1b93259d29f5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6618.exe

Filesize
184KB

MD5
5e57b2c2178f4e5bc25ce3ac09b3cdab

SHA1
ef91b4fba8bb960630e52533868b167945edf9d4

SHA256
fd94a8b9a7b9cda75ad5bc052570c85a0bce6aaa11bbe0420eb2543b817cff18

SHA512
a7ee19b690351683dd41c5ee67feaa6898dfca75ec29bcd0d6f2450bfed7de5ac626003aafb3d714d255822369a2e483397c5b10ef1485fae74282ba1878844d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-19971.exe

Filesize
184KB

MD5
6c5e64221f23eba3c92d1dbac2060db1

SHA1
c1f9073965eb3e42a2721fe971b99a654b6a02ef

SHA256
1c5a517f04d9a6691c02a39c087364a48d84d218ab5c835a943ad0bd3d777dc4

SHA512
cedbff9efc37aea001ea05c539f4a3f3bead2dc3df9ce9c7809a27474b1927b576f88f2a8d8c83ad286345efc02367bb6eb68d1b23030b560c139e6d3e847d87

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-27236.exe

Filesize
184KB

MD5
7fb84e06012212a6d0dcac77eff01303

SHA1
c9e936e0edb8dbc35ce74a194d1db4fd3c767813

SHA256
72f4d1f7c85ea0f3e1cbf8f42c37b76831f18ee539971c4361bf055804385790

SHA512
51229186e8223b5e4098c397cbd2c0bd3b7d91ce095713523cd41b22506715e5c716f73467f2b0eac061a815ff9dc3856fd30b1a1eb213a526cc60612c2a65f5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-2731.exe

Filesize
184KB

MD5
ba2ec70626e3a1fde788962dc1d5d017

SHA1
31564455d1742c43f2034a2960bbdcbf1bb78c43

SHA256
f3858c967f6ca9fda3bdce3e48ad54cdd739a8a0b04c571ce6572e2f5a76b8e2

SHA512
0b85757734b86f58934ce061b1679ef0b973210dffd42e0c35b7fd0a028745908091fe8cf4167db4da33e500b903c2bd99f9ff350bd27594d03bc041bb401043

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-30914.exe

Filesize
184KB

MD5
d9cff7a8eafdcaa16a3852e34b08be8b

SHA1
5a601f500be8c67926af3845a5293d8b6eef6aab

SHA256
01600cc07d4f2aeac0a555b7defbe889f8d2277daae4fc1612d43ca24b290534

SHA512
4a77c4bbe46bbf1da23357de583990cf0232667af129e52dcb075a74e44986965b3f330d269639c945c063fcf20a9fd859b43986b662a990e11274be2c3b5f2b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-31403.exe

Filesize
184KB

MD5
a1626824089cfc17a0a0380b6301d140

SHA1
03bbd5346f8118d8da919554fa4421466bc02952

SHA256
3412e28b0d0d030df3dcf9fbffc7fea7ae3107fe7560b6750fc209f59fcb779e

SHA512
122bca876a8aeaa86c92b05f92f09b2c7c989943b3cf83a6f0397f6021b850d17778d2b9a048fd22fd1a2cf95613cc0416c1e598553bc54d9014bd43042d8200

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-33375.exe

Filesize
184KB

MD5
18dade5d4e47994e1e23dcec74db9713

SHA1
c570b0880fac77cb7f9c4e42ff3558adfb881a8a

SHA256
ae06f69de2843b39b446b6822b5d9095f31703fad17e01b4de6273938e0283aa

SHA512
f5658f575a760b7bd04538499669bf9937263a4a002d9265bec598dc6ec34bdc759e217d9f0733414068e823044b8501b8b2d41b45bc5ec31819d0db94a419e9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-45793.exe

Filesize
184KB

MD5
52c03a6171d56ef9d990c60063384c91

SHA1
9a9531aa0c8de8d01f3d544c6b2d97efe1e182ed

SHA256
b9f34c7c7642e5c3d9197d85efe06368be58cc6c44498165512909105f5aa98c

SHA512
625e56bf204a530989e5a2cfe11f8ab8ab48e66ef568e6554a7c27ab6012928330cae20f46fc456f8a139fa56b6d5a4b5aba11987bbf3a66474bb76f89130063

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-46265.exe

Filesize
184KB

MD5
f173f797f82258d99123ddc5e4469041

SHA1
0014f9dbfc50503e60b76b7cc5f1882eba46a3b7

SHA256
56dc802a2c36b8d21310445510bbaecc54c27747433c05cd266042d888823b68

SHA512
7297334bff3b1aa72124ee54186c75bdf8db72eaac16fce82d0238651c2d7eaffa4aa5d588b881d851b391a5eb51520d101527968ce2c7cde5a37d72cfae3179

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48486.exe

Filesize
184KB

MD5
ac711a8fe204a7a623538c1af95e1b88

SHA1
f3d329e0b4e1ea6cbaef06bdc5952219fc4cfbc8

SHA256
5531857416aef3b3273196501a8a9b6d808247ae63f4fb893033ec02d21cda25

SHA512
8df97cf03eace18d171a9d19acad285ae46e99d468ba99fd7b17ce4ec8ab85feb75010635239099d557ab3e2ac50c32533f50c5c0711a79a71b4dbb600c4ca29

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-50780.exe

Filesize
184KB

MD5
d8ed519c5f07a286dccc50c2cf0b573b

SHA1
2c42cda795d0d140b25608d0cbd616be01e1a101

SHA256
65a1d4088cca0a6878e497eb81a31a5da2b4124bf456eab9f47e827dc6dd3022

SHA512
84ff1a2c2e678ad0f3d364b8021b7278353baaa1661c2863f6b9fa0f994945ddf9600ef5a8d6e3ab6583269674c9814a76d20ae66f80b135a42ff8d2dff5a7b5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-52596.exe

Filesize
184KB

MD5
62addabc13f1f9550d5732661cf02ad2

SHA1
73f4cd7ebe77a505028aa6eb0958b56e52b4f3af

SHA256
ca542a35a9de62299ebe62fafdb6bebe68c542ac12a0fa574241999f5ee9aa86

SHA512
a6120934ca8c78417993ec18a6be7bd7e9fa1ea6c56358aa6ca2487e26bb7d1c0f0503ae208877ec7b2ab650542e87f9214c85bb86ebad60ba2d8b5194ac38f3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-62046.exe

Filesize
184KB

MD5
9a61ae19aa48fa6388e67d4d7865144d

SHA1
3b172a9300ff12b6d971ac07da6161ef3ac471c7

SHA256
a571399e4c2951bee1111272a96ad7d867ddd6cb299687bf5e689745e36389c9

SHA512
28a91cebb654136203e4f9324effd1533d67a8c571f5b74cc20d386171b10bf9f3bf023a364f0b32c0a33383a6fb58c76efb8c2f84a2c774164d6d37dfe0ce3a

Download Submit
memory/2932-815-0x0000000002820000-0x000000000297C000-memory.dmp

Filesize
1.4MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads