6bb32bf11d930b8500326e1471f5420537d21764b063a8a9811030a0afac04fe

Analysis

max time kernel
150s
max time network
124s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
10-06-2024 23:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6bb32bf11d930b8500326e1471f5420537d21764b063a8a9811030a0afac04fe.exe
Size

184KB
MD5

a948004a4147c11f55e322db8d7ad358
SHA1

69c7e466aaf506d5d576b5dfcef5b1e966fafca0
SHA256

6bb32bf11d930b8500326e1471f5420537d21764b063a8a9811030a0afac04fe
SHA512

0937f9b149026359a2cf0e01d5a48b4b7c5e104b65a0deed3ed8aa32f4bc175e4c164e2787408e6bcbe197b4ea4ad8d870ac567fd296edce7d710fb96c78580e
SSDEEP

1536:RBSb6jZUYJpxo0x1wHRAlawyGt98v/c8TcddjvL+2VJBtxdl5hj5nizpvL:zFnJpxos+HRTnGnAEvvL+IHxdlnViFD

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2016	Unicorn-7897.exe
2136	Unicorn-10673.exe
2372	Unicorn-30539.exe
2836	Unicorn-17109.exe
2920	Unicorn-14648.exe
2580	Unicorn-3787.exe
1524	Unicorn-47918.exe
2928	Unicorn-62863.exe
1044	Unicorn-21468.exe
1032	Unicorn-60362.exe
1852	Unicorn-5686.exe
860	Unicorn-44073.exe
1284	Unicorn-59018.exe
1844	Unicorn-65069.exe
2228	Unicorn-10393.exe
2488	Unicorn-3616.exe
776	Unicorn-14477.exe
752	Unicorn-34343.exe
2012	Unicorn-27327.exe
1216	Unicorn-7461.exe
1352	Unicorn-684.exe
948	Unicorn-11545.exe
344	Unicorn-38510.exe
1324	Unicorn-25189.exe
2400	Unicorn-53455.exe
1708	Unicorn-12059.exe
2964	Unicorn-64275.exe
2140	Unicorn-17767.exe
884	Unicorn-37633.exe
2996	Unicorn-35172.exe
2744	Unicorn-62220.exe
2560	Unicorn-39662.exe
2680	Unicorn-23880.exe
2692	Unicorn-43746.exe
2748	Unicorn-21380.exe
1584	Unicorn-44493.exe
2884	Unicorn-6989.exe
2892	Unicorn-56745.exe
2800	Unicorn-45692.exe
2792	Unicorn-23134.exe
2584	Unicorn-7352.exe
1548	Unicorn-57944.exe
2420	Unicorn-11436.exe
1856	Unicorn-31302.exe
1272	Unicorn-62028.exe
1760	Unicorn-15520.exe
988	Unicorn-34269.exe
1492	Unicorn-54135.exe
448	Unicorn-7627.exe
2224	Unicorn-5126.exe
908	Unicorn-44021.exe
1756	Unicorn-54882.exe
2304	Unicorn-28239.exe
812	Unicorn-56273.exe
1504	Unicorn-21463.exe
1968	Unicorn-5681.exe
2960	Unicorn-33523.exe
2896	Unicorn-17741.exe
2524	Unicorn-15048.exe
2556	Unicorn-38161.exe
396	Unicorn-43829.exe
2932	Unicorn-47913.exe
544	Unicorn-51997.exe
848	Unicorn-62858.exe

Loads dropped DLL 64 IoCs

pid	Process
3000	6bb32bf11d930b8500326e1471f5420537d21764b063a8a9811030a0afac04fe.exe
3000	6bb32bf11d930b8500326e1471f5420537d21764b063a8a9811030a0afac04fe.exe
2016	Unicorn-7897.exe
3000	6bb32bf11d930b8500326e1471f5420537d21764b063a8a9811030a0afac04fe.exe
3000	6bb32bf11d930b8500326e1471f5420537d21764b063a8a9811030a0afac04fe.exe
2016	Unicorn-7897.exe
2372	Unicorn-30539.exe
2372	Unicorn-30539.exe
2016	Unicorn-7897.exe
2016	Unicorn-7897.exe
2136	Unicorn-10673.exe
2136	Unicorn-10673.exe
1728	WerFault.exe
1728	WerFault.exe
1728	WerFault.exe
1728	WerFault.exe
1728	WerFault.exe
2836	Unicorn-17109.exe
2836	Unicorn-17109.exe
2372	Unicorn-30539.exe
2372	Unicorn-30539.exe
2920	Unicorn-14648.exe
2920	Unicorn-14648.exe
2580	Unicorn-3787.exe
2580	Unicorn-3787.exe
2136	Unicorn-10673.exe
2136	Unicorn-10673.exe
2808	WerFault.exe
2808	WerFault.exe
2808	WerFault.exe
2808	WerFault.exe
2788	WerFault.exe
2788	WerFault.exe
2788	WerFault.exe
2788	WerFault.exe
2808	WerFault.exe
2788	WerFault.exe
1524	Unicorn-47918.exe
1524	Unicorn-47918.exe
2836	Unicorn-17109.exe
2836	Unicorn-17109.exe
1032	Unicorn-60362.exe
1032	Unicorn-60362.exe
2580	Unicorn-3787.exe
2580	Unicorn-3787.exe
1044	Unicorn-21468.exe
1044	Unicorn-21468.exe
2920	Unicorn-14648.exe
2920	Unicorn-14648.exe
2928	Unicorn-62863.exe
2928	Unicorn-62863.exe
2024	WerFault.exe
2024	WerFault.exe
2024	WerFault.exe
2024	WerFault.exe
2024	WerFault.exe
1888	WerFault.exe
1888	WerFault.exe
1888	WerFault.exe
1888	WerFault.exe
1888	WerFault.exe
604	WerFault.exe
604	WerFault.exe
604	WerFault.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2684	3000	WerFault.exe	27
1728	2016	WerFault.exe	28
2808	2372	WerFault.exe	29
2788	2136	WerFault.exe	30
2024	2836	WerFault.exe	32
1888	2920	WerFault.exe	33
604	2580	WerFault.exe	34
800	1524	WerFault.exe	36
1184	1032	WerFault.exe	39
2144	1852	WerFault.exe	40
2288	1044	WerFault.exe	38
2716	2928	WerFault.exe	37
1988	860	WerFault.exe	43
2988	1284	WerFault.exe	44
2984	2228	WerFault.exe	46
668	1844	WerFault.exe	45
1960	2488	WerFault.exe	47
2392	776	WerFault.exe	48
784	752	WerFault.exe	49
2368	1216	WerFault.exe	53
2944	2012	WerFault.exe	54
2160	948	WerFault.exe	56
1740	1352	WerFault.exe	55
2460	1324	WerFault.exe	58
1576	344	WerFault.exe	57
1892	2400	WerFault.exe	59
3044	1708	WerFault.exe	60
2668	2996	WerFault.exe	64
2752	884	WerFault.exe	63
2536	2140	WerFault.exe	62
2700	2964	WerFault.exe	61
1532	988	WerFault.exe	90
2208	2744	WerFault.exe	70
2116	2692	WerFault.exe	73
2652	2884	WerFault.exe	76
2124	2584	WerFault.exe	80
3092	1548	WerFault.exe	81
3084	1760	WerFault.exe	85
3100	2792	WerFault.exe	79
3124	1856	WerFault.exe	83
3148	2420	WerFault.exe	82
3156	1272	WerFault.exe	84
3236	1584	WerFault.exe	75
3476	2680	WerFault.exe	72
3496	2748	WerFault.exe	74
3600	2800	WerFault.exe	78
3648	2560	WerFault.exe	71
3668	2892	WerFault.exe	77
3872	768	WerFault.exe	158
3684	1492	WerFault.exe	91
3968	908	WerFault.exe	97
4028	2556	WerFault.exe	106
3348	2224	WerFault.exe	96
3708	2932	WerFault.exe	108
3740	1308	WerFault.exe	115
3840	2896	WerFault.exe	104
3336	2120	WerFault.exe	116
3464	3444	WerFault.exe	188
4068	648	WerFault.exe	119
4104	544	WerFault.exe	109
4156	1428	WerFault.exe	112
4172	2280	WerFault.exe	114
4200	848	WerFault.exe	110
4232	1968	WerFault.exe	102

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
3000	6bb32bf11d930b8500326e1471f5420537d21764b063a8a9811030a0afac04fe.exe
2016	Unicorn-7897.exe
2136	Unicorn-10673.exe
2372	Unicorn-30539.exe
2836	Unicorn-17109.exe
2920	Unicorn-14648.exe
2580	Unicorn-3787.exe
1524	Unicorn-47918.exe
2928	Unicorn-62863.exe
1852	Unicorn-5686.exe
1032	Unicorn-60362.exe
1044	Unicorn-21468.exe
860	Unicorn-44073.exe
1284	Unicorn-59018.exe
1844	Unicorn-65069.exe
2228	Unicorn-10393.exe
2488	Unicorn-3616.exe
776	Unicorn-14477.exe
752	Unicorn-34343.exe
2012	Unicorn-27327.exe
1216	Unicorn-7461.exe
948	Unicorn-11545.exe
1352	Unicorn-684.exe
344	Unicorn-38510.exe
1324	Unicorn-25189.exe
2400	Unicorn-53455.exe
1708	Unicorn-12059.exe
2140	Unicorn-17767.exe
2996	Unicorn-35172.exe
884	Unicorn-37633.exe
2964	Unicorn-64275.exe
2744	Unicorn-62220.exe
2560	Unicorn-39662.exe
2692	Unicorn-43746.exe
2680	Unicorn-23880.exe
2748	Unicorn-21380.exe
1584	Unicorn-44493.exe
2884	Unicorn-6989.exe
2892	Unicorn-56745.exe
2800	Unicorn-45692.exe
2792	Unicorn-23134.exe
2584	Unicorn-7352.exe
1548	Unicorn-57944.exe
2420	Unicorn-11436.exe
1272	Unicorn-62028.exe
1856	Unicorn-31302.exe
1760	Unicorn-15520.exe
988	Unicorn-34269.exe
1492	Unicorn-54135.exe
448	Unicorn-7627.exe
2224	Unicorn-5126.exe
1756	Unicorn-54882.exe
908	Unicorn-44021.exe
2304	Unicorn-28239.exe
812	Unicorn-56273.exe
1504	Unicorn-21463.exe
1968	Unicorn-5681.exe
2960	Unicorn-33523.exe
2896	Unicorn-17741.exe
2524	Unicorn-15048.exe
2556	Unicorn-38161.exe
396	Unicorn-43829.exe
2932	Unicorn-47913.exe
848	Unicorn-62858.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3000 wrote to memory of 2016	3000	6bb32bf11d930b8500326e1471f5420537d21764b063a8a9811030a0afac04fe.exe	28
PID 3000 wrote to memory of 2016	3000	6bb32bf11d930b8500326e1471f5420537d21764b063a8a9811030a0afac04fe.exe	28
PID 3000 wrote to memory of 2016	3000	6bb32bf11d930b8500326e1471f5420537d21764b063a8a9811030a0afac04fe.exe	28
PID 3000 wrote to memory of 2016	3000	6bb32bf11d930b8500326e1471f5420537d21764b063a8a9811030a0afac04fe.exe	28
PID 3000 wrote to memory of 2136	3000	6bb32bf11d930b8500326e1471f5420537d21764b063a8a9811030a0afac04fe.exe	30
PID 3000 wrote to memory of 2136	3000	6bb32bf11d930b8500326e1471f5420537d21764b063a8a9811030a0afac04fe.exe	30
PID 3000 wrote to memory of 2136	3000	6bb32bf11d930b8500326e1471f5420537d21764b063a8a9811030a0afac04fe.exe	30
PID 3000 wrote to memory of 2136	3000	6bb32bf11d930b8500326e1471f5420537d21764b063a8a9811030a0afac04fe.exe	30
PID 2016 wrote to memory of 2372	2016	Unicorn-7897.exe	29
PID 2016 wrote to memory of 2372	2016	Unicorn-7897.exe	29
PID 2016 wrote to memory of 2372	2016	Unicorn-7897.exe	29
PID 2016 wrote to memory of 2372	2016	Unicorn-7897.exe	29
PID 3000 wrote to memory of 2684	3000	6bb32bf11d930b8500326e1471f5420537d21764b063a8a9811030a0afac04fe.exe	31
PID 3000 wrote to memory of 2684	3000	6bb32bf11d930b8500326e1471f5420537d21764b063a8a9811030a0afac04fe.exe	31
PID 3000 wrote to memory of 2684	3000	6bb32bf11d930b8500326e1471f5420537d21764b063a8a9811030a0afac04fe.exe	31
PID 3000 wrote to memory of 2684	3000	6bb32bf11d930b8500326e1471f5420537d21764b063a8a9811030a0afac04fe.exe	31
PID 2372 wrote to memory of 2836	2372	Unicorn-30539.exe	32
PID 2372 wrote to memory of 2836	2372	Unicorn-30539.exe	32
PID 2372 wrote to memory of 2836	2372	Unicorn-30539.exe	32
PID 2372 wrote to memory of 2836	2372	Unicorn-30539.exe	32
PID 2016 wrote to memory of 2920	2016	Unicorn-7897.exe	33
PID 2016 wrote to memory of 2920	2016	Unicorn-7897.exe	33
PID 2016 wrote to memory of 2920	2016	Unicorn-7897.exe	33
PID 2016 wrote to memory of 2920	2016	Unicorn-7897.exe	33
PID 2136 wrote to memory of 2580	2136	Unicorn-10673.exe	34
PID 2136 wrote to memory of 2580	2136	Unicorn-10673.exe	34
PID 2136 wrote to memory of 2580	2136	Unicorn-10673.exe	34
PID 2136 wrote to memory of 2580	2136	Unicorn-10673.exe	34
PID 2016 wrote to memory of 1728	2016	Unicorn-7897.exe	35
PID 2016 wrote to memory of 1728	2016	Unicorn-7897.exe	35
PID 2016 wrote to memory of 1728	2016	Unicorn-7897.exe	35
PID 2016 wrote to memory of 1728	2016	Unicorn-7897.exe	35
PID 2836 wrote to memory of 1524	2836	Unicorn-17109.exe	36
PID 2836 wrote to memory of 1524	2836	Unicorn-17109.exe	36
PID 2836 wrote to memory of 1524	2836	Unicorn-17109.exe	36
PID 2836 wrote to memory of 1524	2836	Unicorn-17109.exe	36
PID 2372 wrote to memory of 2928	2372	Unicorn-30539.exe	37
PID 2372 wrote to memory of 2928	2372	Unicorn-30539.exe	37
PID 2372 wrote to memory of 2928	2372	Unicorn-30539.exe	37
PID 2372 wrote to memory of 2928	2372	Unicorn-30539.exe	37
PID 2920 wrote to memory of 1044	2920	Unicorn-14648.exe	38
PID 2920 wrote to memory of 1044	2920	Unicorn-14648.exe	38
PID 2920 wrote to memory of 1044	2920	Unicorn-14648.exe	38
PID 2920 wrote to memory of 1044	2920	Unicorn-14648.exe	38
PID 2580 wrote to memory of 1032	2580	Unicorn-3787.exe	39
PID 2580 wrote to memory of 1032	2580	Unicorn-3787.exe	39
PID 2580 wrote to memory of 1032	2580	Unicorn-3787.exe	39
PID 2580 wrote to memory of 1032	2580	Unicorn-3787.exe	39
PID 2136 wrote to memory of 1852	2136	Unicorn-10673.exe	40
PID 2136 wrote to memory of 1852	2136	Unicorn-10673.exe	40
PID 2136 wrote to memory of 1852	2136	Unicorn-10673.exe	40
PID 2136 wrote to memory of 1852	2136	Unicorn-10673.exe	40
PID 2372 wrote to memory of 2808	2372	Unicorn-30539.exe	41
PID 2372 wrote to memory of 2808	2372	Unicorn-30539.exe	41
PID 2372 wrote to memory of 2808	2372	Unicorn-30539.exe	41
PID 2372 wrote to memory of 2808	2372	Unicorn-30539.exe	41
PID 2136 wrote to memory of 2788	2136	Unicorn-10673.exe	42
PID 2136 wrote to memory of 2788	2136	Unicorn-10673.exe	42
PID 2136 wrote to memory of 2788	2136	Unicorn-10673.exe	42
PID 2136 wrote to memory of 2788	2136	Unicorn-10673.exe	42
PID 1524 wrote to memory of 860	1524	Unicorn-47918.exe	43
PID 1524 wrote to memory of 860	1524	Unicorn-47918.exe	43
PID 1524 wrote to memory of 860	1524	Unicorn-47918.exe	43
PID 1524 wrote to memory of 860	1524	Unicorn-47918.exe	43

C:\Users\Admin\AppData\Local\Temp\6bb32bf11d930b8500326e1471f5420537d21764b063a8a9811030a0afac04fe.exe
"C:\Users\Admin\AppData\Local\Temp\6bb32bf11d930b8500326e1471f5420537d21764b063a8a9811030a0afac04fe.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3000
- C:\Users\Admin\AppData\Local\Temp\Unicorn-7897.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-7897.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2016
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30539.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30539.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17109.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17109.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47918.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44073.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27327.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34269.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 988 -s 240
        9⤵
        Program crash
        
        PID:1532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2012 -s 236
        8⤵
        Program crash
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23880.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56273.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23876.exe
        9⤵
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55993.exe
        10⤵
        
        PID:4012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2765.exe
        11⤵
        
        PID:5368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52044.exe
        12⤵
        
        PID:8156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1053.exe
        13⤵
        
        PID:11184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8156 -s 216
        13⤵
        
        PID:11788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5368 -s 216
        12⤵
        
        PID:8408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4012 -s 216
        11⤵
        
        PID:6724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1736 -s 216
        10⤵
        
        PID:4828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60632.exe
        9⤵
        
        PID:3360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20664.exe
        10⤵
        
        PID:5160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43492.exe
        11⤵
        
        PID:7744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14483.exe
        12⤵
        
        PID:10980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7744 -s 216
        12⤵
        
        PID:11628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5160 -s 216
        11⤵
        
        PID:9064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3360 -s 216
        10⤵
        
        PID:6544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 812 -s 240
        9⤵
        
        PID:4400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46989.exe
        8⤵
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14768.exe
        9⤵
        
        PID:3280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51390.exe
        10⤵
        
        PID:4948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2843.exe
        11⤵
        
        PID:7644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51048.exe
        12⤵
        
        PID:10656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50989.exe
        13⤵
        
        PID:9048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7644 -s 216
        12⤵
        
        PID:11488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4948 -s 216
        11⤵
        
        PID:8940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3280 -s 216
        10⤵
        
        PID:6532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1648 -s 216
        9⤵
        
        PID:4644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2680 -s 240
        8⤵
        Program crash
        
        PID:3476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 860 -s 240
        7⤵
        Program crash
        
        PID:1988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7461.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62220.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54135.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24068.exe
        9⤵
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25184.exe
        10⤵
        
        PID:3268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62407.exe
        11⤵
        
        PID:3440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57742.exe
        12⤵
        
        PID:5936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15719.exe
        13⤵
        
        PID:7344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56175.exe
        14⤵
        
        PID:10524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7344 -s 216
        14⤵
        
        PID:12060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5936 -s 216
        13⤵
        
        PID:9472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3440 -s 216
        12⤵
        
        PID:7720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3268 -s 216
        11⤵
        
        PID:5236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24067.exe
        10⤵
        
        PID:3984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35760.exe
        11⤵
        
        PID:6072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4810.exe
        12⤵
        
        PID:8464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60049.exe
        13⤵
        
        PID:11368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8464 -s 216
        13⤵
        
        PID:6112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6072 -s 216
        12⤵
        
        PID:9760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3984 -s 216
        11⤵
        
        PID:7832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2876 -s 240
        10⤵
        
        PID:5444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9402.exe
        9⤵
        
        PID:3296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31681.exe
        10⤵
        
        PID:3076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57742.exe
        11⤵
        
        PID:5896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36715.exe
        12⤵
        
        PID:7712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11201.exe
        13⤵
        
        PID:10288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47232.exe
        14⤵
        
        PID:13148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7712 -s 216
        13⤵
        
        PID:11588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5896 -s 216
        12⤵
        
        PID:9488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3076 -s 216
        11⤵
        
        PID:7728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3296 -s 216
        10⤵
        
        PID:5240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1492 -s 240
        9⤵
        Program crash
        
        PID:3684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47181.exe
        8⤵
        
        PID:2924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2625.exe
        9⤵
        
        PID:3324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36341.exe
        10⤵
        
        PID:3832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21178.exe
        11⤵
        
        PID:5608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45817.exe
        12⤵
        
        PID:9284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36028.exe
        13⤵
        
        PID:12584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35748.exe
        14⤵
        
        PID:8136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9284 -s 216
        13⤵
        
        PID:8216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5608 -s 216
        12⤵
        
        PID:8260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3832 -s 216
        11⤵
        
        PID:8112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3324 -s 236
        10⤵
        
        PID:5732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40787.exe
        9⤵
        
        PID:3304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46450.exe
        10⤵
        
        PID:5148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25890.exe
        11⤵
        
        PID:9028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29230.exe
        12⤵
        
        PID:12512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9028 -s 216
        12⤵
        
        PID:12408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5148 -s 236
        11⤵
        
        PID:9356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3304 -s 236
        10⤵
        
        PID:7512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2924 -s 240
        9⤵
        
        PID:5788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2744 -s 240
        8⤵
        Program crash
        
        PID:2208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7627.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3263.exe
        8⤵
        
        PID:1344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25651.exe
        9⤵
        
        PID:3920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62355.exe
        10⤵
        
        PID:5140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43321.exe
        11⤵
        
        PID:7888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5337.exe
        12⤵
        
        PID:11740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7888 -s 220
        12⤵
        
        PID:11412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5140 -s 216
        11⤵
        
        PID:9548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3920 -s 216
        10⤵
        
        PID:7236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1344 -s 236
        9⤵
        
        PID:5816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1216 -s 240
        7⤵
        Program crash
        
        PID:2368
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1524 -s 240
        6⤵
        Program crash
        
        PID:800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59018.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-684.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43746.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44021.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13761.exe
        9⤵
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18770.exe
        10⤵
        
        PID:3368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48017.exe
        11⤵
        
        PID:3656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27016.exe
        12⤵
        
        PID:5976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59849.exe
        13⤵
        
        PID:8524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13.exe
        14⤵
        
        PID:11684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5104.exe
        15⤵
        
        PID:8992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8524 -s 236
        14⤵
        
        PID:5860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5976 -s 216
        13⤵
        
        PID:9784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3656 -s 216
        12⤵
        
        PID:7772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3368 -s 236
        11⤵
        
        PID:5288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45064.exe
        10⤵
        
        PID:4000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29538.exe
        11⤵
        
        PID:5268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62179.exe
        12⤵
        
        PID:8436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48337.exe
        13⤵
        
        PID:11760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8436 -s 216
        13⤵
        
        PID:6184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5268 -s 216
        12⤵
        
        PID:9768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4000 -s 216
        11⤵
        
        PID:7964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1628 -s 240
        10⤵
        
        PID:5560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2988.exe
        9⤵
        
        PID:3400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48017.exe
        10⤵
        
        PID:3824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52096.exe
        11⤵
        
        PID:5156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18625.exe
        12⤵
        
        PID:7708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4050.exe
        13⤵
        
        PID:11348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7708 -s 216
        13⤵
        
        PID:5888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5156 -s 216
        12⤵
        
        PID:9704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3824 -s 216
        11⤵
        
        PID:7936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3400 -s 216
        10⤵
        
        PID:5460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 908 -s 240
        9⤵
        Program crash
        
        PID:3968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28514.exe
        8⤵
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-295.exe
        9⤵
        
        PID:3444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3444 -s 240
        10⤵
        Program crash
        
        PID:3464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54794.exe
        9⤵
        
        PID:4064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43928.exe
        10⤵
        
        PID:6120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54229.exe
        11⤵
        
        PID:8164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51515.exe
        12⤵
        
        PID:10452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8164 -s 236
        12⤵
        
        PID:12004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6120 -s 216
        11⤵
        
        PID:9348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4064 -s 216
        10⤵
        
        PID:7868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 240
        9⤵
        
        PID:5448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2692 -s 240
        8⤵
        Program crash
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28239.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58686.exe
        8⤵
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60077.exe
        9⤵
        
        PID:4044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45552.exe
        10⤵
        
        PID:5396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2843.exe
        11⤵
        
        PID:7636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26352.exe
        12⤵
        
        PID:10724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7636 -s 216
        12⤵
        
        PID:11532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5396 -s 216
        11⤵
        
        PID:8932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4044 -s 216
        10⤵
        
        PID:6748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2780 -s 216
        9⤵
        
        PID:4960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25821.exe
        8⤵
        
        PID:3428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61888.exe
        9⤵
        
        PID:5436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11779.exe
        10⤵
        
        PID:7348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54338.exe
        11⤵
        
        PID:10248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7348 -s 216
        11⤵
        
        PID:11820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5436 -s 216
        10⤵
        
        PID:8972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3428 -s 216
        9⤵
        
        PID:6800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2304 -s 220
        8⤵
        
        PID:5060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1352 -s 240
        7⤵
        Program crash
        
        PID:1740
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1284 -s 236
        6⤵
        Program crash
        
        PID:2988
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2836 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:2024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62863.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62863.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34343.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37633.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57944.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60165.exe
        8⤵
        
        PID:1428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42734.exe
        9⤵
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53663.exe
        10⤵
        
        PID:4020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38562.exe
        11⤵
        
        PID:4840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43409.exe
        12⤵
        
        PID:6896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-420.exe
        13⤵
        
        PID:10152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21804.exe
        14⤵
        
        PID:12924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6896 -s 236
        13⤵
        
        PID:1356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4840 -s 216
        12⤵
        
        PID:8584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4020 -s 216
        11⤵
        
        PID:6312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2064 -s 236
        10⤵
        
        PID:4444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41965.exe
        9⤵
        
        PID:4088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18142.exe
        10⤵
        
        PID:4576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14820.exe
        11⤵
        
        PID:6924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62257.exe
        12⤵
        
        PID:10180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46692.exe
        13⤵
        
        PID:13060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6924 -s 220
        12⤵
        
        PID:10832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4576 -s 216
        11⤵
        
        PID:8252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4088 -s 216
        10⤵
        
        PID:6248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1428 -s 240
        9⤵
        Program crash
        
        PID:4156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61955.exe
        8⤵
        
        PID:2208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1548 -s 240
        8⤵
        Program crash
        
        PID:3092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10149.exe
        7⤵
        
        PID:2280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12007.exe
        8⤵
        
        PID:1560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28967.exe
        9⤵
        
        PID:3844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9589.exe
        10⤵
        
        PID:4608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6268.exe
        11⤵
        
        PID:7120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33285.exe
        12⤵
        
        PID:10212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26272.exe
        13⤵
        
        PID:13076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7120 -s 216
        12⤵
        
        PID:10892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4608 -s 216
        11⤵
        
        PID:7372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3844 -s 216
        10⤵
        
        PID:5336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1560 -s 236
        9⤵
        
        PID:4360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3948.exe
        8⤵
        
        PID:3880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55728.exe
        9⤵
        
        PID:5756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62158.exe
        10⤵
        
        PID:7688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4177.exe
        11⤵
        
        PID:10920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7688 -s 216
        11⤵
        
        PID:11608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3880 -s 216
        9⤵
        
        PID:6472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2280 -s 220
        8⤵
        Program crash
        
        PID:4172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 884 -s 240
        7⤵
        Program crash
        
        PID:2752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11436.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34099.exe
        7⤵
        
        PID:688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30482.exe
        8⤵
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35573.exe
        9⤵
        
        PID:3788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3642.exe
        10⤵
        
        PID:5568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53798.exe
        11⤵
        
        PID:7920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47732.exe
        12⤵
        
        PID:11016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7920 -s 216
        12⤵
        
        PID:11636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5568 -s 220
        11⤵
        
        PID:9168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3788 -s 216
        10⤵
        
        PID:6876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2496 -s 236
        9⤵
        
        PID:4780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23875.exe
        8⤵
        
        PID:3868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14332.exe
        9⤵
        
        PID:5684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33954.exe
        10⤵
        
        PID:7684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6014.exe
        11⤵
        
        PID:10284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7684 -s 216
        11⤵
        
        PID:11836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5684 -s 216
        10⤵
        
        PID:5756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3868 -s 236
        9⤵
        
        PID:6976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 688 -s 220
        8⤵
        
        PID:4880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18784.exe
        7⤵
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47441.exe
        8⤵
        
        PID:3316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53336.exe
        9⤵
        
        PID:4300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39709.exe
        10⤵
        
        PID:7320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7794.exe
        11⤵
        
        PID:10372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53454.exe
        12⤵
        
        PID:13276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7320 -s 216
        11⤵
        
        PID:10432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4300 -s 216
        10⤵
        
        PID:8828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3316 -s 236
        9⤵
        
        PID:6488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2772 -s 216
        8⤵
        
        PID:4520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2420 -s 240
        7⤵
        Program crash
        
        PID:3148
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 752 -s 240
        6⤵
        Program crash
        
        PID:784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35172.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23134.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25355.exe
        7⤵
        
        PID:892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12007.exe
        8⤵
        
        PID:1772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59501.exe
        9⤵
        
        PID:3416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38754.exe
        10⤵
        
        PID:5000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-622.exe
        11⤵
        
        PID:6484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60503.exe
        12⤵
        
        PID:10092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7413.exe
        13⤵
        
        PID:12864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6484 -s 220
        12⤵
        
        PID:10732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5000 -s 216
        11⤵
        
        PID:8344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3416 -s 216
        10⤵
        
        PID:5496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1772 -s 236
        9⤵
        
        PID:4584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47804.exe
        8⤵
        
        PID:3520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19355.exe
        9⤵
        
        PID:6060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6268.exe
        10⤵
        
        PID:7092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23555.exe
        11⤵
        
        PID:9280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49022.exe
        12⤵
        
        PID:13020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7092 -s 216
        11⤵
        
        PID:10648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6060 -s 216
        10⤵
        
        PID:7244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3520 -s 216
        9⤵
        
        PID:6408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 892 -s 240
        8⤵
        
        PID:4416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35312.exe
        7⤵
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16139.exe
        8⤵
        
        PID:3780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32148.exe
        9⤵
        
        PID:4856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5344.exe
        10⤵
        
        PID:7608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38604.exe
        11⤵
        
        PID:10752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50989.exe
        12⤵
        
        PID:9072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7608 -s 216
        11⤵
        
        PID:11540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4856 -s 216
        10⤵
        
        PID:8924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3780 -s 236
        9⤵
        
        PID:5764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2784 -s 236
        8⤵
        
        PID:4336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2792 -s 240
        7⤵
        Program crash
        
        PID:3100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49044.exe
        6⤵
        
        PID:2120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50819.exe
        7⤵
        
        PID:3612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38479.exe
        8⤵
        
        PID:4124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10653.exe
        9⤵
        
        PID:6464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57405.exe
        10⤵
        
        PID:10024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24326.exe
        11⤵
        
        PID:12960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6464 -s 216
        10⤵
        
        PID:10416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4124 -s 236
        9⤵
        
        PID:7196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3612 -s 236
        8⤵
        
        PID:5212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2120 -s 216
        7⤵
        Program crash
        
        PID:3336
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2996 -s 220
        6⤵
        Program crash
        
        PID:2668
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2928 -s 240
        5⤵
        Program crash
        
        PID:2716
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2372 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:2808
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14648.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14648.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21468.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21468.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3616.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64275.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62028.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34099.exe
        8⤵
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53040.exe
        9⤵
        
        PID:1396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47633.exe
        10⤵
        
        PID:3632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39413.exe
        11⤵
        
        PID:5980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53004.exe
        12⤵
        
        PID:7916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57737.exe
        13⤵
        
        PID:10364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7916 -s 236
        13⤵
        
        PID:11924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5980 -s 216
        12⤵
        
        PID:9232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3632 -s 216
        11⤵
        
        PID:6968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1396 -s 216
        10⤵
        
        PID:5260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1701.exe
        9⤵
        
        PID:3800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27545.exe
        10⤵
        
        PID:6128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43705.exe
        11⤵
        
        PID:8284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18633.exe
        12⤵
        
        PID:11748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8284 -s 216
        12⤵
        
        PID:11340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6128 -s 216
        11⤵
        
        PID:9712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3800 -s 216
        10⤵
        
        PID:7224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2764 -s 220
        9⤵
        
        PID:5800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10616.exe
        8⤵
        
        PID:768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 768 -s 220
        9⤵
        Program crash
        
        PID:3872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1272 -s 220
        8⤵
        Program crash
        
        PID:3156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53128.exe
        7⤵
        
        PID:648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20368.exe
        8⤵
        
        PID:468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41219.exe
        9⤵
        
        PID:3928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65396.exe
        10⤵
        
        PID:4972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47109.exe
        11⤵
        
        PID:6628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29777.exe
        12⤵
        
        PID:9876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37263.exe
        13⤵
        
        PID:12824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6628 -s 216
        12⤵
        
        PID:10712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4972 -s 216
        11⤵
        
        PID:8236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3928 -s 216
        10⤵
        
        PID:5344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 468 -s 216
        9⤵
        
        PID:4392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3071.exe
        8⤵
        
        PID:3992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1421.exe
        9⤵
        
        PID:4816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59937.exe
        10⤵
        
        PID:6672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62449.exe
        11⤵
        
        PID:9324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22536.exe
        12⤵
        
        PID:7760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6672 -s 216
        11⤵
        
        PID:10652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4816 -s 216
        10⤵
        
        PID:8264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3992 -s 216
        9⤵
        
        PID:5680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 648 -s 240
        8⤵
        Program crash
        
        PID:4068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2964 -s 240
        7⤵
        Program crash
        
        PID:2700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15520.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21271.exe
        7⤵
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61208.exe
        8⤵
        
        PID:2480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39081.exe
        9⤵
        
        PID:3892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2765.exe
        10⤵
        
        PID:5348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37846.exe
        11⤵
        
        PID:7176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7176 -s 244
        12⤵
        
        PID:11208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5348 -s 216
        11⤵
        
        PID:8444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3892 -s 216
        10⤵
        
        PID:6732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2480 -s 236
        9⤵
        
        PID:4788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54026.exe
        8⤵
        
        PID:3948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53912.exe
        9⤵
        
        PID:5272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52236.exe
        10⤵
        
        PID:8036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47540.exe
        11⤵
        
        PID:11140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8036 -s 216
        11⤵
        
        PID:11716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5272 -s 216
        10⤵
        
        PID:8300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3948 -s 216
        9⤵
        
        PID:6576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2164 -s 240
        8⤵
        
        PID:4596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18784.exe
        7⤵
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-378.exe
        8⤵
        
        PID:3244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20280.exe
        9⤵
        
        PID:5048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19481.exe
        10⤵
        
        PID:6828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8816.exe
        11⤵
        
        PID:10684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5021.exe
        12⤵
        
        PID:8108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6828 -s 220
        11⤵
        
        PID:11496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5048 -s 216
        10⤵
        
        PID:8648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3244 -s 236
        9⤵
        
        PID:6340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2512 -s 236
        8⤵
        
        PID:4488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1760 -s 220
        7⤵
        Program crash
        
        PID:3084
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2488 -s 240
        6⤵
        Program crash
        
        PID:1960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17767.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31302.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30015.exe
        7⤵
        
        PID:1308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26122.exe
        8⤵
        
        PID:3568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42371.exe
        9⤵
        
        PID:3828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11255.exe
        10⤵
        
        PID:5380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65495.exe
        11⤵
        
        PID:7996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20247.exe
        12⤵
        
        PID:10640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42717.exe
        13⤵
        
        PID:12668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10640 -s 236
        13⤵
        
        PID:9116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7996 -s 216
        12⤵
        
        PID:11764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5380 -s 216
        11⤵
        
        PID:9512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3828 -s 236
        10⤵
        
        PID:8020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3568 -s 236
        9⤵
        
        PID:5640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1308 -s 216
        8⤵
        Program crash
        
        PID:3740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14700.exe
        7⤵
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21292.exe
        8⤵
        
        PID:3716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15812.exe
        9⤵
        
        PID:4756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47109.exe
        10⤵
        
        PID:6648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60264.exe
        11⤵
        
        PID:10456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51316.exe
        12⤵
        
        PID:13176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6648 -s 216
        11⤵
        
        PID:11268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4756 -s 216
        10⤵
        
        PID:8220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3716 -s 236
        9⤵
        
        PID:5512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2912 -s 236
        8⤵
        
        PID:4280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1856 -s 240
        7⤵
        Program crash
        
        PID:3124
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2140 -s 236
        6⤵
        Program crash
        
        PID:2536
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1044 -s 240
        5⤵
        Program crash
        
        PID:2288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14477.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14477.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12059.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17741.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26398.exe
        7⤵
        
        PID:1264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29735.exe
        8⤵
        
        PID:4008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39797.exe
        9⤵
        
        PID:5176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37483.exe
        10⤵
        
        PID:8380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60241.exe
        11⤵
        
        PID:11984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8380 -s 216
        11⤵
        
        PID:936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5176 -s 216
        10⤵
        
        PID:9720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4008 -s 216
        9⤵
        
        PID:7252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1264 -s 236
        8⤵
        
        PID:5844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2896 -s 236
        7⤵
        Program crash
        
        PID:3840
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1708 -s 236
        6⤵
        Program crash
        
        PID:3044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7352.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51997.exe
        6⤵
        Executes dropped EXE
        
        PID:544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55178.exe
        7⤵
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2817.exe
        8⤵
        
        PID:3752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18142.exe
        9⤵
        
        PID:4512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49631.exe
        10⤵
        
        PID:7112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52719.exe
        11⤵
        
        PID:10136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57346.exe
        12⤵
        
        PID:7292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7112 -s 216
        11⤵
        
        PID:11156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4512 -s 216
        10⤵
        
        PID:8480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3752 -s 236
        9⤵
        
        PID:6256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2072 -s 216
        8⤵
        
        PID:4328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22422.exe
        7⤵
        
        PID:3816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24556.exe
        8⤵
        
        PID:4136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2376.exe
        9⤵
        
        PID:6684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9164.exe
        10⤵
        
        PID:9344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40771.exe
        11⤵
        
        PID:12736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6684 -s 220
        10⤵
        
        PID:10848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4136 -s 216
        9⤵
        
        PID:8636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3816 -s 216
        8⤵
        
        PID:6168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 544 -s 240
        7⤵
        Program crash
        
        PID:4104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35312.exe
        6⤵
        
        PID:1848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45303.exe
        7⤵
        
        PID:3956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39138.exe
        8⤵
        
        PID:4996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57799.exe
        9⤵
        
        PID:6616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34245.exe
        10⤵
        
        PID:10080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19412.exe
        11⤵
        
        PID:8056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6616 -s 216
        10⤵
        
        PID:11164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4996 -s 216
        9⤵
        
        PID:8512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3956 -s 216
        8⤵
        
        PID:6420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1848 -s 236
        7⤵
        
        PID:4408
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2584 -s 240
        6⤵
        Program crash
        
        PID:2124
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 776 -s 240
        5⤵
        Program crash
        
        PID:2392
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2920 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1888
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2016 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:1728
- C:\Users\Admin\AppData\Local\Temp\Unicorn-10673.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-10673.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2136
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3787.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3787.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60362.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60362.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65069.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25189.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21380.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21463.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7347.exe
        9⤵
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10300.exe
        10⤵
        
        PID:3588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26886.exe
        11⤵
        
        PID:4864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49631.exe
        12⤵
        
        PID:6332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50965.exe
        13⤵
        
        PID:10264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10667.exe
        14⤵
        
        PID:4316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6332 -s 216
        13⤵
        
        PID:10536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4864 -s 216
        12⤵
        
        PID:8504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3588 -s 236
        11⤵
        
        PID:6396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2172 -s 236
        10⤵
        
        PID:4660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2879.exe
        9⤵
        
        PID:3748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31354.exe
        10⤵
        
        PID:5308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20275.exe
        11⤵
        
        PID:6660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13056.exe
        12⤵
        
        PID:10116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12421.exe
        13⤵
        
        PID:13120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6660 -s 236
        12⤵
        
        PID:10772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5308 -s 216
        11⤵
        
        PID:7480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3748 -s 236
        10⤵
        
        PID:5488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1504 -s 240
        9⤵
        
        PID:4692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30652.exe
        8⤵
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53855.exe
        9⤵
        
        PID:3388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12194.exe
        10⤵
        
        PID:5880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55142.exe
        11⤵
        
        PID:7960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57737.exe
        12⤵
        
        PID:10360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7960 -s 216
        12⤵
        
        PID:11916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5880 -s 216
        11⤵
        
        PID:9264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3388 -s 216
        10⤵
        
        PID:6704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2908 -s 216
        9⤵
        
        PID:5132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2748 -s 240
        8⤵
        Program crash
        
        PID:3496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5681.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25822.exe
        8⤵
        
        PID:1320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26589.exe
        9⤵
        
        PID:3288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5033.exe
        10⤵
        
        PID:5996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58183.exe
        11⤵
        
        PID:7272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60503.exe
        12⤵
        
        PID:10096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22536.exe
        13⤵
        
        PID:7752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7272 -s 216
        12⤵
        
        PID:10736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5996 -s 216
        11⤵
        
        PID:8808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3288 -s 216
        10⤵
        
        PID:7200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1320 -s 236
        9⤵
        
        PID:5300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7155.exe
        8⤵
        
        PID:4048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42838.exe
        9⤵
        
        PID:4888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35433.exe
        10⤵
        
        PID:6276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9164.exe
        11⤵
        
        PID:9088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22536.exe
        12⤵
        
        PID:7796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6276 -s 220
        11⤵
        
        PID:10840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4888 -s 216
        10⤵
        
        PID:8328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4048 -s 236
        9⤵
        
        PID:6320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1968 -s 240
        8⤵
        Program crash
        
        PID:4232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1324 -s 240
        7⤵
        Program crash
        
        PID:2460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44493.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33523.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5401.exe
        8⤵
        
        PID:2092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22745.exe
        9⤵
        
        PID:3760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28640.exe
        10⤵
        
        PID:4240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49439.exe
        11⤵
        
        PID:6224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6224 -s 220
        12⤵
        
        PID:10812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4240 -s 236
        11⤵
        
        PID:7632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3760 -s 236
        10⤵
        
        PID:6176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2092 -s 236
        9⤵
        
        PID:4712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11047.exe
        8⤵
        
        PID:3812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37000.exe
        9⤵
        
        PID:5224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14903.exe
        10⤵
        
        PID:7880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27120.exe
        11⤵
        
        PID:11072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7880 -s 216
        11⤵
        
        PID:11676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5224 -s 220
        10⤵
        
        PID:9176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3812 -s 236
        9⤵
        
        PID:6552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2960 -s 240
        8⤵
        
        PID:4504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24430.exe
        7⤵
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6792.exe
        8⤵
        
        PID:3308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2765.exe
        9⤵
        
        PID:5360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53990.exe
        10⤵
        
        PID:7660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14099.exe
        11⤵
        
        PID:10824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7660 -s 216
        11⤵
        
        PID:11564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5360 -s 216
        10⤵
        
        PID:9004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3308 -s 216
        9⤵
        
        PID:6716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2640 -s 236
        8⤵
        
        PID:4904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1584 -s 240
        7⤵
        Program crash
        
        PID:3236
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1844 -s 240
        6⤵
        Program crash
        
        PID:668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53455.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45692.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47913.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48105.exe
        8⤵
        
        PID:3524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35765.exe
        9⤵
        
        PID:3724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27016.exe
        10⤵
        
        PID:5968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6372.exe
        11⤵
        
        PID:7376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41243.exe
        12⤵
        
        PID:11000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7376 -s 216
        12⤵
        
        PID:11860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5968 -s 216
        11⤵
        
        PID:9588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3724 -s 216
        10⤵
        
        PID:7780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3524 -s 216
        9⤵
        
        PID:5252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2932 -s 216
        8⤵
        Program crash
        
        PID:3708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63901.exe
        7⤵
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41987.exe
        8⤵
        
        PID:3408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-710.exe
        9⤵
        
        PID:5328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49631.exe
        10⤵
        
        PID:7088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3902.exe
        11⤵
        
        PID:9308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33034.exe
        12⤵
        
        PID:13228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7088 -s 220
        11⤵
        
        PID:10252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5328 -s 216
        10⤵
        
        PID:8472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3408 -s 216
        9⤵
        
        PID:7076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2872 -s 236
        8⤵
        
        PID:5908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2800 -s 240
        7⤵
        Program crash
        
        PID:3600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62858.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53040.exe
        7⤵
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55417.exe
        8⤵
        
        PID:3364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43030.exe
        9⤵
        
        PID:5028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56647.exe
        10⤵
        
        PID:6596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-612.exe
        11⤵
        
        PID:10084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5467.exe
        12⤵
        
        PID:12896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6596 -s 216
        11⤵
        
        PID:10632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5028 -s 216
        10⤵
        
        PID:7308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3364 -s 236
        9⤵
        
        PID:5296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2868 -s 236
        8⤵
        
        PID:4564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8909.exe
        7⤵
        
        PID:3456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57036.exe
        8⤵
        
        PID:4704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19097.exe
        9⤵
        
        PID:7036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46943.exe
        10⤵
        
        PID:10496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55052.exe
        11⤵
        
        PID:12992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7036 -s 216
        10⤵
        
        PID:10968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4704 -s 216
        9⤵
        
        PID:8244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3456 -s 236
        8⤵
        
        PID:6264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 848 -s 220
        7⤵
        Program crash
        
        PID:4200
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2400 -s 240
        6⤵
        Program crash
        
        PID:1892
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1032 -s 220
        5⤵
        Program crash
        
        PID:1184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10393.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10393.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38510.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6989.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15048.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33990.exe
        8⤵
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64161.exe
        9⤵
        
        PID:4080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12879.exe
        10⤵
        
        PID:5536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44260.exe
        11⤵
        
        PID:7604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54338.exe
        12⤵
        
        PID:11260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7604 -s 216
        12⤵
        
        PID:11828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5536 -s 216
        11⤵
        
        PID:8816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4080 -s 216
        10⤵
        
        PID:6868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2260 -s 216
        9⤵
        
        PID:4772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29905.exe
        8⤵
        
        PID:3580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54789.exe
        9⤵
        
        PID:5632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-513.exe
        10⤵
        
        PID:7976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-477.exe
        11⤵
        
        PID:11100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7976 -s 216
        11⤵
        
        PID:11668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5632 -s 220
        10⤵
        
        PID:9184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3580 -s 216
        9⤵
        
        PID:6940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2524 -s 240
        8⤵
        
        PID:5020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26376.exe
        7⤵
        
        PID:2492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14384.exe
        8⤵
        
        PID:3636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24748.exe
        9⤵
        
        PID:5188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-430.exe
        10⤵
        
        PID:7068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20239.exe
        11⤵
        
        PID:10296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59676.exe
        12⤵
        
        PID:13208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7068 -s 216
        11⤵
        
        PID:10516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5188 -s 216
        10⤵
        
        PID:8552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3636 -s 216
        9⤵
        
        PID:6560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2492 -s 236
        8⤵
        
        PID:4668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2884 -s 240
        7⤵
        Program crash
        
        PID:2652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38161.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29906.exe
        7⤵
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29351.exe
        8⤵
        
        PID:3112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56927.exe
        9⤵
        
        PID:5516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19948.exe
        10⤵
        
        PID:7216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51323.exe
        11⤵
        
        PID:11232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7216 -s 216
        11⤵
        
        PID:11800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5516 -s 216
        10⤵
        
        PID:9128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3112 -s 216
        9⤵
        
        PID:6844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2264 -s 236
        8⤵
        
        PID:5112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2556 -s 216
        7⤵
        Program crash
        
        PID:4028
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 344 -s 240
        6⤵
        Program crash
        
        PID:1576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56745.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43829.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36128.exe
        7⤵
        
        PID:2240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45687.exe
        8⤵
        
        PID:3412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11810.exe
        9⤵
        
        PID:5600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44260.exe
        10⤵
        
        PID:7652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53077.exe
        11⤵
        
        PID:10312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7652 -s 216
        11⤵
        
        PID:11844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5600 -s 216
        10⤵
        
        PID:8856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3412 -s 216
        9⤵
        
        PID:6916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2240 -s 216
        8⤵
        
        PID:4980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11623.exe
        7⤵
        
        PID:3260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39330.exe
        8⤵
        
        PID:5480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41546.exe
        9⤵
        
        PID:7844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53954.exe
        10⤵
        
        PID:11044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7844 -s 216
        10⤵
        
        PID:11660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5480 -s 220
        9⤵
        
        PID:9096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3260 -s 216
        8⤵
        
        PID:6820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 396 -s 240
        7⤵
        
        PID:5088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63901.exe
        6⤵
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58515.exe
        7⤵
        
        PID:3732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38007.exe
        8⤵
        
        PID:5584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-622.exe
        9⤵
        
        PID:6592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13440.exe
        10⤵
        
        PID:9736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65467.exe
        11⤵
        
        PID:12768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6592 -s 216
        10⤵
        
        PID:10704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5584 -s 216
        9⤵
        
        PID:8352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3732 -s 216
        8⤵
        
        PID:6904
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2892 -s 240
        6⤵
        Program crash
        
        PID:3668
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2228 -s 240
        5⤵
        Program crash
        
        PID:2984
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2580 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:604
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5686.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5686.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11545.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11545.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39662.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5126.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15708.exe
        7⤵
        
        PID:1556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60461.exe
        8⤵
        
        PID:3860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49911.exe
        9⤵
        
        PID:6100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12018.exe
        10⤵
        
        PID:8088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41051.exe
        11⤵
        
        PID:11280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8088 -s 220
        11⤵
        
        PID:11876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6100 -s 216
        10⤵
        
        PID:9520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3860 -s 216
        9⤵
        
        PID:6988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1556 -s 216
        8⤵
        
        PID:5780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2224 -s 236
        7⤵
        Program crash
        
        PID:3348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65463.exe
        6⤵
        
        PID:1392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50155.exe
        7⤵
        
        PID:3564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56481.exe
        8⤵
        
        PID:5476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6652.exe
        9⤵
        
        PID:6768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13440.exe
        10⤵
        
        PID:9792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46692.exe
        11⤵
        
        PID:13052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6768 -s 216
        10⤵
        
        PID:10700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5476 -s 216
        9⤵
        
        PID:8228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3564 -s 216
        8⤵
        
        PID:6740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1392 -s 236
        7⤵
        
        PID:5928
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2560 -s 220
        6⤵
        Program crash
        
        PID:3648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54882.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60632.exe
        6⤵
        
        PID:584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19045.exe
        7⤵
        
        PID:3504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56927.exe
        8⤵
        
        PID:5524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59828.exe
        9⤵
        
        PID:7800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47732.exe
        10⤵
        
        PID:11024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7800 -s 216
        10⤵
        
        PID:11644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5524 -s 220
        9⤵
        
        PID:9080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3504 -s 216
        8⤵
        
        PID:6852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 584 -s 236
        7⤵
        
        PID:3608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42349.exe
        6⤵
        
        PID:3768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34862.exe
        7⤵
        
        PID:4132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59169.exe
        8⤵
        
        PID:6688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14763.exe
        9⤵
        
        PID:10340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51077.exe
        10⤵
        
        PID:12796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6688 -s 216
        9⤵
        
        PID:10336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4132 -s 236
        8⤵
        
        PID:7600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3768 -s 236
        7⤵
        
        PID:5500
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1756 -s 220
        6⤵
        
        PID:4288
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 948 -s 240
        5⤵
        Program crash
        
        PID:2160
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1852 -s 236
      4⤵
      Program crash
      PID:2144
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2136 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2788
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3000 -s 240
  2⤵
  - Program crash
  PID:2684

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-2376.exe

Filesize
184KB

MD5
e7adedd7865eab5e4600b54ddb0b4b94

SHA1
0339541e7e0a86df364231bcb83a237ebb007fe9

SHA256
473856ee0609e6b3cfa463834ec6133d6027518dc03a23d0f4c498fc9227c261

SHA512
333eef8a8555d0c7e979fa1302399e87e7984f58ba32912297ff00be8d510dfcb0a62e3e89f0f1f5a72304736864d2971188695003e3d056762562096df52774

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3787.exe

Filesize
184KB

MD5
651b316639b2ac0a049c502c47d0cb74

SHA1
191b17a6a1c19d140391dde745f8d08b92aa75df

SHA256
6f06ffe466b9fb0ae3ea0bd925d5c9f80b37f1bdc5b45e1a257a54a3b8e89a5c

SHA512
d390485c34adb66b8879b3c5e3970ad0ee1fce100dabac4d23ef8eb0142571e32df84902d8654afc76c9e9b89010041ae8b2343572f079a8ba29c40139935689

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40787.exe

Filesize
184KB

MD5
5c50d52727cdcc798913a63cb9600f9d

SHA1
ca155d184346c7561182c58f8f4fb6a636396382

SHA256
8a5dc1c6f1e556c2649f1f88c271bd02ae4605348c7b84971a408884f97070cb

SHA512
d3903093bed9e8407038e17e0a1dffa9d5444e474ca1f0a3955631b6e2a75a1dfe90095591f9baabd2127c4db85b7e2e8f40963ea6056a909e5ac8dd0f2e081a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41546.exe

Filesize
184KB

MD5
dfdd5090520bbf1d6c6a5e8e6965eba3

SHA1
15ccf6bd5697c0e48520082cd273c48739dfc0d4

SHA256
dc7b9447b4eb61b303a7d42c989d16653cf675122e90090d4fb9e9ca596605a0

SHA512
04193d0a611d620720eac45c7043d00c39c0f82a56f205026a1f3a4aa55f3deeed8ae6e0569e69ef4b679759c1c867020fed36559dccf3a5e1fadca4b4c62327

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47918.exe

Filesize
184KB

MD5
811919ff4269d93fff074aa78439ad4a

SHA1
18f900e35a526433fce3f5c60866f8564d491167

SHA256
fb8ae3a48c8b1965794f00870db6848ff45ffcd2825f71fd17e4950a059f3308

SHA512
cb38e123c6d11e3122674307c967c0732c66885317be2e03f7314c19c6db516a7cce23beff14da55b7831ce900665c0c6f56aec7a244cf85f8cb207895b0e9e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62863.exe

Filesize
184KB

MD5
0c642b71a806147b267b933faf1f13f3

SHA1
a56d861a6d919e87ec05667a2744285be0d9a59f

SHA256
bca32e4919d4e15daa8278c580f962bf410067047b7181a3413aaffcae0f5b4c

SHA512
86194f2d12381a7e676e574d6b16a53953194d222e2f65d5d2259953eb6e422f4d30d0f230b1b564a8ef4909e543a59fbebe54fcbf23b43c8bced12e150c997f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-65069.exe

Filesize
184KB

MD5
2aabc324f372f1469266b3ad633b610e

SHA1
63cb98d6a11221784e4c163dac0236974468595b

SHA256
0304d4f08ec8e428d8149b672b0807c8e2717449861d95f2e4efefafbc1b2150

SHA512
03a0086859ff0a768add8275ce5437f2ddd11b8a6b47391f4902d285caf7202c6f0ba51cdaa102403f972e3d7620254f7d770dc39e4dafdaf8b0d781ee6d195f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6792.exe

Filesize
184KB

MD5
cf2d802ddf249868ccaba01557a7ef39

SHA1
a24a77afc69789772d7e5d8877d35f86b2e79fc2

SHA256
c1e1bed9fa20fc048144d9dcb966268f41f4ae0d6d21af166be7209ba77f93b7

SHA512
a25850d273c2c7f3366dfa667da0080783d20e2457bf0d882ed524882b97429ce0b05ff206ed54bd651a43d7abeceeb4df1ff0a6c5fabdf085645f2781635f6d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-10673.exe

Filesize
184KB

MD5
c5f64308eb45be29159f7e16e89b1ff1

SHA1
12b7f7a473c5e3d07057b8bf42a67f39b05b6611

SHA256
48690f38b7d0876a2f31a85c5c2420cde027164c961b847a434e327fb0059ad3

SHA512
875968f2e05807b013ce98f169eedceec5f2e40ea6f13b6af425be91391737612fa5573b07167d36eb1be3ab2b5e81c653d166577c5e54cdf05d748746c6cdba

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-14648.exe

Filesize
184KB

MD5
3a853c35bbc4075c479a3da09d00594f

SHA1
1c2f29221d72a5958002e6638a4037b891d6efa7

SHA256
37da1d509b427fdd534ce9838042c5a6811657618cbf833065a46aa759183808

SHA512
ca506085c619bead13346d018a490147ccea1086e11a8e0c90b4adc8bf2d476dbacb2af8a0fdd9f9e0e8853d9ddf8f808cecaddf3b0bad34ea1935c05ad3b03f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-17109.exe

Filesize
184KB

MD5
d17bddf18f8fae18512c1405841d6ea1

SHA1
e6b3b7a797c49027921a81b3cdd98f209cec2821

SHA256
21adc5eb81f3c535713bd6e306e5388d34ca4b5f8d9a7278ba6fc8eae647cac4

SHA512
cecd5f876179ccf433bae8742b047b0a0ddf9683a94904102f11bcc13573abc811885358074525d00e37bdfb7ef50b584246226f291d7e35b2115cb7c96db93d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-21468.exe

Filesize
184KB

MD5
2b013088df8a5bf0cb8397872e9fa3fc

SHA1
4d1ccaa04412b6925bc8389f9a08882f71ae8f63

SHA256
17020151812b28cbf82aa975a86d29f2b017bda3292e6c989d88b65d048016ba

SHA512
e25c1a74dd195049049a934e917d511663a4e864e822790cba6c7c6e33f2c2170292c6a5ce94d7d72f2fc05a65c239d4944c9d0173d8f482fa42fbe1cd977e18

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-30539.exe

Filesize
184KB

MD5
d2c2c22e2ded34e770f9906804fb406d

SHA1
584798feb8cbebb71714ce10b9ef10de2f835a31

SHA256
c964873c1d6a5b9d69e9cec2afbbfa1ed02c7ff4d17c5ccd0450e9519ec5629e

SHA512
246593df04a9ff6e4923eb590c12848c8b9d5a2cd846eb0639fea30d9a6416cbcabc35f11340a197608bd6ff9bbc6633cd77d6d7b6dd39e3744d0676a3eede5b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-44073.exe

Filesize
184KB

MD5
e931544092addd4eefcdcb6a71416c93

SHA1
132558572999a094a8b9dbe9a37d98c93d7ee54a

SHA256
950942d091a0da7c52025b79a85b9db0dc905635d7b5c814a0aa8baeb5220143

SHA512
7b10d7501d3e9b807626faa03f061e47ae9d21e2eb6f818be1e3b6c291c0d5737091f67f72c3852716538c82ddef86a0da5de992f55cff1a3f8158b823d98956

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-5686.exe

Filesize
184KB

MD5
737b7ec00ea399e47082295f30728eb3

SHA1
3a5beec825cc931f124afb3d00bcfb590e67a648

SHA256
5c5fce9da8a2c86d006154ff89967793d0c52f7359f2c1f7e38f93efb212cfcf

SHA512
c48172bababb2d0cde7bd99920c4771afa813e986079a842cefa298af041ec6bb6b809b8221fd7ad2edded3334f48e04b277cc41c75cfaa4503fecc831ac2485

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-59018.exe

Filesize
184KB

MD5
5e86a835442f7aafa76e9ec27601d1f0

SHA1
cde2ac4b93c98a1e2a95ca4de82c916ab0c288ec

SHA256
bbfdeda17604e040835717ab3b1f505fc4a538d655d82a8053a5d5425d0e43e7

SHA512
d3f8384ac489599095061a8a32fa4d903da461fae66bfcf281aba12d91cf7b65320860c18967a13c88b29fb10ea7343aee5ced68930526b1a7e76adc2bf4a6d1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60362.exe

Filesize
184KB

MD5
4e850003d6d86eeaee6fc8ad401a7d5b

SHA1
ce87b2db88c3572685a27cff7415a3684378aa32

SHA256
bfa1424f895c878a330f0f628b790b92b409c7544657c3bd194680660d993958

SHA512
37d84a9fd0aa8e0716666708c980b21532885979ec48d534c822f09c07cb1afa471c9887ae1c2c25dc8a2b56e88032cb8e12806109383c947338678d291beeb6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-7897.exe

Filesize
184KB

MD5
f8ad662c3c1f96af3d0286974b7fe50a

SHA1
c510f36853bf0b488527491db2dc0a6eadefa6f0

SHA256
9d27b362706a6fdb7dea1318fac7c1e42978451b311aef4333ecd391fc5eab31

SHA512
371dad2fbee33eda97d0c19f6e2bfab22973698fd730732f4a118f3481693be17fb91a5fa63902b2031e3d0a02167e71c43908754078b88db0310431d155f02e

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads