76d794c61af327bffedb63bf2ccdba313b53480442f7c340e42ce8651ce7d09f

Analysis

max time kernel
150s
max time network
120s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
22/05/2024, 23:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

76d794c61af327bffedb63bf2ccdba313b53480442f7c340e42ce8651ce7d09f.exe
Size

184KB
MD5

d33e50b2731540662e8564432383314a
SHA1

09c30cf82fe17102ee78de77b7b9bb3cf319da8e
SHA256

76d794c61af327bffedb63bf2ccdba313b53480442f7c340e42ce8651ce7d09f
SHA512

ebd051b0f58711d27b2d647bee589ffe8507ad6d4fb78644cd2b0765e85ab49c74031328754b2223e7db34f8f311eee066d3dcc6db7011368aebdd88a3fa195d
SSDEEP

1536:d7KU6j4AuFcRotx1tPiAlpwMG2Iy6hclDmdXqS8YrbzmtEhl5hj5nizpvu:t48FcRoTfPiodGtzW7S8YrEEhlnViFW

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2352	Unicorn-720.exe
2632	Unicorn-31338.exe
2680	Unicorn-11472.exe
2664	Unicorn-58063.exe
2712	Unicorn-42281.exe
1120	Unicorn-62147.exe
1652	Unicorn-49101.exe
2916	Unicorn-33319.exe
2288	Unicorn-57269.exe
1660	Unicorn-6677.exe
1916	Unicorn-61353.exe
1516	Unicorn-6169.exe
1444	Unicorn-55925.exe
2092	Unicorn-53808.exe
2028	Unicorn-38026.exe
1724	Unicorn-57892.exe
696	Unicorn-61976.exe
1088	Unicorn-46195.exe
988	Unicorn-523.exe
1636	Unicorn-33471.exe
2264	Unicorn-52500.exe
1780	Unicorn-37555.exe
928	Unicorn-23165.exe
1036	Unicorn-35609.exe
2984	Unicorn-19827.exe
2308	Unicorn-4882.exe
2024	Unicorn-54638.exe
2992	Unicorn-47861.exe
2440	Unicorn-27995.exe
2472	Unicorn-51945.exe
1760	Unicorn-32079.exe
2824	Unicorn-20233.exe
2700	Unicorn-31093.exe
2628	Unicorn-24317.exe
2920	Unicorn-28401.exe
2560	Unicorn-39261.exe
2256	Unicorn-63211.exe
2836	Unicorn-16895.exe
3028	Unicorn-14202.exe
2840	Unicorn-33231.exe
1580	Unicorn-57181.exe
2348	Unicorn-46683.exe
3040	Unicorn-20041.exe
1972	Unicorn-20041.exe
1628	Unicorn-30901.exe
2880	Unicorn-4259.exe
1524	Unicorn-28209.exe
2060	Unicorn-58935.exe
1768	Unicorn-12427.exe
2104	Unicorn-58935.exe
2004	Unicorn-49096.exe
2184	Unicorn-33122.exe
1832	Unicorn-30430.exe
680	Unicorn-61156.exe
1788	Unicorn-45375.exe
2620	Unicorn-65240.exe
2244	Unicorn-46766.exe
1720	Unicorn-11955.exe
1800	Unicorn-57627.exe
2828	Unicorn-55681.exe
2852	Unicorn-10009.exe
2652	Unicorn-48904.exe
2616	Unicorn-53564.exe
2900	Unicorn-7056.exe

Loads dropped DLL 64 IoCs

pid	Process
2220	76d794c61af327bffedb63bf2ccdba313b53480442f7c340e42ce8651ce7d09f.exe
2220	76d794c61af327bffedb63bf2ccdba313b53480442f7c340e42ce8651ce7d09f.exe
2352	Unicorn-720.exe
2352	Unicorn-720.exe
2220	76d794c61af327bffedb63bf2ccdba313b53480442f7c340e42ce8651ce7d09f.exe
2220	76d794c61af327bffedb63bf2ccdba313b53480442f7c340e42ce8651ce7d09f.exe
2680	Unicorn-11472.exe
2680	Unicorn-11472.exe
2632	Unicorn-31338.exe
2352	Unicorn-720.exe
2632	Unicorn-31338.exe
2352	Unicorn-720.exe
1252	WerFault.exe
1252	WerFault.exe
1252	WerFault.exe
1252	WerFault.exe
1252	WerFault.exe
2664	Unicorn-58063.exe
2664	Unicorn-58063.exe
2680	Unicorn-11472.exe
2680	Unicorn-11472.exe
2712	Unicorn-42281.exe
2712	Unicorn-42281.exe
2632	Unicorn-31338.exe
2632	Unicorn-31338.exe
1120	Unicorn-62147.exe
1120	Unicorn-62147.exe
1432	WerFault.exe
1432	WerFault.exe
1432	WerFault.exe
1432	WerFault.exe
2904	WerFault.exe
2904	WerFault.exe
2904	WerFault.exe
2904	WerFault.exe
2904	WerFault.exe
1432	WerFault.exe
1652	Unicorn-49101.exe
1652	Unicorn-49101.exe
2664	Unicorn-58063.exe
2664	Unicorn-58063.exe
2288	Unicorn-57269.exe
2288	Unicorn-57269.exe
2712	Unicorn-42281.exe
2712	Unicorn-42281.exe
2916	Unicorn-33319.exe
2916	Unicorn-33319.exe
1916	Unicorn-61353.exe
1916	Unicorn-61353.exe
1660	Unicorn-6677.exe
1120	Unicorn-62147.exe
1660	Unicorn-6677.exe
1120	Unicorn-62147.exe
1840	WerFault.exe
1840	WerFault.exe
1840	WerFault.exe
1840	WerFault.exe
1840	WerFault.exe
2604	WerFault.exe
2604	WerFault.exe
2604	WerFault.exe
2604	WerFault.exe
2604	WerFault.exe
2164	WerFault.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2696	2220	WerFault.exe	27
1252	2352	WerFault.exe	28
1432	2680	WerFault.exe	30
2904	2632	WerFault.exe	29
1840	2664	WerFault.exe	32
2604	2712	WerFault.exe	34
2164	1120	WerFault.exe	33
2948	988	WerFault.exe	49
2296	1652	WerFault.exe	36
1816	2288	WerFault.exe	38
2280	2916	WerFault.exe	37
2404	1916	WerFault.exe	40
2796	1660	WerFault.exe	39
2240	1516	WerFault.exe	43
476	1444	WerFault.exe	44
1496	2028	WerFault.exe	46
580	2092	WerFault.exe	45
632	1724	WerFault.exe	47
1056	1088	WerFault.exe	50
1596	696	WerFault.exe	48
2968	2620	WerFault.exe	103
1512	1636	WerFault.exe	54
1604	2264	WerFault.exe	55
1716	1780	WerFault.exe	56
2944	928	WerFault.exe	57
2820	1036	WerFault.exe	58
1964	2984	WerFault.exe	59
2780	2308	WerFault.exe	60
1732	1760	WerFault.exe	65
3052	2472	WerFault.exe	66
1620	2024	WerFault.exe	61
2036	2440	WerFault.exe	63
2344	2992	WerFault.exe	64
2588	2688	WerFault.exe	150
2844	2496	WerFault.exe	149
3356	2824	WerFault.exe	72
3380	2836	WerFault.exe	78
3396	2920	WerFault.exe	75
3388	2628	WerFault.exe	74
3452	2840	WerFault.exe	80
3516	1580	WerFault.exe	81
3552	1768	WerFault.exe	88
3600	3028	WerFault.exe	79
3592	2348	WerFault.exe	82
3628	2880	WerFault.exe	86
3660	2104	WerFault.exe	89
3700	1628	WerFault.exe	85
3692	1524	WerFault.exe	87
3712	1972	WerFault.exe	84
3888	2060	WerFault.exe	90
3924	3040	WerFault.exe	83
3732	1788	WerFault.exe	102
3876	2184	WerFault.exe	99
3176	1800	WerFault.exe	106
3920	1640	WerFault.exe	125
3960	2172	WerFault.exe	119
3964	1272	WerFault.exe	117
3980	2508	WerFault.exe	121
3084	2500	WerFault.exe	122
3088	2724	WerFault.exe	116
3228	2004	WerFault.exe	98
3524	2560	WerFault.exe	76
4776	680	WerFault.exe	101
4856	1756	WerFault.exe	143

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2220	76d794c61af327bffedb63bf2ccdba313b53480442f7c340e42ce8651ce7d09f.exe
2352	Unicorn-720.exe
2680	Unicorn-11472.exe
2632	Unicorn-31338.exe
2664	Unicorn-58063.exe
1120	Unicorn-62147.exe
2712	Unicorn-42281.exe
1652	Unicorn-49101.exe
2916	Unicorn-33319.exe
2288	Unicorn-57269.exe
1916	Unicorn-61353.exe
1660	Unicorn-6677.exe
1516	Unicorn-6169.exe
1444	Unicorn-55925.exe
2092	Unicorn-53808.exe
2028	Unicorn-38026.exe
1724	Unicorn-57892.exe
696	Unicorn-61976.exe
1088	Unicorn-46195.exe
988	Unicorn-523.exe
1636	Unicorn-33471.exe
2264	Unicorn-52500.exe
1780	Unicorn-37555.exe
928	Unicorn-23165.exe
1036	Unicorn-35609.exe
2984	Unicorn-19827.exe
2308	Unicorn-4882.exe
2992	Unicorn-47861.exe
2024	Unicorn-54638.exe
2472	Unicorn-51945.exe
2440	Unicorn-27995.exe
1760	Unicorn-32079.exe
2824	Unicorn-20233.exe
2700	Unicorn-31093.exe
2628	Unicorn-24317.exe
2920	Unicorn-28401.exe
2560	Unicorn-39261.exe
2836	Unicorn-16895.exe
2256	Unicorn-63211.exe
3028	Unicorn-14202.exe
1580	Unicorn-57181.exe
2840	Unicorn-33231.exe
2348	Unicorn-46683.exe
1628	Unicorn-30901.exe
3040	Unicorn-20041.exe
2880	Unicorn-4259.exe
1972	Unicorn-20041.exe
1524	Unicorn-28209.exe
2060	Unicorn-58935.exe
1768	Unicorn-12427.exe
2104	Unicorn-58935.exe
2004	Unicorn-49096.exe
2184	Unicorn-33122.exe
1832	Unicorn-30430.exe
680	Unicorn-61156.exe
1788	Unicorn-45375.exe
2620	Unicorn-65240.exe
1800	Unicorn-57627.exe
2244	Unicorn-46766.exe
1720	Unicorn-11955.exe
2828	Unicorn-55681.exe
2852	Unicorn-10009.exe
2652	Unicorn-48904.exe
2616	Unicorn-53564.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2220 wrote to memory of 2352	2220	76d794c61af327bffedb63bf2ccdba313b53480442f7c340e42ce8651ce7d09f.exe	28
PID 2220 wrote to memory of 2352	2220	76d794c61af327bffedb63bf2ccdba313b53480442f7c340e42ce8651ce7d09f.exe	28
PID 2220 wrote to memory of 2352	2220	76d794c61af327bffedb63bf2ccdba313b53480442f7c340e42ce8651ce7d09f.exe	28
PID 2220 wrote to memory of 2352	2220	76d794c61af327bffedb63bf2ccdba313b53480442f7c340e42ce8651ce7d09f.exe	28
PID 2352 wrote to memory of 2632	2352	Unicorn-720.exe	29
PID 2352 wrote to memory of 2632	2352	Unicorn-720.exe	29
PID 2352 wrote to memory of 2632	2352	Unicorn-720.exe	29
PID 2352 wrote to memory of 2632	2352	Unicorn-720.exe	29
PID 2220 wrote to memory of 2680	2220	76d794c61af327bffedb63bf2ccdba313b53480442f7c340e42ce8651ce7d09f.exe	30
PID 2220 wrote to memory of 2680	2220	76d794c61af327bffedb63bf2ccdba313b53480442f7c340e42ce8651ce7d09f.exe	30
PID 2220 wrote to memory of 2680	2220	76d794c61af327bffedb63bf2ccdba313b53480442f7c340e42ce8651ce7d09f.exe	30
PID 2220 wrote to memory of 2680	2220	76d794c61af327bffedb63bf2ccdba313b53480442f7c340e42ce8651ce7d09f.exe	30
PID 2220 wrote to memory of 2696	2220	76d794c61af327bffedb63bf2ccdba313b53480442f7c340e42ce8651ce7d09f.exe	31
PID 2220 wrote to memory of 2696	2220	76d794c61af327bffedb63bf2ccdba313b53480442f7c340e42ce8651ce7d09f.exe	31
PID 2220 wrote to memory of 2696	2220	76d794c61af327bffedb63bf2ccdba313b53480442f7c340e42ce8651ce7d09f.exe	31
PID 2220 wrote to memory of 2696	2220	76d794c61af327bffedb63bf2ccdba313b53480442f7c340e42ce8651ce7d09f.exe	31
PID 2680 wrote to memory of 2664	2680	Unicorn-11472.exe	32
PID 2680 wrote to memory of 2664	2680	Unicorn-11472.exe	32
PID 2680 wrote to memory of 2664	2680	Unicorn-11472.exe	32
PID 2680 wrote to memory of 2664	2680	Unicorn-11472.exe	32
PID 2632 wrote to memory of 1120	2632	Unicorn-31338.exe	33
PID 2632 wrote to memory of 1120	2632	Unicorn-31338.exe	33
PID 2632 wrote to memory of 1120	2632	Unicorn-31338.exe	33
PID 2632 wrote to memory of 1120	2632	Unicorn-31338.exe	33
PID 2352 wrote to memory of 2712	2352	Unicorn-720.exe	34
PID 2352 wrote to memory of 2712	2352	Unicorn-720.exe	34
PID 2352 wrote to memory of 2712	2352	Unicorn-720.exe	34
PID 2352 wrote to memory of 2712	2352	Unicorn-720.exe	34
PID 2352 wrote to memory of 1252	2352	Unicorn-720.exe	35
PID 2352 wrote to memory of 1252	2352	Unicorn-720.exe	35
PID 2352 wrote to memory of 1252	2352	Unicorn-720.exe	35
PID 2352 wrote to memory of 1252	2352	Unicorn-720.exe	35
PID 2664 wrote to memory of 1652	2664	Unicorn-58063.exe	36
PID 2664 wrote to memory of 1652	2664	Unicorn-58063.exe	36
PID 2664 wrote to memory of 1652	2664	Unicorn-58063.exe	36
PID 2664 wrote to memory of 1652	2664	Unicorn-58063.exe	36
PID 2680 wrote to memory of 2916	2680	Unicorn-11472.exe	37
PID 2680 wrote to memory of 2916	2680	Unicorn-11472.exe	37
PID 2680 wrote to memory of 2916	2680	Unicorn-11472.exe	37
PID 2680 wrote to memory of 2916	2680	Unicorn-11472.exe	37
PID 2712 wrote to memory of 2288	2712	Unicorn-42281.exe	38
PID 2712 wrote to memory of 2288	2712	Unicorn-42281.exe	38
PID 2712 wrote to memory of 2288	2712	Unicorn-42281.exe	38
PID 2712 wrote to memory of 2288	2712	Unicorn-42281.exe	38
PID 2632 wrote to memory of 1660	2632	Unicorn-31338.exe	39
PID 2632 wrote to memory of 1660	2632	Unicorn-31338.exe	39
PID 2632 wrote to memory of 1660	2632	Unicorn-31338.exe	39
PID 2632 wrote to memory of 1660	2632	Unicorn-31338.exe	39
PID 1120 wrote to memory of 1916	1120	Unicorn-62147.exe	40
PID 1120 wrote to memory of 1916	1120	Unicorn-62147.exe	40
PID 1120 wrote to memory of 1916	1120	Unicorn-62147.exe	40
PID 1120 wrote to memory of 1916	1120	Unicorn-62147.exe	40
PID 2680 wrote to memory of 1432	2680	Unicorn-11472.exe	41
PID 2680 wrote to memory of 1432	2680	Unicorn-11472.exe	41
PID 2680 wrote to memory of 1432	2680	Unicorn-11472.exe	41
PID 2680 wrote to memory of 1432	2680	Unicorn-11472.exe	41
PID 2632 wrote to memory of 2904	2632	Unicorn-31338.exe	42
PID 2632 wrote to memory of 2904	2632	Unicorn-31338.exe	42
PID 2632 wrote to memory of 2904	2632	Unicorn-31338.exe	42
PID 2632 wrote to memory of 2904	2632	Unicorn-31338.exe	42
PID 1652 wrote to memory of 1516	1652	Unicorn-49101.exe	43
PID 1652 wrote to memory of 1516	1652	Unicorn-49101.exe	43
PID 1652 wrote to memory of 1516	1652	Unicorn-49101.exe	43
PID 1652 wrote to memory of 1516	1652	Unicorn-49101.exe	43

C:\Users\Admin\AppData\Local\Temp\76d794c61af327bffedb63bf2ccdba313b53480442f7c340e42ce8651ce7d09f.exe
"C:\Users\Admin\AppData\Local\Temp\76d794c61af327bffedb63bf2ccdba313b53480442f7c340e42ce8651ce7d09f.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2220
- C:\Users\Admin\AppData\Local\Temp\Unicorn-720.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-720.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2352
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31338.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31338.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62147.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62147.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61353.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61976.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51945.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20041.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39174.exe
        9⤵
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31473.exe
        10⤵
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55422.exe
        11⤵
        
        PID:3204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33845.exe
        12⤵
        
        PID:6112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6112 -s 188
        13⤵
        
        PID:6364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3204 -s 216
        12⤵
        
        PID:7588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3048 -s 216
        11⤵
        
        PID:6056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2724 -s 236
        10⤵
        Program crash
        
        PID:3088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15691.exe
        9⤵
        
        PID:1912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35194.exe
        10⤵
        
        PID:4468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1556.exe
        11⤵
        
        PID:5808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65199.exe
        12⤵
        
        PID:9172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29393.exe
        13⤵
        
        PID:11704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59764.exe
        14⤵
        
        PID:8448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9172 -s 236
        13⤵
        
        PID:11788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5808 -s 216
        12⤵
        
        PID:10020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4468 -s 216
        11⤵
        
        PID:7672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1912 -s 236
        10⤵
        
        PID:6140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3040 -s 240
        9⤵
        Program crash
        
        PID:3924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54119.exe
        8⤵
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37695.exe
        9⤵
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10777.exe
        9⤵
        
        PID:3268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25054.exe
        10⤵
        
        PID:4972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61094.exe
        11⤵
        
        PID:8232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8232 -s 200
        12⤵
        
        PID:11348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4972 -s 216
        11⤵
        
        PID:9200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3268 -s 216
        10⤵
        
        PID:6292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2876 -s 220
        9⤵
        
        PID:4112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2472 -s 220
        8⤵
        Program crash
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4259.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39174.exe
        8⤵
        
        PID:1908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5022.exe
        9⤵
        
        PID:3124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50139.exe
        10⤵
        
        PID:4536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12993.exe
        11⤵
        
        PID:4808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13564.exe
        12⤵
        
        PID:7340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22403.exe
        13⤵
        
        PID:11440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17149.exe
        14⤵
        
        PID:14196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7340 -s 236
        13⤵
        
        PID:11920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4808 -s 216
        12⤵
        
        PID:8356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4536 -s 236
        11⤵
        
        PID:6268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3124 -s 216
        10⤵
        
        PID:5116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61431.exe
        9⤵
        
        PID:3752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-103.exe
        10⤵
        
        PID:5236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7062.exe
        11⤵
        
        PID:9208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57270.exe
        12⤵
        
        PID:11616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9208 -s 216
        12⤵
        
        PID:13116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5236 -s 204
        11⤵
        
        PID:9292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3752 -s 216
        10⤵
        
        PID:7204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1908 -s 220
        9⤵
        
        PID:4748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24051.exe
        8⤵
        
        PID:3152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56408.exe
        9⤵
        
        PID:3092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61556.exe
        10⤵
        
        PID:5188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2786.exe
        11⤵
        
        PID:8940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34271.exe
        12⤵
        
        PID:11368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7034.exe
        13⤵
        
        PID:14216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8940 -s 216
        12⤵
        
        PID:11712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5188 -s 216
        11⤵
        
        PID:10004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3092 -s 216
        10⤵
        
        PID:7220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3152 -s 236
        9⤵
        
        PID:5016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2880 -s 220
        8⤵
        Program crash
        
        PID:3628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 696 -s 240
        7⤵
        Program crash
        
        PID:1596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32079.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20041.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20892.exe
        8⤵
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39257.exe
        9⤵
        
        PID:532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53284.exe
        10⤵
        
        PID:4016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57280.exe
        11⤵
        
        PID:5816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49055.exe
        12⤵
        
        PID:9116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7384.exe
        13⤵
        
        PID:12108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14647.exe
        14⤵
        
        PID:9060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9116 -s 220
        13⤵
        
        PID:12924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5816 -s 216
        12⤵
        
        PID:9452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4016 -s 216
        11⤵
        
        PID:7524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 532 -s 216
        10⤵
        
        PID:5868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1640 -s 216
        9⤵
        Program crash
        
        PID:3920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1972 -s 236
        8⤵
        Program crash
        
        PID:3712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39920.exe
        7⤵
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31473.exe
        8⤵
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50570.exe
        9⤵
        
        PID:3544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34181.exe
        10⤵
        
        PID:6816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13580.exe
        11⤵
        
        PID:10200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35213.exe
        12⤵
        
        PID:12952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10200 -s 216
        12⤵
        
        PID:13504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6816 -s 216
        11⤵
        
        PID:10292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3544 -s 216
        10⤵
        
        PID:7980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2356 -s 236
        9⤵
        
        PID:5136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4062.exe
        8⤵
        
        PID:3856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2241.exe
        9⤵
        
        PID:5424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65007.exe
        10⤵
        
        PID:8456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-539.exe
        11⤵
        
        PID:11432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8456 -s 220
        11⤵
        
        PID:6916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5424 -s 216
        10⤵
        
        PID:9648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3856 -s 216
        9⤵
        
        PID:7436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2960 -s 240
        8⤵
        
        PID:5192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1760 -s 240
        7⤵
        Program crash
        
        PID:1732
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1916 -s 240
        6⤵
        Program crash
        
        PID:2404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46195.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47861.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58935.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47342.exe
        8⤵
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62993.exe
        9⤵
        
        PID:3240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5510.exe
        10⤵
        
        PID:4480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28531.exe
        11⤵
        
        PID:8172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28817.exe
        12⤵
        
        PID:11608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26708.exe
        13⤵
        
        PID:8004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8172 -s 236
        12⤵
        
        PID:12104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4480 -s 216
        11⤵
        
        PID:8464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3240 -s 216
        10⤵
        
        PID:7152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2232 -s 216
        9⤵
        
        PID:4964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25997.exe
        8⤵
        
        PID:2492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61836.exe
        9⤵
        
        PID:4428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26637.exe
        10⤵
        
        PID:6176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43108.exe
        11⤵
        
        PID:7532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46279.exe
        12⤵
        
        PID:12148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7532 -s 216
        12⤵
        
        PID:12780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6176 -s 220
        11⤵
        
        PID:10672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4428 -s 216
        10⤵
        
        PID:7996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2492 -s 236
        9⤵
        
        PID:5156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2060 -s 240
        8⤵
        Program crash
        
        PID:3888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58203.exe
        7⤵
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19221.exe
        8⤵
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57752.exe
        9⤵
        
        PID:4412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31489.exe
        10⤵
        
        PID:6848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3274.exe
        11⤵
        
        PID:9224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20247.exe
        12⤵
        
        PID:12912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9224 -s 216
        12⤵
        
        PID:13464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6848 -s 216
        11⤵
        
        PID:10476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4412 -s 220
        10⤵
        
        PID:8168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2260 -s 216
        9⤵
        
        PID:5160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2500 -s 236
        8⤵
        Program crash
        
        PID:3084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2992 -s 240
        7⤵
        Program crash
        
        PID:2344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12427.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53564.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39257.exe
        8⤵
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9537.exe
        9⤵
        
        PID:3984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32236.exe
        10⤵
        
        PID:5360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27976.exe
        11⤵
        
        PID:8712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40467.exe
        12⤵
        
        PID:11996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8712 -s 216
        12⤵
        
        PID:12664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5360 -s 216
        11⤵
        
        PID:9708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3984 -s 216
        10⤵
        
        PID:6960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2136 -s 216
        9⤵
        
        PID:4600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9900.exe
        8⤵
        
        PID:3160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40835.exe
        9⤵
        
        PID:5996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14820.exe
        10⤵
        
        PID:8832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50363.exe
        11⤵
        
        PID:12160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8832 -s 220
        11⤵
        
        PID:12940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5996 -s 216
        10⤵
        
        PID:10484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3160 -s 216
        9⤵
        
        PID:7940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2616 -s 220
        8⤵
        
        PID:5288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58286.exe
        7⤵
        
        PID:2940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46294.exe
        8⤵
        
        PID:3576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6133.exe
        9⤵
        
        PID:5528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1416.exe
        10⤵
        
        PID:8312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48718.exe
        11⤵
        
        PID:11484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8020.exe
        12⤵
        
        PID:13964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8312 -s 216
        11⤵
        
        PID:13084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5528 -s 216
        10⤵
        
        PID:2684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3576 -s 216
        9⤵
        
        PID:7452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2940 -s 236
        8⤵
        
        PID:5556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1768 -s 240
        7⤵
        Program crash
        
        PID:3552
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1088 -s 240
        6⤵
        Program crash
        
        PID:1056
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1120 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:2164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6677.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6677.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-523.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:988
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 988 -s 240
        6⤵
        Program crash
        
        PID:2948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27995.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58935.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8447.exe
        7⤵
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28951.exe
        8⤵
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53284.exe
        9⤵
        
        PID:4040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26206.exe
        10⤵
        
        PID:5904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10954.exe
        11⤵
        
        PID:8968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24851.exe
        12⤵
        
        PID:12280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55104.exe
        13⤵
        
        PID:7432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8968 -s 220
        12⤵
        
        PID:12960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5904 -s 216
        11⤵
        
        PID:10012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4040 -s 216
        10⤵
        
        PID:6840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2708 -s 216
        9⤵
        
        PID:4460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2172 -s 236
        8⤵
        Program crash
        
        PID:3960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52640.exe
        7⤵
        
        PID:868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34042.exe
        8⤵
        
        PID:3344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53040.exe
        9⤵
        
        PID:5648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20969.exe
        9⤵
        
        PID:5412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43108.exe
        10⤵
        
        PID:8384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50747.exe
        11⤵
        
        PID:11720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8384 -s 216
        11⤵
        
        PID:12448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5412 -s 220
        10⤵
        
        PID:10664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3344 -s 220
        9⤵
        
        PID:7956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 868 -s 216
        8⤵
        
        PID:4836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2104 -s 240
        7⤵
        Program crash
        
        PID:3660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58203.exe
        6⤵
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6968.exe
        7⤵
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39531.exe
        8⤵
        
        PID:5088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19320.exe
        9⤵
        
        PID:6336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12376.exe
        10⤵
        
        PID:10928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50729.exe
        11⤵
        
        PID:13420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10928 -s 216
        11⤵
        
        PID:13664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6336 -s 216
        10⤵
        
        PID:11552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5088 -s 216
        9⤵
        
        PID:8436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2464 -s 216
        8⤵
        
        PID:6676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2508 -s 216
        7⤵
        Program crash
        
        PID:3980
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2440 -s 220
        6⤵
        Program crash
        
        PID:2036
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1660 -s 240
        5⤵
        Program crash
        
        PID:2796
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2632 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:2904
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42281.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42281.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57269.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57269.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53808.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35609.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14202.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61732.exe
        8⤵
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5022.exe
        9⤵
        
        PID:3116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40264.exe
        10⤵
        
        PID:4028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50134.exe
        11⤵
        
        PID:5072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8925.exe
        12⤵
        
        PID:8496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48059.exe
        13⤵
        
        PID:11924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8496 -s 236
        13⤵
        
        PID:12404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5072 -s 216
        12⤵
        
        PID:9552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4028 -s 216
        11⤵
        
        PID:6548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3116 -s 216
        10⤵
        
        PID:4376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13984.exe
        9⤵
        
        PID:3260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34722.exe
        10⤵
        
        PID:5940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22413.exe
        11⤵
        
        PID:9076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9076 -s 212
        12⤵
        
        PID:11656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5940 -s 216
        11⤵
        
        PID:9136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3260 -s 216
        10⤵
        
        PID:7564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2860 -s 240
        9⤵
        
        PID:5376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54778.exe
        8⤵
        
        PID:3188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44156.exe
        9⤵
        
        PID:4064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26398.exe
        10⤵
        
        PID:5672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27291.exe
        11⤵
        
        PID:9016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31614.exe
        12⤵
        
        PID:12164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9016 -s 216
        12⤵
        
        PID:12772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5672 -s 216
        11⤵
        
        PID:10028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4064 -s 216
        10⤵
        
        PID:6348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3188 -s 216
        9⤵
        
        PID:4696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3028 -s 220
        8⤵
        Program crash
        
        PID:3600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1036 -s 236
        7⤵
        Program crash
        
        PID:2820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33231.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10009.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24867.exe
        8⤵
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60684.exe
        9⤵
        
        PID:3316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30098.exe
        10⤵
        
        PID:5176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21754.exe
        11⤵
        
        PID:8596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46497.exe
        12⤵
        
        PID:11956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8596 -s 236
        12⤵
        
        PID:12476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5176 -s 216
        11⤵
        
        PID:9620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3316 -s 236
        10⤵
        
        PID:6784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1764 -s 216
        9⤵
        
        PID:4544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30704.exe
        8⤵
        
        PID:3548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61556.exe
        9⤵
        
        PID:5208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1312.exe
        10⤵
        
        PID:7280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36553.exe
        11⤵
        
        PID:11880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18628.exe
        12⤵
        
        PID:13792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7280 -s 216
        11⤵
        
        PID:12364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5208 -s 236
        10⤵
        
        PID:8224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3548 -s 216
        9⤵
        
        PID:6540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2852 -s 240
        8⤵
        
        PID:4280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9085.exe
        7⤵
        
        PID:2524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44156.exe
        8⤵
        
        PID:4068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42350.exe
        9⤵
        
        PID:5240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19808.exe
        10⤵
        
        PID:8616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4395.exe
        11⤵
        
        PID:12120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18628.exe
        12⤵
        
        PID:13800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8616 -s 220
        11⤵
        
        PID:12680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5240 -s 216
        10⤵
        
        PID:9672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4068 -s 236
        9⤵
        
        PID:6832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2524 -s 236
        8⤵
        
        PID:4568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2840 -s 240
        7⤵
        Program crash
        
        PID:3452
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2092 -s 240
        6⤵
        Program crash
        
        PID:580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19827.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57181.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48904.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23305.exe
        8⤵
        
        PID:756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2884.exe
        9⤵
        
        PID:4704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23705.exe
        10⤵
        
        PID:6948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26601.exe
        11⤵
        
        PID:9260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26744.exe
        12⤵
        
        PID:13256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9260 -s 216
        12⤵
        
        PID:13572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6948 -s 216
        11⤵
        
        PID:11092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4704 -s 236
        10⤵
        
        PID:8280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 756 -s 216
        9⤵
        
        PID:5260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44711.exe
        8⤵
        
        PID:3280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22553.exe
        9⤵
        
        PID:5144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4405.exe
        10⤵
        
        PID:8288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47239.exe
        11⤵
        
        PID:11728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8288 -s 220
        11⤵
        
        PID:12468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5144 -s 216
        10⤵
        
        PID:10580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3280 -s 216
        9⤵
        
        PID:7972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2652 -s 240
        8⤵
        
        PID:5612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11607.exe
        7⤵
        
        PID:3044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38126.exe
        8⤵
        
        PID:3480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8463.exe
        9⤵
        
        PID:5368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52179.exe
        10⤵
        
        PID:9180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43591.exe
        11⤵
        
        PID:11752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14647.exe
        12⤵
        
        PID:9108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9180 -s 236
        11⤵
        
        PID:12292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5368 -s 216
        10⤵
        
        PID:8676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3480 -s 216
        9⤵
        
        PID:7312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3044 -s 236
        8⤵
        
        PID:4176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1580 -s 240
        7⤵
        Program crash
        
        PID:3516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7056.exe
        6⤵
        Executes dropped EXE
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-170.exe
        7⤵
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58546.exe
        8⤵
        
        PID:3932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24452.exe
        9⤵
        
        PID:5840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3855.exe
        10⤵
        
        PID:8904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31614.exe
        11⤵
        
        PID:12176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20574.exe
        12⤵
        
        PID:13752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 12176 -s 216
        12⤵
        
        PID:13672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8904 -s 216
        11⤵
        
        PID:12752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5840 -s 216
        10⤵
        
        PID:9904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3932 -s 216
        9⤵
        
        PID:6432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2100 -s 236
        8⤵
        
        PID:4332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46849.exe
        7⤵
        
        PID:3996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5593.exe
        8⤵
        
        PID:5404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44120.exe
        9⤵
        
        PID:8748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53357.exe
        10⤵
        
        PID:11448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8748 -s 216
        10⤵
        
        PID:13040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5404 -s 220
        9⤵
        
        PID:9816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3996 -s 216
        8⤵
        
        PID:6964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2900 -s 220
        7⤵
        
        PID:4612
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2984 -s 240
        6⤵
        Program crash
        
        PID:1964
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2288 -s 240
        5⤵
        Program crash
        
        PID:1816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38026.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38026.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23165.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63211.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61156.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37311.exe
        8⤵
        
        PID:564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11592.exe
        9⤵
        
        PID:3076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10113.exe
        10⤵
        
        PID:4268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40835.exe
        11⤵
        
        PID:1956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41354.exe
        12⤵
        
        PID:8492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19087.exe
        13⤵
        
        PID:11644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10755.exe
        14⤵
        
        PID:8684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8492 -s 236
        13⤵
        
        PID:11364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1956 -s 216
        12⤵
        
        PID:10640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4268 -s 216
        11⤵
        
        PID:7948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3076 -s 216
        10⤵
        
        PID:5888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37886.exe
        9⤵
        
        PID:4400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38889.exe
        10⤵
        
        PID:6252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6252 -s 212
        11⤵
        
        PID:9420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4400 -s 216
        10⤵
        
        PID:8016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 564 -s 240
        9⤵
        
        PID:5788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61348.exe
        8⤵
        
        PID:3140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57259.exe
        9⤵
        
        PID:5008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2215.exe
        10⤵
        
        PID:6164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38552.exe
        11⤵
        
        PID:10424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35296.exe
        12⤵
        
        PID:5504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29448.exe
        13⤵
        
        PID:7408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10424 -s 236
        12⤵
        
        PID:13592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6164 -s 216
        11⤵
        
        PID:11276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5008 -s 216
        10⤵
        
        PID:8428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3140 -s 236
        9⤵
        
        PID:6552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 680 -s 220
        8⤵
        Program crash
        
        PID:4776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33781.exe
        7⤵
        
        PID:2496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2496 -s 200
        8⤵
        Program crash
        
        PID:2844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2256 -s 240
        7⤵
        
        PID:4984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45375.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47041.exe
        7⤵
        
        PID:1756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1670.exe
        8⤵
        
        PID:3788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39531.exe
        9⤵
        
        PID:5080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46673.exe
        10⤵
        
        PID:5344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64021.exe
        11⤵
        
        PID:8696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50363.exe
        12⤵
        
        PID:12212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8696 -s 216
        12⤵
        
        PID:5448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5344 -s 220
        11⤵
        
        PID:10452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5080 -s 216
        10⤵
        
        PID:7796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3788 -s 216
        9⤵
        
        PID:5916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1756 -s 236
        8⤵
        Program crash
        
        PID:4856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51426.exe
        7⤵
        
        PID:3828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30534.exe
        8⤵
        
        PID:3880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46673.exe
        9⤵
        
        PID:5296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64021.exe
        10⤵
        
        PID:8744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9906.exe
        11⤵
        
        PID:11420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8744 -s 216
        11⤵
        
        PID:12972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5296 -s 216
        10⤵
        
        PID:10460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3880 -s 216
        9⤵
        
        PID:7780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3828 -s 216
        8⤵
        
        PID:5724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1788 -s 240
        7⤵
        Program crash
        
        PID:3732
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 928 -s 240
        6⤵
        Program crash
        
        PID:2944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16895.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46766.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-170.exe
        7⤵
        
        PID:1436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44732.exe
        8⤵
        
        PID:3504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-933.exe
        9⤵
        
        PID:5048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33622.exe
        10⤵
        
        PID:8552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61956.exe
        11⤵
        
        PID:12016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8552 -s 216
        11⤵
        
        PID:12552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5048 -s 216
        10⤵
        
        PID:9576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3504 -s 236
        9⤵
        
        PID:6708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1436 -s 236
        8⤵
        
        PID:4444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22728.exe
        7⤵
        
        PID:3784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35936.exe
        8⤵
        
        PID:4648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28962.exe
        9⤵
        
        PID:8388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46523.exe
        10⤵
        
        PID:11400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17149.exe
        11⤵
        
        PID:14188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8388 -s 216
        10⤵
        
        PID:11812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4648 -s 216
        9⤵
        
        PID:9368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3784 -s 216
        8⤵
        
        PID:6448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2244 -s 220
        7⤵
        
        PID:4252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58286.exe
        6⤵
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60684.exe
        7⤵
        
        PID:3328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26746.exe
        8⤵
        
        PID:6128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9008.exe
        9⤵
        
        PID:9152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16565.exe
        10⤵
        
        PID:11576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20486.exe
        11⤵
        
        PID:7700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9152 -s 236
        10⤵
        
        PID:11940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6128 -s 216
        9⤵
        
        PID:9416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3328 -s 216
        8⤵
        
        PID:7196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2736 -s 216
        7⤵
        
        PID:4996
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2836 -s 220
        6⤵
        Program crash
        
        PID:3380
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2028 -s 240
        5⤵
        Program crash
        
        PID:1496
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2712 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:2604
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2352 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:1252
- C:\Users\Admin\AppData\Local\Temp\Unicorn-11472.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-11472.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2680
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58063.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58063.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49101.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49101.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6169.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33471.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20233.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49096.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14176.exe
        9⤵
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9262.exe
        10⤵
        
        PID:3484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65344.exe
        11⤵
        
        PID:3184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11670.exe
        12⤵
        
        PID:5204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60731.exe
        13⤵
        
        PID:8772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50856.exe
        14⤵
        
        PID:11772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6567.exe
        15⤵
        
        PID:13876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8772 -s 216
        14⤵
        
        PID:13296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5204 -s 220
        13⤵
        
        PID:1492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3184 -s 216
        12⤵
        
        PID:7920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3484 -s 216
        11⤵
        
        PID:5700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27196.exe
        10⤵
        
        PID:3676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16284.exe
        11⤵
        
        PID:5800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61032.exe
        12⤵
        
        PID:8876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39782.exe
        13⤵
        
        PID:12192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8876 -s 216
        13⤵
        
        PID:12764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5800 -s 216
        12⤵
        
        PID:9872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3676 -s 216
        11⤵
        
        PID:6412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2572 -s 240
        10⤵
        
        PID:4292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36459.exe
        9⤵
        
        PID:3528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33248.exe
        10⤵
        
        PID:4616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39190.exe
        11⤵
        
        PID:5304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1416.exe
        12⤵
        
        PID:8328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57270.exe
        13⤵
        
        PID:11572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8328 -s 216
        13⤵
        
        PID:13148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5304 -s 216
        12⤵
        
        PID:9496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4616 -s 216
        11⤵
        
        PID:7252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3528 -s 236
        10⤵
        
        PID:4716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2004 -s 240
        9⤵
        Program crash
        
        PID:3228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29121.exe
        8⤵
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63123.exe
        9⤵
        
        PID:3760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65344.exe
        10⤵
        
        PID:4032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57747.exe
        11⤵
        
        PID:6508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12573.exe
        12⤵
        
        PID:8404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64945.exe
        13⤵
        
        PID:11596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8404 -s 216
        13⤵
        
        PID:2364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6508 -s 216
        12⤵
        
        PID:10600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4032 -s 216
        11⤵
        
        PID:7364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3760 -s 236
        10⤵
        
        PID:5984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27196.exe
        9⤵
        
        PID:3740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10663.exe
        10⤵
        
        PID:5104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43160.exe
        11⤵
        
        PID:8292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31723.exe
        12⤵
        
        PID:11852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8292 -s 236
        12⤵
        
        PID:11936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5104 -s 216
        11⤵
        
        PID:8828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3740 -s 216
        10⤵
        
        PID:6332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2744 -s 240
        9⤵
        
        PID:4192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2824 -s 240
        8⤵
        Program crash
        
        PID:3356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33122.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46766.exe
        8⤵
        
        PID:3460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59314.exe
        9⤵
        
        PID:3276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31489.exe
        10⤵
        
        PID:6856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26305.exe
        11⤵
        
        PID:9024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4369.exe
        12⤵
        
        PID:11976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9024 -s 216
        12⤵
        
        PID:12652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6856 -s 216
        11⤵
        
        PID:9808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3276 -s 220
        10⤵
        
        PID:8120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3460 -s 216
        9⤵
        
        PID:4816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2184 -s 216
        8⤵
        Program crash
        
        PID:3876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1636 -s 240
        7⤵
        Program crash
        
        PID:1512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31093.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30430.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14752.exe
        8⤵
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30067.exe
        9⤵
        
        PID:4008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30534.exe
        10⤵
        
        PID:3836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32859.exe
        11⤵
        
        PID:6688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10710.exe
        12⤵
        
        PID:9688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37953.exe
        13⤵
        
        PID:12436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16189.exe
        14⤵
        
        PID:13992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9688 -s 220
        13⤵
        
        PID:13372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6688 -s 216
        12⤵
        
        PID:11060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3836 -s 216
        11⤵
        
        PID:7400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4008 -s 216
        10⤵
        
        PID:5736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27196.exe
        9⤵
        
        PID:3292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63154.exe
        10⤵
        
        PID:5988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31759.exe
        11⤵
        
        PID:9080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55843.exe
        12⤵
        
        PID:11792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9080 -s 236
        12⤵
        
        PID:12300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5988 -s 220
        11⤵
        
        PID:10164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3292 -s 236
        10⤵
        
        PID:5644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2416 -s 240
        9⤵
        
        PID:4592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14285.exe
        8⤵
        
        PID:4048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31577.exe
        9⤵
        
        PID:4264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17649.exe
        10⤵
        
        PID:7384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12288.exe
        11⤵
        
        PID:11476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51767.exe
        12⤵
        
        PID:14272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7384 -s 216
        11⤵
        
        PID:11988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4264 -s 236
        10⤵
        
        PID:8396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4048 -s 216
        9⤵
        
        PID:6972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1832 -s 240
        8⤵
        
        PID:4884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33781.exe
        7⤵
        
        PID:2688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2688 -s 200
        8⤵
        Program crash
        
        PID:2588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2700 -s 240
        7⤵
        
        PID:5032
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1516 -s 240
        6⤵
        Program crash
        
        PID:2240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52500.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24317.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10647.exe
        7⤵
        
        PID:1844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18007.exe
        8⤵
        
        PID:3940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40840.exe
        9⤵
        
        PID:4304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27300.exe
        10⤵
        
        PID:6008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26497.exe
        11⤵
        
        PID:8920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55132.exe
        12⤵
        
        PID:11824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8920 -s 216
        12⤵
        
        PID:12528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6008 -s 216
        11⤵
        
        PID:9464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4304 -s 216
        10⤵
        
        PID:7580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3940 -s 236
        9⤵
        
        PID:4700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37886.exe
        8⤵
        
        PID:4392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49112.exe
        9⤵
        
        PID:5652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51001.exe
        10⤵
        
        PID:1060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57270.exe
        11⤵
        
        PID:11620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1060 -s 216
        11⤵
        
        PID:13156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5652 -s 216
        10⤵
        
        PID:10088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4392 -s 216
        9⤵
        
        PID:7460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1844 -s 240
        8⤵
        
        PID:5540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2628 -s 236
        7⤵
        Program crash
        
        PID:3388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57627.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24483.exe
        7⤵
        
        PID:1376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52817.exe
        8⤵
        
        PID:3912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22942.exe
        9⤵
        
        PID:4344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19984.exe
        10⤵
        
        PID:5308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42811.exe
        11⤵
        
        PID:8540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52610.exe
        12⤵
        
        PID:11548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45846.exe
        13⤵
        
        PID:13848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8540 -s 216
        12⤵
        
        PID:13140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5308 -s 216
        11⤵
        
        PID:9680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4344 -s 216
        10⤵
        
        PID:6872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3912 -s 236
        9⤵
        
        PID:4732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46055.exe
        8⤵
        
        PID:4484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23492.exe
        9⤵
        
        PID:4492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60072.exe
        10⤵
        
        PID:8524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8524 -s 188
        11⤵
        
        PID:9120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4492 -s 216
        10⤵
        
        PID:9568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4484 -s 216
        9⤵
        
        PID:6704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1376 -s 240
        8⤵
        
        PID:4420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2225.exe
        7⤵
        
        PID:3968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22942.exe
        8⤵
        
        PID:4336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54602.exe
        9⤵
        
        PID:5576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38090.exe
        10⤵
        
        PID:8804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2257.exe
        11⤵
        
        PID:12096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8804 -s 216
        11⤵
        
        PID:12604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5576 -s 220
        10⤵
        
        PID:9736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4336 -s 236
        9⤵
        
        PID:6196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3968 -s 216
        8⤵
        
        PID:4740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1800 -s 240
        7⤵
        Program crash
        
        PID:3176
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2264 -s 240
        6⤵
        Program crash
        
        PID:1604
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1652 -s 240
        5⤵
        Program crash
        
        PID:2296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55925.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55925.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37555.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28401.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11955.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24483.exe
        8⤵
        
        PID:272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7508.exe
        9⤵
        
        PID:4076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36756.exe
        10⤵
        
        PID:4232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4270.exe
        11⤵
        
        PID:6764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25293.exe
        12⤵
        
        PID:10092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8152.exe
        13⤵
        
        PID:12264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18628.exe
        14⤵
        
        PID:13808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10092 -s 220
        13⤵
        
        PID:6924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6764 -s 216
        12⤵
        
        PID:11236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4232 -s 216
        11⤵
        
        PID:7192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4076 -s 216
        10⤵
        
        PID:5852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7160.exe
        9⤵
        
        PID:4364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53040.exe
        10⤵
        
        PID:5656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41681.exe
        11⤵
        
        PID:8948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64094.exe
        12⤵
        
        PID:12228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8948 -s 216
        12⤵
        
        PID:12848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5656 -s 216
        11⤵
        
        PID:10040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4364 -s 236
        10⤵
        
        PID:6344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 272 -s 240
        9⤵
        
        PID:4796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61348.exe
        8⤵
        
        PID:3132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9018.exe
        9⤵
        
        PID:4320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5588.exe
        10⤵
        
        PID:7880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26871.exe
        11⤵
        
        PID:11528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7657.exe
        12⤵
        
        PID:7620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7880 -s 216
        11⤵
        
        PID:11768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4320 -s 236
        10⤵
        
        PID:8996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3132 -s 236
        9⤵
        
        PID:7016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1720 -s 220
        8⤵
        
        PID:4892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17445.exe
        7⤵
        
        PID:912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48733.exe
        8⤵
        
        PID:3864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59314.exe
        9⤵
        
        PID:3956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40596.exe
        10⤵
        
        PID:6048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58702.exe
        11⤵
        
        PID:8664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40467.exe
        12⤵
        
        PID:12004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8664 -s 216
        12⤵
        
        PID:12544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6048 -s 216
        11⤵
        
        PID:9784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3956 -s 216
        10⤵
        
        PID:7176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3864 -s 236
        9⤵
        
        PID:4820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12806.exe
        8⤵
        
        PID:4180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38889.exe
        9⤵
        
        PID:6244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61582.exe
        10⤵
        
        PID:8732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24489.exe
        11⤵
        
        PID:11544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8732 -s 236
        11⤵
        
        PID:2656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6244 -s 216
        10⤵
        
        PID:10796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4180 -s 216
        9⤵
        
        PID:8024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 912 -s 240
        8⤵
        
        PID:5632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2920 -s 240
        7⤵
        Program crash
        
        PID:3396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55681.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27389.exe
        7⤵
        
        PID:2068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64576.exe
        8⤵
        
        PID:3900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49112.exe
        9⤵
        
        PID:5680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30005.exe
        10⤵
        
        PID:8724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12153.exe
        11⤵
        
        PID:11668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43407.exe
        12⤵
        
        PID:14072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8724 -s 216
        11⤵
        
        PID:13188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5680 -s 220
        10⤵
        
        PID:9952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3900 -s 216
        9⤵
        
        PID:7500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2068 -s 236
        8⤵
        
        PID:5516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30512.exe
        7⤵
        
        PID:3616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20223.exe
        8⤵
        
        PID:6312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61582.exe
        9⤵
        
        PID:8888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40633.exe
        10⤵
        
        PID:12248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24741.exe
        11⤵
        
        PID:14144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8888 -s 216
        10⤵
        
        PID:13168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6312 -s 216
        9⤵
        
        PID:10788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3616 -s 216
        8⤵
        
        PID:8084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2828 -s 220
        7⤵
        
        PID:5456
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1780 -s 240
        6⤵
        Program crash
        
        PID:1716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39261.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65240.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2620 -s 200
        7⤵
        Program crash
        
        PID:2968
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2560 -s 236
        6⤵
        Program crash
        
        PID:3524
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1444 -s 240
        5⤵
        Program crash
        
        PID:476
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2664 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1840
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33319.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33319.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57892.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57892.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4882.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46683.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35090.exe
        7⤵
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27389.exe
        8⤵
        
        PID:2436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44156.exe
        9⤵
        
        PID:4060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49112.exe
        10⤵
        
        PID:5776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55085.exe
        11⤵
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1079.exe
        12⤵
        
        PID:11412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3016 -s 216
        12⤵
        
        PID:13028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5776 -s 216
        11⤵
        
        PID:10104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4060 -s 216
        10⤵
        
        PID:7508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2436 -s 216
        9⤵
        
        PID:5212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13984.exe
        8⤵
        
        PID:3256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17654.exe
        9⤵
        
        PID:5432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20253.exe
        10⤵
        
        PID:8612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35615.exe
        11⤵
        
        PID:11672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27995.exe
        12⤵
        
        PID:13428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8612 -s 236
        11⤵
        
        PID:11944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5432 -s 216
        10⤵
        
        PID:9744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3256 -s 236
        9⤵
        
        PID:7012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1976 -s 220
        8⤵
        
        PID:4636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15691.exe
        7⤵
        
        PID:1956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25442.exe
        8⤵
        
        PID:4672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20175.exe
        9⤵
        
        PID:6984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38661.exe
        10⤵
        
        PID:10244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62532.exe
        11⤵
        
        PID:11376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10244 -s 216
        11⤵
        
        PID:13020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6984 -s 216
        10⤵
        
        PID:1344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4672 -s 220
        9⤵
        
        PID:8320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2348 -s 240
        7⤵
        Program crash
        
        PID:3592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23392.exe
        6⤵
        
        PID:1272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37695.exe
        7⤵
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46055.exe
        8⤵
        
        PID:4524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15790.exe
        9⤵
        
        PID:6396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31043.exe
        10⤵
        
        PID:11096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24471.exe
        11⤵
        
        PID:13480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11096 -s 216
        11⤵
        
        PID:13692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6396 -s 216
        10⤵
        
        PID:11828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4524 -s 220
        9⤵
        
        PID:8468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2596 -s 216
        8⤵
        
        PID:5356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1272 -s 216
        7⤵
        Program crash
        
        PID:3964
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2308 -s 240
        6⤵
        Program crash
        
        PID:2780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30901.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16616.exe
        6⤵
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35557.exe
        7⤵
        
        PID:2716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1177.exe
        8⤵
        
        PID:4036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56740.exe
        9⤵
        
        PID:5148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21754.exe
        10⤵
        
        PID:8588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2257.exe
        11⤵
        
        PID:12088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8588 -s 216
        11⤵
        
        PID:12596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4036 -s 216
        9⤵
        
        PID:6772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24866.exe
        7⤵
        
        PID:3288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30529.exe
        8⤵
        
        PID:6436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41546.exe
        9⤵
        
        PID:9396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47239.exe
        10⤵
        
        PID:4956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9396 -s 220
        10⤵
        
        PID:13072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6436 -s 216
        9⤵
        
        PID:10840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3288 -s 220
        8⤵
        
        PID:8140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2512 -s 240
        7⤵
        
        PID:5564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50694.exe
        6⤵
        
        PID:3104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50378.exe
        7⤵
        
        PID:3808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18085.exe
        8⤵
        
        PID:6376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13943.exe
        9⤵
        
        PID:8836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46772.exe
        10⤵
        
        PID:11760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8836 -s 216
        10⤵
        
        PID:13284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6376 -s 220
        9⤵
        
        PID:10468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3808 -s 220
        8⤵
        
        PID:8128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3104 -s 236
        7⤵
        
        PID:5604
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1628 -s 240
        6⤵
        Program crash
        
        PID:3700
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1724 -s 240
        5⤵
        Program crash
        
        PID:632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54638.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54638.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28209.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16616.exe
        6⤵
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39257.exe
        7⤵
        
        PID:1784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29766.exe
        8⤵
        
        PID:3212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6963.exe
        9⤵
        
        PID:6732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64379.exe
        10⤵
        
        PID:9972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62841.exe
        11⤵
        
        PID:12624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10158.exe
        12⤵
        
        PID:14036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9972 -s 236
        11⤵
        
        PID:13388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6732 -s 216
        10⤵
        
        PID:11196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3212 -s 216
        9⤵
        
        PID:7488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1784 -s 236
        8⤵
        
        PID:5280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26428.exe
        7⤵
        
        PID:3412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42973.exe
        8⤵
        
        PID:6272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47768.exe
        9⤵
        
        PID:9248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22159.exe
        10⤵
        
        PID:11472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9248 -s 204
        10⤵
        
        PID:13240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6272 -s 204
        9⤵
        
        PID:10824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3412 -s 216
        8⤵
        
        PID:8032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2456 -s 240
        7⤵
        
        PID:5684
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1524 -s 236
        6⤵
        Program crash
        
        PID:3692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1026.exe
        5⤵
        
        PID:812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11052.exe
        6⤵
        
        PID:1152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38126.exe
        7⤵
        
        PID:3496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50181.exe
        8⤵
        
        PID:5416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19808.exe
        9⤵
        
        PID:8624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63710.exe
        10⤵
        
        PID:12052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8624 -s 216
        10⤵
        
        PID:12588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5416 -s 216
        9⤵
        
        PID:9664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3496 -s 216
        8⤵
        
        PID:7688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1152 -s 216
        7⤵
        
        PID:4360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34788.exe
        6⤵
        
        PID:3800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32283.exe
        7⤵
        
        PID:5864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57031.exe
        8⤵
        
        PID:9040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59216.exe
        9⤵
        
        PID:11900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9040 -s 216
        9⤵
        
        PID:12632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5864 -s 216
        8⤵
        
        PID:5152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3800 -s 216
        7⤵
        
        PID:7680
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 812 -s 240
        6⤵
        
        PID:5124
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2024 -s 240
        5⤵
        Program crash
        
        PID:1620
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2916 -s 240
      4⤵
      Program crash
      PID:2280
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2680 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:1432
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2220 -s 240
  2⤵
  - Program crash
  PID:2696

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-2225.exe

Filesize
184KB

MD5
4ab6d0186490ba97a118bc4716554319

SHA1
e71817b97714bfc8092c00d401beee93a421677d

SHA256
bfd4da9fbf9874c41add74ce93e1f141e7419d6f4a9ace49660f47c6af5bc3fb

SHA512
1819dc310a38a865c13adbfacbba03fe12c9471d829719737db76a0653a5fab3fac83911f3cfeac0706b0456739961be7adb95a2da339296cc500a7561a52f3b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2241.exe

Filesize
184KB

MD5
47c33da3cd5594341afd33679ed15930

SHA1
8883c25869bfc0ccf7c53d15441954d00cb473c8

SHA256
e92a8046a0c09595a37d45a6a9c1278a31912b490fa6eab298f89f6d326aa251

SHA512
163959823a1e15bda5f7074f3f2ca0c2140a90699ad6ed575b02488cb14ce646eecd17f8c84f82cc13dca7457f2aeeb3bd3fac0852a8e97bb8a6347df6cacaae

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32859.exe

Filesize
184KB

MD5
d6ffabbd488c1c63060526087e62c0ca

SHA1
7f5bba6543db591424c0f51e817c64df76c0dc15

SHA256
0e9b84a4703f8eed7e3b417e05796f5459cbc4553c2e7b8b6c100d9c338e698f

SHA512
5c05a5470f122591ab3b0045b79771dfb03b53456df69aa6577f0eda1d35573e097abc594a6bf0fd69e4df13223a74b3143debe127b9c03e4e96d517e4ce571a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33248.exe

Filesize
184KB

MD5
8b7065617e9e4b0e9d2214f793f31966

SHA1
310523dbdbdf9e5566ca330a4a0c1915fbef4b04

SHA256
ba2488fff5d18e4c49bb15e317e1d89b0970a3bd0edc643721365dbdd00eb2d5

SHA512
4db1b2cf4fdb7eb3366a408d30086131d786e1a3bc7d3c4521e21b9fa51ae734454782124bd493c9320e08825aa0928ca7d4dea5094fe04c07d920e656d8b1f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39920.exe

Filesize
184KB

MD5
c0892dd8a692994e085dcde2652d4358

SHA1
b9dfb7b47278afe845a4be12928dfc439bd74315

SHA256
2618be1de6ce517a704d1eab5bfb42a5db951df771de318a1524ee53ba110a80

SHA512
6353cb988a063feeb9c4871d6c2f41e622ab2029023cf33894e237a112089f4328a21e05c72bdcff57a372d8bae5a358841188e635080676534b0bca25b623cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42281.exe

Filesize
184KB

MD5
7186f7dcf4ada596f28bd8102e8a8255

SHA1
55706450277d7cdda842fb8997e24892cdd5ca26

SHA256
08ec4f2c1b60d8fcd5a1cd65c1a6b900661727e96452b5a9b98fa2c5a3091de1

SHA512
dd5b484bafd5fd9cba94d269ee72de53990fbc14cef16ed6000a4386ffe17d85c71c4a381673927bf1e52de72634dee7d8e2744aff63202ea31403400a96ae1f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5510.exe

Filesize
184KB

MD5
a7af7530cb068149c10171c55cc40faa

SHA1
9745a27ec6db7dfe630e5f81dbe4a620622de192

SHA256
2d5f44e69faeaedc31509b31fa55efff916de4ce1815d0ec68d17c729ea92d05

SHA512
58372c766309622d7f6be7c0dfc0cb0c847841aa36b4630bc78929d5c32e1bf05ca1e4c05cf5a1955a6eb41e9c17bc45d1e2cbd03bcd007c02cc3e48ccc16083

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59216.exe

Filesize
184KB

MD5
f391084ea741be526f7042f752d17ae3

SHA1
c4202af2188e9e53db7b75cc121e85691fa22a34

SHA256
b61dce3c773dab107654c7b93f86c3810b0f299dda469fa83617804becef8247

SHA512
7aaca1f1957a2af7abb4f4d466afbfde4491bfd6a6c623a9190e1000587490512316c135d0554337cb2728ced6a82c3a201d753dd2dc1705b60d75963a98b2c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62147.exe

Filesize
184KB

MD5
2fdfe8e93c262d441c52ad1814b6dfd6

SHA1
991c9c462830be46e1d71dc22ddbfcdcb0087051

SHA256
78dd98216f0cf8be3c41ca5a85d343a4af7ce65280db00afbb133175d2723301

SHA512
5f96b31feb9a5f7f6e9ad00ba2e8528f6e658a78cd9853c6c9a2fa327ce5ba18b536d38e4b79c5aee4dded7ffd397e36641ad05fc9b2f79177261301e70a6fdb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6677.exe

Filesize
184KB

MD5
e6b9641a00f149bff9eb197810d7737d

SHA1
ae747ded0e12059577408fa5fff5b4660a685f72

SHA256
3f4da9be79539677c24e639efb99081051b046c0b99063012675d3662aa9f3cc

SHA512
013c6bc3281819907a9b5309b694adee841c28ace892706102369210913d29f916cd978db62804f4822678be56464811630c220e21f79f86fa8cb5d66a6707d8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-11472.exe

Filesize
184KB

MD5
74f73b85027d930482805a845fdfcb8c

SHA1
207a5a6aea7c36ba7f83be0fcc32e5ad85d458c0

SHA256
a6bea9cf13591c879da127ae5359bbfa222ba9528cb94d1e09b266481197597b

SHA512
936d7b187c245c825a886858cc664f08aa33208f4b84952969c4bd3ed05bd09ba27212f1243a888711e2ce3ea1451b27a7b3c96dac323a8e9f24e482148906d1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-31338.exe

Filesize
184KB

MD5
2a62e10fae630e4b0584a5e84903318f

SHA1
ab4cf0cee6af3997f7eb4dcda6dd9eba1e8e95d1

SHA256
b424e3c1592c134fb4c51c95274338e459600a7237f402d193ff89d8cc230cda

SHA512
9a13e39f8c44db7dd0a3701410bc6c904a3b4b8b2ed47f14d1e4aec31a1d45b2c05b138501cecf692a5f7d5431e532b14b889c8833d2e1f1fce2e2879e7002b2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-33319.exe

Filesize
184KB

MD5
f0dd9e783aec5ae32f222cb62c720e1f

SHA1
e24d9deff3bf39041e66534883b5f60bad066100

SHA256
db949774627a8ba849a56cd67accd5ca0ccbb61412a3fb42025f20c6ae6cd3bf

SHA512
252e07cd0cf20b1a8bb16f1be6bbeec2e12a436621e0a72736ec7e6b81421d9593293e63d018477bbee7f446df2e0ff9f90c34e2ade3111b9c7d8c3df2772c6a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49101.exe

Filesize
184KB

MD5
ed254b50bee6aa86cc85ee451529c810

SHA1
2de91293edac02d74419c380ae2ec2ba56039fca

SHA256
56a35918348fd265d61b1f2cf6855c039386c105f5ff9d44b209f54692162381

SHA512
cfbda730f146a184bd109c2d725c2efe65ab0225a8262121a99cce19d44f7f811ff106fe99a90bc58c27f2418e907b31250420f019088ed9396a88588f61aa39

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-53808.exe

Filesize
184KB

MD5
91c3d1fbf2a351a342cf9f120b62c5ef

SHA1
077bcbab961e8571e6ab5f6505376c2c517461bf

SHA256
7cd5fb4ed4fa552f5b44c3a3cf22228c7bc36d9e5f4df8f398bb8a843dd50bc9

SHA512
d34e725a7eb9f142e4885118f405b0629d6ff6f951aa71f4083099c3bb66e3c3c5d9c4888f8f27b7026288b50d60b0c19dc5a6f7337904619249cbafce0b5b24

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55925.exe

Filesize
184KB

MD5
466b8a9c10b7aef46069b7728873e61a

SHA1
582a29ab4a89913289438cf3495ce353dd068439

SHA256
1fabc588beff3659b5fedc0b991486da959946a8fdbf24a3fef2e5ac36e40d7a

SHA512
92b5792d73bc9a8e92bb385ca059dfbf95b75f98dc687edbab728501922774765f6658b275a0685aa5084a6c267cc557927682feb517853bc29d10530d8c20e1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-57269.exe

Filesize
184KB

MD5
ac83246e4ba3153f3be9fd9eeed80cf6

SHA1
b049f0bb4dac21bb8450b779ad567712b2f14bd4

SHA256
db42b7d4c4c71d42fb7a2039f9f0d221b2f20c1c7851d0559c1b0f87b30f1a14

SHA512
ce716c0367d0ac12ac8ca836c464ca63269138e8d9caeed999bb554cd227841c80729ba3099dd00c3f20805dee4ad81bdaf15727fc0947d685ddd6722819e294

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-58063.exe

Filesize
184KB

MD5
0b4b345337beb49cfe53b5ff2c18b4e9

SHA1
c828fdbe410d35c4d23809e8805b4f57bdb0728c

SHA256
4868fe83c0c435b5be37cd150a060c07cefb8cc83c9a80f2e14f51379dc0be3a

SHA512
5b8f4d3c39b3bc6814a884e5c93e6dfe08b76a6ef709c31900874afad0bd46aa5e056f05fd63a341af865a4b17586f7c15e3bba38b2919b5979937a7692dd26f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-61353.exe

Filesize
184KB

MD5
1f01491d214c3cd04698e98b3b383a85

SHA1
0e5035feab61fd252cfcd2083baa0225a0c591e1

SHA256
37b681f4bef7bdf2605f22c09d84bd0d511a62dccfefb37667fbdd88388ceaae

SHA512
e1fcc829a181ecafbd3723fb12b2015c7f5833b766120e690fc02e2305d4e8facf9d2c96cbd0b137bad4f7fdb83cef7bee7954bf1806a84feaa5aab25b4422cf

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-6169.exe

Filesize
184KB

MD5
8dfcc4a0dae96833491008af0374974c

SHA1
1ba23325ad45d8433335e365ad4c679b3524b042

SHA256
784521d243c0ec16150a1459d864eb3dbca330f26dc2f66ad0c19861eec1d5c9

SHA512
1537828089538dfde5aca36a5be2926b936955c152f6b1c0e15a70b40595cd6aea5c34152919d18ac7f926007525191d00f5d1cf5d214b0a7c912e704234e834

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-720.exe

Filesize
184KB

MD5
9ac316b823829fa31ef64cc4fe7c5f20

SHA1
90f9567809b3b20a676902200111c34824bbb1f0

SHA256
327745272ade9780206f29d5068c94b1c364b75b91117cf15371977b1b957bdc

SHA512
1bc0e78c7a81f463281565d312a5226e438551c39ee52b1040903d36bbc3f5287fb351010e6e55cc8339aa319e66714e119c882a2f539b4d41977bca20189db9

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads