41545af75b753b001c2f336f8d3df4e4d7347f90298add3b2d01b8abcf3a0802

Analysis

max time kernel
149s
max time network
121s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
02-06-2024 21:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

41545af75b753b001c2f336f8d3df4e4d7347f90298add3b2d01b8abcf3a0802.exe
Size

184KB
MD5

d554fa86f85b5beceaa1bddb7af995b3
SHA1

59a2d29c9da16c4112633b98081840cfd061fbb3
SHA256

41545af75b753b001c2f336f8d3df4e4d7347f90298add3b2d01b8abcf3a0802
SHA512

2dce1f5b7f03414f87a1186d3fbe9dd1c79fba3362e3a548780c81328d6dc9f83dd0d58ad54ecbe67b6318bd6685af259014df87e63d005a02e3a8472e1c7fc1
SSDEEP

1536:UBb46jZ5YnZ4o5x7tRGUgvwMj+9yvBc86mddjgfLAkQ/tghl5hj5nizpvl:gXInZ4ofZRGhdjwW28gfLuVghlnViF9

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2252	Unicorn-29244.exe
2632	Unicorn-55969.exe
2756	Unicorn-36103.exe
2740	Unicorn-23188.exe
2676	Unicorn-48439.exe
2516	Unicorn-2767.exe
1564	Unicorn-28978.exe
1896	Unicorn-22202.exe
2220	Unicorn-22202.exe
1992	Unicorn-18118.exe
1804	Unicorn-10504.exe
1264	Unicorn-4578.exe
2792	Unicorn-46166.exe
1628	Unicorn-35305.exe
1848	Unicorn-35305.exe
2344	Unicorn-12746.exe
1232	Unicorn-58418.exe
484	Unicorn-8662.exe
772	Unicorn-23607.exe
1752	Unicorn-60048.exe
2084	Unicorn-39436.exe
676	Unicorn-20962.exe
1704	Unicorn-47604.exe
1756	Unicorn-62549.exe
1800	Unicorn-62549.exe
3052	Unicorn-7318.exe
2132	Unicorn-57910.exe
2232	Unicorn-50297.exe
1184	Unicorn-11402.exe
1904	Unicorn-4625.exe
2944	Unicorn-31268.exe
2388	Unicorn-26390.exe
2628	Unicorn-49503.exe
2820	Unicorn-48756.exe
2732	Unicorn-28890.exe
2508	Unicorn-24252.exe
2504	Unicorn-12554.exe
2560	Unicorn-19976.exe
2080	Unicorn-10416.exe
1900	Unicorn-56924.exe
804	Unicorn-38450.exe
1640	Unicorn-13753.exe
324	Unicorn-40396.exe
1920	Unicorn-55341.exe
2136	Unicorn-52648.exe
1620	Unicorn-21922.exe
1252	Unicorn-28698.exe
1696	Unicorn-17838.exe
2336	Unicorn-8278.exe
700	Unicorn-28419.exe
2468	Unicorn-43363.exe
1732	Unicorn-63229.exe
1276	Unicorn-42809.exe
916	Unicorn-55061.exe
2856	Unicorn-61838.exe
3028	Unicorn-30365.exe
3044	Unicorn-37141.exe
896	Unicorn-26281.exe
2184	Unicorn-34449.exe
2644	Unicorn-24889.exe
2524	Unicorn-48839.exe
2656	Unicorn-63037.exe
2496	Unicorn-43171.exe
1616	Unicorn-39087.exe

Loads dropped DLL 64 IoCs

pid	Process
1988	41545af75b753b001c2f336f8d3df4e4d7347f90298add3b2d01b8abcf3a0802.exe
1988	41545af75b753b001c2f336f8d3df4e4d7347f90298add3b2d01b8abcf3a0802.exe
2252	Unicorn-29244.exe
2252	Unicorn-29244.exe
1988	41545af75b753b001c2f336f8d3df4e4d7347f90298add3b2d01b8abcf3a0802.exe
1988	41545af75b753b001c2f336f8d3df4e4d7347f90298add3b2d01b8abcf3a0802.exe
2756	Unicorn-36103.exe
2756	Unicorn-36103.exe
2252	Unicorn-29244.exe
2252	Unicorn-29244.exe
2632	Unicorn-55969.exe
2632	Unicorn-55969.exe
1960	WerFault.exe
1960	WerFault.exe
1960	WerFault.exe
1960	WerFault.exe
1960	WerFault.exe
2676	Unicorn-48439.exe
2740	Unicorn-23188.exe
2756	Unicorn-36103.exe
2676	Unicorn-48439.exe
2756	Unicorn-36103.exe
2740	Unicorn-23188.exe
2516	Unicorn-2767.exe
2516	Unicorn-2767.exe
2632	Unicorn-55969.exe
2632	Unicorn-55969.exe
1864	WerFault.exe
1864	WerFault.exe
1864	WerFault.exe
1864	WerFault.exe
1676	WerFault.exe
1676	WerFault.exe
1676	WerFault.exe
1676	WerFault.exe
1676	WerFault.exe
1864	WerFault.exe
1992	Unicorn-18118.exe
1992	Unicorn-18118.exe
2516	Unicorn-2767.exe
2516	Unicorn-2767.exe
1564	Unicorn-28978.exe
1896	Unicorn-22202.exe
1564	Unicorn-28978.exe
1896	Unicorn-22202.exe
2740	Unicorn-23188.exe
1804	Unicorn-10504.exe
2740	Unicorn-23188.exe
1804	Unicorn-10504.exe
2220	Unicorn-22202.exe
2676	Unicorn-48439.exe
2220	Unicorn-22202.exe
2676	Unicorn-48439.exe
1528	WerFault.exe
1528	WerFault.exe
1528	WerFault.exe
1528	WerFault.exe
1528	WerFault.exe
2456	WerFault.exe
2456	WerFault.exe
2456	WerFault.exe
2456	WerFault.exe
2456	WerFault.exe
960	WerFault.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2300	1988	WerFault.exe	27
1960	2252	WerFault.exe	28
1864	2756	WerFault.exe	30
1676	2632	WerFault.exe	29
1528	2740	WerFault.exe	32
2456	2676	WerFault.exe	33
960	2516	WerFault.exe	34
2860	1992	WerFault.exe	39
1644	1896	WerFault.exe	37
2092	1564	WerFault.exe	38
2928	1804	WerFault.exe	40
2068	2220	WerFault.exe	36
2372	2792	WerFault.exe	44
592	1264	WerFault.exe	43
1112	1848	WerFault.exe	45
444	1628	WerFault.exe	46
2836	2344	WerFault.exe	48
336	484	WerFault.exe	49
2804	772	WerFault.exe	50
540	1232	WerFault.exe	47
2932	1752	WerFault.exe	54
2596	2084	WerFault.exe	55
2620	676	WerFault.exe	56
2784	1704	WerFault.exe	57
2552	3052	WerFault.exe	60
2484	1756	WerFault.exe	59
2192	2232	WerFault.exe	62
2900	1800	WerFault.exe	58
2376	2132	WerFault.exe	61
2216	1184	WerFault.exe	64
2460	2944	WerFault.exe	65
1648	1904	WerFault.exe	63
2348	2044	WerFault.exe	139
3320	2388	WerFault.exe	71
3328	2628	WerFault.exe	72
3372	2560	WerFault.exe	77
3396	2080	WerFault.exe	78
3420	2820	WerFault.exe	73
3448	324	WerFault.exe	82
3480	1620	WerFault.exe	85
3528	2136	WerFault.exe	84
3536	2504	WerFault.exe	76
3580	1900	WerFault.exe	79
3668	1696	WerFault.exe	87
3680	2336	WerFault.exe	88
3928	1640	WerFault.exe	81
3972	2508	WerFault.exe	75
4044	2732	WerFault.exe	74
4068	1252	WerFault.exe	86
4092	1920	WerFault.exe	83
3940	2524	WerFault.exe	108
3212	2184	WerFault.exe	106
3208	3044	WerFault.exe	104
3308	3028	WerFault.exe	103
3304	2468	WerFault.exe	92
3108	2904	WerFault.exe	117
3112	2200	WerFault.exe	112
3152	1412	WerFault.exe	122
804	1616	WerFault.exe	111
3496	1668	WerFault.exe	113
3824	2400	WerFault.exe	116
3964	2556	WerFault.exe	120
4052	1372	WerFault.exe	118
4252	1888	WerFault.exe	121

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1988	41545af75b753b001c2f336f8d3df4e4d7347f90298add3b2d01b8abcf3a0802.exe
2252	Unicorn-29244.exe
2756	Unicorn-36103.exe
2632	Unicorn-55969.exe
2740	Unicorn-23188.exe
2676	Unicorn-48439.exe
2516	Unicorn-2767.exe
1564	Unicorn-28978.exe
1896	Unicorn-22202.exe
1992	Unicorn-18118.exe
2220	Unicorn-22202.exe
1804	Unicorn-10504.exe
1264	Unicorn-4578.exe
2792	Unicorn-46166.exe
1628	Unicorn-35305.exe
1848	Unicorn-35305.exe
1232	Unicorn-58418.exe
2344	Unicorn-12746.exe
772	Unicorn-23607.exe
484	Unicorn-8662.exe
1752	Unicorn-60048.exe
2084	Unicorn-39436.exe
676	Unicorn-20962.exe
1756	Unicorn-62549.exe
1704	Unicorn-47604.exe
1800	Unicorn-62549.exe
3052	Unicorn-7318.exe
2132	Unicorn-57910.exe
1904	Unicorn-4625.exe
1184	Unicorn-11402.exe
2232	Unicorn-50297.exe
2944	Unicorn-31268.exe
2388	Unicorn-26390.exe
2628	Unicorn-49503.exe
2732	Unicorn-28890.exe
2820	Unicorn-48756.exe
2508	Unicorn-24252.exe
2504	Unicorn-12554.exe
2560	Unicorn-19976.exe
2080	Unicorn-10416.exe
1900	Unicorn-56924.exe
804	Unicorn-38450.exe
1640	Unicorn-13753.exe
324	Unicorn-40396.exe
1920	Unicorn-55341.exe
2136	Unicorn-52648.exe
1696	Unicorn-17838.exe
1620	Unicorn-21922.exe
1252	Unicorn-28698.exe
2336	Unicorn-8278.exe
700	Unicorn-28419.exe
2468	Unicorn-43363.exe
1732	Unicorn-63229.exe
1276	Unicorn-42809.exe
916	Unicorn-55061.exe
2856	Unicorn-61838.exe
3028	Unicorn-30365.exe
3044	Unicorn-37141.exe
896	Unicorn-26281.exe
2184	Unicorn-34449.exe
2644	Unicorn-24889.exe
2524	Unicorn-48839.exe
2656	Unicorn-63037.exe
2496	Unicorn-43171.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1988 wrote to memory of 2252	1988	41545af75b753b001c2f336f8d3df4e4d7347f90298add3b2d01b8abcf3a0802.exe	28
PID 1988 wrote to memory of 2252	1988	41545af75b753b001c2f336f8d3df4e4d7347f90298add3b2d01b8abcf3a0802.exe	28
PID 1988 wrote to memory of 2252	1988	41545af75b753b001c2f336f8d3df4e4d7347f90298add3b2d01b8abcf3a0802.exe	28
PID 1988 wrote to memory of 2252	1988	41545af75b753b001c2f336f8d3df4e4d7347f90298add3b2d01b8abcf3a0802.exe	28
PID 2252 wrote to memory of 2632	2252	Unicorn-29244.exe	29
PID 2252 wrote to memory of 2632	2252	Unicorn-29244.exe	29
PID 2252 wrote to memory of 2632	2252	Unicorn-29244.exe	29
PID 2252 wrote to memory of 2632	2252	Unicorn-29244.exe	29
PID 1988 wrote to memory of 2756	1988	41545af75b753b001c2f336f8d3df4e4d7347f90298add3b2d01b8abcf3a0802.exe	30
PID 1988 wrote to memory of 2756	1988	41545af75b753b001c2f336f8d3df4e4d7347f90298add3b2d01b8abcf3a0802.exe	30
PID 1988 wrote to memory of 2756	1988	41545af75b753b001c2f336f8d3df4e4d7347f90298add3b2d01b8abcf3a0802.exe	30
PID 1988 wrote to memory of 2756	1988	41545af75b753b001c2f336f8d3df4e4d7347f90298add3b2d01b8abcf3a0802.exe	30
PID 1988 wrote to memory of 2300	1988	41545af75b753b001c2f336f8d3df4e4d7347f90298add3b2d01b8abcf3a0802.exe	31
PID 1988 wrote to memory of 2300	1988	41545af75b753b001c2f336f8d3df4e4d7347f90298add3b2d01b8abcf3a0802.exe	31
PID 1988 wrote to memory of 2300	1988	41545af75b753b001c2f336f8d3df4e4d7347f90298add3b2d01b8abcf3a0802.exe	31
PID 1988 wrote to memory of 2300	1988	41545af75b753b001c2f336f8d3df4e4d7347f90298add3b2d01b8abcf3a0802.exe	31
PID 2756 wrote to memory of 2740	2756	Unicorn-36103.exe	32
PID 2756 wrote to memory of 2740	2756	Unicorn-36103.exe	32
PID 2756 wrote to memory of 2740	2756	Unicorn-36103.exe	32
PID 2756 wrote to memory of 2740	2756	Unicorn-36103.exe	32
PID 2252 wrote to memory of 2676	2252	Unicorn-29244.exe	33
PID 2252 wrote to memory of 2676	2252	Unicorn-29244.exe	33
PID 2252 wrote to memory of 2676	2252	Unicorn-29244.exe	33
PID 2252 wrote to memory of 2676	2252	Unicorn-29244.exe	33
PID 2632 wrote to memory of 2516	2632	Unicorn-55969.exe	34
PID 2632 wrote to memory of 2516	2632	Unicorn-55969.exe	34
PID 2632 wrote to memory of 2516	2632	Unicorn-55969.exe	34
PID 2632 wrote to memory of 2516	2632	Unicorn-55969.exe	34
PID 2252 wrote to memory of 1960	2252	Unicorn-29244.exe	35
PID 2252 wrote to memory of 1960	2252	Unicorn-29244.exe	35
PID 2252 wrote to memory of 1960	2252	Unicorn-29244.exe	35
PID 2252 wrote to memory of 1960	2252	Unicorn-29244.exe	35
PID 2676 wrote to memory of 2220	2676	Unicorn-48439.exe	36
PID 2676 wrote to memory of 2220	2676	Unicorn-48439.exe	36
PID 2676 wrote to memory of 2220	2676	Unicorn-48439.exe	36
PID 2676 wrote to memory of 2220	2676	Unicorn-48439.exe	36
PID 2756 wrote to memory of 1564	2756	Unicorn-36103.exe	38
PID 2756 wrote to memory of 1564	2756	Unicorn-36103.exe	38
PID 2756 wrote to memory of 1564	2756	Unicorn-36103.exe	38
PID 2756 wrote to memory of 1564	2756	Unicorn-36103.exe	38
PID 2740 wrote to memory of 1896	2740	Unicorn-23188.exe	37
PID 2740 wrote to memory of 1896	2740	Unicorn-23188.exe	37
PID 2740 wrote to memory of 1896	2740	Unicorn-23188.exe	37
PID 2740 wrote to memory of 1896	2740	Unicorn-23188.exe	37
PID 2516 wrote to memory of 1992	2516	Unicorn-2767.exe	39
PID 2516 wrote to memory of 1992	2516	Unicorn-2767.exe	39
PID 2516 wrote to memory of 1992	2516	Unicorn-2767.exe	39
PID 2516 wrote to memory of 1992	2516	Unicorn-2767.exe	39
PID 2632 wrote to memory of 1804	2632	Unicorn-55969.exe	40
PID 2632 wrote to memory of 1804	2632	Unicorn-55969.exe	40
PID 2632 wrote to memory of 1804	2632	Unicorn-55969.exe	40
PID 2632 wrote to memory of 1804	2632	Unicorn-55969.exe	40
PID 2756 wrote to memory of 1864	2756	Unicorn-36103.exe	41
PID 2756 wrote to memory of 1864	2756	Unicorn-36103.exe	41
PID 2756 wrote to memory of 1864	2756	Unicorn-36103.exe	41
PID 2756 wrote to memory of 1864	2756	Unicorn-36103.exe	41
PID 2632 wrote to memory of 1676	2632	Unicorn-55969.exe	42
PID 2632 wrote to memory of 1676	2632	Unicorn-55969.exe	42
PID 2632 wrote to memory of 1676	2632	Unicorn-55969.exe	42
PID 2632 wrote to memory of 1676	2632	Unicorn-55969.exe	42
PID 1992 wrote to memory of 1264	1992	Unicorn-18118.exe	43
PID 1992 wrote to memory of 1264	1992	Unicorn-18118.exe	43
PID 1992 wrote to memory of 1264	1992	Unicorn-18118.exe	43
PID 1992 wrote to memory of 1264	1992	Unicorn-18118.exe	43

C:\Users\Admin\AppData\Local\Temp\41545af75b753b001c2f336f8d3df4e4d7347f90298add3b2d01b8abcf3a0802.exe
"C:\Users\Admin\AppData\Local\Temp\41545af75b753b001c2f336f8d3df4e4d7347f90298add3b2d01b8abcf3a0802.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1988
- C:\Users\Admin\AppData\Local\Temp\Unicorn-29244.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-29244.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2252
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55969.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55969.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2767.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2767.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18118.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4578.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39436.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48756.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55061.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34916.exe
        10⤵
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15502.exe
        11⤵
        
        PID:3124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46094.exe
        12⤵
        
        PID:4732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44247.exe
        13⤵
        
        PID:8100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26183.exe
        14⤵
        
        PID:10876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46824.exe
        15⤵
        
        PID:7568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8100 -s 216
        14⤵
        
        PID:11316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4732 -s 216
        13⤵
        
        PID:8936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3124 -s 216
        12⤵
        
        PID:6644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2764 -s 236
        11⤵
        
        PID:5036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42699.exe
        10⤵
        
        PID:3176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27236.exe
        11⤵
        
        PID:4472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5004.exe
        12⤵
        
        PID:7980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2773.exe
        13⤵
        
        PID:10536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27499.exe
        14⤵
        
        PID:6508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7980 -s 216
        13⤵
        
        PID:10844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4472 -s 236
        12⤵
        
        PID:8768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3176 -s 216
        11⤵
        
        PID:6620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 916 -s 220
        10⤵
        
        PID:4844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3374.exe
        9⤵
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50121.exe
        10⤵
        
        PID:3912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7090.exe
        11⤵
        
        PID:4956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24656.exe
        12⤵
        
        PID:8676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60246.exe
        13⤵
        
        PID:11172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8676 -s 216
        13⤵
        
        PID:12008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4956 -s 216
        12⤵
        
        PID:9868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3912 -s 236
        11⤵
        
        PID:6944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 236
        10⤵
        
        PID:4572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2820 -s 240
        9⤵
        Program crash
        
        PID:3420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61838.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4189.exe
        9⤵
        
        PID:760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52643.exe
        10⤵
        
        PID:3676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29540.exe
        11⤵
        
        PID:5940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64558.exe
        12⤵
        
        PID:8396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61808.exe
        13⤵
        
        PID:11256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8396 -s 204
        13⤵
        
        PID:12220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5940 -s 216
        12⤵
        
        PID:9604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3676 -s 236
        11⤵
        
        PID:7092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 760 -s 216
        10⤵
        
        PID:5140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36861.exe
        9⤵
        
        PID:3840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64651.exe
        10⤵
        
        PID:6288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30708.exe
        11⤵
        
        PID:8832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43225.exe
        12⤵
        
        PID:11228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8832 -s 220
        12⤵
        
        PID:12180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6288 -s 216
        11⤵
        
        PID:9996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3840 -s 236
        10⤵
        
        PID:7516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2856 -s 220
        9⤵
        
        PID:5184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2084 -s 240
        8⤵
        Program crash
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28890.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42809.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45606.exe
        9⤵
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58865.exe
        10⤵
        
        PID:3464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35762.exe
        11⤵
        
        PID:5732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11465.exe
        12⤵
        
        PID:8252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2493.exe
        13⤵
        
        PID:10968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8252 -s 216
        13⤵
        
        PID:12076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5732 -s 216
        12⤵
        
        PID:9504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3464 -s 216
        11⤵
        
        PID:7032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2664 -s 236
        10⤵
        
        PID:4528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57474.exe
        9⤵
        
        PID:3648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26525.exe
        10⤵
        
        PID:5696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28439.exe
        11⤵
        
        PID:8216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50215.exe
        12⤵
        
        PID:11204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35065.exe
        13⤵
        
        PID:6496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8216 -s 216
        12⤵
        
        PID:12332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5696 -s 216
        11⤵
        
        PID:10196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3648 -s 216
        10⤵
        
        PID:6844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1276 -s 240
        9⤵
        
        PID:4728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37992.exe
        8⤵
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28331.exe
        9⤵
        
        PID:3892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39400.exe
        10⤵
        
        PID:6236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6203.exe
        11⤵
        
        PID:8880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21160.exe
        12⤵
        
        PID:10948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8880 -s 216
        12⤵
        
        PID:11276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6236 -s 216
        11⤵
        
        PID:10012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3892 -s 216
        10⤵
        
        PID:7508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2832 -s 216
        9⤵
        
        PID:5848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2732 -s 240
        8⤵
        Program crash
        
        PID:4044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1264 -s 240
        7⤵
        Program crash
        
        PID:592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62549.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43171.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33546.exe
        8⤵
        
        PID:2396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21917.exe
        9⤵
        
        PID:3764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38393.exe
        10⤵
        
        PID:5428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21772.exe
        11⤵
        
        PID:2996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14937.exe
        12⤵
        
        PID:10676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2996 -s 216
        12⤵
        
        PID:11936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5428 -s 216
        11⤵
        
        PID:9448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3764 -s 216
        10⤵
        
        PID:6664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2396 -s 236
        9⤵
        
        PID:4804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6135.exe
        8⤵
        
        PID:3884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2897.exe
        9⤵
        
        PID:5924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25664.exe
        10⤵
        
        PID:8316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61808.exe
        11⤵
        
        PID:11252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8316 -s 204
        11⤵
        
        PID:12204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5924 -s 216
        10⤵
        
        PID:9552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3884 -s 216
        9⤵
        
        PID:7128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2496 -s 240
        8⤵
        
        PID:5020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1800 -s 216
        7⤵
        Program crash
        
        PID:2900
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1992 -s 240
        6⤵
        Program crash
        
        PID:2860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46166.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60048.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26390.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28419.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65258.exe
        9⤵
        
        PID:2044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2044 -s 200
        10⤵
        Program crash
        
        PID:2348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 700 -s 236
        9⤵
        
        PID:4920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53561.exe
        8⤵
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65040.exe
        9⤵
        
        PID:3456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28331.exe
        10⤵
        
        PID:3796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18596.exe
        11⤵
        
        PID:5164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7765.exe
        12⤵
        
        PID:8592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33604.exe
        13⤵
        
        PID:11224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8592 -s 216
        13⤵
        
        PID:12092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5164 -s 216
        12⤵
        
        PID:9820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3796 -s 216
        11⤵
        
        PID:7384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3456 -s 216
        10⤵
        
        PID:5840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57666.exe
        9⤵
        
        PID:4200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11065.exe
        10⤵
        
        PID:6656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35259.exe
        11⤵
        
        PID:8684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57672.exe
        12⤵
        
        PID:11652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8684 -s 216
        12⤵
        
        PID:12784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6656 -s 216
        11⤵
        
        PID:2212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4200 -s 216
        10⤵
        
        PID:7896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2028 -s 240
        9⤵
        
        PID:5772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2388 -s 240
        8⤵
        Program crash
        
        PID:3320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43363.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47168.exe
        8⤵
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21377.exe
        9⤵
        
        PID:3816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3717.exe
        10⤵
        
        PID:4564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19447.exe
        11⤵
        
        PID:7052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22898.exe
        12⤵
        
        PID:9108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35306.exe
        13⤵
        
        PID:12124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9108 -s 216
        13⤵
        
        PID:12960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7052 -s 216
        12⤵
        
        PID:10332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4564 -s 236
        11⤵
        
        PID:8040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3816 -s 236
        10⤵
        
        PID:5656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63779.exe
        9⤵
        
        PID:4620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13800.exe
        10⤵
        
        PID:6248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39042.exe
        11⤵
        
        PID:8364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57371.exe
        12⤵
        
        PID:11076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8364 -s 236
        12⤵
        
        PID:13032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6248 -s 216
        11⤵
        
        PID:10404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4620 -s 216
        10⤵
        
        PID:7284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2976 -s 240
        9⤵
        
        PID:5672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46436.exe
        8⤵
        
        PID:3844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34252.exe
        9⤵
        
        PID:4708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48419.exe
        10⤵
        
        PID:6344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12591.exe
        11⤵
        
        PID:8228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12747.exe
        12⤵
        
        PID:12020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8228 -s 236
        12⤵
        
        PID:12932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6344 -s 216
        11⤵
        
        PID:10348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4708 -s 216
        10⤵
        
        PID:7628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3844 -s 236
        9⤵
        
        PID:6100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2468 -s 240
        8⤵
        Program crash
        
        PID:3304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1752 -s 240
        7⤵
        Program crash
        
        PID:2932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49503.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63229.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12357.exe
        8⤵
        
        PID:996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60427.exe
        9⤵
        
        PID:3624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31403.exe
        10⤵
        
        PID:4380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7189.exe
        11⤵
        
        PID:7976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28944.exe
        12⤵
        
        PID:11184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7976 -s 220
        12⤵
        
        PID:11624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4380 -s 216
        11⤵
        
        PID:8360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3624 -s 236
        10⤵
        
        PID:7112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 996 -s 236
        9⤵
        
        PID:4648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50868.exe
        8⤵
        
        PID:3696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25949.exe
        9⤵
        
        PID:4972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64366.exe
        10⤵
        
        PID:8056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51310.exe
        11⤵
        
        PID:11244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47125.exe
        12⤵
        
        PID:12940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8056 -s 216
        11⤵
        
        PID:11676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4972 -s 216
        10⤵
        
        PID:9268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3696 -s 216
        9⤵
        
        PID:6180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1732 -s 240
        8⤵
        
        PID:4696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2628 -s 236
        7⤵
        Program crash
        
        PID:3328
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2792 -s 240
        6⤵
        Program crash
        
        PID:2372
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2516 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10504.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10504.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12746.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57910.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40396.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14604.exe
        8⤵
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12933.exe
        9⤵
        
        PID:1136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26961.exe
        10⤵
        
        PID:4344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8481.exe
        11⤵
        
        PID:6468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36245.exe
        12⤵
        
        PID:9136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2576.exe
        13⤵
        
        PID:10500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9136 -s 216
        13⤵
        
        PID:5136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6468 -s 216
        12⤵
        
        PID:10168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4344 -s 216
        11⤵
        
        PID:7672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1136 -s 216
        10⤵
        
        PID:5868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2904 -s 216
        9⤵
        Program crash
        
        PID:3108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 324 -s 236
        8⤵
        Program crash
        
        PID:3448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56192.exe
        7⤵
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29270.exe
        8⤵
        
        PID:3144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46229.exe
        9⤵
        
        PID:3380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60375.exe
        10⤵
        
        PID:4484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24896.exe
        11⤵
        
        PID:7408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58938.exe
        12⤵
        
        PID:11108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7408 -s 216
        12⤵
        
        PID:11520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4484 -s 216
        11⤵
        
        PID:8564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3380 -s 236
        10⤵
        
        PID:6888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3144 -s 236
        9⤵
        
        PID:4372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32393.exe
        8⤵
        
        PID:3476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31595.exe
        9⤵
        
        PID:4764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59706.exe
        10⤵
        
        PID:7500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54854.exe
        11⤵
        
        PID:11152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7500 -s 216
        11⤵
        
        PID:11536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4764 -s 236
        10⤵
        
        PID:8388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3476 -s 216
        9⤵
        
        PID:6904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2788 -s 240
        8⤵
        
        PID:4508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2132 -s 240
        7⤵
        Program crash
        
        PID:2376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55341.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41247.exe
        7⤵
        
        PID:1372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64080.exe
        8⤵
        
        PID:3080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36691.exe
        9⤵
        
        PID:3744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11833.exe
        10⤵
        
        PID:5912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30132.exe
        11⤵
        
        PID:8660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29520.exe
        12⤵
        
        PID:11092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8660 -s 216
        12⤵
        
        PID:11840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5912 -s 216
        11⤵
        
        PID:9860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3744 -s 216
        10⤵
        
        PID:7276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3080 -s 236
        9⤵
        
        PID:5632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1372 -s 216
        8⤵
        Program crash
        
        PID:4052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13488.exe
        7⤵
        
        PID:340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57687.exe
        8⤵
        
        PID:4300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61766.exe
        9⤵
        
        PID:6436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25062.exe
        10⤵
        
        PID:9036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22613.exe
        11⤵
        
        PID:11192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41479.exe
        12⤵
        
        PID:7148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9036 -s 220
        11⤵
        
        PID:4904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6436 -s 216
        10⤵
        
        PID:10104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4300 -s 216
        9⤵
        
        PID:7684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 340 -s 216
        8⤵
        
        PID:5820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1920 -s 240
        7⤵
        Program crash
        
        PID:4092
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2344 -s 240
        6⤵
        Program crash
        
        PID:2836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50297.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13753.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-214.exe
        7⤵
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49690.exe
        8⤵
        
        PID:796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57303.exe
        9⤵
        
        PID:3656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3656 -s 224
        10⤵
        
        PID:6000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 796 -s 236
        9⤵
        
        PID:5408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59996.exe
        8⤵
        
        PID:3832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1911.exe
        9⤵
        
        PID:5740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5740 -s 224
        10⤵
        
        PID:8488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3832 -s 216
        9⤵
        
        PID:6304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2380 -s 220
        8⤵
        
        PID:5476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37992.exe
        7⤵
        
        PID:992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2072.exe
        8⤵
        
        PID:3756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10427.exe
        9⤵
        
        PID:5388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20018.exe
        10⤵
        
        PID:8608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39826.exe
        11⤵
        
        PID:10900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8608 -s 216
        11⤵
        
        PID:11436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5388 -s 216
        10⤵
        
        PID:9836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3756 -s 216
        9⤵
        
        PID:7344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 992 -s 236
        8⤵
        
        PID:5416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1640 -s 240
        7⤵
        Program crash
        
        PID:3928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60276.exe
        6⤵
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14879.exe
        7⤵
        
        PID:980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63141.exe
        8⤵
        
        PID:3140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32794.exe
        9⤵
        
        PID:5960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7765.exe
        10⤵
        
        PID:8584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19214.exe
        11⤵
        
        PID:11012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8584 -s 216
        11⤵
        
        PID:12200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5960 -s 216
        10⤵
        
        PID:9828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3140 -s 216
        9⤵
        
        PID:7400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 980 -s 236
        8⤵
        
        PID:5892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2400 -s 216
        7⤵
        Program crash
        
        PID:3824
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2232 -s 240
        6⤵
        Program crash
        
        PID:2192
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1804 -s 240
        5⤵
        Program crash
        
        PID:2928
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2632 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1676
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48439.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48439.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22202.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22202.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8662.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4625.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17838.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28803.exe
        8⤵
        
        PID:1484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35492.exe
        9⤵
        
        PID:1556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40967.exe
        10⤵
        
        PID:4012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19233.exe
        11⤵
        
        PID:6712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31175.exe
        12⤵
        
        PID:8712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8712 -s 240
        13⤵
        
        PID:2176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6712 -s 216
        12⤵
        
        PID:10180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4012 -s 216
        11⤵
        
        PID:7888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1556 -s 236
        10⤵
        
        PID:5484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18963.exe
        9⤵
        
        PID:3708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57490.exe
        10⤵
        
        PID:5640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36930.exe
        11⤵
        
        PID:8756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2877.exe
        12⤵
        
        PID:10284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12122.exe
        13⤵
        
        PID:6964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8756 -s 216
        12⤵
        
        PID:12232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5640 -s 216
        11⤵
        
        PID:9956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3708 -s 216
        10⤵
        
        PID:7336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1484 -s 240
        9⤵
        
        PID:5548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25740.exe
        8⤵
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13748.exe
        9⤵
        
        PID:4004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26032.exe
        10⤵
        
        PID:6132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36162.exe
        11⤵
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14937.exe
        12⤵
        
        PID:10748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2864 -s 216
        12⤵
        
        PID:11928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6132 -s 216
        11⤵
        
        PID:9408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4004 -s 216
        10⤵
        
        PID:6668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2000 -s 216
        9⤵
        
        PID:5192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1696 -s 240
        8⤵
        Program crash
        
        PID:3668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43747.exe
        7⤵
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42351.exe
        8⤵
        
        PID:3904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51164.exe
        9⤵
        
        PID:4960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40827.exe
        10⤵
        
        PID:6492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54008.exe
        11⤵
        
        PID:8872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5586.exe
        12⤵
        
        PID:12360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8872 -s 216
        12⤵
        
        PID:13148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6492 -s 216
        11⤵
        
        PID:10436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4960 -s 216
        10⤵
        
        PID:2292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3904 -s 236
        9⤵
        
        PID:5812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1740 -s 216
        8⤵
        
        PID:4464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1904 -s 240
        7⤵
        Program crash
        
        PID:1648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8278.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63613.exe
        7⤵
        
        PID:904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10795.exe
        8⤵
        
        PID:812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62949.exe
        9⤵
        
        PID:3276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11750.exe
        10⤵
        
        PID:5456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48414.exe
        11⤵
        
        PID:8032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12799.exe
        12⤵
        
        PID:11052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57130.exe
        13⤵
        
        PID:7652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8032 -s 216
        12⤵
        
        PID:11960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5456 -s 216
        11⤵
        
        PID:9464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3276 -s 216
        10⤵
        
        PID:6748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 812 -s 236
        9⤵
        
        PID:4144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38999.exe
        8⤵
        
        PID:3428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26717.exe
        9⤵
        
        PID:5512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54444.exe
        10⤵
        
        PID:8196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36187.exe
        11⤵
        
        PID:2172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8196 -s 216
        11⤵
        
        PID:11660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5512 -s 216
        10⤵
        
        PID:9472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3428 -s 216
        9⤵
        
        PID:6728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 904 -s 240
        8⤵
        
        PID:5096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37992.exe
        7⤵
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40391.exe
        8⤵
        
        PID:468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8242.exe
        9⤵
        
        PID:5648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38108.exe
        10⤵
        
        PID:8268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60692.exe
        11⤵
        
        PID:11104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58417.exe
        12⤵
        
        PID:12900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8268 -s 216
        11⤵
        
        PID:12408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5648 -s 216
        10⤵
        
        PID:9496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 468 -s 216
        9⤵
        
        PID:6800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2876 -s 216
        8⤵
        
        PID:5000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2336 -s 240
        7⤵
        Program crash
        
        PID:3680
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 484 -s 240
        6⤵
        Program crash
        
        PID:336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11402.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52648.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49415.exe
        7⤵
        
        PID:1412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25186.exe
        8⤵
        
        PID:408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3826.exe
        9⤵
        
        PID:4156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39653.exe
        10⤵
        
        PID:6752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29613.exe
        11⤵
        
        PID:8896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41720.exe
        12⤵
        
        PID:11832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8896 -s 236
        12⤵
        
        PID:12924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6752 -s 236
        11⤵
        
        PID:9304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4156 -s 216
        10⤵
        
        PID:7928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 408 -s 216
        9⤵
        
        PID:5756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1412 -s 216
        8⤵
        Program crash
        
        PID:3152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42268.exe
        7⤵
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40583.exe
        8⤵
        
        PID:3232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65035.exe
        9⤵
        
        PID:5368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3297.exe
        10⤵
        
        PID:7724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10853.exe
        11⤵
        
        PID:10884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7724 -s 216
        11⤵
        
        PID:11920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5368 -s 216
        10⤵
        
        PID:9456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3232 -s 216
        9⤵
        
        PID:6596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2196 -s 236
        8⤵
        
        PID:5072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2136 -s 240
        7⤵
        Program crash
        
        PID:3528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64360.exe
        6⤵
        
        PID:1792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33354.exe
        7⤵
        
        PID:1016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19395.exe
        8⤵
        
        PID:3856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59716.exe
        9⤵
        
        PID:5116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30687.exe
        10⤵
        
        PID:7784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7784 -s 220
        11⤵
        
        PID:9796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5116 -s 216
        10⤵
        
        PID:8424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3856 -s 236
        9⤵
        
        PID:6312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1016 -s 236
        8⤵
        
        PID:4120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3613.exe
        7⤵
        
        PID:3984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47931.exe
        8⤵
        
        PID:4132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42000.exe
        9⤵
        
        PID:7832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54854.exe
        10⤵
        
        PID:11136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7832 -s 216
        10⤵
        
        PID:11512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4132 -s 236
        9⤵
        
        PID:8324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3984 -s 236
        8⤵
        
        PID:7076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1792 -s 240
        7⤵
        
        PID:4608
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1184 -s 240
        6⤵
        Program crash
        
        PID:2216
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2220 -s 240
        5⤵
        Program crash
        
        PID:2068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23607.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23607.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:772
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 772 -s 240
        5⤵
        Program crash
        
        PID:2804
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2676 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:2456
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2252 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:1960
- C:\Users\Admin\AppData\Local\Temp\Unicorn-36103.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-36103.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2756
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23188.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23188.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22202.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22202.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35305.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20962.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24252.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30365.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51013.exe
        9⤵
        
        PID:3772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17916.exe
        10⤵
        
        PID:4756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32467.exe
        11⤵
        
        PID:6680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6753.exe
        12⤵
        
        PID:8236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28036.exe
        13⤵
        
        PID:12544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8236 -s 240
        13⤵
        
        PID:13184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6680 -s 216
        12⤵
        
        PID:10452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4756 -s 216
        11⤵
        
        PID:7452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3772 -s 236
        10⤵
        
        PID:6140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3028 -s 216
        9⤵
        Program crash
        
        PID:3308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25932.exe
        8⤵
        
        PID:2940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14324.exe
        9⤵
        
        PID:3896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40614.exe
        10⤵
        
        PID:5172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65134.exe
        11⤵
        
        PID:8512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29712.exe
        12⤵
        
        PID:10660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8512 -s 220
        12⤵
        
        PID:12248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5172 -s 216
        11⤵
        
        PID:9688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3896 -s 216
        10⤵
        
        PID:7220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2940 -s 216
        9⤵
        
        PID:5464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2508 -s 240
        8⤵
        Program crash
        
        PID:3972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37141.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15071.exe
        8⤵
        
        PID:612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7526.exe
        9⤵
        
        PID:3240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7941.exe
        10⤵
        
        PID:6024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53520.exe
        11⤵
        
        PID:8328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54683.exe
        12⤵
        
        PID:10600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8328 -s 236
        12⤵
        
        PID:12492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6024 -s 216
        11⤵
        
        PID:9256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3240 -s 216
        10⤵
        
        PID:7072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 612 -s 236
        9⤵
        
        PID:5392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3044 -s 236
        8⤵
        Program crash
        
        PID:3208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 676 -s 240
        7⤵
        Program crash
        
        PID:2620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12554.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26281.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16442.exe
        8⤵
        
        PID:1064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14085.exe
        9⤵
        
        PID:3872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10515.exe
        10⤵
        
        PID:5076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12212.exe
        11⤵
        
        PID:7812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6774.exe
        12⤵
        
        PID:9948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36352.exe
        13⤵
        
        PID:12536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7812 -s 216
        12⤵
        
        PID:10980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5076 -s 216
        11⤵
        
        PID:8432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3872 -s 216
        10⤵
        
        PID:6276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1064 -s 236
        9⤵
        
        PID:4836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15709.exe
        8⤵
        
        PID:3944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59908.exe
        9⤵
        
        PID:5008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26219.exe
        10⤵
        
        PID:7604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38632.exe
        11⤵
        
        PID:9756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8658.exe
        12⤵
        
        PID:13048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9756 -s 236
        12⤵
        
        PID:13272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7604 -s 236
        11⤵
        
        PID:10752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5008 -s 216
        10⤵
        
        PID:8284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3944 -s 236
        9⤵
        
        PID:6216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 896 -s 220
        8⤵
        
        PID:4520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-660.exe
        7⤵
        
        PID:1436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36499.exe
        8⤵
        
        PID:3172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31211.exe
        9⤵
        
        PID:4976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4976 -s 220
        10⤵
        
        PID:7572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3172 -s 236
        9⤵
        
        PID:6788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1436 -s 216
        8⤵
        
        PID:4216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2504 -s 240
        7⤵
        Program crash
        
        PID:3536
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1628 -s 240
        6⤵
        Program crash
        
        PID:444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62549.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38450.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50785.exe
        7⤵
        
        PID:2200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55912.exe
        8⤵
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42913.exe
        9⤵
        
        PID:3888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12025.exe
        10⤵
        
        PID:5936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16126.exe
        11⤵
        
        PID:8472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29712.exe
        12⤵
        
        PID:10872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8472 -s 220
        12⤵
        
        PID:12256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5936 -s 216
        11⤵
        
        PID:9664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3888 -s 216
        10⤵
        
        PID:6336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1632 -s 236
        9⤵
        
        PID:5580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2200 -s 216
        8⤵
        Program crash
        
        PID:3112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7458.exe
        7⤵
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26961.exe
        8⤵
        
        PID:4336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18404.exe
        9⤵
        
        PID:6088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17147.exe
        10⤵
        
        PID:8460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50490.exe
        11⤵
        
        PID:11420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8460 -s 236
        11⤵
        
        PID:12712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6088 -s 216
        10⤵
        
        PID:9512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4336 -s 216
        9⤵
        
        PID:7428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2872 -s 236
        8⤵
        
        PID:5860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11075.exe
        6⤵
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27324.exe
        7⤵
        
        PID:1152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30661.exe
        8⤵
        
        PID:3552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38668.exe
        9⤵
        
        PID:5984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44714.exe
        10⤵
        
        PID:8544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16692.exe
        11⤵
        
        PID:11196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8544 -s 204
        11⤵
        
        PID:12212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5984 -s 236
        10⤵
        
        PID:9696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3552 -s 216
        9⤵
        
        PID:6564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1152 -s 216
        8⤵
        
        PID:5400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1668 -s 236
        7⤵
        Program crash
        
        PID:3496
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1756 -s 240
        6⤵
        Program crash
        
        PID:2484
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1896 -s 240
        5⤵
        Program crash
        
        PID:1644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58418.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58418.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31268.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21922.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10520.exe
        7⤵
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57858.exe
        8⤵
        
        PID:1488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57111.exe
        9⤵
        
        PID:3264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59005.exe
        10⤵
        
        PID:5328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36162.exe
        11⤵
        
        PID:8008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30698.exe
        12⤵
        
        PID:10548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8008 -s 216
        12⤵
        
        PID:11904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5328 -s 236
        11⤵
        
        PID:9416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3264 -s 236
        10⤵
        
        PID:6456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1488 -s 216
        9⤵
        
        PID:4176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2556 -s 236
        8⤵
        Program crash
        
        PID:3964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44215.exe
        7⤵
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40199.exe
        8⤵
        
        PID:3088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4568.exe
        9⤵
        
        PID:5108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-391.exe
        10⤵
        
        PID:7920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7920 -s 220
        11⤵
        
        PID:11068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5108 -s 216
        10⤵
        
        PID:9192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3088 -s 236
        9⤵
        
        PID:6824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2340 -s 236
        8⤵
        
        PID:4224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1620 -s 240
        7⤵
        Program crash
        
        PID:3480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2907.exe
        6⤵
        
        PID:1888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12933.exe
        7⤵
        
        PID:2364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3250.exe
        8⤵
        
        PID:3224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19343.exe
        9⤵
        
        PID:4604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24896.exe
        10⤵
        
        PID:7176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54854.exe
        11⤵
        
        PID:11144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7176 -s 216
        11⤵
        
        PID:11528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4604 -s 216
        10⤵
        
        PID:8260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3224 -s 216
        9⤵
        
        PID:6896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2364 -s 236
        8⤵
        
        PID:4440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57090.exe
        7⤵
        
        PID:3292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32882.exe
        8⤵
        
        PID:4812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15445.exe
        9⤵
        
        PID:6264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7137.exe
        10⤵
        
        PID:9296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22966.exe
        11⤵
        
        PID:12852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9296 -s 236
        11⤵
        
        PID:13232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6264 -s 216
        10⤵
        
        PID:10636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4812 -s 216
        9⤵
        
        PID:8372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3292 -s 236
        8⤵
        
        PID:6048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1888 -s 220
        7⤵
        Program crash
        
        PID:4252
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2944 -s 240
        6⤵
        Program crash
        
        PID:2460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28698.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-214.exe
        6⤵
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39576.exe
        7⤵
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23671.exe
        8⤵
        
        PID:3196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45409.exe
        9⤵
        
        PID:4332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47646.exe
        10⤵
        
        PID:7828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65160.exe
        11⤵
        
        PID:11016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7828 -s 216
        11⤵
        
        PID:11504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4332 -s 216
        10⤵
        
        PID:9128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3196 -s 216
        9⤵
        
        PID:6860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2780 -s 236
        8⤵
        
        PID:4316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14111.exe
        7⤵
        
        PID:3256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29073.exe
        8⤵
        
        PID:5032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4667.exe
        9⤵
        
        PID:7796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34434.exe
        10⤵
        
        PID:11044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7796 -s 216
        10⤵
        
        PID:11448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5032 -s 216
        9⤵
        
        PID:9124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3256 -s 216
        8⤵
        
        PID:6812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1612 -s 240
        7⤵
        
        PID:4208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60551.exe
        6⤵
        
        PID:2268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42721.exe
        7⤵
        
        PID:4240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12757.exe
        8⤵
        
        PID:6384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48497.exe
        9⤵
        
        PID:9100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48269.exe
        10⤵
        
        PID:11040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9100 -s 220
        10⤵
        
        PID:12308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6384 -s 216
        9⤵
        
        PID:10156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4240 -s 220
        8⤵
        
        PID:7580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2268 -s 236
        7⤵
        
        PID:5792
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1252 -s 220
        6⤵
        Program crash
        
        PID:4068
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1232 -s 240
        5⤵
        Program crash
        
        PID:540
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2740 -s 220
      4⤵
      Loads dropped DLL
      Program crash
      PID:1528
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28978.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28978.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35305.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35305.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47604.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19976.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34449.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51013.exe
        8⤵
        
        PID:3748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33868.exe
        9⤵
        
        PID:4496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30931.exe
        10⤵
        
        PID:6684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62477.exe
        11⤵
        
        PID:8844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53396.exe
        12⤵
        
        PID:11796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8844 -s 236
        12⤵
        
        PID:12876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6684 -s 216
        11⤵
        
        PID:10060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4496 -s 216
        10⤵
        
        PID:7880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3748 -s 236
        9⤵
        
        PID:5224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2184 -s 216
        8⤵
        Program crash
        
        PID:3212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2560 -s 236
        7⤵
        Program crash
        
        PID:3372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24889.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53966.exe
        7⤵
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62373.exe
        8⤵
        
        PID:3956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45409.exe
        9⤵
        
        PID:4460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37340.exe
        10⤵
        
        PID:8004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24128.exe
        11⤵
        
        PID:11080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62283.exe
        12⤵
        
        PID:7352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8004 -s 216
        11⤵
        
        PID:11488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4460 -s 216
        10⤵
        
        PID:8204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3956 -s 216
        9⤵
        
        PID:6868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2948 -s 236
        8⤵
        
        PID:4308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18003.exe
        7⤵
        
        PID:352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3390.exe
        8⤵
        
        PID:4688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-775.exe
        9⤵
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45088.exe
        10⤵
        
        PID:10376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1604 -s 216
        10⤵
        
        PID:11764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4688 -s 236
        9⤵
        
        PID:9308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 352 -s 216
        8⤵
        
        PID:6380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2644 -s 240
        7⤵
        
        PID:4820
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1704 -s 240
        6⤵
        Program crash
        
        PID:2784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10416.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48839.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59612.exe
        7⤵
        
        PID:816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38206.exe
        8⤵
        
        PID:3608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20163.exe
        9⤵
        
        PID:3800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3665.exe
        10⤵
        
        PID:6096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40246.exe
        11⤵
        
        PID:7840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64138.exe
        12⤵
        
        PID:10952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7840 -s 216
        12⤵
        
        PID:11944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6096 -s 216
        11⤵
        
        PID:9440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3800 -s 216
        10⤵
        
        PID:7312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3608 -s 236
        9⤵
        
        PID:5684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39191.exe
        8⤵
        
        PID:4112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37454.exe
        9⤵
        
        PID:6168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59488.exe
        10⤵
        
        PID:8716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19214.exe
        11⤵
        
        PID:11060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8716 -s 216
        11⤵
        
        PID:11576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6168 -s 216
        10⤵
        
        PID:9932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4112 -s 216
        9⤵
        
        PID:7476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 816 -s 240
        8⤵
        
        PID:5780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63265.exe
        7⤵
        
        PID:3636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26276.exe
        8⤵
        
        PID:4652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13224.exe
        9⤵
        
        PID:7132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51486.exe
        10⤵
        
        PID:8308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6224.exe
        11⤵
        
        PID:12192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8308 -s 236
        11⤵
        
        PID:12976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7132 -s 216
        10⤵
        
        PID:10428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4652 -s 216
        9⤵
        
        PID:8124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3636 -s 236
        8⤵
        
        PID:5692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2524 -s 240
        7⤵
        Program crash
        
        PID:3940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21272.exe
        6⤵
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27900.exe
        7⤵
        
        PID:3712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16354.exe
        8⤵
        
        PID:4876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59384.exe
        9⤵
        
        PID:7196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50308.exe
        10⤵
        
        PID:9236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27050.exe
        11⤵
        
        PID:12820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9236 -s 216
        11⤵
        
        PID:13220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7196 -s 216
        10⤵
        
        PID:10604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4876 -s 216
        9⤵
        
        PID:8788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3712 -s 236
        8⤵
        
        PID:5620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2324 -s 236
        7⤵
        
        PID:4744
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2080 -s 240
        6⤵
        Program crash
        
        PID:3396
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1848 -s 240
        5⤵
        Program crash
        
        PID:1112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7318.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7318.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56924.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63037.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20526.exe
        7⤵
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5196.exe
        8⤵
        
        PID:3724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18959.exe
        9⤵
        
        PID:4916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51154.exe
        10⤵
        
        PID:7368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18975.exe
        11⤵
        
        PID:10932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26212.exe
        12⤵
        
        PID:7876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7368 -s 216
        11⤵
        
        PID:11376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4916 -s 216
        10⤵
        
        PID:8436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1532 -s 236
        8⤵
        
        PID:5064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59036.exe
        7⤵
        
        PID:3804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59451.exe
        8⤵
        
        PID:6032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21580.exe
        9⤵
        
        PID:8332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33412.exe
        10⤵
        
        PID:11024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8332 -s 216
        10⤵
        
        PID:11952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6032 -s 216
        9⤵
        
        PID:9544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3804 -s 236
        8⤵
        
        PID:6592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2656 -s 240
        7⤵
        
        PID:4704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6882.exe
        6⤵
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22746.exe
        7⤵
        
        PID:4592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1164.exe
        8⤵
        
        PID:6968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49540.exe
        9⤵
        
        PID:8952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15461.exe
        10⤵
        
        PID:12160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8952 -s 216
        10⤵
        
        PID:12968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6968 -s 216
        9⤵
        
        PID:10340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4592 -s 216
        8⤵
        
        PID:8024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2152 -s 236
        7⤵
        
        PID:5668
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1900 -s 240
        6⤵
        Program crash
        
        PID:3580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39087.exe
        5⤵
        Executes dropped EXE
        
        PID:1616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51828.exe
        6⤵
        
        PID:2408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34553.exe
        7⤵
        
        PID:4184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29094.exe
        8⤵
        
        PID:6328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36738.exe
        9⤵
        
        PID:8940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20667.exe
        10⤵
        
        PID:10396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8940 -s 204
        10⤵
        
        PID:11396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6328 -s 220
        9⤵
        
        PID:10028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4184 -s 216
        8⤵
        
        PID:7552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2408 -s 216
        7⤵
        
        PID:5764
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1616 -s 236
        6⤵
        Program crash
        
        PID:804
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3052 -s 240
        5⤵
        Program crash
        
        PID:2552
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1564 -s 240
      4⤵
      Program crash
      PID:2092
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2756 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:1864
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1988 -s 240
  2⤵
  - Program crash
  PID:2300

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10504.exe

Filesize
184KB

MD5
c9df73c62e7a01072f93b392cf1a0559

SHA1
b76424d7cf365b774f6cf78f26783ee558a9f28e

SHA256
d5f44d0763737236f9103053817b33c797cf78d7d597c56aaa08b43cac22cec5

SHA512
1ac1f20454ad4f0c729270a08c3b5a869e76a2cd12bd94c11da7ce922bb6974eec4927856219ca8d92484579a9daa243ab7b511785e6482b41702ae02968f5bb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-13488.exe

Filesize
184KB

MD5
7a7e961768e1e07deea07e85155326b5

SHA1
e302978aa6bc995bd0e182b5d4ce2f89419f07e4

SHA256
306ac9e44a4c7e19a90a32f6ca72d7681082ad8461be5a9668cc0f9fc7d45b86

SHA512
0aff6e7cc1a4f48efbbf64db25c04db695817623ca00fa7924267b904bcf36addb25342982f1a3cb06b8312dd921360a53f18bb8016c18a3048e34a10d0c5e8e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18118.exe

Filesize
184KB

MD5
fcca957dd6a24aaedae0daac6e2b8b4d

SHA1
1ff2b663cecf9b2cb4eb5a495b774434fa9d02b6

SHA256
84456901f5a1daeedf4865b4df6a62437adedc788c4b7578a17e98cdff31fc5e

SHA512
ac1f17d2aff07b2da8626a2406f10e564a9a82e530ff739208477bad04e5b620159bbd0ec952cbc428aa5f866e6f45385947ffcc1673a8dbf42850010f419520

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28978.exe

Filesize
184KB

MD5
94a4852a6096e5276fd07a00b5436765

SHA1
359d37dcb05f22927b253d36b28ca0f673496d0d

SHA256
d9b6ff4f3eeb27a3c33291772a6d6b6a3c3d9b548417fc1e66269dbc1b5c6efb

SHA512
ee98f5bd6e0375671a4ed59bd30b45b0a3c3170ce20b2ff2a5f2a54c9dbd613f7b1da8897fc3cf201c24ec0685f44aa6ff6638c2330a49d09a7739ad776c8e64

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29094.exe

Filesize
184KB

MD5
a4b6a3eb57ee3117ed901a187aca1d06

SHA1
4e87bc0f634df17aa3095602d5237e4b62e05190

SHA256
c94eeb2bf5aaed31ed0e9cd7ac9ea5feb02df688e2d742924e97036b533b5875

SHA512
2cbe4a28f5b4f4da64393e2cba0d6d47202cd29678c561700b88d0f337ba5fba148f391f923458bc33cd88da7977377f8a815dc9d957507baaed796c0be823d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30132.exe

Filesize
184KB

MD5
8ca89c70ea6e2bf969d9a22826195643

SHA1
b46e3193f53bb2ec8aedba9427a06af55fc6e888

SHA256
7bef0879a1e0dda2c2548fba7c8e5c4b1c5acad95ed831cd0e9d33925f6566a0

SHA512
9badbe6060697c75de0329bb65cac0e3166df88a104e790e798ff9c9ac8ba1a1eacb5c6f8c91926eee618172e22970959e94a893b85b852337ceecc93c6fd195

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30708.exe

Filesize
184KB

MD5
e84fe92422d5896992bafbe4a1a8606e

SHA1
19a0c048711d353a58f2c4fd6cbc7272995f79ef

SHA256
3ab4055a6c20dc819ec3dd55015caf0d47766378663cb64c7c289d945653c95b

SHA512
837ba12e1ea743b2fd127506fbd4940002f80ed1877d37fd5e9c3826656a93ff8d2b798cb57bf5b0cfb0bb71dd2d8d452d85825950039a88e37e0a4d2bba58d4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3665.exe

Filesize
184KB

MD5
eda52639b8087f7154d1b72fd36928ea

SHA1
58ae9d11e1d117f77fadee323c97a0ba06491255

SHA256
540a865437e291e6816ec89493302e75481163c4e531dd2f4170794d80a8a721

SHA512
87c628a3a63fb0c239b38aa749ff0cd6be97705ce88dab4a9dd5d44deaf731d16f0c3a4588d894768eb4fa196633c7b55f9f7c35c0544e706a6dd0292cf042ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36691.exe

Filesize
184KB

MD5
5b06b0bcd98acbd9e885707788daa6de

SHA1
25ffbfaf0177997ee9b1bfb6ff25ad8d1014e079

SHA256
96be1c6c6f8530a5a9c87366b037f2c78739d9095a21ba1eb221a0f075ae06f3

SHA512
68fed67c17b4d879d626445ffcbac4a466c71e4f968eb5ee0870544cc4eeac997d3ac9078d7424ecdf6a9784be00bd6016aedaa5ecf7081acae02f666b918813

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37340.exe

Filesize
184KB

MD5
b03b90e53c9c6263ddc1b4a5ea4ad16d

SHA1
23610254b255a6f280723409436144c754963006

SHA256
e8e623c89a582cc0de2439aa6d581daf7a478507a6b1a0b002925db8b497528b

SHA512
7dfcd6ce84c76d2626fac4e87bd069850bb94e31bb8fd4671510bd6a46bbd05aa624e0f6555b2c66f9b232346f6d961c461046dbc83ae9b04ece33eb04a1cf02

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57371.exe

Filesize
184KB

MD5
7f9e70d11d70db037e67aced5c289286

SHA1
c3bf3f04ca3ba3e4c0c357ce288319ddf93c1f21

SHA256
4a0c9a71d5bee629aa47a635d11d22e539eaec0ce735aa6a4752e202d54c2d94

SHA512
f091d89a4e01f3ee230ed44905378ddbddac21b517539698308ed626234341d9c7411cb6510d7074c8d8a6fec67c47bea38e8734fc41e58668caf7ae905ad977

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-65035.exe

Filesize
184KB

MD5
d0f6a5276c57583c91735b81e50cdf12

SHA1
a156411cafd57a6fa7b4a6dfbfb2ab437506b64e

SHA256
82327f34ab8c3e540414d62da8aad2d4d8c22e4a06e45b19d3cfded726e190ec

SHA512
66c403899e8300f9a87da0d29010f3c749fc505e54d4e6899076a4c94c5fe42d36e863356d92f3492fa830c20f1019cca58ff65aa638ddb40d2770ef558c51a7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-22202.exe

Filesize
184KB

MD5
775bd2192dfc744426b385d2a0b0beb0

SHA1
fc982445adb1340dd012d93c7e161ae257f46c7d

SHA256
40e62fd581cd57fd482fbc278a2e22d022c276d47c28dc49f9febb8008c2e120

SHA512
0aee02a5c7a646953194b40c3250e742fbd97ab5ec46790dee585907f2b0a7dde056da394197e25911f24e424faa19858deb783d40c5f08b4f744220475ead17

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-23188.exe

Filesize
184KB

MD5
3e9d1daf5f5175c771e3db12c699e05e

SHA1
02ee688c485a278f7a2edafb774253e656c4d4d3

SHA256
fbaf226549ca443d258808b23d59f6dd0e43385f1a5d40588f023dfd377074a7

SHA512
33dfbadc7663abd40938128a4fcffa2e87e22e91235fee6c951ac862aa266b68e4bdfedf060df31ef197c2af6c05e7cf59e1725dcb1a6cc6859745cee135e600

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-2767.exe

Filesize
184KB

MD5
13cf640da0107c060404beaab2510f23

SHA1
5a53dd3d9dd03de88b55a058944623f13d5e6b30

SHA256
848a20bdae2ae3178aa4086d71204dce535330ec8eef43fa8c149b2a1bc8f747

SHA512
ba421b0b7365df330d0f7b7dc76dc5be82eaafd604240a327ca4420f03a8c36ba42ed2341e29e0d67bd14bab96e8ffe7c58d65c474376e50266117f47ad333df

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-29244.exe

Filesize
184KB

MD5
462f5eb4b53d16953c834073333b4d20

SHA1
0820fad5890e411387152921ac133a4cef5c51ca

SHA256
318c5fa7f2972a2c74630141a4abe9276dde822eeade345e8812c18d8cabc514

SHA512
6f3e07b87a3c61bf9294cce3db5eb10b69b4ad22bd40049f4662cfe3133a617899b3eea395b3e7f5abf29eac3a8cfacedf6de34f7e10e6a46c3923cfe4898c2f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-36103.exe

Filesize
184KB

MD5
120cf250ed66ede2a19fa6ff78fb9bab

SHA1
d9f1ce58c822a0821910cbdb2556b3a41a02ddcb

SHA256
cf53a883ce72d2bffc66a62630142bf8980c594556d10f6f005cf437cb07cbd4

SHA512
2f73c5d04597bd7b261949546fb3dc2cf2a27f1f89c1cc7d13be2aed89d387df591f6e491a67595b036a5642a3e89e981aa5675784d5f9ce631e7d32814d8823

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-4578.exe

Filesize
184KB

MD5
04bf25019cc62b56c91e782352c7a454

SHA1
9f70621da55502b3f72d36f36c982f8a90f8bc7b

SHA256
9eadefa97aa1450cfdff3625bc98e93daca20a6f4f044df2daf291f62ec5b220

SHA512
04d7b23c1e2727a459f3691aad82d38876510e859116dc9e9a94b788f754199c14fad3b6e470bff792c6e7f3e93c534e723a6e1e94f7e72691ac09758c8b7942

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-46166.exe

Filesize
184KB

MD5
05310656e2ded281fddb8fb45b81c941

SHA1
28a9cef0ff75a532e4d7ecdd6951afe762f32d2f

SHA256
2193cc432a35f7ede916dfa800f9e073935a30c2370655373a868eecf025697b

SHA512
13aedd6f1986795cd3e98b1f13fef1a529d5b5ccd8553a7d96959950217da113af1993701929685f3dd019012282696bab7c34fd27afe3539b926b28aa672259

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48439.exe

Filesize
184KB

MD5
05ffea514c9022b73531195b1944ca25

SHA1
385d9c4fdef61db53e1817c1dabbd24d2ffb7eb8

SHA256
2c20352ef4b1ae2eec0ace680d35b02e4bd21f952783561bf5bd7a99bede7d04

SHA512
75f1a8639836e2e3d2b48a3b5d9ffda2c20c998e3c4ca275413273faa3b282b07339ebeca573f763b0ef4131bb58660bf20410c20f2c3d087ba088256ca42539

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55969.exe

Filesize
184KB

MD5
fc7c760fb3b52cc4cea5572353280077

SHA1
057c46a6dd55f94f06e51509df31fd50b20d014a

SHA256
2c55eb357421e837e70fed56e9ba592cf8f9c1c220200175dbca67fea485a638

SHA512
58a0142d2ee3792e6d00f21a9d0bab5c5b72aee438cd4e3c563ace83e00a4ad3d895eaa7c35be58746fecce943acacbd7ee0b2ca62b5ef1f76c6bc016e213ecb

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads