131d330acc67a263dc5f876e0f96ec15f258591aae29ef0cbe1d7a951499a8e7

Analysis

max time kernel
150s
max time network
121s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
22/05/2024, 18:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

131d330acc67a263dc5f876e0f96ec15f258591aae29ef0cbe1d7a951499a8e7.exe
Size

184KB
MD5

843e8699d86cf0f18ffcc8bec5753216
SHA1

92951b00101067ca6416f0f2f3cf537b3262e236
SHA256

131d330acc67a263dc5f876e0f96ec15f258591aae29ef0cbe1d7a951499a8e7
SHA512

a620ef4c2d405601b302f64a64765522ba80364f2b8adbc28cab63ce8d8a02e9f68217a3ca998fdea094785cfe67dff0b410d3f1cab8f292a4f03cfaa541f620
SSDEEP

1536:p7S/6jZAu3oxotx1t1FAllwMH2IypZcl7md/O3LR2Vzetq+l5hj5nizpva:hd53oxoT71FkdHt4en3LRKsq+lnViFC

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2824	Unicorn-11799.exe
2740	Unicorn-18659.exe
2988	Unicorn-38525.exe
2744	Unicorn-21203.exe
2928	Unicorn-43761.exe
2688	Unicorn-1337.exe
296	Unicorn-4913.exe
2332	Unicorn-11690.exe
2424	Unicorn-58753.exe
1928	Unicorn-43808.exe
1872	Unicorn-13081.exe
1000	Unicorn-58281.exe
1708	Unicorn-19941.exe
1680	Unicorn-47975.exe
2748	Unicorn-40361.exe
2100	Unicorn-9635.exe
2420	Unicorn-60227.exe
2796	Unicorn-29501.exe
2396	Unicorn-2064.exe
2972	Unicorn-25177.exe
1532	Unicorn-49127.exe
972	Unicorn-10787.exe
1808	Unicorn-26569.exe
1804	Unicorn-49682.exe
3036	Unicorn-43673.exe
2376	Unicorn-43673.exe
1548	Unicorn-62702.exe
2812	Unicorn-21115.exe
1440	Unicorn-21115.exe
2984	Unicorn-62702.exe
1508	Unicorn-28790.exe
2260	Unicorn-51903.exe
2764	Unicorn-6231.exe
2920	Unicorn-14399.exe
2660	Unicorn-29344.exe
2192	Unicorn-22568.exe
2432	Unicorn-11638.exe
2472	Unicorn-31504.exe
2136	Unicorn-777.exe
2236	Unicorn-15722.exe
820	Unicorn-35588.exe
320	Unicorn-25282.exe
2412	Unicorn-51924.exe
1020	Unicorn-21198.exe
1552	Unicorn-32058.exe
1308	Unicorn-44311.exe
2200	Unicorn-33450.exe
1952	Unicorn-40226.exe
1500	Unicorn-60092.exe
2804	Unicorn-59599.exe
3028	Unicorn-28873.exe
1692	Unicorn-60922.exe
2784	Unicorn-6890.exe
1016	Unicorn-48478.exe
1292	Unicorn-2806.exe
996	Unicorn-49869.exe
2172	Unicorn-49869.exe
872	Unicorn-25919.exe
2408	Unicorn-45785.exe
1276	Unicorn-38171.exe
1404	Unicorn-19143.exe
2060	Unicorn-31395.exe
2708	Unicorn-46340.exe
2468	Unicorn-27311.exe

Loads dropped DLL 64 IoCs

pid	Process
2732	131d330acc67a263dc5f876e0f96ec15f258591aae29ef0cbe1d7a951499a8e7.exe
2732	131d330acc67a263dc5f876e0f96ec15f258591aae29ef0cbe1d7a951499a8e7.exe
2732	131d330acc67a263dc5f876e0f96ec15f258591aae29ef0cbe1d7a951499a8e7.exe
2824	Unicorn-11799.exe
2732	131d330acc67a263dc5f876e0f96ec15f258591aae29ef0cbe1d7a951499a8e7.exe
2824	Unicorn-11799.exe
2988	Unicorn-38525.exe
2988	Unicorn-38525.exe
2740	Unicorn-18659.exe
2824	Unicorn-11799.exe
2740	Unicorn-18659.exe
2824	Unicorn-11799.exe
2864	WerFault.exe
2864	WerFault.exe
2864	WerFault.exe
2864	WerFault.exe
2864	WerFault.exe
2744	Unicorn-21203.exe
2744	Unicorn-21203.exe
2740	Unicorn-18659.exe
2740	Unicorn-18659.exe
2688	Unicorn-1337.exe
2688	Unicorn-1337.exe
2988	Unicorn-38525.exe
2928	Unicorn-43761.exe
2988	Unicorn-38525.exe
2928	Unicorn-43761.exe
2404	WerFault.exe
2404	WerFault.exe
2404	WerFault.exe
2404	WerFault.exe
2036	WerFault.exe
2036	WerFault.exe
2036	WerFault.exe
2036	WerFault.exe
2036	WerFault.exe
2404	WerFault.exe
296	Unicorn-4913.exe
296	Unicorn-4913.exe
2744	Unicorn-21203.exe
2744	Unicorn-21203.exe
2424	Unicorn-58753.exe
2424	Unicorn-58753.exe
2928	Unicorn-43761.exe
2928	Unicorn-43761.exe
1928	Unicorn-43808.exe
1928	Unicorn-43808.exe
2688	Unicorn-1337.exe
2688	Unicorn-1337.exe
2332	Unicorn-11690.exe
2332	Unicorn-11690.exe
1904	WerFault.exe
1904	WerFault.exe
1904	WerFault.exe
1904	WerFault.exe
1904	WerFault.exe
2664	WerFault.exe
2664	WerFault.exe
2664	WerFault.exe
2664	WerFault.exe
2664	WerFault.exe
2228	WerFault.exe
2228	WerFault.exe
2228	WerFault.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2588	2732	WerFault.exe	27
2864	2824	WerFault.exe	28
2036	2988	WerFault.exe	30
2404	2740	WerFault.exe	29
1904	2744	WerFault.exe	33
2664	2688	WerFault.exe	34
2228	2928	WerFault.exe	32
1760	296	WerFault.exe	36
2888	2424	WerFault.exe	39
2268	1872	WerFault.exe	40
2364	1928	WerFault.exe	38
2092	2332	WerFault.exe	37
2736	1000	WerFault.exe	43
2680	1708	WerFault.exe	44
2760	1680	WerFault.exe	45
2964	2100	WerFault.exe	48
2976	2420	WerFault.exe	47
3048	2748	WerFault.exe	46
3064	2796	WerFault.exe	49
1676	2396	WerFault.exe	53
1972	2972	WerFault.exe	54
944	1532	WerFault.exe	55
1728	972	WerFault.exe	56
2504	1808	WerFault.exe	57
2148	1804	WerFault.exe	58
2456	3036	WerFault.exe	59
1836	1440	WerFault.exe	62
2344	1548	WerFault.exe	63
2024	2812	WerFault.exe	61
1960	2376	WerFault.exe	60
592	2984	WerFault.exe	64
3396	1508	WerFault.exe	66
3404	2260	WerFault.exe	67
3628	2764	WerFault.exe	68
3652	2236	WerFault.exe	79
3752	2472	WerFault.exe	77
3780	1308	WerFault.exe	85
3828	820	WerFault.exe	80
3840	2136	WerFault.exe	78
3916	1500	WerFault.exe	88
3908	1020	WerFault.exe	83
3952	1952	WerFault.exe	87
3960	2412	WerFault.exe	82
3980	1552	WerFault.exe	84
3128	2200	WerFault.exe	86
3144	320	WerFault.exe	81
3188	2660	WerFault.exe	74
3272	2192	WerFault.exe	75
3480	2920	WerFault.exe	73
3744	2432	WerFault.exe	76
3688	2804	WerFault.exe	92
3536	3028	WerFault.exe	93
3288	2784	WerFault.exe	99
3884	1016	WerFault.exe	100
3520	996	WerFault.exe	102
4144	2408	WerFault.exe	105
4160	872	WerFault.exe	104
4152	2252	WerFault.exe	114
4180	1692	WerFault.exe	94
4256	2172	WerFault.exe	103
4336	1276	WerFault.exe	106
4480	2204	WerFault.exe	118
4224	2440	WerFault.exe	136
4248	2272	WerFault.exe	137

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2732	131d330acc67a263dc5f876e0f96ec15f258591aae29ef0cbe1d7a951499a8e7.exe
2824	Unicorn-11799.exe
2988	Unicorn-38525.exe
2740	Unicorn-18659.exe
2744	Unicorn-21203.exe
2928	Unicorn-43761.exe
2688	Unicorn-1337.exe
296	Unicorn-4913.exe
2424	Unicorn-58753.exe
2332	Unicorn-11690.exe
1872	Unicorn-13081.exe
1928	Unicorn-43808.exe
1000	Unicorn-58281.exe
1708	Unicorn-19941.exe
1680	Unicorn-47975.exe
2420	Unicorn-60227.exe
2796	Unicorn-29501.exe
2100	Unicorn-9635.exe
2748	Unicorn-40361.exe
2396	Unicorn-2064.exe
2972	Unicorn-25177.exe
1532	Unicorn-49127.exe
972	Unicorn-10787.exe
1808	Unicorn-26569.exe
1804	Unicorn-49682.exe
3036	Unicorn-43673.exe
1440	Unicorn-21115.exe
2812	Unicorn-21115.exe
1548	Unicorn-62702.exe
2376	Unicorn-43673.exe
2984	Unicorn-62702.exe
2260	Unicorn-51903.exe
1508	Unicorn-28790.exe
2764	Unicorn-6231.exe
2920	Unicorn-14399.exe
2660	Unicorn-29344.exe
2192	Unicorn-22568.exe
2432	Unicorn-11638.exe
2472	Unicorn-31504.exe
2136	Unicorn-777.exe
2236	Unicorn-15722.exe
820	Unicorn-35588.exe
320	Unicorn-25282.exe
1020	Unicorn-21198.exe
1308	Unicorn-44311.exe
1552	Unicorn-32058.exe
2412	Unicorn-51924.exe
2200	Unicorn-33450.exe
1952	Unicorn-40226.exe
1500	Unicorn-60092.exe
2804	Unicorn-59599.exe
3028	Unicorn-28873.exe
1692	Unicorn-60922.exe
2784	Unicorn-6890.exe
1016	Unicorn-48478.exe
1292	Unicorn-2806.exe
2172	Unicorn-49869.exe
996	Unicorn-49869.exe
872	Unicorn-25919.exe
2408	Unicorn-45785.exe
1276	Unicorn-38171.exe
1404	Unicorn-19143.exe
2060	Unicorn-31395.exe
2708	Unicorn-46340.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2732 wrote to memory of 2824	2732	131d330acc67a263dc5f876e0f96ec15f258591aae29ef0cbe1d7a951499a8e7.exe	28
PID 2732 wrote to memory of 2824	2732	131d330acc67a263dc5f876e0f96ec15f258591aae29ef0cbe1d7a951499a8e7.exe	28
PID 2732 wrote to memory of 2824	2732	131d330acc67a263dc5f876e0f96ec15f258591aae29ef0cbe1d7a951499a8e7.exe	28
PID 2732 wrote to memory of 2824	2732	131d330acc67a263dc5f876e0f96ec15f258591aae29ef0cbe1d7a951499a8e7.exe	28
PID 2732 wrote to memory of 2740	2732	131d330acc67a263dc5f876e0f96ec15f258591aae29ef0cbe1d7a951499a8e7.exe	29
PID 2732 wrote to memory of 2740	2732	131d330acc67a263dc5f876e0f96ec15f258591aae29ef0cbe1d7a951499a8e7.exe	29
PID 2732 wrote to memory of 2740	2732	131d330acc67a263dc5f876e0f96ec15f258591aae29ef0cbe1d7a951499a8e7.exe	29
PID 2732 wrote to memory of 2740	2732	131d330acc67a263dc5f876e0f96ec15f258591aae29ef0cbe1d7a951499a8e7.exe	29
PID 2824 wrote to memory of 2988	2824	Unicorn-11799.exe	30
PID 2824 wrote to memory of 2988	2824	Unicorn-11799.exe	30
PID 2824 wrote to memory of 2988	2824	Unicorn-11799.exe	30
PID 2824 wrote to memory of 2988	2824	Unicorn-11799.exe	30
PID 2732 wrote to memory of 2588	2732	131d330acc67a263dc5f876e0f96ec15f258591aae29ef0cbe1d7a951499a8e7.exe	31
PID 2732 wrote to memory of 2588	2732	131d330acc67a263dc5f876e0f96ec15f258591aae29ef0cbe1d7a951499a8e7.exe	31
PID 2732 wrote to memory of 2588	2732	131d330acc67a263dc5f876e0f96ec15f258591aae29ef0cbe1d7a951499a8e7.exe	31
PID 2732 wrote to memory of 2588	2732	131d330acc67a263dc5f876e0f96ec15f258591aae29ef0cbe1d7a951499a8e7.exe	31
PID 2988 wrote to memory of 2928	2988	Unicorn-38525.exe	32
PID 2988 wrote to memory of 2928	2988	Unicorn-38525.exe	32
PID 2988 wrote to memory of 2928	2988	Unicorn-38525.exe	32
PID 2988 wrote to memory of 2928	2988	Unicorn-38525.exe	32
PID 2740 wrote to memory of 2744	2740	Unicorn-18659.exe	33
PID 2740 wrote to memory of 2744	2740	Unicorn-18659.exe	33
PID 2740 wrote to memory of 2744	2740	Unicorn-18659.exe	33
PID 2740 wrote to memory of 2744	2740	Unicorn-18659.exe	33
PID 2824 wrote to memory of 2688	2824	Unicorn-11799.exe	34
PID 2824 wrote to memory of 2688	2824	Unicorn-11799.exe	34
PID 2824 wrote to memory of 2688	2824	Unicorn-11799.exe	34
PID 2824 wrote to memory of 2688	2824	Unicorn-11799.exe	34
PID 2824 wrote to memory of 2864	2824	Unicorn-11799.exe	35
PID 2824 wrote to memory of 2864	2824	Unicorn-11799.exe	35
PID 2824 wrote to memory of 2864	2824	Unicorn-11799.exe	35
PID 2824 wrote to memory of 2864	2824	Unicorn-11799.exe	35
PID 2744 wrote to memory of 296	2744	Unicorn-21203.exe	36
PID 2744 wrote to memory of 296	2744	Unicorn-21203.exe	36
PID 2744 wrote to memory of 296	2744	Unicorn-21203.exe	36
PID 2744 wrote to memory of 296	2744	Unicorn-21203.exe	36
PID 2740 wrote to memory of 2332	2740	Unicorn-18659.exe	37
PID 2740 wrote to memory of 2332	2740	Unicorn-18659.exe	37
PID 2740 wrote to memory of 2332	2740	Unicorn-18659.exe	37
PID 2740 wrote to memory of 2332	2740	Unicorn-18659.exe	37
PID 2688 wrote to memory of 1928	2688	Unicorn-1337.exe	38
PID 2688 wrote to memory of 1928	2688	Unicorn-1337.exe	38
PID 2688 wrote to memory of 1928	2688	Unicorn-1337.exe	38
PID 2688 wrote to memory of 1928	2688	Unicorn-1337.exe	38
PID 2988 wrote to memory of 2424	2988	Unicorn-38525.exe	39
PID 2988 wrote to memory of 2424	2988	Unicorn-38525.exe	39
PID 2988 wrote to memory of 2424	2988	Unicorn-38525.exe	39
PID 2988 wrote to memory of 2424	2988	Unicorn-38525.exe	39
PID 2928 wrote to memory of 1872	2928	Unicorn-43761.exe	40
PID 2928 wrote to memory of 1872	2928	Unicorn-43761.exe	40
PID 2928 wrote to memory of 1872	2928	Unicorn-43761.exe	40
PID 2928 wrote to memory of 1872	2928	Unicorn-43761.exe	40
PID 2740 wrote to memory of 2404	2740	Unicorn-18659.exe	41
PID 2740 wrote to memory of 2404	2740	Unicorn-18659.exe	41
PID 2740 wrote to memory of 2404	2740	Unicorn-18659.exe	41
PID 2740 wrote to memory of 2404	2740	Unicorn-18659.exe	41
PID 2988 wrote to memory of 2036	2988	Unicorn-38525.exe	42
PID 2988 wrote to memory of 2036	2988	Unicorn-38525.exe	42
PID 2988 wrote to memory of 2036	2988	Unicorn-38525.exe	42
PID 2988 wrote to memory of 2036	2988	Unicorn-38525.exe	42
PID 296 wrote to memory of 1000	296	Unicorn-4913.exe	43
PID 296 wrote to memory of 1000	296	Unicorn-4913.exe	43
PID 296 wrote to memory of 1000	296	Unicorn-4913.exe	43
PID 296 wrote to memory of 1000	296	Unicorn-4913.exe	43

C:\Users\Admin\AppData\Local\Temp\131d330acc67a263dc5f876e0f96ec15f258591aae29ef0cbe1d7a951499a8e7.exe
"C:\Users\Admin\AppData\Local\Temp\131d330acc67a263dc5f876e0f96ec15f258591aae29ef0cbe1d7a951499a8e7.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2732
- C:\Users\Admin\AppData\Local\Temp\Unicorn-11799.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-11799.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2824
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38525.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38525.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43761.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43761.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13081.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10787.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22568.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19143.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62552.exe
        9⤵
        
        PID:584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20761.exe
        10⤵
        
        PID:4588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60679.exe
        11⤵
        
        PID:7948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45599.exe
        12⤵
        
        PID:12136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7948 -s 216
        12⤵
        
        PID:12336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4588 -s 236
        11⤵
        
        PID:9184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 584 -s 216
        10⤵
        
        PID:6956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31861.exe
        9⤵
        
        PID:3508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13128.exe
        10⤵
        
        PID:6528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46320.exe
        11⤵
        
        PID:9364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30802.exe
        12⤵
        
        PID:8772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9364 -s 216
        12⤵
        
        PID:9468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6528 -s 216
        11⤵
        
        PID:10608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3508 -s 216
        10⤵
        
        PID:8052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1404 -s 240
        9⤵
        
        PID:5768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7876.exe
        8⤵
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27223.exe
        9⤵
        
        PID:3600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56107.exe
        10⤵
        
        PID:6564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27457.exe
        11⤵
        
        PID:10680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23013.exe
        12⤵
        
        PID:10172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6564 -s 216
        11⤵
        
        PID:11744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3600 -s 216
        10⤵
        
        PID:8060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2728 -s 216
        9⤵
        
        PID:5520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2192 -s 240
        8⤵
        Program crash
        
        PID:3272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46340.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48162.exe
        8⤵
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41530.exe
        9⤵
        
        PID:3464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63315.exe
        10⤵
        
        PID:5488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17976.exe
        11⤵
        
        PID:8480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6559.exe
        12⤵
        
        PID:11548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8480 -s 216
        12⤵
        
        PID:12564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5488 -s 236
        11⤵
        
        PID:9536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3464 -s 216
        10⤵
        
        PID:7392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2840 -s 236
        9⤵
        
        PID:5172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12427.exe
        8⤵
        
        PID:3580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46102.exe
        9⤵
        
        PID:5992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28832.exe
        10⤵
        
        PID:1524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4735.exe
        11⤵
        
        PID:8860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1524 -s 220
        11⤵
        
        PID:5036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5992 -s 216
        10⤵
        
        PID:10216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3580 -s 216
        9⤵
        
        PID:6756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 972 -s 240
        7⤵
        Program crash
        
        PID:1728
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1872 -s 216
        6⤵
        Program crash
        
        PID:2268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40361.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21115.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25282.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4752.exe
        8⤵
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7082.exe
        9⤵
        
        PID:3316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17301.exe
        10⤵
        
        PID:4696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55204.exe
        11⤵
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54483.exe
        12⤵
        
        PID:10904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7467.exe
        13⤵
        
        PID:13032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10904 -s 216
        13⤵
        
        PID:13040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2808 -s 236
        12⤵
        
        PID:11788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4696 -s 216
        11⤵
        
        PID:8652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3316 -s 236
        10⤵
        
        PID:5552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2252 -s 236
        9⤵
        Program crash
        
        PID:4152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14098.exe
        8⤵
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45697.exe
        9⤵
        
        PID:3772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41442.exe
        10⤵
        
        PID:5748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52952.exe
        11⤵
        
        PID:9192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12436.exe
        12⤵
        
        PID:7860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9192 -s 236
        12⤵
        
        PID:8932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5748 -s 216
        11⤵
        
        PID:9952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3772 -s 216
        10⤵
        
        PID:6160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2868 -s 236
        9⤵
        
        PID:4460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 320 -s 220
        8⤵
        Program crash
        
        PID:3144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23781.exe
        7⤵
        
        PID:2204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34300.exe
        8⤵
        
        PID:3512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2204 -s 236
        8⤵
        Program crash
        
        PID:4480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1440 -s 240
        7⤵
        Program crash
        
        PID:1836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32058.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25173.exe
        7⤵
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21712.exe
        8⤵
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10803.exe
        9⤵
        
        PID:3636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37249.exe
        10⤵
        
        PID:5892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18054.exe
        11⤵
        
        PID:9520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56528.exe
        12⤵
        
        PID:11088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35288.exe
        13⤵
        
        PID:12640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11088 -s 216
        13⤵
        
        PID:12344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9520 -s 216
        12⤵
        
        PID:12472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5892 -s 216
        11⤵
        
        PID:11168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3636 -s 216
        10⤵
        
        PID:7548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1660 -s 236
        9⤵
        
        PID:5432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38768.exe
        8⤵
        
        PID:3732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-300.exe
        9⤵
        
        PID:6056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6657.exe
        10⤵
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23280.exe
        11⤵
        
        PID:11872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2104 -s 236
        11⤵
        
        PID:12756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6056 -s 236
        10⤵
        
        PID:9548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3732 -s 216
        9⤵
        
        PID:7604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1632 -s 240
        8⤵
        
        PID:5544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15167.exe
        7⤵
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60004.exe
        8⤵
        
        PID:3368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45718.exe
        9⤵
        
        PID:5592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62464.exe
        10⤵
        
        PID:9064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9094.exe
        11⤵
        
        PID:12724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9064 -s 220
        11⤵
        
        PID:9268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5592 -s 216
        10⤵
        
        PID:10320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3368 -s 236
        9⤵
        
        PID:7068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2684 -s 236
        8⤵
        
        PID:4896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1552 -s 240
        7⤵
        Program crash
        
        PID:3980
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2748 -s 240
        6⤵
        Program crash
        
        PID:3048
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2928 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:2228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58753.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58753.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47975.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26569.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31504.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45785.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52438.exe
        9⤵
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16917.exe
        10⤵
        
        PID:3728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23435.exe
        11⤵
        
        PID:6408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37872.exe
        12⤵
        
        PID:10384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12602.exe
        13⤵
        
        PID:8368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10384 -s 216
        13⤵
        
        PID:9336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6408 -s 216
        12⤵
        
        PID:11572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3728 -s 216
        11⤵
        
        PID:8028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2072 -s 216
        10⤵
        
        PID:5472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2408 -s 216
        9⤵
        Program crash
        
        PID:4144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18182.exe
        8⤵
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49397.exe
        9⤵
        
        PID:3936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55292.exe
        10⤵
        
        PID:6744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44613.exe
        11⤵
        
        PID:9832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54665.exe
        12⤵
        
        PID:11640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9832 -s 220
        12⤵
        
        PID:6976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6744 -s 216
        11⤵
        
        PID:11092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3936 -s 216
        10⤵
        
        PID:8124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2892 -s 216
        9⤵
        
        PID:5536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2472 -s 240
        8⤵
        Program crash
        
        PID:3752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38171.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19574.exe
        8⤵
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52111.exe
        9⤵
        
        PID:4784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34400.exe
        10⤵
        
        PID:6712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32740.exe
        11⤵
        
        PID:11184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6149.exe
        12⤵
        
        PID:11804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11184 -s 236
        12⤵
        
        PID:12600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6712 -s 216
        11⤵
        
        PID:12012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4784 -s 236
        10⤵
        
        PID:8320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1276 -s 236
        8⤵
        Program crash
        
        PID:4336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1808 -s 240
        7⤵
        Program crash
        
        PID:2504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11638.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4752.exe
        7⤵
        
        PID:2240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39994.exe
        8⤵
        
        PID:1820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41037.exe
        9⤵
        
        PID:3216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57586.exe
        10⤵
        
        PID:5116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50648.exe
        11⤵
        
        PID:8560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59434.exe
        12⤵
        
        PID:11664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8560 -s 216
        12⤵
        
        PID:12572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5116 -s 236
        11⤵
        
        PID:9576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3216 -s 216
        10⤵
        
        PID:6572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1820 -s 216
        9⤵
        
        PID:5052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45676.exe
        8⤵
        
        PID:3620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9407.exe
        9⤵
        
        PID:6088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42428.exe
        10⤵
        
        PID:9296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25802.exe
        11⤵
        
        PID:11328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49302.exe
        12⤵
        
        PID:13080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11328 -s 236
        12⤵
        
        PID:13088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9296 -s 216
        11⤵
        
        PID:13120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6088 -s 216
        10⤵
        
        PID:10488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3620 -s 216
        9⤵
        
        PID:7772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2240 -s 240
        8⤵
        
        PID:4104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28296.exe
        7⤵
        
        PID:2076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15162.exe
        8⤵
        
        PID:4928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36346.exe
        9⤵
        
        PID:6764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2485.exe
        10⤵
        
        PID:10156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10485.exe
        11⤵
        
        PID:8868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6764 -s 216
        10⤵
        
        PID:11300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4928 -s 216
        9⤵
        
        PID:8360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2076 -s 236
        8⤵
        
        PID:6288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2432 -s 220
        7⤵
        Program crash
        
        PID:3744
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1680 -s 240
        6⤵
        Program crash
        
        PID:2760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49682.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-777.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62121.exe
        7⤵
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57591.exe
        8⤵
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35500.exe
        9⤵
        
        PID:3836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9983.exe
        10⤵
        
        PID:5940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21131.exe
        11⤵
        
        PID:9524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1274.exe
        12⤵
        
        PID:8900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9524 -s 216
        12⤵
        
        PID:8820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5940 -s 216
        11⤵
        
        PID:10832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3836 -s 216
        10⤵
        
        PID:7844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2564 -s 236
        9⤵
        
        PID:4732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23802.exe
        8⤵
        
        PID:4040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2355.exe
        9⤵
        
        PID:5976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9226.exe
        10⤵
        
        PID:9716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42115.exe
        11⤵
        
        PID:9208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9716 -s 216
        11⤵
        
        PID:9416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5976 -s 220
        10⤵
        
        PID:10980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4040 -s 216
        9⤵
        
        PID:6736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2572 -s 240
        8⤵
        
        PID:4708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1846.exe
        7⤵
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19164.exe
        8⤵
        
        PID:3660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9407.exe
        9⤵
        
        PID:6080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17976.exe
        10⤵
        
        PID:8456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43853.exe
        11⤵
        
        PID:12364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8456 -s 216
        11⤵
        
        PID:7868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6080 -s 216
        10⤵
        
        PID:9512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3660 -s 216
        9⤵
        
        PID:7764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2052 -s 236
        8⤵
        
        PID:4216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2136 -s 240
        7⤵
        Program crash
        
        PID:3840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15613.exe
        6⤵
        
        PID:1256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50300.exe
        7⤵
        
        PID:2480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64918.exe
        8⤵
        
        PID:4980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4980 -s 224
        9⤵
        
        PID:6740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2480 -s 236
        8⤵
        
        PID:6320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15634.exe
        7⤵
        
        PID:3824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34727.exe
        8⤵
        
        PID:5128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49828.exe
        9⤵
        
        PID:8088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52758.exe
        10⤵
        
        PID:13296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8088 -s 216
        10⤵
        
        PID:9256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5128 -s 216
        9⤵
        
        PID:10068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3824 -s 216
        8⤵
        
        PID:7276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1256 -s 240
        7⤵
        
        PID:5004
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1804 -s 240
        6⤵
        Program crash
        
        PID:2148
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2424 -s 240
        5⤵
        Program crash
        
        PID:2888
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2988 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:2036
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1337.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1337.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43808.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43808.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60227.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43673.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35588.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27311.exe
        8⤵
        Executes dropped EXE
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18204.exe
        9⤵
        
        PID:3100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47752.exe
        10⤵
        
        PID:3944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49610.exe
        11⤵
        
        PID:5784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34478.exe
        12⤵
        
        PID:8428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65412.exe
        13⤵
        
        PID:13108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8428 -s 236
        13⤵
        
        PID:8232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5784 -s 216
        12⤵
        
        PID:9988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3944 -s 236
        11⤵
        
        PID:6548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3100 -s 236
        10⤵
        
        PID:4232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58613.exe
        9⤵
        
        PID:4080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36865.exe
        10⤵
        
        PID:6036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32916.exe
        11⤵
        
        PID:9004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20898.exe
        12⤵
        
        PID:12692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9004 -s 216
        12⤵
        
        PID:6832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6036 -s 216
        11⤵
        
        PID:10224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4080 -s 216
        10⤵
        
        PID:7136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2468 -s 240
        9⤵
        
        PID:4884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10590.exe
        8⤵
        
        PID:3180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45806.exe
        9⤵
        
        PID:3604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2547.exe
        10⤵
        
        PID:5756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26092.exe
        11⤵
        
        PID:9248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51881.exe
        12⤵
        
        PID:8960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9248 -s 220
        12⤵
        
        PID:9348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5756 -s 216
        11⤵
        
        PID:10476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3604 -s 216
        10⤵
        
        PID:6372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3180 -s 236
        9⤵
        
        PID:4128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 820 -s 240
        8⤵
        Program crash
        
        PID:3828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54508.exe
        7⤵
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5183.exe
        8⤵
        
        PID:1444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20617.exe
        9⤵
        
        PID:3820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-108.exe
        10⤵
        
        PID:5368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6569.exe
        11⤵
        
        PID:10064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8837.exe
        12⤵
        
        PID:12584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10064 -s 216
        12⤵
        
        PID:7308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5368 -s 216
        11⤵
        
        PID:11316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3820 -s 236
        10⤵
        
        PID:7704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1444 -s 236
        9⤵
        
        PID:5844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39645.exe
        8⤵
        
        PID:4060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54908.exe
        9⤵
        
        PID:5000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49060.exe
        10⤵
        
        PID:9076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65228.exe
        11⤵
        
        PID:12292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9076 -s 236
        11⤵
        
        PID:9136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5000 -s 216
        10⤵
        
        PID:9736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4060 -s 236
        9⤵
        
        PID:6336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2516 -s 220
        8⤵
        
        PID:4664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3036 -s 240
        7⤵
        Program crash
        
        PID:2456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15722.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49869.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36102.exe
        8⤵
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26948.exe
        9⤵
        
        PID:3328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35775.exe
        10⤵
        
        PID:4624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61426.exe
        11⤵
        
        PID:7080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27073.exe
        12⤵
        
        PID:10540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56505.exe
        13⤵
        
        PID:8240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7080 -s 216
        12⤵
        
        PID:11668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4624 -s 216
        11⤵
        
        PID:8508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3328 -s 236
        10⤵
        
        PID:5904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24077.exe
        9⤵
        
        PID:4724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62713.exe
        10⤵
        
        PID:6888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44037.exe
        11⤵
        
        PID:9756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63274.exe
        12⤵
        
        PID:13168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9756 -s 236
        12⤵
        
        PID:8256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6888 -s 216
        11⤵
        
        PID:10988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4724 -s 216
        10⤵
        
        PID:7648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1724 -s 240
        9⤵
        
        PID:5356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62313.exe
        8⤵
        
        PID:3388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60279.exe
        9⤵
        
        PID:4836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46844.exe
        10⤵
        
        PID:6428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28739.exe
        11⤵
        
        PID:11552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6428 -s 216
        11⤵
        
        PID:12256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4836 -s 216
        10⤵
        
        PID:8708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3388 -s 236
        9⤵
        
        PID:6252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 996 -s 240
        8⤵
        Program crash
        
        PID:3520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24404.exe
        7⤵
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21110.exe
        8⤵
        
        PID:3312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1971.exe
        9⤵
        
        PID:5560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33876.exe
        10⤵
        
        PID:8992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62942.exe
        11⤵
        
        PID:696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54372.exe
        12⤵
        
        PID:12908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 696 -s 216
        12⤵
        
        PID:12596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8992 -s 216
        11⤵
        
        PID:6840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5560 -s 216
        10⤵
        
        PID:10268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3312 -s 216
        9⤵
        
        PID:6884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2464 -s 236
        8⤵
        
        PID:4852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2236 -s 220
        7⤵
        Program crash
        
        PID:3652
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2420 -s 220
        6⤵
        Program crash
        
        PID:2976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62702.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51924.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12920.exe
        7⤵
        
        PID:1856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22288.exe
        8⤵
        
        PID:2080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27223.exe
        9⤵
        
        PID:3872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47472.exe
        10⤵
        
        PID:5908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36014.exe
        11⤵
        
        PID:9452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1437.exe
        12⤵
        
        PID:12956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9452 -s 236
        12⤵
        
        PID:12928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5908 -s 216
        11⤵
        
        PID:10644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3872 -s 236
        10⤵
        
        PID:6680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2080 -s 216
        9⤵
        
        PID:4560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13387.exe
        8⤵
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25464.exe
        9⤵
        
        PID:7008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34670.exe
        10⤵
        
        PID:9108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15251.exe
        11⤵
        
        PID:12804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9108 -s 236
        11⤵
        
        PID:7900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7008 -s 216
        10⤵
        
        PID:9780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2936 -s 216
        9⤵
        
        PID:7224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1856 -s 220
        8⤵
        
        PID:5836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63875.exe
        7⤵
        
        PID:3112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49890.exe
        8⤵
        
        PID:3556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35412.exe
        9⤵
        
        PID:5704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11125.exe
        10⤵
        
        PID:8452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13113.exe
        11⤵
        
        PID:12884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8452 -s 236
        11⤵
        
        PID:8008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5704 -s 236
        10⤵
        
        PID:10424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3556 -s 216
        9⤵
        
        PID:7152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3112 -s 236
        8⤵
        
        PID:5084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2412 -s 240
        7⤵
        Program crash
        
        PID:3960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36033.exe
        6⤵
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42132.exe
        7⤵
        
        PID:2160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2718.exe
        8⤵
        
        PID:3596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2355.exe
        9⤵
        
        PID:5968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25433.exe
        10⤵
        
        PID:9140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60368.exe
        11⤵
        
        PID:12776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9140 -s 216
        11⤵
        
        PID:12688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3596 -s 216
        9⤵
        
        PID:7024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2160 -s 236
        8⤵
        
        PID:3512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64726.exe
        7⤵
        
        PID:3348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1656 -s 220
        7⤵
        
        PID:5660
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1548 -s 240
        6⤵
        Program crash
        
        PID:2344
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1928 -s 240
        5⤵
        Program crash
        
        PID:2364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9635.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9635.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43673.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33450.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51815.exe
        7⤵
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48162.exe
        8⤵
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22563.exe
        9⤵
        
        PID:3548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36865.exe
        10⤵
        
        PID:6024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64457.exe
        11⤵
        
        PID:9804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36277.exe
        12⤵
        
        PID:12836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6024 -s 216
        11⤵
        
        PID:11032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3548 -s 216
        10⤵
        
        PID:5232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1668 -s 236
        9⤵
        
        PID:4820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27201.exe
        8⤵
        
        PID:3192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24530.exe
        9⤵
        
        PID:5448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50129.exe
        10⤵
        
        PID:9020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52976.exe
        11⤵
        
        PID:8312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9020 -s 216
        11⤵
        
        PID:9280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5448 -s 216
        10⤵
        
        PID:9704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3192 -s 236
        9⤵
        
        PID:6792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1628 -s 220
        8⤵
        
        PID:4808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2422.exe
        7⤵
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41613.exe
        8⤵
        
        PID:3420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3206.exe
        9⤵
        
        PID:6172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46232.exe
        10⤵
        
        PID:10292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34930.exe
        11⤵
        
        PID:12228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10292 -s 216
        11⤵
        
        PID:12532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6172 -s 236
        10⤵
        
        PID:11520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3420 -s 216
        9⤵
        
        PID:7876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2612 -s 236
        8⤵
        
        PID:5800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2200 -s 240
        7⤵
        Program crash
        
        PID:3128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1223.exe
        6⤵
        
        PID:284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13351.exe
        7⤵
        
        PID:2300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49397.exe
        8⤵
        
        PID:3996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10222.exe
        9⤵
        
        PID:6048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31354.exe
        10⤵
        
        PID:8544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32661.exe
        11⤵
        
        PID:11812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8544 -s 216
        11⤵
        
        PID:6904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6048 -s 216
        10⤵
        
        PID:9444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3996 -s 236
        9⤵
        
        PID:7184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2300 -s 216
        8⤵
        
        PID:4528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51021.exe
        7⤵
        
        PID:3360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46979.exe
        8⤵
        
        PID:5188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51.exe
        9⤵
        
        PID:9096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25366.exe
        10⤵
        
        PID:12536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38970.exe
        11⤵
        
        PID:13184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 12536 -s 216
        11⤵
        
        PID:9436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9096 -s 216
        10⤵
        
        PID:7248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5188 -s 216
        9⤵
        
        PID:9668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3360 -s 216
        8⤵
        
        PID:7284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 284 -s 220
        7⤵
        
        PID:2524
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2376 -s 240
        6⤵
        Program crash
        
        PID:1960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40226.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12920.exe
        6⤵
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30456.exe
        7⤵
        
        PID:3168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12941.exe
        8⤵
        
        PID:4072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59231.exe
        9⤵
        
        PID:5556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42667.exe
        10⤵
        
        PID:10128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17891.exe
        11⤵
        
        PID:13248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10128 -s 236
        11⤵
        
        PID:8724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3168 -s 236
        8⤵
        
        PID:5292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5328.exe
        7⤵
        
        PID:3244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16061.exe
        8⤵
        
        PID:5772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24940.exe
        9⤵
        
        PID:8472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53360.exe
        10⤵
        
        PID:7940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8472 -s 216
        10⤵
        
        PID:9464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5772 -s 216
        9⤵
        
        PID:10020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3244 -s 216
        8⤵
        
        PID:7508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2340 -s 240
        7⤵
        
        PID:5360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45401.exe
        6⤵
        
        PID:3224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8857.exe
        7⤵
        
        PID:3748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59340.exe
        8⤵
        
        PID:5500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44182.exe
        9⤵
        
        PID:9156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30602.exe
        10⤵
        
        PID:13072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9156 -s 216
        10⤵
        
        PID:7684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5500 -s 216
        9⤵
        
        PID:10080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3748 -s 216
        8⤵
        
        PID:6812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3224 -s 236
        7⤵
        
        PID:4844
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1952 -s 220
        6⤵
        Program crash
        
        PID:3952
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2100 -s 240
        5⤵
        Program crash
        
        PID:2964
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2688 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:2664
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2824 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2864
- C:\Users\Admin\AppData\Local\Temp\Unicorn-18659.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-18659.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2740
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21203.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21203.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4913.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4913.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58281.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2064.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28790.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59599.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4114.exe
        9⤵
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34924.exe
        10⤵
        
        PID:3452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6610.exe
        11⤵
        
        PID:3268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39963.exe
        12⤵
        
        PID:6216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58427.exe
        13⤵
        
        PID:9688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25802.exe
        14⤵
        
        PID:4780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9688 -s 216
        14⤵
        
        PID:13128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6216 -s 220
        13⤵
        
        PID:10952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3268 -s 216
        12⤵
        
        PID:7932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3452 -s 216
        11⤵
        
        PID:6068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54228.exe
        10⤵
        
        PID:4312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61369.exe
        11⤵
        
        PID:6116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57420.exe
        12⤵
        
        PID:9036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60542.exe
        13⤵
        
        PID:8608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9036 -s 216
        13⤵
        
        PID:9984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6116 -s 216
        12⤵
        
        PID:9552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4312 -s 216
        11⤵
        
        PID:7264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1604 -s 240
        10⤵
        
        PID:4744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27310.exe
        9⤵
        
        PID:3484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43943.exe
        10⤵
        
        PID:4756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57342.exe
        11⤵
        
        PID:7128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25039.exe
        12⤵
        
        PID:11656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58858.exe
        13⤵
        
        PID:12064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11656 -s 216
        13⤵
        
        PID:12300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7128 -s 216
        12⤵
        
        PID:10564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4756 -s 216
        11⤵
        
        PID:8524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3484 -s 236
        10⤵
        
        PID:3524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2804 -s 240
        9⤵
        Program crash
        
        PID:3688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45702.exe
        8⤵
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59428.exe
        9⤵
        
        PID:3588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-964.exe
        10⤵
        
        PID:4564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36154.exe
        11⤵
        
        PID:6992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33596.exe
        12⤵
        
        PID:10092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51881.exe
        13⤵
        
        PID:8300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10092 -s 220
        13⤵
        
        PID:9312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6992 -s 216
        12⤵
        
        PID:11420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4564 -s 216
        11⤵
        
        PID:8488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3588 -s 236
        10⤵
        
        PID:5724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19993.exe
        9⤵
        
        PID:4596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23134.exe
        10⤵
        
        PID:7156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55578.exe
        11⤵
        
        PID:9508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8923.exe
        12⤵
        
        PID:8568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7156 -s 216
        11⤵
        
        PID:11368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4596 -s 216
        10⤵
        
        PID:8000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2576 -s 240
        9⤵
        
        PID:5744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1508 -s 240
        8⤵
        Program crash
        
        PID:3396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60922.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55261.exe
        8⤵
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57290.exe
        9⤵
        
        PID:3712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50248.exe
        10⤵
        
        PID:4752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6517.exe
        11⤵
        
        PID:7596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42138.exe
        12⤵
        
        PID:11448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7596 -s 216
        12⤵
        
        PID:13044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4752 -s 216
        11⤵
        
        PID:8768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3712 -s 236
        10⤵
        
        PID:6180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2272 -s 236
        9⤵
        Program crash
        
        PID:4248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37424.exe
        8⤵
        
        PID:3700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38681.exe
        9⤵
        
        PID:4548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58193.exe
        10⤵
        
        PID:7784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53300.exe
        11⤵
        
        PID:12052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59961.exe
        12⤵
        
        PID:10100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7784 -s 216
        11⤵
        
        PID:12060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4548 -s 236
        10⤵
        
        PID:8968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3700 -s 216
        9⤵
        
        PID:6860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1692 -s 240
        8⤵
        Program crash
        
        PID:4180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2396 -s 240
        7⤵
        Program crash
        
        PID:1676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51903.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28873.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12282.exe
        8⤵
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24618.exe
        9⤵
        
        PID:3524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46081.exe
        10⤵
        
        PID:4496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10881.exe
        11⤵
        
        PID:7120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2656.exe
        12⤵
        
        PID:9588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27621.exe
        13⤵
        
        PID:13176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9588 -s 216
        13⤵
        
        PID:8596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7120 -s 216
        12⤵
        
        PID:10864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4496 -s 216
        11⤵
        
        PID:7956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65110.exe
        9⤵
        
        PID:4532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31302.exe
        10⤵
        
        PID:6192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55578.exe
        11⤵
        
        PID:9564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60350.exe
        12⤵
        
        PID:12904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9564 -s 216
        12⤵
        
        PID:10000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6192 -s 236
        11⤵
        
        PID:11376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4532 -s 216
        10⤵
        
        PID:8112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2624 -s 240
        9⤵
        
        PID:5676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43646.exe
        8⤵
        
        PID:3560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19247.exe
        9⤵
        
        PID:4992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18448.exe
        10⤵
        
        PID:7040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8894.exe
        11⤵
        
        PID:11616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7040 -s 216
        11⤵
        
        PID:12272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4992 -s 216
        10⤵
        
        PID:8500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3560 -s 236
        9⤵
        
        PID:6308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3028 -s 240
        8⤵
        Program crash
        
        PID:3536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53870.exe
        7⤵
        
        PID:2440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45038.exe
        8⤵
        
        PID:3664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11353.exe
        9⤵
        
        PID:4712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20908.exe
        10⤵
        
        PID:7352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38801.exe
        11⤵
        
        PID:12108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7352 -s 216
        11⤵
        
        PID:12328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4712 -s 236
        10⤵
        
        PID:8632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3664 -s 236
        9⤵
        
        PID:7144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2440 -s 236
        8⤵
        Program crash
        
        PID:4224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2260 -s 220
        7⤵
        Program crash
        
        PID:3404
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1000 -s 240
        6⤵
        Program crash
        
        PID:2736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25177.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6231.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6890.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46901.exe
        8⤵
        
        PID:276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38816.exe
        9⤵
        
        PID:3804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56003.exe
        10⤵
        
        PID:5068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4275.exe
        11⤵
        
        PID:6968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44945.exe
        12⤵
        
        PID:10316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6968 -s 236
        12⤵
        
        PID:11864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5068 -s 216
        11⤵
        
        PID:7200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3804 -s 236
        10⤵
        
        PID:5864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40797.exe
        9⤵
        
        PID:4188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55204.exe
        10⤵
        
        PID:6284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58287.exe
        11⤵
        
        PID:11716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39266.exe
        12⤵
        
        PID:9340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6284 -s 216
        11⤵
        
        PID:11412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4188 -s 236
        10⤵
        
        PID:8660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 276 -s 240
        9⤵
        
        PID:6636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53761.exe
        8⤵
        
        PID:3848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41805.exe
        9⤵
        
        PID:4900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23518.exe
        10⤵
        
        PID:6552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-259.exe
        11⤵
        
        PID:10676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40716.exe
        12⤵
        
        PID:13200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10676 -s 236
        12⤵
        
        PID:8272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6552 -s 216
        11⤵
        
        PID:11964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4900 -s 236
        10⤵
        
        PID:8208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3848 -s 236
        9⤵
        
        PID:6276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2784 -s 240
        8⤵
        Program crash
        
        PID:3288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12645.exe
        7⤵
        
        PID:2144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59236.exe
        8⤵
        
        PID:4064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44135.exe
        9⤵
        
        PID:4396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55095.exe
        10⤵
        
        PID:7624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59797.exe
        11⤵
        
        PID:12172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19388.exe
        12⤵
        
        PID:11712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 12172 -s 216
        12⤵
        
        PID:12676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13720.exe
        11⤵
        
        PID:1484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7624 -s 220
        11⤵
        
        PID:12764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4396 -s 216
        10⤵
        
        PID:8908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4064 -s 236
        9⤵
        
        PID:6784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2144 -s 236
        8⤵
        
        PID:4380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2764 -s 240
        7⤵
        Program crash
        
        PID:3628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48478.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6444.exe
        7⤵
        
        PID:1172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63896.exe
        8⤵
        
        PID:3204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46465.exe
        9⤵
        
        PID:5096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57669.exe
        10⤵
        
        PID:5948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64026.exe
        11⤵
        
        PID:8672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47784.exe
        12⤵
        
        PID:12020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8672 -s 236
        12⤵
        
        PID:12828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5948 -s 216
        11⤵
        
        PID:9480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5096 -s 216
        10⤵
        
        PID:7580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3204 -s 236
        9⤵
        
        PID:5528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26407.exe
        8⤵
        
        PID:4296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58712.exe
        9⤵
        
        PID:6912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34878.exe
        10⤵
        
        PID:10412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6912 -s 216
        10⤵
        
        PID:12004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4296 -s 216
        9⤵
        
        PID:8444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1172 -s 240
        8⤵
        
        PID:6724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13304.exe
        7⤵
        
        PID:3236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6994.exe
        8⤵
        
        PID:4868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22750.exe
        9⤵
        
        PID:6932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28801.exe
        10⤵
        
        PID:11172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7467.exe
        11⤵
        
        PID:13024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11172 -s 216
        11⤵
        
        PID:13084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6932 -s 216
        10⤵
        
        PID:11832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4868 -s 216
        9⤵
        
        PID:7736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3236 -s 216
        8⤵
        
        PID:5624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1016 -s 240
        7⤵
        Program crash
        
        PID:3884
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2972 -s 240
        6⤵
        Program crash
        
        PID:1972
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 296 -s 240
        5⤵
        Program crash
        
        PID:1760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19941.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19941.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49127.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14399.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49869.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3237.exe
        8⤵
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31115.exe
        9⤵
        
        PID:4272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4272 -s 220
        10⤵
        
        PID:6260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2788 -s 236
        9⤵
        
        PID:5152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2172 -s 236
        8⤵
        Program crash
        
        PID:4256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34518.exe
        7⤵
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43367.exe
        8⤵
        
        PID:4364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33440.exe
        9⤵
        
        PID:7084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42314.exe
        10⤵
        
        PID:10620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7084 -s 236
        10⤵
        
        PID:11904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4364 -s 216
        9⤵
        
        PID:7872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2352 -s 216
        8⤵
        
        PID:6128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2920 -s 240
        7⤵
        Program crash
        
        PID:3480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25919.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64690.exe
        7⤵
        
        PID:712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5048.exe
        8⤵
        
        PID:4652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37908.exe
        9⤵
        
        PID:6360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38614.exe
        10⤵
        
        PID:11188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6360 -s 216
        10⤵
        
        PID:11928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4652 -s 216
        9⤵
        
        PID:7216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 712 -s 236
        8⤵
        
        PID:6076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 872 -s 216
        7⤵
        Program crash
        
        PID:4160
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1532 -s 240
        6⤵
        Program crash
        
        PID:944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29344.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2806.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42132.exe
        7⤵
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35391.exe
        8⤵
        
        PID:3164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26860.exe
        9⤵
        
        PID:5132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55474.exe
        10⤵
        
        PID:8748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7851.exe
        11⤵
        
        PID:13252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8748 -s 236
        11⤵
        
        PID:8276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5132 -s 216
        10⤵
        
        PID:9896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3164 -s 236
        9⤵
        
        PID:6620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2904 -s 216
        8⤵
        
        PID:4580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48198.exe
        7⤵
        
        PID:4120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42485.exe
        8⤵
        
        PID:6608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34691.exe
        9⤵
        
        PID:10024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14294.exe
        10⤵
        
        PID:9000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6608 -s 216
        9⤵
        
        PID:11228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4120 -s 216
        8⤵
        
        PID:8076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1292 -s 240
        7⤵
        
        PID:5888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30434.exe
        6⤵
        
        PID:924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57949.exe
        7⤵
        
        PID:3200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34125.exe
        8⤵
        
        PID:6796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25646.exe
        9⤵
        
        PID:9396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18851.exe
        10⤵
        
        PID:13096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9396 -s 236
        10⤵
        
        PID:13164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6796 -s 216
        9⤵
        
        PID:10824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3200 -s 216
        8⤵
        
        PID:8156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 924 -s 236
        7⤵
        
        PID:5480
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2660 -s 240
        6⤵
        Program crash
        
        PID:3188
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1708 -s 240
        5⤵
        Program crash
        
        PID:2680
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2744 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1904
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11690.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11690.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29501.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29501.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21115.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21198.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16729.exe
        7⤵
        
        PID:2388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32594.exe
        8⤵
        
        PID:4024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62884.exe
        9⤵
        
        PID:4968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36450.exe
        10⤵
        
        PID:8420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24240.exe
        11⤵
        
        PID:11624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8420 -s 216
        11⤵
        
        PID:13228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4968 -s 236
        10⤵
        
        PID:9500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4024 -s 216
        9⤵
        
        PID:6624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2388 -s 236
        8⤵
        
        PID:4384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1020 -s 236
        7⤵
        Program crash
        
        PID:3908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23781.exe
        6⤵
        
        PID:1992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5183.exe
        7⤵
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31992.exe
        8⤵
        
        PID:3812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1862.exe
        9⤵
        
        PID:5620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21240.exe
        10⤵
        
        PID:9128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47714.exe
        11⤵
        
        PID:8068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9128 -s 216
        11⤵
        
        PID:8612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5620 -s 216
        10⤵
        
        PID:9700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3812 -s 216
        9⤵
        
        PID:7436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2856 -s 236
        8⤵
        
        PID:5300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20294.exe
        7⤵
        
        PID:4036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4493.exe
        8⤵
        
        PID:5876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6465.exe
        9⤵
        
        PID:8572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40332.exe
        10⤵
        
        PID:12988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8572 -s 236
        10⤵
        
        PID:12952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5876 -s 216
        9⤵
        
        PID:10144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4036 -s 216
        8⤵
        
        PID:6584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1992 -s 220
        7⤵
        
        PID:4504
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2812 -s 240
        6⤵
        Program crash
        
        PID:2024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44311.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31395.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1099.exe
        7⤵
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27223.exe
        8⤵
        
        PID:3740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52853.exe
        9⤵
        
        PID:6400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57612.exe
        10⤵
        
        PID:8640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4735.exe
        11⤵
        
        PID:8856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8640 -s 220
        11⤵
        
        PID:2724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6400 -s 216
        10⤵
        
        PID:9392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3740 -s 216
        9⤵
        
        PID:8200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2476 -s 216
        8⤵
        
        PID:5812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13387.exe
        7⤵
        
        PID:3708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58821.exe
        8⤵
        
        PID:6692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6486.exe
        9⤵
        
        PID:10200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13549.exe
        10⤵
        
        PID:12184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10200 -s 236
        10⤵
        
        PID:13064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6692 -s 220
        9⤵
        
        PID:10432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3708 -s 216
        8⤵
        
        PID:8104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2060 -s 240
        7⤵
        
        PID:5796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24212.exe
        6⤵
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2635.exe
        7⤵
        
        PID:3540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12168.exe
        8⤵
        
        PID:5444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20301.exe
        9⤵
        
        PID:10056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37133.exe
        10⤵
        
        PID:12424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10056 -s 216
        10⤵
        
        PID:8436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5444 -s 216
        9⤵
        
        PID:11248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3540 -s 216
        8⤵
        
        PID:7324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1608 -s 236
        7⤵
        
        PID:5164
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1308 -s 240
        6⤵
        Program crash
        
        PID:3780
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2796 -s 220
        5⤵
        Program crash
        
        PID:3064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62702.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62702.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60092.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4752.exe
        6⤵
        
        PID:816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7321.exe
        7⤵
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27908.exe
        8⤵
        
        PID:3108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53886.exe
        9⤵
        
        PID:5644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60435.exe
        10⤵
        
        PID:8980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30218.exe
        11⤵
        
        PID:12916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8980 -s 236
        11⤵
        
        PID:12812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5644 -s 216
        10⤵
        
        PID:9644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3108 -s 236
        9⤵
        
        PID:7108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2604 -s 236
        8⤵
        
        PID:4912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11057.exe
        7⤵
        
        PID:3460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57669.exe
        8⤵
        
        PID:5988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56948.exe
        9⤵
        
        PID:9584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7387.exe
        10⤵
        
        PID:8464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5988 -s 216
        9⤵
        
        PID:11120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3460 -s 216
        8⤵
        
        PID:7588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 816 -s 240
        7⤵
        
        PID:5420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61161.exe
        6⤵
        
        PID:1492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9433.exe
        7⤵
        
        PID:3304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41333.exe
        8⤵
        
        PID:5860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54732.exe
        9⤵
        
        PID:8616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52252.exe
        10⤵
        
        PID:11632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8616 -s 236
        10⤵
        
        PID:12628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5860 -s 216
        9⤵
        
        PID:9612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3304 -s 216
        8⤵
        
        PID:7532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1492 -s 236
        7⤵
        
        PID:5408
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1500 -s 220
        6⤵
        Program crash
        
        PID:3916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23781.exe
        5⤵
        
        PID:1828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33964.exe
        6⤵
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41037.exe
        7⤵
        
        PID:3176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35473.exe
        8⤵
        
        PID:5608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33876.exe
        9⤵
        
        PID:8916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25924.exe
        10⤵
        
        PID:12420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8916 -s 216
        10⤵
        
        PID:9356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5608 -s 216
        9⤵
        
        PID:10256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3176 -s 216
        8⤵
        
        PID:7728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2944 -s 236
        7⤵
        
        PID:5044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6781.exe
        6⤵
        
        PID:3788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1971.exe
        7⤵
        
        PID:5572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31655.exe
        8⤵
        
        PID:9048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15688.exe
        9⤵
        
        PID:12132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9048 -s 236
        9⤵
        
        PID:13012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5572 -s 216
        8⤵
        
        PID:9740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3788 -s 236
        7⤵
        
        PID:6920
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1828 -s 240
        6⤵
        
        PID:4860
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2984 -s 240
        5⤵
        Program crash
        
        PID:592
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2332 -s 240
      4⤵
      Program crash
      PID:2092
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2740 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2404
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2732 -s 240
  2⤵
  - Program crash
  PID:2588

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-13081.exe

Filesize
184KB

MD5
4ca96c180afe3876f0a288c19e0a1af5

SHA1
7e0a5e165a5da6cdd717ace33881425fbad9645e

SHA256
dfb0f216c920ad13bef37cd89d4f3d7dabf90c9ebbe933e13961f2f62e9b62f8

SHA512
a05522555de4b53285c261dd6903ed3eb81505a7579b2d11906663a82dde80a0056f0d5ae1e5a11d770a949e49708b88cefb79351d02f6982ccdc587d600b128

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-1337.exe

Filesize
184KB

MD5
ae9ecf0efce2a1a680e79f6c5a3b2331

SHA1
cdd012c4f6b24cfdf60053a2cd9974cd5aa73251

SHA256
517f0582966b3b05165241055651f3ba8da76ce137176d416e609c60de56b330

SHA512
299e3e19098b678bb5bcfa9ac909551795d0c3660f1ebbe1973cbf9795a89d87b1714a567d8efef25f3c646031bbd91dd69150391b6f6559db10d2cb746fd34f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18659.exe

Filesize
184KB

MD5
57ee3e9c1fda8de8105ee7e8a082a2e0

SHA1
ce1c69915b6adde12e5035945760e68127c96e58

SHA256
a0a21dacede127bb6e9cd1d2e4ac8ef7fe70af8098efe8b876fa03219b5f74a4

SHA512
5fdc046f03c95619f339f3417ec0d420794a615eec739b4d8bd91aae9d134828a50d5f5a2eea094071e8864cca1273fe556b2f47586bedb12397707d919f956b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21203.exe

Filesize
184KB

MD5
519ffa5b3442dc129bba14255ffe11b8

SHA1
e05c2a0964bf2b9d73ba97b68d12cc08b592c5a8

SHA256
9b28aa9bc7a3bd60dfde7bb09e47fec6fad61b8d9b5d5cb6d235d8a07b2d0482

SHA512
df1e9d1c34c49af0d6d06a7fed593261a707129dedf6f950365ef3e8e512bcf4a4ede0466ef9eaff6eaa500c39c7bc2bb0ea9cbbce91977d5a1f22f5ed0820e1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39645.exe

Filesize
184KB

MD5
3487eb933f3f05c3cd618334792ec31c

SHA1
a48296e624f3e34195f8ef164c9096194b98aced

SHA256
fd0af9c4473422e3fb3fdeb1491f0689e19bb7a333cb489bcbdd3bebf8fccd55

SHA512
44698cfb7d8c1f1888ec15ce8fa825e8cfdf6be40646638d5500c9be3357967013fd85f58af0ed9a005be6a67b98660cc62c24c26cf4ffdc3e84ea10f2ae6c75

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40226.exe

Filesize
184KB

MD5
9f1c5bd1de8a85063e16d2f2074d4d0e

SHA1
1582524253d8bc7bdbefe1456d83c47f4d56f91e

SHA256
5f4e6918c3a6da714678496ed9de80c099d08f7644fc54b2bfe041bce2250ece

SHA512
3db6c03218bfae2bfa72958828b56f1f09e55c394ee62d8c881299dff4024b5e89313ed6d6c1f4555b89dfeedf4b2f338f18b49eadf7a58f50ac37885ba5fd3f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40361.exe

Filesize
184KB

MD5
62d290063ded931ff479d6fd98faf53c

SHA1
bb9c6ed4a527a0a8d6a12acad70554992344e89d

SHA256
f9684ccb8630d1e647fa755fd24f597d1cb27ef699fcca90629d8aada37c7973

SHA512
01385e991d4e845ae1b243ee2d3ba7297cc800387741cea820625d68dcd870b569aece3031d097785a6cf1b0d4199897c1af943a4faf6367c953c72642dc1367

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40797.exe

Filesize
184KB

MD5
7fbfba79fb01be1a4467b8cc182f9150

SHA1
db674b44bbaba3dd503aec3a400c57ae3bc506d0

SHA256
c839a1f5fe31d4d8a28fda3d51c35e662b33aebf15e257f552e000ec19dd5e82

SHA512
16509f188233880b6c601b7ef38bbd5775e0b0fe43b1f4f2ff49aeb213ada21b4e5180eac8e5ef9daafbdb589d6fabdf0e3530c321215d52a2a9bbb98c6abd5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43808.exe

Filesize
184KB

MD5
711949970ebfdee6a9b7b0d9e924e3ca

SHA1
c3ea1bc70fa4356067916951a5b3b81e671bd927

SHA256
d69b8f52fe01940e9e8362135904e7e5b3ab7a0a17a82c7f56e83b6a30b37c51

SHA512
d4c5b6aa91a659ab8058191f837e6e9b6170244bcd5b187ade819373b3ae31b86bdfa65efd6d806a1fd939da1b1f547e2b777c8df574d1e302cfee3d0ba7091d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46102.exe

Filesize
184KB

MD5
b7dcd510e48592ea4f0d84371fb0592e

SHA1
5e20184607c55a11074df1818716b17a925ed320

SHA256
9204cb8e15d0cc06ff28e877cec9c8ab0cd82da0b3e1cbb3653d3dba2cda93af

SHA512
837e5608822dc9c6372503238ad78f67a20216221830dd0a5de9ab85ea908d01fdbfe4c3ee8c8b6554fce6e3f7188bd5c93effb6522f1555ee2a4473b73153e5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59231.exe

Filesize
184KB

MD5
4bb5bbc8e37f926a9cd00a4ace67fcde

SHA1
02da136e75fcfd9807c1b6458b3771867d2e33ac

SHA256
413c6ee1fd3dff761a125782df2f6a7075dbb87b61ca745e63d50e352abc2f37

SHA512
bf3d18ed04de568ec802c61e9a2902fef10c625a5b0316a9c359137ad177e276e58fd01ed5bdb52c5b7054a42e8346f86d7b555bf59fff3eb882f43bbde4d71b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6231.exe

Filesize
184KB

MD5
d79542c54d8af0919a27698c047ec614

SHA1
e25e59f0da7bdd49b62f279c4068fea1b1c5c5fd

SHA256
b1bd704d5dd5d7259332e2b36e4e5ffebc8eda75faea9c375a1789cd232b71f2

SHA512
86d0c48714d67ca8ede49633020567a7977c47fd858a25a3787d06e35d41fcba8a94242a11b523bf30e1a3978d6ea19c205e708bdb6fd524d1a3c34d13aa2ce5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62942.exe

Filesize
184KB

MD5
2e889a6ae80fa55b1a3a5f72aea49bd3

SHA1
6411b25a454cd918f605f2a405691fb18da7aeee

SHA256
4abde4efce3a5482399a05f9d9738f4b8ff1b089472e87feba6e997978626839

SHA512
43112343275a68a95add79ac7af83aac56a592fa14a6782e8891591c9cace665bc807c347a1dae4a94d4c2413639103d12d70ff18edd1440ec175ac1a074cb70

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6444.exe

Filesize
184KB

MD5
60d9f35bd8969ab00baab5cf567be454

SHA1
4cc005012a1b489d0f8e4cdeb34f31ae31dfe791

SHA256
4721cadc94363d7ba5632a9379673373c4c7bb639cabafd4b5493c00afaff70c

SHA512
21ce7386f5703207a40997ff13a0f41a91c747e8b237bb03ae3bb38a5f97a07ca7d117701bef104649ce1d1e8a0ec2331e91c06e26870293662bf361c7e4c876

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6517.exe

Filesize
184KB

MD5
a94c0b3e7451a092ef4d4c857bccb948

SHA1
b4ad68f4320c2a4c13b0b8791ceb9c804d171ddf

SHA256
a67c761eabd057dc054f928d9454e5426fdd80e18d04466e050ac676a433bdd8

SHA512
1966be5049ac2f37b87db69d073601fcd5fffabc0b2189f2fc1a2e9af5a40a3f54ccbf5274068d39149bf5d6cbb6c4fc8773edcf3f7ff2bd2b8acf8fc5f46792

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-11690.exe

Filesize
184KB

MD5
8cdce7b05709d490bda9eb4b689ad07d

SHA1
6bf055a5fe6fb9c62b860e025277b4cf7e7e3285

SHA256
96ae6280be2acad0f583e6bc1d8b3be310db2b1c8a05b408fbc9db516a5c4ee1

SHA512
e66feac447bb6353cd033a8ea7eb93587f99081f54fe2258804d7ea6126bb88aec86164b7265dd935d92f321aab2b5892d216d4babcb8942de901607060dd424

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-11799.exe

Filesize
184KB

MD5
f760e476bb49c47e95ac2b0df0e8d358

SHA1
8ba70fb389a27406411278b22006492bb79cd5cd

SHA256
418abe954058c3c4175b350695ed35317047c78836898156982fcc9a806203ed

SHA512
862b2a6b8d486250ad429173d41d20f9e08f9f7461f7269ba1d5824d8109af37136c36e6dc71b895eb4a1d1d8bb464246134105af271c46428caf5b46cca4306

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-19941.exe

Filesize
184KB

MD5
5f923e06f56802d6fd08a9883ef880f5

SHA1
c509580561d8438f785c2116701338be3c54e451

SHA256
9cc9d9892e18604b30c4e54f6bc94c1b76ea49c8b139111b46ab43f4674ef40c

SHA512
c9ae1827218508039d367aa69812973fda71445c4450949f8545f23f5be9cdd89d8e0bbcc08451528bdcdb2d053c338021ef5a8d5e9c7b3f11903f53e11eab25

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-38525.exe

Filesize
184KB

MD5
0225589a6bbd1432d030c9cf2f5f5543

SHA1
66851d9d313f467e3d67431ae48c76f5e26336c2

SHA256
1410722d4198c232fa11b7f71c92b9360b9de0cec1a5d403b72173c631927765

SHA512
93c5c5a851bbdbd8ac1f272869c426b3cf704fa43c9170d37047edf0c38f7413d8037f66ef2ed1623405a6b7680bc6434da9d646b3c19801f3c16fbc98066ea0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-43761.exe

Filesize
184KB

MD5
52f36d2d95d2c3e8c59851362daca5ac

SHA1
a765bdb87c8a8c75504968b285d10d5851b714ca

SHA256
77ceb4631f26f7536f3a535fd7180cbc82e95dec7875396b3b02ecbd052dd244

SHA512
b554569be39fb663aef6c02e7b9e743ef28e273ea912753ddf3765d01a5d08bff5345ed224c5c50cbe44d19e3ea53649eeb6539c2feabf28de6879bc72a1d8a4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-47975.exe

Filesize
184KB

MD5
88e198caddaac2b1b941d09b8226ed59

SHA1
64ce880c9703c6e870995cce55240f7558246bdd

SHA256
bf17e91919f3da3dc0f134d73e316a4e86c0776e8a2ab6d6e14678269d8269b9

SHA512
87f2fe67a786ffeb2d72b70e2fbd7626378646c6b1731aca77dff16e9f5629cc092bd365c7372e4c719bb0c9a3fc68671201e23637665cebaa3854f446084cc2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-4913.exe

Filesize
184KB

MD5
6de29d9cfd9317d249423c8dcbb77a5e

SHA1
92330fc2b2d25c7207c2130d37dcfc1b71036376

SHA256
0e514012eae4f2c157193c476a4278fac0aad3350840f34f808186b9062bcb56

SHA512
8be06727ac7ad54057b4c7c33d2e8cce014c301028a8ef05a88a836f1bc385673dfad621637969aaf4bdd6f29200cfed41d4568a8a2d011c2fda2a5e076d0776

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-58281.exe

Filesize
184KB

MD5
a7d2ce3b47bc5e362c40db2740acf37c

SHA1
5888953a68ef042a5462d5196e2be3fa3a04388e

SHA256
276a75a43d928e96c2a7a9cc2d8da834f41c8b5b43b9895c69aacf39c72769c6

SHA512
04f1fc766bf0a37ef347f35878fb4df8abb3e669c3115d41039e74e84bfa27b2c6ccd1cb74342e441ff034129f7c3973fba14c7c9df560075283de40c25c76c9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-58753.exe

Filesize
184KB

MD5
6f8ccc0b026d79fe52db60716c72ea41

SHA1
9992399eb1ad20e46b0614e6e064ab6130baf424

SHA256
6c01ceb6623974220689d9d5aada9336b40fa755dae8a482abcfacb5a0455b80

SHA512
cdddfc6eea98c4a8fdafb2b6697a0d0b9c50a4944cf2a31da30a8d104acbc19da50678d362d129769091e81e954ca5adb277fe0ba747652d540eedf0cb6802df

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads