5f78870b1d6575d2caf15d1144942b0229e42affb741cee8fdffd7386322b2c7

Analysis

max time kernel
150s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
22/05/2024, 22:18

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

5f78870b1d6575d2caf15d1144942b0229e42affb741cee8fdffd7386322b2c7.exe
Size

184KB
MD5

ac19fa6eea02bf795e31eef25eac60b0
SHA1

49dcbf43052901b610cc22f880faa333a7dfa364
SHA256

5f78870b1d6575d2caf15d1144942b0229e42affb741cee8fdffd7386322b2c7
SHA512

c4ff9e98960027e87f6f35664e255c09e3ebb187902632655d14987776616f71d96bb527f089015ced8529d0938f6304f84fb9115907b521a1618fee86c7d2fd
SSDEEP

1536:ABZY6jZ5Y3x8o5xWtRwAlvwMtY9kvBc86mdkWwgR2kQftIhl5hj5nizpv+:0ZI3x8of4RwudtuY26wgRg1IhlnViF2

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
1768	Unicorn-64161.exe
3056	Unicorn-9013.exe
2092	Unicorn-15598.exe
2444	Unicorn-59174.exe
2548	Unicorn-61867.exe
2524	Unicorn-16196.exe
2300	Unicorn-18225.exe
1612	Unicorn-44867.exe
1464	Unicorn-25001.exe
1824	Unicorn-14140.exe
2164	Unicorn-20917.exe
1716	Unicorn-34800.exe
2448	Unicorn-10850.exe
1616	Unicorn-23124.exe
540	Unicorn-57934.exe
488	Unicorn-38068.exe
1252	Unicorn-39220.exe
2896	Unicorn-326.exe
2380	Unicorn-55002.exe
860	Unicorn-42750.exe
1932	Unicorn-49527.exe
292	Unicorn-65308.exe
920	Unicorn-14716.exe
3012	Unicorn-34582.exe
1512	Unicorn-61032.exe
716	Unicorn-41166.exe
1560	Unicorn-57223.exe
2028	Unicorn-26497.exe
1712	Unicorn-18329.exe
2620	Unicorn-20829.exe
2884	Unicorn-32527.exe
2544	Unicorn-43387.exe
2600	Unicorn-20275.exe
2404	Unicorn-7830.exe
2440	Unicorn-7830.exe
2532	Unicorn-3746.exe
1960	Unicorn-18691.exe
1636	Unicorn-45334.exe
1548	Unicorn-65199.exe
1864	Unicorn-2075.exe
2608	Unicorn-17020.exe
1916	Unicorn-39386.exe
2136	Unicorn-59252.exe
2248	Unicorn-24442.exe
2144	Unicorn-31218.exe
2132	Unicorn-47000.exe
1132	Unicorn-38832.exe
1620	Unicorn-53777.exe
452	Unicorn-4021.exe
2388	Unicorn-65282.exe
1516	Unicorn-6522.exe
1860	Unicorn-14135.exe
1664	Unicorn-55723.exe
2772	Unicorn-16828.exe
1008	Unicorn-36694.exe
584	Unicorn-32418.exe
2948	Unicorn-59060.exe
2220	Unicorn-8468.exe
2944	Unicorn-35110.exe
2624	Unicorn-54976.exe
2612	Unicorn-50892.exe
2352	Unicorn-32200.exe
1244	Unicorn-4166.exe
692	Unicorn-46590.exe

Loads dropped DLL 64 IoCs

pid	Process
2696	5f78870b1d6575d2caf15d1144942b0229e42affb741cee8fdffd7386322b2c7.exe
2696	5f78870b1d6575d2caf15d1144942b0229e42affb741cee8fdffd7386322b2c7.exe
1768	Unicorn-64161.exe
1768	Unicorn-64161.exe
2696	5f78870b1d6575d2caf15d1144942b0229e42affb741cee8fdffd7386322b2c7.exe
2696	5f78870b1d6575d2caf15d1144942b0229e42affb741cee8fdffd7386322b2c7.exe
2092	Unicorn-15598.exe
2092	Unicorn-15598.exe
1768	Unicorn-64161.exe
1768	Unicorn-64161.exe
3056	Unicorn-9013.exe
3056	Unicorn-9013.exe
2812	WerFault.exe
2812	WerFault.exe
2812	WerFault.exe
2812	WerFault.exe
2812	WerFault.exe
2444	Unicorn-59174.exe
2444	Unicorn-59174.exe
2548	Unicorn-61867.exe
2092	Unicorn-15598.exe
2548	Unicorn-61867.exe
2092	Unicorn-15598.exe
2524	Unicorn-16196.exe
2524	Unicorn-16196.exe
3056	Unicorn-9013.exe
3056	Unicorn-9013.exe
2244	WerFault.exe
2244	WerFault.exe
2244	WerFault.exe
2244	WerFault.exe
2244	WerFault.exe
1268	WerFault.exe
1268	WerFault.exe
1268	WerFault.exe
1268	WerFault.exe
1268	WerFault.exe
2300	Unicorn-18225.exe
2300	Unicorn-18225.exe
2444	Unicorn-59174.exe
2444	Unicorn-59174.exe
2164	Unicorn-20917.exe
2164	Unicorn-20917.exe
1612	Unicorn-44867.exe
1612	Unicorn-44867.exe
2548	Unicorn-61867.exe
2548	Unicorn-61867.exe
1884	WerFault.exe
1884	WerFault.exe
1884	WerFault.exe
1884	WerFault.exe
1448	WerFault.exe
1448	WerFault.exe
1448	WerFault.exe
1448	WerFault.exe
1884	WerFault.exe
1448	WerFault.exe
1792	WerFault.exe
1792	WerFault.exe
1792	WerFault.exe
1792	WerFault.exe
1792	WerFault.exe
1824	Unicorn-14140.exe
1824	Unicorn-14140.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2516	2696	WerFault.exe	27
2812	1768	WerFault.exe	28
2244	2092	WerFault.exe	30
1268	3056	WerFault.exe	29
1448	2548	WerFault.exe	33
1884	2444	WerFault.exe	32
1792	2524	WerFault.exe	34
332	2300	WerFault.exe	36
1744	1464	WerFault.exe	38
1472	2164	WerFault.exe	40
900	1824	WerFault.exe	39
1756	1612	WerFault.exe	37
108	2448	WerFault.exe	44
1596	1716	WerFault.exe	43
2304	540	WerFault.exe	46
1040	1616	WerFault.exe	45
1692	488	WerFault.exe	47
3052	1252	WerFault.exe	51
1656	2896	WerFault.exe	52
2816	2380	WerFault.exe	53
3036	860	WerFault.exe	54
820	1932	WerFault.exe	55
1868	716	WerFault.exe	59
1908	920	WerFault.exe	57
2148	1512	WerFault.exe	60
1212	3012	WerFault.exe	58
2644	1560	WerFault.exe	66
2568	2028	WerFault.exe	67
2672	1712	WerFault.exe	68
896	2620	WerFault.exe	69
2076	2884	WerFault.exe	70
592	2544	WerFault.exe	71
268	2600	WerFault.exe	72
2116	2440	WerFault.exe	74
1776	2532	WerFault.exe	75
1080	2404	WerFault.exe	73
2780	1548	WerFault.exe	78
1644	1636	WerFault.exe	77
3044	1960	WerFault.exe	76
3148	1864	WerFault.exe	83
3180	452	WerFault.exe	93
3196	1860	WerFault.exe	96
3368	1916	WerFault.exe	86
2668	1516	WerFault.exe	95
3612	1620	WerFault.exe	92
3732	584	WerFault.exe	100
2564	2944	WerFault.exe	103
3816	2220	WerFault.exe	102
3880	2624	WerFault.exe	104
3920	2132	WerFault.exe	90
3592	1132	WerFault.exe	91
3144	2612	WerFault.exe	105
4036	2144	WerFault.exe	89
4044	2248	WerFault.exe	88
3292	2608	WerFault.exe	84
3440	2772	WerFault.exe	98
3104	2136	WerFault.exe	87
3588	1008	WerFault.exe	99
3904	3188	WerFault.exe	175
3448	1324	WerFault.exe	145
4108	2376	WerFault.exe	141
4124	1820	WerFault.exe	122
4152	760	WerFault.exe	138
4144	2732	WerFault.exe	125

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2696	5f78870b1d6575d2caf15d1144942b0229e42affb741cee8fdffd7386322b2c7.exe
1768	Unicorn-64161.exe
3056	Unicorn-9013.exe
2092	Unicorn-15598.exe
2444	Unicorn-59174.exe
2524	Unicorn-16196.exe
2548	Unicorn-61867.exe
2300	Unicorn-18225.exe
1612	Unicorn-44867.exe
1464	Unicorn-25001.exe
2164	Unicorn-20917.exe
1824	Unicorn-14140.exe
1716	Unicorn-34800.exe
2448	Unicorn-10850.exe
540	Unicorn-57934.exe
1616	Unicorn-23124.exe
488	Unicorn-38068.exe
1252	Unicorn-39220.exe
2896	Unicorn-326.exe
2380	Unicorn-55002.exe
860	Unicorn-42750.exe
1932	Unicorn-49527.exe
3012	Unicorn-34582.exe
1512	Unicorn-61032.exe
292	Unicorn-65308.exe
920	Unicorn-14716.exe
716	Unicorn-41166.exe
1560	Unicorn-57223.exe
2028	Unicorn-26497.exe
1712	Unicorn-18329.exe
2620	Unicorn-20829.exe
2884	Unicorn-32527.exe
2544	Unicorn-43387.exe
2600	Unicorn-20275.exe
2440	Unicorn-7830.exe
2404	Unicorn-7830.exe
2532	Unicorn-3746.exe
1960	Unicorn-18691.exe
1636	Unicorn-45334.exe
1548	Unicorn-65199.exe
1864	Unicorn-2075.exe
2608	Unicorn-17020.exe
1916	Unicorn-39386.exe
2136	Unicorn-59252.exe
2248	Unicorn-24442.exe
2144	Unicorn-31218.exe
2132	Unicorn-47000.exe
1132	Unicorn-38832.exe
1620	Unicorn-53777.exe
452	Unicorn-4021.exe
2388	Unicorn-65282.exe
1516	Unicorn-6522.exe
1860	Unicorn-14135.exe
1664	Unicorn-55723.exe
2772	Unicorn-16828.exe
2948	Unicorn-59060.exe
1008	Unicorn-36694.exe
584	Unicorn-32418.exe
2220	Unicorn-8468.exe
2624	Unicorn-54976.exe
2944	Unicorn-35110.exe
2612	Unicorn-50892.exe
2352	Unicorn-32200.exe
1244	Unicorn-4166.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2696 wrote to memory of 1768	2696	5f78870b1d6575d2caf15d1144942b0229e42affb741cee8fdffd7386322b2c7.exe	28
PID 2696 wrote to memory of 1768	2696	5f78870b1d6575d2caf15d1144942b0229e42affb741cee8fdffd7386322b2c7.exe	28
PID 2696 wrote to memory of 1768	2696	5f78870b1d6575d2caf15d1144942b0229e42affb741cee8fdffd7386322b2c7.exe	28
PID 2696 wrote to memory of 1768	2696	5f78870b1d6575d2caf15d1144942b0229e42affb741cee8fdffd7386322b2c7.exe	28
PID 1768 wrote to memory of 3056	1768	Unicorn-64161.exe	29
PID 1768 wrote to memory of 3056	1768	Unicorn-64161.exe	29
PID 1768 wrote to memory of 3056	1768	Unicorn-64161.exe	29
PID 1768 wrote to memory of 3056	1768	Unicorn-64161.exe	29
PID 2696 wrote to memory of 2092	2696	5f78870b1d6575d2caf15d1144942b0229e42affb741cee8fdffd7386322b2c7.exe	30
PID 2696 wrote to memory of 2092	2696	5f78870b1d6575d2caf15d1144942b0229e42affb741cee8fdffd7386322b2c7.exe	30
PID 2696 wrote to memory of 2092	2696	5f78870b1d6575d2caf15d1144942b0229e42affb741cee8fdffd7386322b2c7.exe	30
PID 2696 wrote to memory of 2092	2696	5f78870b1d6575d2caf15d1144942b0229e42affb741cee8fdffd7386322b2c7.exe	30
PID 2696 wrote to memory of 2516	2696	5f78870b1d6575d2caf15d1144942b0229e42affb741cee8fdffd7386322b2c7.exe	31
PID 2696 wrote to memory of 2516	2696	5f78870b1d6575d2caf15d1144942b0229e42affb741cee8fdffd7386322b2c7.exe	31
PID 2696 wrote to memory of 2516	2696	5f78870b1d6575d2caf15d1144942b0229e42affb741cee8fdffd7386322b2c7.exe	31
PID 2696 wrote to memory of 2516	2696	5f78870b1d6575d2caf15d1144942b0229e42affb741cee8fdffd7386322b2c7.exe	31
PID 2092 wrote to memory of 2444	2092	Unicorn-15598.exe	32
PID 2092 wrote to memory of 2444	2092	Unicorn-15598.exe	32
PID 2092 wrote to memory of 2444	2092	Unicorn-15598.exe	32
PID 2092 wrote to memory of 2444	2092	Unicorn-15598.exe	32
PID 1768 wrote to memory of 2548	1768	Unicorn-64161.exe	33
PID 1768 wrote to memory of 2548	1768	Unicorn-64161.exe	33
PID 1768 wrote to memory of 2548	1768	Unicorn-64161.exe	33
PID 1768 wrote to memory of 2548	1768	Unicorn-64161.exe	33
PID 3056 wrote to memory of 2524	3056	Unicorn-9013.exe	34
PID 3056 wrote to memory of 2524	3056	Unicorn-9013.exe	34
PID 3056 wrote to memory of 2524	3056	Unicorn-9013.exe	34
PID 3056 wrote to memory of 2524	3056	Unicorn-9013.exe	34
PID 1768 wrote to memory of 2812	1768	Unicorn-64161.exe	35
PID 1768 wrote to memory of 2812	1768	Unicorn-64161.exe	35
PID 1768 wrote to memory of 2812	1768	Unicorn-64161.exe	35
PID 1768 wrote to memory of 2812	1768	Unicorn-64161.exe	35
PID 2444 wrote to memory of 2300	2444	Unicorn-59174.exe	36
PID 2444 wrote to memory of 2300	2444	Unicorn-59174.exe	36
PID 2444 wrote to memory of 2300	2444	Unicorn-59174.exe	36
PID 2444 wrote to memory of 2300	2444	Unicorn-59174.exe	36
PID 2548 wrote to memory of 1612	2548	Unicorn-61867.exe	37
PID 2548 wrote to memory of 1612	2548	Unicorn-61867.exe	37
PID 2548 wrote to memory of 1612	2548	Unicorn-61867.exe	37
PID 2548 wrote to memory of 1612	2548	Unicorn-61867.exe	37
PID 2092 wrote to memory of 1464	2092	Unicorn-15598.exe	38
PID 2092 wrote to memory of 1464	2092	Unicorn-15598.exe	38
PID 2092 wrote to memory of 1464	2092	Unicorn-15598.exe	38
PID 2092 wrote to memory of 1464	2092	Unicorn-15598.exe	38
PID 2524 wrote to memory of 1824	2524	Unicorn-16196.exe	39
PID 2524 wrote to memory of 1824	2524	Unicorn-16196.exe	39
PID 2524 wrote to memory of 1824	2524	Unicorn-16196.exe	39
PID 2524 wrote to memory of 1824	2524	Unicorn-16196.exe	39
PID 3056 wrote to memory of 2164	3056	Unicorn-9013.exe	40
PID 3056 wrote to memory of 2164	3056	Unicorn-9013.exe	40
PID 3056 wrote to memory of 2164	3056	Unicorn-9013.exe	40
PID 3056 wrote to memory of 2164	3056	Unicorn-9013.exe	40
PID 2092 wrote to memory of 2244	2092	Unicorn-15598.exe	41
PID 2092 wrote to memory of 2244	2092	Unicorn-15598.exe	41
PID 2092 wrote to memory of 2244	2092	Unicorn-15598.exe	41
PID 2092 wrote to memory of 2244	2092	Unicorn-15598.exe	41
PID 3056 wrote to memory of 1268	3056	Unicorn-9013.exe	42
PID 3056 wrote to memory of 1268	3056	Unicorn-9013.exe	42
PID 3056 wrote to memory of 1268	3056	Unicorn-9013.exe	42
PID 3056 wrote to memory of 1268	3056	Unicorn-9013.exe	42
PID 2300 wrote to memory of 1716	2300	Unicorn-18225.exe	43
PID 2300 wrote to memory of 1716	2300	Unicorn-18225.exe	43
PID 2300 wrote to memory of 1716	2300	Unicorn-18225.exe	43
PID 2300 wrote to memory of 1716	2300	Unicorn-18225.exe	43

C:\Users\Admin\AppData\Local\Temp\5f78870b1d6575d2caf15d1144942b0229e42affb741cee8fdffd7386322b2c7.exe
"C:\Users\Admin\AppData\Local\Temp\5f78870b1d6575d2caf15d1144942b0229e42affb741cee8fdffd7386322b2c7.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2696
- C:\Users\Admin\AppData\Local\Temp\Unicorn-64161.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-64161.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1768
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9013.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9013.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16196.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16196.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14140.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39220.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57223.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2075.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32200.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56943.exe
        10⤵
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28438.exe
        11⤵
        
        PID:3268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42392.exe
        12⤵
        
        PID:4172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54172.exe
        13⤵
        
        PID:6628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57958.exe
        14⤵
        
        PID:9628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43755.exe
        15⤵
        
        PID:6744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9628 -s 236
        15⤵
        
        PID:12856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6628 -s 216
        14⤵
        
        PID:10776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4172 -s 216
        13⤵
        
        PID:7540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3268 -s 216
        12⤵
        
        PID:6360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2212 -s 236
        11⤵
        
        PID:4664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4296.exe
        10⤵
        
        PID:3320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64374.exe
        11⤵
        
        PID:4424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23311.exe
        12⤵
        
        PID:7604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60558.exe
        13⤵
        
        PID:11188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12167.exe
        14⤵
        
        PID:9184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7604 -s 216
        13⤵
        
        PID:11784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4424 -s 216
        12⤵
        
        PID:8888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3320 -s 216
        11⤵
        
        PID:6992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2352 -s 240
        10⤵
        
        PID:4116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6351.exe
        9⤵
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59164.exe
        10⤵
        
        PID:3232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63113.exe
        11⤵
        
        PID:4140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1930.exe
        12⤵
        
        PID:6404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15119.exe
        13⤵
        
        PID:10856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41612.exe
        14⤵
        
        PID:13116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6404 -s 216
        13⤵
        
        PID:11440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4140 -s 216
        12⤵
        
        PID:8544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3232 -s 216
        11⤵
        
        PID:6472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2640 -s 216
        10⤵
        
        PID:4696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1864 -s 240
        9⤵
        Program crash
        
        PID:3148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4166.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22133.exe
        9⤵
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50804.exe
        10⤵
        
        PID:3452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-975.exe
        11⤵
        
        PID:4692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21365.exe
        12⤵
        
        PID:7472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51129.exe
        13⤵
        
        PID:10760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21431.exe
        14⤵
        
        PID:8292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7472 -s 216
        13⤵
        
        PID:11748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4692 -s 216
        12⤵
        
        PID:8820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3452 -s 216
        11⤵
        
        PID:6948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2052 -s 236
        10⤵
        
        PID:4972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-212.exe
        9⤵
        
        PID:3412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56891.exe
        10⤵
        
        PID:5040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1380.exe
        11⤵
        
        PID:6188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14740.exe
        12⤵
        
        PID:9244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32214.exe
        13⤵
        
        PID:944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9244 -s 216
        13⤵
        
        PID:13096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6188 -s 236
        12⤵
        
        PID:10344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5040 -s 216
        11⤵
        
        PID:7268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3412 -s 216
        10⤵
        
        PID:5372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1244 -s 240
        9⤵
        
        PID:4760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1560 -s 240
        8⤵
        Program crash
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17020.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13725.exe
        8⤵
        
        PID:832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21016.exe
        9⤵
        
        PID:3496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8313.exe
        10⤵
        
        PID:5332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29777.exe
        11⤵
        
        PID:5836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20579.exe
        12⤵
        
        PID:9164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32467.exe
        13⤵
        
        PID:11660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9164 -s 220
        13⤵
        
        PID:12344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5836 -s 204
        12⤵
        
        PID:9716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5332 -s 216
        11⤵
        
        PID:7860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7581.exe
        10⤵
        
        PID:5240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14164.exe
        11⤵
        
        PID:8680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64886.exe
        12⤵
        
        PID:12240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8680 -s 216
        12⤵
        
        PID:13108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5240 -s 216
        11⤵
        
        PID:10320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3496 -s 220
        10⤵
        
        PID:8080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 832 -s 216
        9⤵
        
        PID:5016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16657.exe
        8⤵
        
        PID:3348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51655.exe
        9⤵
        
        PID:4540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36082.exe
        10⤵
        
        PID:6864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8949.exe
        11⤵
        
        PID:9776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31851.exe
        12⤵
        
        PID:6152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9776 -s 236
        12⤵
        
        PID:12880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6864 -s 216
        11⤵
        
        PID:11164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4540 -s 216
        10⤵
        
        PID:8012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3348 -s 216
        9⤵
        
        PID:5128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2608 -s 240
        8⤵
        Program crash
        
        PID:3292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1252 -s 240
        7⤵
        Program crash
        
        PID:3052
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1824 -s 236
        6⤵
        Program crash
        
        PID:900
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2524 -s 236
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:1792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20917.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20917.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23124.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65308.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:292
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1616 -s 236
        6⤵
        Program crash
        
        PID:1040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14716.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7830.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14135.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7695.exe
        8⤵
        
        PID:560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62973.exe
        9⤵
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34468.exe
        10⤵
        
        PID:3516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7581.exe
        11⤵
        
        PID:4592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43923.exe
        12⤵
        
        PID:7524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28379.exe
        13⤵
        
        PID:10876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51363.exe
        14⤵
        
        PID:7980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7524 -s 216
        13⤵
        
        PID:11740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4592 -s 216
        12⤵
        
        PID:8836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3516 -s 216
        11⤵
        
        PID:7092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2888 -s 236
        10⤵
        
        PID:4900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10518.exe
        9⤵
        
        PID:3584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36170.exe
        10⤵
        
        PID:5180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45244.exe
        11⤵
        
        PID:8044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44606.exe
        12⤵
        
        PID:1136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8044 -s 216
        12⤵
        
        PID:11912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5180 -s 236
        11⤵
        
        PID:8948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3584 -s 216
        10⤵
        
        PID:6204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 560 -s 240
        9⤵
        
        PID:4408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34939.exe
        8⤵
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26300.exe
        9⤵
        
        PID:3628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63196.exe
        10⤵
        
        PID:5296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18703.exe
        11⤵
        
        PID:6092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13697.exe
        12⤵
        
        PID:8752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23387.exe
        13⤵
        
        PID:11292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8752 -s 216
        13⤵
        
        PID:2680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6092 -s 216
        12⤵
        
        PID:9996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5296 -s 236
        11⤵
        
        PID:7064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52122.exe
        10⤵
        
        PID:6124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13697.exe
        11⤵
        
        PID:8768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35831.exe
        12⤵
        
        PID:12244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8768 -s 216
        12⤵
        
        PID:11996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6124 -s 216
        11⤵
        
        PID:9988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3628 -s 220
        10⤵
        
        PID:6320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2656 -s 236
        9⤵
        
        PID:4776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1860 -s 220
        8⤵
        Program crash
        
        PID:3196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2440 -s 236
        7⤵
        Program crash
        
        PID:2116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55723.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1281.exe
        7⤵
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60404.exe
        7⤵
        
        PID:3912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22081.exe
        8⤵
        
        PID:5108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45607.exe
        9⤵
        
        PID:8140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22432.exe
        10⤵
        
        PID:11036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8140 -s 216
        10⤵
        
        PID:11972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5108 -s 216
        9⤵
        
        PID:8484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3912 -s 216
        8⤵
        
        PID:6684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1664 -s 240
        7⤵
        
        PID:4780
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 920 -s 220
        6⤵
        Program crash
        
        PID:1908
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2164 -s 220
        5⤵
        Program crash
        
        PID:1472
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3056 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1268
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61867.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61867.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44867.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44867.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57934.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34582.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65199.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59060.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19756.exe
        9⤵
        
        PID:2436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44883.exe
        10⤵
        
        PID:3308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56040.exe
        11⤵
        
        PID:3744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53897.exe
        12⤵
        
        PID:5936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42177.exe
        13⤵
        
        PID:4480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21716.exe
        14⤵
        
        PID:11344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4480 -s 216
        14⤵
        
        PID:12708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5936 -s 216
        13⤵
        
        PID:9624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3744 -s 216
        12⤵
        
        PID:7416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3308 -s 236
        11⤵
        
        PID:5860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1364.exe
        10⤵
        
        PID:3968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45729.exe
        11⤵
        
        PID:6080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34009.exe
        12⤵
        
        PID:8404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4803.exe
        13⤵
        
        PID:12144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8404 -s 216
        13⤵
        
        PID:12612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6080 -s 216
        12⤵
        
        PID:9556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3968 -s 216
        11⤵
        
        PID:7448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2436 -s 240
        10⤵
        
        PID:5892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51468.exe
        9⤵
        
        PID:3376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22273.exe
        10⤵
        
        PID:4588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28765.exe
        11⤵
        
        PID:7024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36718.exe
        12⤵
        
        PID:10564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24809.exe
        13⤵
        
        PID:7296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10564 -s 216
        13⤵
        
        PID:8712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7024 -s 216
        12⤵
        
        PID:10692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4588 -s 216
        11⤵
        
        PID:8496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3376 -s 216
        10⤵
        
        PID:6456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2948 -s 240
        9⤵
        
        PID:4528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39853.exe
        8⤵
        
        PID:760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-342.exe
        9⤵
        
        PID:3676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47763.exe
        10⤵
        
        PID:4292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19170.exe
        11⤵
        
        PID:6660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59328.exe
        12⤵
        
        PID:9592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64367.exe
        13⤵
        
        PID:6648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9592 -s 236
        13⤵
        
        PID:12788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6660 -s 216
        12⤵
        
        PID:10744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4292 -s 216
        11⤵
        
        PID:7548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3676 -s 236
        10⤵
        
        PID:4400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 760 -s 216
        9⤵
        Program crash
        
        PID:4152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1548 -s 220
        8⤵
        Program crash
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8468.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24909.exe
        8⤵
        
        PID:2376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54997.exe
        9⤵
        
        PID:3476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32003.exe
        10⤵
        
        PID:5044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7960.exe
        11⤵
        
        PID:7052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62976.exe
        12⤵
        
        PID:10368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34264.exe
        13⤵
        
        PID:13000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10368 -s 236
        13⤵
        
        PID:8332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7052 -s 216
        12⤵
        
        PID:10864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5044 -s 216
        11⤵
        
        PID:8284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3476 -s 216
        10⤵
        
        PID:6312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2376 -s 236
        9⤵
        Program crash
        
        PID:4108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26963.exe
        8⤵
        
        PID:3604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47296.exe
        9⤵
        
        PID:3256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8972.exe
        10⤵
        
        PID:5612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1829.exe
        11⤵
        
        PID:9004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-911.exe
        12⤵
        
        PID:11920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9004 -s 216
        12⤵
        
        PID:12556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5612 -s 216
        11⤵
        
        PID:9260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3256 -s 216
        10⤵
        
        PID:7368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3604 -s 236
        9⤵
        
        PID:5584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2220 -s 220
        8⤵
        Program crash
        
        PID:3816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3012 -s 240
        7⤵
        Program crash
        
        PID:1212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45334.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54976.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33954.exe
        8⤵
        
        PID:1324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63165.exe
        9⤵
        
        PID:3420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59823.exe
        10⤵
        
        PID:4500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36082.exe
        11⤵
        
        PID:6872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56012.exe
        12⤵
        
        PID:9748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31851.exe
        13⤵
        
        PID:12124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9748 -s 216
        13⤵
        
        PID:13040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6872 -s 216
        12⤵
        
        PID:11140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4500 -s 216
        11⤵
        
        PID:8016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3420 -s 216
        10⤵
        
        PID:5460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1324 -s 236
        9⤵
        Program crash
        
        PID:3448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57690.exe
        8⤵
        
        PID:3556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2947.exe
        9⤵
        
        PID:3464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17525.exe
        10⤵
        
        PID:5592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57335.exe
        11⤵
        
        PID:9112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9112 -s 212
        12⤵
        
        PID:2284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5592 -s 204
        11⤵
        
        PID:10264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3464 -s 236
        10⤵
        
        PID:7900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3556 -s 236
        9⤵
        
        PID:5792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2624 -s 240
        8⤵
        Program crash
        
        PID:3880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14088.exe
        7⤵
        
        PID:772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41375.exe
        8⤵
        
        PID:3940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55464.exe
        9⤵
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17141.exe
        10⤵
        
        PID:5512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34201.exe
        11⤵
        
        PID:9156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62364.exe
        12⤵
        
        PID:5156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9156 -s 216
        12⤵
        
        PID:12588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5512 -s 216
        11⤵
        
        PID:9584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1532 -s 216
        10⤵
        
        PID:7328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3940 -s 236
        9⤵
        
        PID:5576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31514.exe
        8⤵
        
        PID:3116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29201.exe
        9⤵
        
        PID:5200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40423.exe
        10⤵
        
        PID:9172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44658.exe
        11⤵
        
        PID:12124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-371.exe
        11⤵
        
        PID:6896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9172 -s 212
        11⤵
        
        PID:12376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5200 -s 220
        10⤵
        
        PID:9220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3116 -s 216
        9⤵
        
        PID:7560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 772 -s 220
        8⤵
        
        PID:5540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1636 -s 240
        7⤵
        Program crash
        
        PID:1644
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 540 -s 240
        6⤵
        Program crash
        
        PID:2304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41166.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7830.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32418.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2075.exe
        8⤵
        
        PID:1920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32330.exe
        9⤵
        
        PID:3844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11582.exe
        10⤵
        
        PID:4100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27949.exe
        11⤵
        
        PID:7748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19526.exe
        12⤵
        
        PID:10612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32972.exe
        13⤵
        
        PID:9032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7748 -s 216
        12⤵
        
        PID:11840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4100 -s 216
        11⤵
        
        PID:9056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3844 -s 236
        10⤵
        
        PID:6300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1920 -s 236
        9⤵
        
        PID:4852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 584 -s 216
        8⤵
        Program crash
        
        PID:3732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 236
        7⤵
        Program crash
        
        PID:1080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35110.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7503.exe
        7⤵
        
        PID:1348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41375.exe
        8⤵
        
        PID:3948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39128.exe
        9⤵
        
        PID:3492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47675.exe
        10⤵
        
        PID:5572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3858.exe
        11⤵
        
        PID:9000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3241.exe
        12⤵
        
        PID:5768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9000 -s 216
        12⤵
        
        PID:12772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3492 -s 216
        10⤵
        
        PID:7692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3948 -s 216
        9⤵
        
        PID:5636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1348 -s 236
        8⤵
        
        PID:4276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17233.exe
        7⤵
        
        PID:3992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35044.exe
        8⤵
        
        PID:3596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21033.exe
        9⤵
        
        PID:5384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44507.exe
        10⤵
        
        PID:8924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44658.exe
        11⤵
        
        PID:12228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8924 -s 220
        11⤵
        
        PID:12900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5384 -s 216
        10⤵
        
        PID:9388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3596 -s 216
        9⤵
        
        PID:7672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3992 -s 236
        8⤵
        
        PID:5644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2944 -s 220
        7⤵
        Program crash
        
        PID:2564
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 716 -s 240
        6⤵
        Program crash
        
        PID:1868
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1612 -s 240
        5⤵
        Program crash
        
        PID:1756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38068.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38068.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61032.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3746.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36694.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24909.exe
        8⤵
        
        PID:1232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61857.exe
        9⤵
        
        PID:3692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31256.exe
        10⤵
        
        PID:5552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62322.exe
        11⤵
        
        PID:8340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64227.exe
        12⤵
        
        PID:12076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8340 -s 216
        12⤵
        
        PID:6944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5552 -s 216
        11⤵
        
        PID:9676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3692 -s 216
        10⤵
        
        PID:6964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1232 -s 216
        9⤵
        
        PID:5232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31047.exe
        8⤵
        
        PID:3520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53985.exe
        9⤵
        
        PID:4920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4504.exe
        10⤵
        
        PID:6064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42478.exe
        11⤵
        
        PID:8716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60527.exe
        12⤵
        
        PID:12208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8716 -s 216
        12⤵
        
        PID:6668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6064 -s 236
        11⤵
        
        PID:9980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4920 -s 236
        10⤵
        
        PID:6588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3520 -s 236
        9⤵
        
        PID:5448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1008 -s 240
        8⤵
        Program crash
        
        PID:3588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-959.exe
        7⤵
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22901.exe
        8⤵
        
        PID:3796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65505.exe
        9⤵
        
        PID:5012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31287.exe
        10⤵
        
        PID:7820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15441.exe
        11⤵
        
        PID:10680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61560.exe
        12⤵
        
        PID:8992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7820 -s 216
        11⤵
        
        PID:11832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5012 -s 236
        10⤵
        
        PID:9076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3796 -s 236
        9⤵
        
        PID:7080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 236
        8⤵
        
        PID:4236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2532 -s 240
        7⤵
        Program crash
        
        PID:1776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16828.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15672.exe
        7⤵
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26985.exe
        8⤵
        
        PID:3784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25781.exe
        9⤵
        
        PID:4364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53103.exe
        10⤵
        
        PID:6548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1959.exe
        11⤵
        
        PID:9564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49401.exe
        12⤵
        
        PID:948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9564 -s 216
        12⤵
        
        PID:12748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6548 -s 216
        11⤵
        
        PID:10736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4364 -s 216
        10⤵
        
        PID:7508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3784 -s 216
        9⤵
        
        PID:6240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2824 -s 236
        8⤵
        
        PID:4228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29677.exe
        7⤵
        
        PID:3824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16845.exe
        8⤵
        
        PID:4572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45018.exe
        9⤵
        
        PID:6344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39951.exe
        10⤵
        
        PID:10236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57808.exe
        11⤵
        
        PID:12452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10236 -s 236
        11⤵
        
        PID:8200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6344 -s 216
        10⤵
        
        PID:10492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4572 -s 236
        9⤵
        
        PID:8160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3824 -s 216
        8⤵
        
        PID:5192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2772 -s 240
        7⤵
        Program crash
        
        PID:3440
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1512 -s 240
        6⤵
        Program crash
        
        PID:2148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18691.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50892.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7503.exe
        7⤵
        
        PID:724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35153.exe
        8⤵
        
        PID:3668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-233.exe
        9⤵
        
        PID:3856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61873.exe
        10⤵
        
        PID:6060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9696.exe
        11⤵
        
        PID:8360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5763.exe
        12⤵
        
        PID:6116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8360 -s 220
        12⤵
        
        PID:12920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6060 -s 204
        11⤵
        
        PID:9800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3856 -s 216
        10⤵
        
        PID:7728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3668 -s 236
        9⤵
        
        PID:5680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7010.exe
        8⤵
        
        PID:4056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60503.exe
        9⤵
        
        PID:5392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13780.exe
        10⤵
        
        PID:8988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41944.exe
        11⤵
        
        PID:11368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8988 -s 216
        11⤵
        
        PID:12952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5392 -s 216
        10⤵
        
        PID:9276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4056 -s 216
        9⤵
        
        PID:7844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 724 -s 240
        8⤵
        
        PID:5696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7119.exe
        7⤵
        
        PID:3748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64099.exe
        8⤵
        
        PID:4204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50389.exe
        9⤵
        
        PID:6428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59172.exe
        10⤵
        
        PID:9380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19661.exe
        11⤵
        
        PID:5344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9380 -s 220
        11⤵
        
        PID:12352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6428 -s 220
        10⤵
        
        PID:10552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4204 -s 216
        9⤵
        
        PID:7464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3748 -s 236
        8⤵
        
        PID:5164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2612 -s 240
        7⤵
        Program crash
        
        PID:3144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-959.exe
        6⤵
        
        PID:968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26985.exe
        7⤵
        
        PID:3760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63907.exe
        8⤵
        
        PID:4472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11769.exe
        9⤵
        
        PID:7156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46858.exe
        10⤵
        
        PID:9952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8799.exe
        11⤵
        
        PID:12364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9952 -s 236
        11⤵
        
        PID:13232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7156 -s 216
        10⤵
        
        PID:10352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4472 -s 236
        9⤵
        
        PID:7324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3760 -s 236
        8⤵
        
        PID:5196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 968 -s 236
        7⤵
        
        PID:4184
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1960 -s 240
        6⤵
        Program crash
        
        PID:3044
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 488 -s 240
        5⤵
        Program crash
        
        PID:1692
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2548 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1448
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1768 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2812
- C:\Users\Admin\AppData\Local\Temp\Unicorn-15598.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-15598.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2092
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59174.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59174.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18225.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18225.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34800.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42750.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32527.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38832.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42506.exe
        9⤵
        
        PID:984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8126.exe
        10⤵
        
        PID:3088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32714.exe
        11⤵
        
        PID:3552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40171.exe
        12⤵
        
        PID:5000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18075.exe
        13⤵
        
        PID:7152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7553.exe
        14⤵
        
        PID:10408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7704.exe
        15⤵
        
        PID:13252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10408 -s 216
        15⤵
        
        PID:13072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7152 -s 216
        14⤵
        
        PID:10900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5000 -s 216
        13⤵
        
        PID:8320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3552 -s 236
        12⤵
        
        PID:6276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57254.exe
        11⤵
        
        PID:5088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24105.exe
        12⤵
        
        PID:6444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57330.exe
        13⤵
        
        PID:10524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65073.exe
        14⤵
        
        PID:7228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10524 -s 216
        14⤵
        
        PID:8612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6444 -s 216
        13⤵
        
        PID:10824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5088 -s 216
        12⤵
        
        PID:8384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3088 -s 240
        11⤵
        
        PID:6288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53689.exe
        10⤵
        
        PID:3836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22704.exe
        11⤵
        
        PID:5396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39699.exe
        12⤵
        
        PID:5564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48207.exe
        13⤵
        
        PID:8764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45644.exe
        14⤵
        
        PID:12252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8764 -s 220
        14⤵
        
        PID:12680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5564 -s 216
        13⤵
        
        PID:9740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5396 -s 216
        12⤵
        
        PID:7336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1167.exe
        11⤵
        
        PID:5272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44123.exe
        12⤵
        
        PID:8868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56334.exe
        13⤵
        
        PID:12232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8868 -s 220
        13⤵
        
        PID:12816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5272 -s 216
        12⤵
        
        PID:9744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3836 -s 220
        11⤵
        
        PID:7664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 984 -s 240
        10⤵
        
        PID:4300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41353.exe
        9⤵
        
        PID:3188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3188 -s 224
        10⤵
        Program crash
        
        PID:3904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1132 -s 240
        9⤵
        Program crash
        
        PID:3592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14280.exe
        8⤵
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3850.exe
        9⤵
        
        PID:3120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19092.exe
        10⤵
        
        PID:3136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45729.exe
        11⤵
        
        PID:6072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20003.exe
        12⤵
        
        PID:8216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44658.exe
        13⤵
        
        PID:12192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8216 -s 220
        13⤵
        
        PID:12892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6072 -s 220
        12⤵
        
        PID:9928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3136 -s 216
        11⤵
        
        PID:7440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3120 -s 236
        10⤵
        
        PID:5960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48427.exe
        9⤵
        
        PID:3484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19087.exe
        10⤵
        
        PID:5732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25649.exe
        11⤵
        
        PID:8704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17440.exe
        12⤵
        
        PID:12152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8704 -s 220
        12⤵
        
        PID:12824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5732 -s 216
        11⤵
        
        PID:9684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3484 -s 216
        10⤵
        
        PID:7408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1628 -s 240
        9⤵
        
        PID:5924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2884 -s 240
        8⤵
        Program crash
        
        PID:2076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53777.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32008.exe
        8⤵
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28355.exe
        9⤵
        
        PID:3404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32771.exe
        10⤵
        
        PID:4680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20789.exe
        11⤵
        
        PID:7252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29017.exe
        12⤵
        
        PID:11220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58524.exe
        13⤵
        
        PID:12476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7252 -s 216
        12⤵
        
        PID:11664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4680 -s 216
        11⤵
        
        PID:8792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3404 -s 216
        10⤵
        
        PID:6800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2552 -s 236
        9⤵
        
        PID:4888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1620 -s 216
        8⤵
        Program crash
        
        PID:3612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 860 -s 240
        7⤵
        Program crash
        
        PID:3036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43387.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4021.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46590.exe
        8⤵
        Executes dropped EXE
        
        PID:692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23887.exe
        9⤵
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34276.exe
        10⤵
        
        PID:4000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32387.exe
        11⤵
        
        PID:4668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42579.exe
        12⤵
        
        PID:5116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52670.exe
        13⤵
        
        PID:10456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25411.exe
        14⤵
        
        PID:13184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10456 -s 216
        14⤵
        
        PID:12716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5116 -s 216
        13⤵
        
        PID:10384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4668 -s 216
        12⤵
        
        PID:8440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4000 -s 216
        11⤵
        
        PID:6480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2760 -s 236
        10⤵
        
        PID:4908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49221.exe
        9⤵
        
        PID:4008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57898.exe
        10⤵
        
        PID:5596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37626.exe
        11⤵
        
        PID:8416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62089.exe
        12⤵
        
        PID:12128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8416 -s 216
        12⤵
        
        PID:6584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5596 -s 216
        11⤵
        
        PID:9704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4008 -s 216
        10⤵
        
        PID:6984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 692 -s 240
        9⤵
        
        PID:5244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37461.exe
        8⤵
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36990.exe
        9⤵
        
        PID:4088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27426.exe
        10⤵
        
        PID:5068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56175.exe
        11⤵
        
        PID:7428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38301.exe
        12⤵
        
        PID:10672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17731.exe
        13⤵
        
        PID:8400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7428 -s 216
        12⤵
        
        PID:11720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5068 -s 216
        11⤵
        
        PID:8808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4088 -s 216
        10⤵
        
        PID:6956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1748 -s 236
        9⤵
        
        PID:5024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 452 -s 240
        8⤵
        Program crash
        
        PID:3180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45007.exe
        7⤵
        
        PID:1332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49159.exe
        8⤵
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55272.exe
        9⤵
        
        PID:3080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9527.exe
        10⤵
        
        PID:5144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30854.exe
        11⤵
        
        PID:8000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24186.exe
        12⤵
        
        PID:11200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8000 -s 216
        12⤵
        
        PID:11872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5144 -s 236
        11⤵
        
        PID:8528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3080 -s 216
        10⤵
        
        PID:7128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2508 -s 236
        9⤵
        
        PID:4396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4680.exe
        8⤵
        
        PID:3112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21972.exe
        9⤵
        
        PID:4584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21173.exe
        10⤵
        
        PID:7740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56474.exe
        11⤵
        
        PID:11248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56516.exe
        12⤵
        
        PID:7260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7740 -s 216
        11⤵
        
        PID:11792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4584 -s 216
        10⤵
        
        PID:9048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3112 -s 216
        9⤵
        
        PID:7016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1332 -s 240
        8⤵
        
        PID:4244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2544 -s 240
        7⤵
        Program crash
        
        PID:592
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1716 -s 240
        6⤵
        Program crash
        
        PID:1596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49527.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20275.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65282.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1281.exe
        8⤵
        
        PID:2652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12018.exe
        9⤵
        
        PID:3564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52423.exe
        10⤵
        
        PID:4464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28189.exe
        11⤵
        
        PID:6384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59276.exe
        12⤵
        
        PID:10592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24233.exe
        13⤵
        
        PID:7184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21379.exe
        7⤵
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18817.exe
        8⤵
        
        PID:3864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63113.exe
        9⤵
        
        PID:4704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24681.exe
        10⤵
        
        PID:7116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57138.exe
        11⤵
        
        PID:10652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60003.exe
        12⤵
        
        PID:12648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10652 -s 236
        12⤵
        
        PID:7292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7116 -s 220
        11⤵
        
        PID:10808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4704 -s 216
        10⤵
        
        PID:8504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3864 -s 236
        9⤵
        
        PID:6464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2556 -s 236
        8⤵
        
        PID:4708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2600 -s 240
        7⤵
        Program crash
        
        PID:268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6522.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21894.exe
        7⤵
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24463.exe
        8⤵
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4125.exe
        9⤵
        
        PID:3240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34956.exe
        10⤵
        
        PID:5360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61489.exe
        11⤵
        
        PID:5252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51222.exe
        12⤵
        
        PID:8916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22702.exe
        13⤵
        
        PID:11756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8916 -s 216
        13⤵
        
        PID:12488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5252 -s 216
        12⤵
        
        PID:10192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5360 -s 236
        11⤵
        
        PID:7176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60098.exe
        10⤵
        
        PID:5320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49084.exe
        11⤵
        
        PID:9104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35530.exe
        12⤵
        
        PID:5776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9104 -s 220
        12⤵
        
        PID:12620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5320 -s 216
        11⤵
        
        PID:9492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3240 -s 220
        10⤵
        
        PID:7200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2628 -s 236
        9⤵
        
        PID:5036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10902.exe
        8⤵
        
        PID:3296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48723.exe
        9⤵
        
        PID:4268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8344.exe
        10⤵
        
        PID:6372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32442.exe
        11⤵
        
        PID:10684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30647.exe
        12⤵
        
        PID:12532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10684 -s 216
        12⤵
        
        PID:7212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6372 -s 220
        11⤵
        
        PID:11280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4268 -s 216
        10⤵
        
        PID:8512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3296 -s 216
        9⤵
        
        PID:6704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2140 -s 240
        8⤵
        
        PID:4788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35323.exe
        7⤵
        
        PID:1016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26684.exe
        8⤵
        
        PID:3392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30680.exe
        9⤵
        
        PID:5492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4102.exe
        10⤵
        
        PID:7708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4616.exe
        11⤵
        
        PID:11588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7708 -s 216
        11⤵
        
        PID:12116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5492 -s 236
        10⤵
        
        PID:8876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3392 -s 216
        9⤵
        
        PID:6720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1016 -s 236
        8⤵
        
        PID:4516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1516 -s 240
        7⤵
        Program crash
        
        PID:2668
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1932 -s 240
        6⤵
        Program crash
        
        PID:820
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2300 -s 240
        5⤵
        Program crash
        
        PID:332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10850.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10850.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55002.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18329.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24442.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44452.exe
        8⤵
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-342.exe
        9⤵
        
        PID:3684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35319.exe
        10⤵
        
        PID:4344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50280.exe
        11⤵
        
        PID:6912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19832.exe
        12⤵
        
        PID:9840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22614.exe
        13⤵
        
        PID:12328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9840 -s 216
        13⤵
        
        PID:13192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6912 -s 216
        12⤵
        
        PID:11172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4344 -s 216
        11⤵
        
        PID:7996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3684 -s 236
        10⤵
        
        PID:5352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2732 -s 236
        9⤵
        Program crash
        
        PID:4144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15287.exe
        8⤵
        
        PID:3716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53793.exe
        9⤵
        
        PID:4416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41920.exe
        10⤵
        
        PID:7036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50366.exe
        11⤵
        
        PID:9912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26698.exe
        12⤵
        
        PID:12300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9912 -s 216
        12⤵
        
        PID:7956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7036 -s 236
        11⤵
        
        PID:11232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4416 -s 216
        10⤵
        
        PID:8116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3716 -s 216
        9⤵
        
        PID:5508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2248 -s 240
        8⤵
        Program crash
        
        PID:4044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20502.exe
        7⤵
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22901.exe
        8⤵
        
        PID:3804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34333.exe
        9⤵
        
        PID:4944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8152.exe
        10⤵
        
        PID:6396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51876.exe
        11⤵
        
        PID:10904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35006.exe
        12⤵
        
        PID:7912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6396 -s 216
        11⤵
        
        PID:11448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4944 -s 216
        10⤵
        
        PID:8656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3804 -s 216
        9⤵
        
        PID:6692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2184 -s 216
        8⤵
        
        PID:4768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1712 -s 240
        7⤵
        Program crash
        
        PID:2672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31218.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56704.exe
        7⤵
        
        PID:1820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22325.exe
        8⤵
        
        PID:3244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29865.exe
        9⤵
        
        PID:4308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47156.exe
        10⤵
        
        PID:6848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63085.exe
        11⤵
        
        PID:9604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27466.exe
        12⤵
        
        PID:12632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9604 -s 236
        12⤵
        
        PID:12628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6848 -s 236
        11⤵
        
        PID:11040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4308 -s 216
        10⤵
        
        PID:8236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3244 -s 216
        9⤵
        
        PID:6232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1820 -s 216
        8⤵
        Program crash
        
        PID:4124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16657.exe
        7⤵
        
        PID:3340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53793.exe
        8⤵
        
        PID:4408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53362.exe
        8⤵
        
        PID:4752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63383.exe
        9⤵
        
        PID:7004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8897.exe
        10⤵
        
        PID:10800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10501.exe
        11⤵
        
        PID:7772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10800 -s 216
        11⤵
        
        PID:8328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7004 -s 216
        10⤵
        
        PID:11412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4752 -s 216
        9⤵
        
        PID:8552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3340 -s 220
        8⤵
        
        PID:6612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2144 -s 240
        7⤵
        Program crash
        
        PID:4036
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2380 -s 240
        6⤵
        Program crash
        
        PID:2816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20829.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47000.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54566.exe
        7⤵
        
        PID:2016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47021.exe
        8⤵
        
        PID:2408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12485.exe
        9⤵
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56035.exe
        10⤵
        
        PID:5416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20496.exe
        11⤵
        
        PID:8896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52058.exe
        12⤵
        
        PID:11888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8896 -s 216
        12⤵
        
        PID:12572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5416 -s 216
        11⤵
        
        PID:10152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2720 -s 236
        10⤵
        
        PID:7276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2408 -s 236
        9⤵
        
        PID:5524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49989.exe
        8⤵
        
        PID:3656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61873.exe
        9⤵
        
        PID:5996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54813.exe
        10⤵
        
        PID:8424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7133.exe
        11⤵
        
        PID:11704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8424 -s 216
        11⤵
        
        PID:12972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5996 -s 220
        10⤵
        
        PID:9944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3656 -s 216
        9⤵
        
        PID:7720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2016 -s 220
        8⤵
        
        PID:5652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14711.exe
        7⤵
        
        PID:3152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33482.exe
        8⤵
        
        PID:3664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41645.exe
        9⤵
        
        PID:6104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54813.exe
        10⤵
        
        PID:8356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23662.exe
        11⤵
        
        PID:4736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8356 -s 216
        11⤵
        
        PID:12740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6104 -s 220
        10⤵
        
        PID:9960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3664 -s 216
        9⤵
        
        PID:7484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3152 -s 236
        8⤵
        
        PID:5968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2132 -s 220
        7⤵
        Program crash
        
        PID:3920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30616.exe
        6⤵
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41375.exe
        7⤵
        
        PID:3956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7093.exe
        8⤵
        
        PID:4656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12153.exe
        9⤵
        
        PID:6448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43843.exe
        10⤵
        
        PID:9348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10553.exe
        11⤵
        
        PID:12512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9348 -s 236
        11⤵
        
        PID:12524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6448 -s 236
        10⤵
        
        PID:10576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4656 -s 236
        9⤵
        
        PID:2960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3956 -s 216
        8⤵
        
        PID:5436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23346.exe
        7⤵
        
        PID:3356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35423.exe
        8⤵
        
        PID:5608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56759.exe
        9⤵
        
        PID:8864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11409.exe
        10⤵
        
        PID:12096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8864 -s 216
        10⤵
        
        PID:12756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5608 -s 216
        9⤵
        
        PID:9252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3356 -s 216
        8⤵
        
        PID:7700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2796 -s 220
        7⤵
        
        PID:5620
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2620 -s 240
        6⤵
        Program crash
        
        PID:896
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2448 -s 240
        5⤵
        Program crash
        
        PID:108
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2444 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1884
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25001.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25001.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-326.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-326.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26497.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59252.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1281.exe
        7⤵
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57690.exe
        7⤵
        
        PID:3572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12760.exe
        8⤵
        
        PID:4604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38220.exe
        9⤵
        
        PID:6272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33921.exe
        10⤵
        
        PID:10200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59946.exe
        11⤵
        
        PID:12416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10200 -s 236
        11⤵
        
        PID:7172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6272 -s 216
        10⤵
        
        PID:10476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4604 -s 216
        9⤵
        
        PID:7660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3572 -s 236
        8⤵
        
        PID:5368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2136 -s 220
        7⤵
        Program crash
        
        PID:3104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21379.exe
        6⤵
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46829.exe
        7⤵
        
        PID:3636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15474.exe
        8⤵
        
        PID:4560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57161.exe
        9⤵
        
        PID:6568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19588.exe
        10⤵
        
        PID:11044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21000.exe
        11⤵
        
        PID:6936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6568 -s 216
        10⤵
        
        PID:11516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4560 -s 236
        9⤵
        
        PID:8664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3636 -s 236
        8⤵
        
        PID:6352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2712 -s 236
        7⤵
        
        PID:4384
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2028 -s 240
        6⤵
        Program crash
        
        PID:2568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39386.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25978.exe
        6⤵
        
        PID:1256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48967.exe
        7⤵
        
        PID:3272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45926.exe
        8⤵
        
        PID:3132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39123.exe
        9⤵
        
        PID:5188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14273.exe
        10⤵
        
        PID:8848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22702.exe
        11⤵
        
        PID:4220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8848 -s 216
        11⤵
        
        PID:12500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5188 -s 216
        10⤵
        
        PID:10088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3132 -s 236
        9⤵
        
        PID:6572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3272 -s 236
        8⤵
        
        PID:5440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21976.exe
        7⤵
        
        PID:3284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25117.exe
        8⤵
        
        PID:5308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13780.exe
        9⤵
        
        PID:9120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44658.exe
        10⤵
        
        PID:12168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9120 -s 220
        10⤵
        
        PID:12884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5308 -s 216
        9⤵
        
        PID:9372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3284 -s 216
        8⤵
        
        PID:7628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1256 -s 240
        7⤵
        
        PID:5784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51468.exe
        6⤵
        
        PID:3384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64400.exe
        7⤵
        
        PID:3580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45537.exe
        8⤵
        
        PID:6136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20003.exe
        9⤵
        
        PID:9196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27746.exe
        10⤵
        
        PID:11276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9196 -s 216
        10⤵
        
        PID:12732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6136 -s 220
        9⤵
        
        PID:9836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3580 -s 216
        8⤵
        
        PID:7800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3384 -s 236
        7⤵
        
        PID:5808
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1916 -s 240
        6⤵
        Program crash
        
        PID:3368
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2896 -s 240
        5⤵
        Program crash
        
        PID:1656
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1464 -s 216
      4⤵
      Program crash
      PID:1744
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2092 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2244
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2696 -s 240
  2⤵
  - Program crash
  PID:2516

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-14140.exe

Filesize
184KB

MD5
ae7a6c5ed88899142df5a0107471cf36

SHA1
09ce2481878b274770c48a5cd4c5f49b5c4dd986

SHA256
ad5ee0527418ee62642f2312846e62883585dc0bbbbd65d020986ddced256147

SHA512
8cd07f959291e98ad27e2f0b4134abb922d8d8c56320908cd7375d76613e1a6010da0f8650f0e29457bb5d9b160ddaa266a747683746a339f4d02a3b897f26b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14740.exe

Filesize
184KB

MD5
15ed18a64a28dd336bd78b52bd895df3

SHA1
7285b874b4fd77cb65dc0633e995d117839c4d67

SHA256
d1c3494a7ed897ddceb86278276b72be57be822a1095cff3bdf97fc22108d544

SHA512
d19d9053f1c3bd80b93047f1d68a4a7d3e08b4d53c146f192c5c954b240839c4c854baea503f64ca2b1d5c5ff4736b7420373b4274b5a2dbb8852ce53cd77e79

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16196.exe

Filesize
184KB

MD5
3457b88684f2b08e74aed8381a9826be

SHA1
791e330bbb065734833eb40c919f8568c31b0dd1

SHA256
44b9cdda4fecdc3037560c9fab499c01abd4a51e3d17b6efc1467c09de8dd318

SHA512
932d0510c04a6d9aa54f371821c4c807d13408500815a3118bcb34bc034169ddfb68c27f52c326ae5ebd65a9e76c698b0066036b1a307635e99e582c3f7565e5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22273.exe

Filesize
184KB

MD5
b332672bf08ef0922c71e5b4f5be417e

SHA1
9df881df3301d6167bd4d568be939799da99609c

SHA256
5501527468dba4e105540ae2340c63a7fa1374eea2f449ed535538bb417cea2a

SHA512
62d9c429ab7c2f959f034378b9e5a78aed9defe3637641ba150a858b0150013814de7d00260a27a5e894cbfcce2ed266c9e4ba2b2064767adab24ef6fd720651

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23124.exe

Filesize
184KB

MD5
b25a290216c58e94b72e873dfd0840eb

SHA1
a0f8029962d003429e7b7e895206817ec7f371d9

SHA256
35382d719b6951bf83bbfc63710dbdbc081251d300c07533a5125e57e59ff6a9

SHA512
5c47c2711c771dbe89cefc392cdc13a9e13f0e2baea9ab16e817fa472f394755a426d1f2a06815ad0a60c0e8789e7a9b8787f630777da96c0008b739ec38cd42

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25001.exe

Filesize
184KB

MD5
ee71102e2e7ca1cae5701a8ded3c63ec

SHA1
c56a3b535f8de502feda27d812ae7228634914c8

SHA256
4a667af467a977abd13edfbcf6cc279a4f6a42c5143f4b0d3bf39ee1945a9629

SHA512
42fe9eda3e8d544e95053a9cdcad9d3b2fb256aa0fc8d1b4aff6e4de904b05260d128e14e8bd24115b79f3712bce1d228782a4855230cc6db39e7f1c5b0fe759

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44867.exe

Filesize
184KB

MD5
728f3c669ada2164039d6b0f8bec1c5e

SHA1
7204edb13c7c752b7cd28e7d4af769fe6a4de6ba

SHA256
4cdaeba2bbc8b63bbbae85c9a6e40f864e28f518b5aa25b1d660d938863c8d2f

SHA512
0535cae0b2191412cf8ee96377e59122ef628166853ae0c85241176d706f2b79c3b417749fee21d51369922e97644d1dbb75c86e8c0912d107b6076150bae894

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45018.exe

Filesize
184KB

MD5
8752f0e69fd49f0e71ee20cd6542e8e1

SHA1
f20430f225954e242abaf71a95cb0217084d5091

SHA256
32615b478590ec6d388f2ea270c602e5c7de1792749c377cc2fad55ae8dfb95c

SHA512
9f611a57533610b60bbe4c8569f8d528568491426141f2b6cf4bdc2197b15f9e914ddbb2b48e4583bc76b25b45230a1b63d6f0ec1b348c69f62c361c9af63ad3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8949.exe

Filesize
184KB

MD5
4f28423c5c4c054426824f3600e0002e

SHA1
f32a146eeff401b4906b47ae67749bb96f608984

SHA256
e564e72895e3d61e3bf7508477130d8ed458e475ccc4ab37ed867395a3f124bc

SHA512
e42cb443c3b1298a861fa382c7a780184d9d86b0a452f22840bd2cb5204a0820caa87008d9e197652428ed41fb52a7b8748d2136357522cc2d47144840105feb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-10850.exe

Filesize
184KB

MD5
43d18ff87638021f567bcd6e7fcff6aa

SHA1
0032ad21691b87060a3efb9e978852c0b2614d59

SHA256
73d46087f647792679a5f6217140eea1e935e13e039e00f3a7a3cdb8d286f88f

SHA512
8605a3c07210e100e3129845eccfce5d62b13f3eb5003b9622fc73af2c9b0b7d36fd4122c427413e6640ad3a7335107acd734e5fc8551cee3572429709bfe76a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-15598.exe

Filesize
184KB

MD5
8e4c7ec025de9b3950669cda1655942f

SHA1
98d0aa3c4dd17458b7572264362fa6fcfea6921b

SHA256
2a6d7a8d7d2838e918bffca3d940076015c71282646e724f12c3209c79e59114

SHA512
626668f4aa6770be3a6866a4218ca1ebadcdb0a62bf254e44c6985c920c96618abc58a48637ebbeb5ea82117a8cca07d8050b493a458dec5c7ba8ecf6a8559f5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-18225.exe

Filesize
184KB

MD5
ee5f32dc2aae6be848e9905741e3eaca

SHA1
59f67c716453b469018a966c1543e42df4e1d758

SHA256
776320e357270caca96b253cb21639c3db145d4825a1dfba2d71035845b4fabf

SHA512
c81c3c9b2a95b7ce86313ab7ea45442be04f543646d8b9acfcece3f476b6d7f654c1d8e0683b97bf90b6504e4e342007655b0dd51c8dcbd41964e89d05e40ed0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-20917.exe

Filesize
184KB

MD5
c73db8be81ceae8dc3f116b5529ad206

SHA1
0d454da6b0e75335ebf2df19d0e084d29f31bffd

SHA256
7aa956be46614b30a5deb759e6c9b96429550a167e63e58053133cdeaff1e13b

SHA512
9a5a6c9cd81fba93ba0b86cd840f195e606f4e239df3745f0bd1488f5c624feacf36372e6ea81afd957a225e2e6d6567871ced8da19acdaece2b022bdc9b0719

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-34800.exe

Filesize
184KB

MD5
0c87c0715385905452736d686d3a8aa0

SHA1
1036a0f8d4a303f596e5c5c0673e2848772b355c

SHA256
55036008ffc9c639f3493a249d06384a943a4ff152d56aa78209a2e7873bb2b7

SHA512
1c546aeb201c35900afe0b0d0a9849c4836324688723308264d4b3a9fbe61ecf06c49ed73aab3ddec31faa306abb1ba284f62db75c7344c067f3a387d72a3812

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-59174.exe

Filesize
184KB

MD5
ce7c8477a9e385571d6f09267c7bc340

SHA1
d8dbe785a013a6e4661ef44a54a9c43fcb0d1677

SHA256
909eea422209fbd00e3f3561adf79dd68b3c5d9b7611898e5d45e4ce30958d24

SHA512
0ce73d73564264129f5b546fbd6c2dd006cffb69fc90b7bc4e5f95aea8217c88898028b02183195575376b76cf1077bf4cf0cf3bb1613d0fafea8e72d4db9989

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-61867.exe

Filesize
184KB

MD5
7640ddf8978587995060ab886c3757b8

SHA1
7a6c8ece82b2b5f27bafe7d14271c588e6935cdc

SHA256
0c7a2e3e6f3be912fddb62d9fcb37144d84aa0b1720a299a1be545f9ec5ca590

SHA512
b51127659fba538b5cf5048314de010fc6055352e462210c5b6a7800a73a4f1eeb9fb4fdeae8c09735eb6b9165bc8459a225facbe9a4afb85caca6014f646cb7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-64161.exe

Filesize
184KB

MD5
84c875ac8b2f9106ea81ea2fc33d704d

SHA1
f2d25b7e66336db1b465e8bc030871d29185cb1c

SHA256
eacf8da150555fb45e3c6153a6fbdaaab3de80e1d47cf7bbd38551a75f3d90db

SHA512
c39db6aea8406afb23ced6478e9d27ccb496a3b15f562a9f3f8fd3d720acea6779e5e8e1e161e4be2064c95014c6d45305cc9500e4869a38293b286c90ecadf5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9013.exe

Filesize
184KB

MD5
42a3ba19929e5d24456245bcad6c5a09

SHA1
17907f347d488fb7d74119fbd4efd3b74eafe1c6

SHA256
49bd8e989e7e23e9a713eeb6885fcd6a24c7545b9f2e05fcf4af70c6130d79b2

SHA512
7b764992a3bdc1490e1404235acdeb2e9940b8e2b92802abf489046e84a52b349e70ef6054fbf4200a303738e5cb03e4d2dc7379665856b561eef83ae4ae250f

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads