17d446e2741f4d7e049ddf97cd3d23eb10d0b82034b0c9f3a6416196ee387344

Analysis

max time kernel
150s
max time network
120s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
22/05/2024, 19:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

17d446e2741f4d7e049ddf97cd3d23eb10d0b82034b0c9f3a6416196ee387344.exe
Size

184KB
MD5

56287bb2ad0a8116bce91a31160565c4
SHA1

5fdbaac116649970530a466bcd3b735f0310ff60
SHA256

17d446e2741f4d7e049ddf97cd3d23eb10d0b82034b0c9f3a6416196ee387344
SHA512

8752aadb6965001f83239e38a38e54954d77e973675c3d7dc36af9c65b399aa0752b4ded34979b2d23e94f849e24be26b8215ca336b81e2a48a81e8dba9d41db
SSDEEP

3072:H7q3Moo37IOTdHEWe8hLUjsOhlnnEFSn3:H72ohJHEeLGsOhlnnEFS

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
1256	Unicorn-32911.exe
2400	Unicorn-28910.exe
2596	Unicorn-52023.exe
2688	Unicorn-11587.exe
2792	Unicorn-26532.exe
2568	Unicorn-46398.exe
2740	Unicorn-18411.exe
2784	Unicorn-38277.exe
2168	Unicorn-34193.exe
1676	Unicorn-46445.exe
2024	Unicorn-26579.exe
636	Unicorn-50612.exe
864	Unicorn-63632.exe
2440	Unicorn-13040.exe
2864	Unicorn-13040.exe
2632	Unicorn-32906.exe
1156	Unicorn-59548.exe
596	Unicorn-8956.exe
1636	Unicorn-1172.exe
412	Unicorn-50394.exe
1644	Unicorn-26444.exe
1188	Unicorn-58562.exe
1780	Unicorn-65339.exe
1360	Unicorn-54478.exe
1324	Unicorn-27836.exe
1840	Unicorn-27836.exe
920	Unicorn-42780.exe
2868	Unicorn-27836.exe
2408	Unicorn-20222.exe
2884	Unicorn-40088.exe
2184	Unicorn-44447.exe
2952	Unicorn-30057.exe
2652	Unicorn-53170.exe
2696	Unicorn-50477.exe
2656	Unicorn-40171.exe
2972	Unicorn-16221.exe
2452	Unicorn-5360.exe
320	Unicorn-17613.exe
2520	Unicorn-44255.exe
2928	Unicorn-59200.exe
2628	Unicorn-59200.exe
2824	Unicorn-5915.exe
2772	Unicorn-25781.exe
2936	Unicorn-52423.exe
1944	Unicorn-1831.exe
1584	Unicorn-21697.exe
1868	Unicorn-44810.exe
1964	Unicorn-40446.exe
2004	Unicorn-63559.exe
1648	Unicorn-14358.exe
108	Unicorn-34224.exe
1476	Unicorn-3497.exe
2144	Unicorn-11665.exe
1356	Unicorn-18442.exe
572	Unicorn-23918.exe
2252	Unicorn-47031.exe
1872	Unicorn-32086.exe
868	Unicorn-5443.exe
1996	Unicorn-20388.exe
768	Unicorn-63367.exe
2676	Unicorn-32640.exe
2492	Unicorn-19642.exe
2800	Unicorn-61229.exe
2484	Unicorn-15557.exe

Loads dropped DLL 64 IoCs

pid	Process
2364	17d446e2741f4d7e049ddf97cd3d23eb10d0b82034b0c9f3a6416196ee387344.exe
2364	17d446e2741f4d7e049ddf97cd3d23eb10d0b82034b0c9f3a6416196ee387344.exe
1256	Unicorn-32911.exe
1256	Unicorn-32911.exe
2364	17d446e2741f4d7e049ddf97cd3d23eb10d0b82034b0c9f3a6416196ee387344.exe
2364	17d446e2741f4d7e049ddf97cd3d23eb10d0b82034b0c9f3a6416196ee387344.exe
2400	Unicorn-28910.exe
2400	Unicorn-28910.exe
1256	Unicorn-32911.exe
1256	Unicorn-32911.exe
2596	Unicorn-52023.exe
2596	Unicorn-52023.exe
1804	WerFault.exe
1804	WerFault.exe
1804	WerFault.exe
1804	WerFault.exe
1804	WerFault.exe
2400	Unicorn-28910.exe
2688	Unicorn-11587.exe
2400	Unicorn-28910.exe
2688	Unicorn-11587.exe
2792	Unicorn-26532.exe
2568	Unicorn-46398.exe
2596	Unicorn-52023.exe
2792	Unicorn-26532.exe
2568	Unicorn-46398.exe
2596	Unicorn-52023.exe
1956	WerFault.exe
1956	WerFault.exe
1956	WerFault.exe
1956	WerFault.exe
2148	WerFault.exe
2148	WerFault.exe
2148	WerFault.exe
2148	WerFault.exe
1956	WerFault.exe
2148	WerFault.exe
2740	Unicorn-18411.exe
2740	Unicorn-18411.exe
2784	Unicorn-38277.exe
2784	Unicorn-38277.exe
2688	Unicorn-11587.exe
2568	Unicorn-46398.exe
2688	Unicorn-11587.exe
2568	Unicorn-46398.exe
1676	Unicorn-46445.exe
2168	Unicorn-34193.exe
1676	Unicorn-46445.exe
2168	Unicorn-34193.exe
2792	Unicorn-26532.exe
2792	Unicorn-26532.exe
1480	WerFault.exe
1480	WerFault.exe
1480	WerFault.exe
1480	WerFault.exe
1480	WerFault.exe
2992	WerFault.exe
2992	WerFault.exe
2992	WerFault.exe
2992	WerFault.exe
2992	WerFault.exe
1824	WerFault.exe
1824	WerFault.exe
1824	WerFault.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2612	2364	WerFault.exe	27
1804	1256	WerFault.exe	28
1956	2400	WerFault.exe	29
2148	2596	WerFault.exe	30
1480	2688	WerFault.exe	32
2992	2792	WerFault.exe	33
1824	2568	WerFault.exe	34
1504	2024	WerFault.exe	40
1508	2740	WerFault.exe	36
2388	2784	WerFault.exe	37
1792	1676	WerFault.exe	39
1596	2168	WerFault.exe	38
2748	636	WerFault.exe	43
2308	864	WerFault.exe	44
2376	2440	WerFault.exe	46
988	2864	WerFault.exe	45
1352	1156	WerFault.exe	48
764	2632	WerFault.exe	47
1120	596	WerFault.exe	49
1432	1636	WerFault.exe	53
2072	412	WerFault.exe	54
1984	1644	WerFault.exe	55
912	1188	WerFault.exe	56
344	1780	WerFault.exe	57
1696	1360	WerFault.exe	58
1728	1840	WerFault.exe	61
2112	2868	WerFault.exe	59
2836	920	WerFault.exe	62
2104	2884	WerFault.exe	64
3000	2408	WerFault.exe	63
3004	1324	WerFault.exe	60
2416	2184	WerFault.exe	70
352	2952	WerFault.exe	71
500	2652	WerFault.exe	72
2912	2696	WerFault.exe	73
3168	2972	WerFault.exe	75
3188	2452	WerFault.exe	76
3224	2656	WerFault.exe	74
3252	320	WerFault.exe	77
3268	2824	WerFault.exe	82
3292	1944	WerFault.exe	84
3284	2628	WerFault.exe	79
3300	2520	WerFault.exe	78
3308	2936	WerFault.exe	83
3372	2928	WerFault.exe	80
3364	2772	WerFault.exe	81
3404	1584	WerFault.exe	85
3396	1868	WerFault.exe	86
3672	2532	WerFault.exe	137
3636	2528	WerFault.exe	136
3316	1964	WerFault.exe	88
3512	2004	WerFault.exe	89
3992	1356	WerFault.exe	100
3948	108	WerFault.exe	93
4008	1476	WerFault.exe	97
4040	2144	WerFault.exe	99
3768	768	WerFault.exe	106
3696	1428	WerFault.exe	114
3788	1548	WerFault.exe	120
3856	2484	WerFault.exe	110
4712	788	WerFault.exe	123
4736	2252	WerFault.exe	102
4760	2756	WerFault.exe	139
4776	1968	WerFault.exe	115

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2364	17d446e2741f4d7e049ddf97cd3d23eb10d0b82034b0c9f3a6416196ee387344.exe
1256	Unicorn-32911.exe
2400	Unicorn-28910.exe
2596	Unicorn-52023.exe
2688	Unicorn-11587.exe
2568	Unicorn-46398.exe
2792	Unicorn-26532.exe
2740	Unicorn-18411.exe
2024	Unicorn-26579.exe
1676	Unicorn-46445.exe
2784	Unicorn-38277.exe
2168	Unicorn-34193.exe
636	Unicorn-50612.exe
864	Unicorn-63632.exe
2440	Unicorn-13040.exe
2632	Unicorn-32906.exe
2864	Unicorn-13040.exe
1156	Unicorn-59548.exe
596	Unicorn-8956.exe
1636	Unicorn-1172.exe
412	Unicorn-50394.exe
1644	Unicorn-26444.exe
1188	Unicorn-58562.exe
1780	Unicorn-65339.exe
1360	Unicorn-54478.exe
1840	Unicorn-27836.exe
1324	Unicorn-27836.exe
2408	Unicorn-20222.exe
2868	Unicorn-27836.exe
920	Unicorn-42780.exe
2884	Unicorn-40088.exe
2184	Unicorn-44447.exe
2952	Unicorn-30057.exe
2652	Unicorn-53170.exe
2696	Unicorn-50477.exe
2656	Unicorn-40171.exe
2972	Unicorn-16221.exe
2452	Unicorn-5360.exe
320	Unicorn-17613.exe
2520	Unicorn-44255.exe
2628	Unicorn-59200.exe
2928	Unicorn-59200.exe
2772	Unicorn-25781.exe
2936	Unicorn-52423.exe
2824	Unicorn-5915.exe
1944	Unicorn-1831.exe
1584	Unicorn-21697.exe
1868	Unicorn-44810.exe
1964	Unicorn-40446.exe
2004	Unicorn-63559.exe
1648	Unicorn-14358.exe
108	Unicorn-34224.exe
1476	Unicorn-3497.exe
2144	Unicorn-11665.exe
1356	Unicorn-18442.exe
572	Unicorn-23918.exe
2252	Unicorn-47031.exe
1872	Unicorn-32086.exe
868	Unicorn-5443.exe
768	Unicorn-63367.exe
1996	Unicorn-20388.exe
2676	Unicorn-32640.exe
2492	Unicorn-19642.exe
2800	Unicorn-61229.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2364 wrote to memory of 1256	2364	17d446e2741f4d7e049ddf97cd3d23eb10d0b82034b0c9f3a6416196ee387344.exe	28
PID 2364 wrote to memory of 1256	2364	17d446e2741f4d7e049ddf97cd3d23eb10d0b82034b0c9f3a6416196ee387344.exe	28
PID 2364 wrote to memory of 1256	2364	17d446e2741f4d7e049ddf97cd3d23eb10d0b82034b0c9f3a6416196ee387344.exe	28
PID 2364 wrote to memory of 1256	2364	17d446e2741f4d7e049ddf97cd3d23eb10d0b82034b0c9f3a6416196ee387344.exe	28
PID 1256 wrote to memory of 2400	1256	Unicorn-32911.exe	29
PID 1256 wrote to memory of 2400	1256	Unicorn-32911.exe	29
PID 1256 wrote to memory of 2400	1256	Unicorn-32911.exe	29
PID 1256 wrote to memory of 2400	1256	Unicorn-32911.exe	29
PID 2364 wrote to memory of 2596	2364	17d446e2741f4d7e049ddf97cd3d23eb10d0b82034b0c9f3a6416196ee387344.exe	30
PID 2364 wrote to memory of 2596	2364	17d446e2741f4d7e049ddf97cd3d23eb10d0b82034b0c9f3a6416196ee387344.exe	30
PID 2364 wrote to memory of 2596	2364	17d446e2741f4d7e049ddf97cd3d23eb10d0b82034b0c9f3a6416196ee387344.exe	30
PID 2364 wrote to memory of 2596	2364	17d446e2741f4d7e049ddf97cd3d23eb10d0b82034b0c9f3a6416196ee387344.exe	30
PID 2364 wrote to memory of 2612	2364	17d446e2741f4d7e049ddf97cd3d23eb10d0b82034b0c9f3a6416196ee387344.exe	31
PID 2364 wrote to memory of 2612	2364	17d446e2741f4d7e049ddf97cd3d23eb10d0b82034b0c9f3a6416196ee387344.exe	31
PID 2364 wrote to memory of 2612	2364	17d446e2741f4d7e049ddf97cd3d23eb10d0b82034b0c9f3a6416196ee387344.exe	31
PID 2364 wrote to memory of 2612	2364	17d446e2741f4d7e049ddf97cd3d23eb10d0b82034b0c9f3a6416196ee387344.exe	31
PID 2400 wrote to memory of 2688	2400	Unicorn-28910.exe	32
PID 2400 wrote to memory of 2688	2400	Unicorn-28910.exe	32
PID 2400 wrote to memory of 2688	2400	Unicorn-28910.exe	32
PID 2400 wrote to memory of 2688	2400	Unicorn-28910.exe	32
PID 1256 wrote to memory of 2792	1256	Unicorn-32911.exe	33
PID 1256 wrote to memory of 2792	1256	Unicorn-32911.exe	33
PID 1256 wrote to memory of 2792	1256	Unicorn-32911.exe	33
PID 1256 wrote to memory of 2792	1256	Unicorn-32911.exe	33
PID 2596 wrote to memory of 2568	2596	Unicorn-52023.exe	34
PID 2596 wrote to memory of 2568	2596	Unicorn-52023.exe	34
PID 2596 wrote to memory of 2568	2596	Unicorn-52023.exe	34
PID 2596 wrote to memory of 2568	2596	Unicorn-52023.exe	34
PID 1256 wrote to memory of 1804	1256	Unicorn-32911.exe	35
PID 1256 wrote to memory of 1804	1256	Unicorn-32911.exe	35
PID 1256 wrote to memory of 1804	1256	Unicorn-32911.exe	35
PID 1256 wrote to memory of 1804	1256	Unicorn-32911.exe	35
PID 2400 wrote to memory of 2740	2400	Unicorn-28910.exe	36
PID 2400 wrote to memory of 2740	2400	Unicorn-28910.exe	36
PID 2400 wrote to memory of 2740	2400	Unicorn-28910.exe	36
PID 2400 wrote to memory of 2740	2400	Unicorn-28910.exe	36
PID 2688 wrote to memory of 2784	2688	Unicorn-11587.exe	37
PID 2688 wrote to memory of 2784	2688	Unicorn-11587.exe	37
PID 2688 wrote to memory of 2784	2688	Unicorn-11587.exe	37
PID 2688 wrote to memory of 2784	2688	Unicorn-11587.exe	37
PID 2792 wrote to memory of 2168	2792	Unicorn-26532.exe	38
PID 2792 wrote to memory of 2168	2792	Unicorn-26532.exe	38
PID 2792 wrote to memory of 2168	2792	Unicorn-26532.exe	38
PID 2792 wrote to memory of 2168	2792	Unicorn-26532.exe	38
PID 2568 wrote to memory of 1676	2568	Unicorn-46398.exe	39
PID 2568 wrote to memory of 1676	2568	Unicorn-46398.exe	39
PID 2568 wrote to memory of 1676	2568	Unicorn-46398.exe	39
PID 2568 wrote to memory of 1676	2568	Unicorn-46398.exe	39
PID 2596 wrote to memory of 2024	2596	Unicorn-52023.exe	40
PID 2596 wrote to memory of 2024	2596	Unicorn-52023.exe	40
PID 2596 wrote to memory of 2024	2596	Unicorn-52023.exe	40
PID 2596 wrote to memory of 2024	2596	Unicorn-52023.exe	40
PID 2400 wrote to memory of 1956	2400	Unicorn-28910.exe	41
PID 2400 wrote to memory of 1956	2400	Unicorn-28910.exe	41
PID 2400 wrote to memory of 1956	2400	Unicorn-28910.exe	41
PID 2400 wrote to memory of 1956	2400	Unicorn-28910.exe	41
PID 2596 wrote to memory of 2148	2596	Unicorn-52023.exe	42
PID 2596 wrote to memory of 2148	2596	Unicorn-52023.exe	42
PID 2596 wrote to memory of 2148	2596	Unicorn-52023.exe	42
PID 2596 wrote to memory of 2148	2596	Unicorn-52023.exe	42
PID 2740 wrote to memory of 636	2740	Unicorn-18411.exe	43
PID 2740 wrote to memory of 636	2740	Unicorn-18411.exe	43
PID 2740 wrote to memory of 636	2740	Unicorn-18411.exe	43
PID 2740 wrote to memory of 636	2740	Unicorn-18411.exe	43

C:\Users\Admin\AppData\Local\Temp\17d446e2741f4d7e049ddf97cd3d23eb10d0b82034b0c9f3a6416196ee387344.exe
"C:\Users\Admin\AppData\Local\Temp\17d446e2741f4d7e049ddf97cd3d23eb10d0b82034b0c9f3a6416196ee387344.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2364
- C:\Users\Admin\AppData\Local\Temp\Unicorn-32911.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-32911.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1256
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28910.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28910.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11587.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11587.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38277.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63632.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58562.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40171.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23918.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44961.exe
        10⤵
        
        PID:1988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21308.exe
        11⤵
        
        PID:3616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30854.exe
        12⤵
        
        PID:5712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11663.exe
        13⤵
        
        PID:8172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35364.exe
        14⤵
        
        PID:11384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49168.exe
        15⤵
        
        PID:9524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8172 -s 216
        14⤵
        
        PID:2444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5712 -s 216
        13⤵
        
        PID:9568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3616 -s 216
        12⤵
        
        PID:6252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1988 -s 216
        11⤵
        
        PID:4532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64841.exe
        10⤵
        
        PID:3952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21185.exe
        11⤵
        
        PID:5300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9224.exe
        12⤵
        
        PID:8580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60994.exe
        13⤵
        
        PID:12124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8580 -s 216
        13⤵
        
        PID:12952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5300 -s 216
        12⤵
        
        PID:10052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3952 -s 216
        11⤵
        
        PID:7992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 572 -s 240
        10⤵
        
        PID:4528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37347.exe
        9⤵
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8863.exe
        10⤵
        
        PID:3608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17281.exe
        11⤵
        
        PID:4784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10080.exe
        12⤵
        
        PID:7560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61876.exe
        13⤵
        
        PID:11132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32152.exe
        14⤵
        
        PID:8712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11132 -s 216
        14⤵
        
        PID:9944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7560 -s 216
        13⤵
        
        PID:11968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4784 -s 216
        12⤵
        
        PID:8400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3608 -s 216
        11⤵
        
        PID:7000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2820 -s 236
        10⤵
        
        PID:4300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2656 -s 240
        9⤵
        Program crash
        
        PID:3224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47031.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16674.exe
        9⤵
        
        PID:812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5464.exe
        10⤵
        
        PID:3976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30854.exe
        11⤵
        
        PID:5728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40335.exe
        12⤵
        
        PID:8776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32297.exe
        13⤵
        
        PID:12204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8776 -s 216
        13⤵
        
        PID:12480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5728 -s 220
        12⤵
        
        PID:10116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3976 -s 216
        11⤵
        
        PID:6260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 812 -s 236
        10⤵
        
        PID:4660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36745.exe
        9⤵
        
        PID:1008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18267.exe
        10⤵
        
        PID:4448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43184.exe
        11⤵
        
        PID:7428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15581.exe
        12⤵
        
        PID:10636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2707.exe
        13⤵
        
        PID:8720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7428 -s 216
        12⤵
        
        PID:11364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4448 -s 216
        11⤵
        
        PID:8752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1008 -s 216
        10⤵
        
        PID:6624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2252 -s 220
        9⤵
        Program crash
        
        PID:4736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1188 -s 240
        8⤵
        Program crash
        
        PID:912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16221.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32086.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40877.exe
        9⤵
        
        PID:880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2833.exe
        10⤵
        
        PID:3724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14566.exe
        11⤵
        
        PID:4620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39245.exe
        12⤵
        
        PID:7740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61876.exe
        13⤵
        
        PID:11124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57087.exe
        14⤵
        
        PID:8564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7740 -s 216
        13⤵
        
        PID:11976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4620 -s 216
        12⤵
        
        PID:8404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3724 -s 216
        11⤵
        
        PID:6868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 880 -s 236
        10⤵
        
        PID:4116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25946.exe
        9⤵
        
        PID:4068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49136.exe
        10⤵
        
        PID:5932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45514.exe
        11⤵
        
        PID:7656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53106.exe
        12⤵
        
        PID:11044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57772.exe
        13⤵
        
        PID:8764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7656 -s 216
        12⤵
        
        PID:11456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5932 -s 216
        11⤵
        
        PID:9232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4068 -s 216
        10⤵
        
        PID:6472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1872 -s 240
        9⤵
        
        PID:4276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11774.exe
        8⤵
        
        PID:668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38713.exe
        9⤵
        
        PID:3680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38879.exe
        10⤵
        
        PID:4244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16303.exe
        11⤵
        
        PID:7520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60506.exe
        12⤵
        
        PID:11204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21758.exe
        13⤵
        
        PID:2152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7520 -s 216
        12⤵
        
        PID:12036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4244 -s 236
        11⤵
        
        PID:9172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3680 -s 236
        10⤵
        
        PID:6548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 668 -s 216
        9⤵
        
        PID:4020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2972 -s 240
        8⤵
        Program crash
        
        PID:3168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 864 -s 240
        7⤵
        Program crash
        
        PID:2308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65339.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5360.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5443.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28625.exe
        9⤵
        
        PID:2156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47950.exe
        10⤵
        
        PID:3556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44367.exe
        11⤵
        
        PID:5636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7854.exe
        12⤵
        
        PID:9016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5400.exe
        13⤵
        
        PID:12484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9016 -s 216
        13⤵
        
        PID:12460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5636 -s 216
        12⤵
        
        PID:9656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3556 -s 216
        11⤵
        
        PID:7248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2156 -s 216
        10⤵
        
        PID:5584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4457.exe
        9⤵
        
        PID:3804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30903.exe
        10⤵
        
        PID:4344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2727.exe
        11⤵
        
        PID:8184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26812.exe
        12⤵
        
        PID:1348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16055.exe
        13⤵
        
        PID:8980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8184 -s 220
        12⤵
        
        PID:11804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4344 -s 220
        11⤵
        
        PID:9540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3804 -s 216
        10⤵
        
        PID:6916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 868 -s 240
        9⤵
        
        PID:4844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11774.exe
        8⤵
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35698.exe
        9⤵
        
        PID:4012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6432.exe
        10⤵
        
        PID:5632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48586.exe
        11⤵
        
        PID:8444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19059.exe
        12⤵
        
        PID:12436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8444 -s 216
        12⤵
        
        PID:11764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5632 -s 216
        11⤵
        
        PID:10232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4012 -s 216
        10⤵
        
        PID:7868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3028 -s 236
        9⤵
        
        PID:5292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2452 -s 240
        8⤵
        Program crash
        
        PID:3188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32640.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1780 -s 240
        7⤵
        Program crash
        
        PID:344
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2784 -s 240
        6⤵
        Program crash
        
        PID:2388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13040.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27836.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25781.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36746.exe
        8⤵
        
        PID:1820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61297.exe
        9⤵
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31614.exe
        10⤵
        
        PID:4060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63993.exe
        11⤵
        
        PID:5568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8814.exe
        12⤵
        
        PID:8244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36594.exe
        13⤵
        
        PID:12900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8244 -s 216
        13⤵
        
        PID:692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5568 -s 216
        12⤵
        
        PID:10100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4060 -s 216
        11⤵
        
        PID:7784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1684 -s 236
        10⤵
        
        PID:5480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50643.exe
        9⤵
        
        PID:3104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39899.exe
        10⤵
        
        PID:5972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30029.exe
        11⤵
        
        PID:8804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65270.exe
        12⤵
        
        PID:11464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8804 -s 216
        12⤵
        
        PID:13204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5972 -s 216
        11⤵
        
        PID:10124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3104 -s 216
        10⤵
        
        PID:6524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1820 -s 240
        9⤵
        
        PID:4992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1468.exe
        8⤵
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23747.exe
        9⤵
        
        PID:3664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30903.exe
        10⤵
        
        PID:4436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8134.exe
        11⤵
        
        PID:7464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38441.exe
        12⤵
        
        PID:11032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17866.exe
        13⤵
        
        PID:8196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7464 -s 216
        12⤵
        
        PID:11904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4436 -s 216
        11⤵
        
        PID:9128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3664 -s 236
        10⤵
        
        PID:6900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1512 -s 216
        9⤵
        
        PID:5028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2772 -s 240
        8⤵
        Program crash
        
        PID:3364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12796.exe
        7⤵
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3928.exe
        8⤵
        
        PID:972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60695.exe
        9⤵
        
        PID:3240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1580.exe
        10⤵
        
        PID:5156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46282.exe
        11⤵
        
        PID:8296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5104.exe
        12⤵
        
        PID:11544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8296 -s 216
        12⤵
        
        PID:12624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5156 -s 216
        11⤵
        
        PID:9684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3240 -s 216
        10⤵
        
        PID:6396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 972 -s 216
        9⤵
        
        PID:5448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26439.exe
        8⤵
        
        PID:3580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30903.exe
        9⤵
        
        PID:4468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8518.exe
        10⤵
        
        PID:7788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39894.exe
        11⤵
        
        PID:10772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32618.exe
        12⤵
        
        PID:9848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7788 -s 216
        11⤵
        
        PID:12076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4468 -s 216
        10⤵
        
        PID:8492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3580 -s 216
        9⤵
        
        PID:6908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1620 -s 220
        8⤵
        
        PID:4836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2868 -s 240
        7⤵
        Program crash
        
        PID:2112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5915.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15557.exe
        7⤵
        Executes dropped EXE
        
        PID:2484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3497.exe
        8⤵
        
        PID:3812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7685.exe
        9⤵
        
        PID:4484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16931.exe
        10⤵
        
        PID:5244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23480.exe
        11⤵
        
        PID:9468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57673.exe
        12⤵
        
        PID:5304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5244 -s 216
        11⤵
        
        PID:10652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4484 -s 216
        10⤵
        
        PID:7756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3812 -s 236
        9⤵
        
        PID:5868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2484 -s 236
        8⤵
        Program crash
        
        PID:3856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24903.exe
        7⤵
        
        PID:1052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42221.exe
        8⤵
        
        PID:3420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21365.exe
        9⤵
        
        PID:4588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51497.exe
        10⤵
        
        PID:7828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15389.exe
        11⤵
        
        PID:10316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7828 -s 216
        11⤵
        
        PID:12044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4588 -s 216
        10⤵
        
        PID:8500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3420 -s 216
        9⤵
        
        PID:6968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1052 -s 216
        8⤵
        
        PID:4964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2824 -s 240
        7⤵
        Program crash
        
        PID:3268
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2864 -s 240
        6⤵
        Program crash
        
        PID:988
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2688 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:1480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18411.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18411.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50612.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50394.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30057.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34224.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39232.exe
        9⤵
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29777.exe
        10⤵
        
        PID:3536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60970.exe
        11⤵
        
        PID:4312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48007.exe
        12⤵
        
        PID:4704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24855.exe
        13⤵
        
        PID:7916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31534.exe
        14⤵
        
        PID:11188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39246.exe
        15⤵
        
        PID:10400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7916 -s 216
        14⤵
        
        PID:12172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4704 -s 220
        13⤵
        
        PID:8540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4312 -s 216
        12⤵
        
        PID:6984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3536 -s 236
        11⤵
        
        PID:5140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2756 -s 236
        10⤵
        Program crash
        
        PID:4760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26247.exe
        9⤵
        
        PID:3592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63108.exe
        10⤵
        
        PID:4188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22769.exe
        11⤵
        
        PID:5856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7937.exe
        12⤵
        
        PID:8972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27933.exe
        13⤵
        
        PID:13272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8972 -s 216
        13⤵
        
        PID:12912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5856 -s 216
        12⤵
        
        PID:10276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4188 -s 216
        11⤵
        
        PID:7968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3592 -s 236
        10⤵
        
        PID:5288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 108 -s 240
        9⤵
        Program crash
        
        PID:3948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15282.exe
        8⤵
        
        PID:340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54473.exe
        9⤵
        
        PID:3756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26435.exe
        10⤵
        
        PID:4480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24710.exe
        11⤵
        
        PID:7516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42224.exe
        12⤵
        
        PID:11256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35297.exe
        13⤵
        
        PID:8832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7516 -s 216
        12⤵
        
        PID:11344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4480 -s 216
        11⤵
        
        PID:8800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3756 -s 236
        10⤵
        
        PID:6632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 340 -s 236
        9⤵
        
        PID:5044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2952 -s 240
        8⤵
        Program crash
        
        PID:352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14358.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-337.exe
        8⤵
        
        PID:2528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2528 -s 240
        9⤵
        Program crash
        
        PID:3636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34607.exe
        8⤵
        
        PID:3740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23563.exe
        9⤵
        
        PID:5840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54896.exe
        10⤵
        
        PID:7204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15581.exe
        11⤵
        
        PID:10732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59910.exe
        12⤵
        
        PID:8716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7204 -s 216
        11⤵
        
        PID:11420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5840 -s 216
        10⤵
        
        PID:9120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3740 -s 216
        9⤵
        
        PID:6452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1648 -s 220
        8⤵
        
        PID:4508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 412 -s 240
        7⤵
        Program crash
        
        PID:2072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53170.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3497.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61790.exe
        8⤵
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29777.exe
        9⤵
        
        PID:3528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17992.exe
        10⤵
        
        PID:4228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61855.exe
        11⤵
        
        PID:5504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19531.exe
        12⤵
        
        PID:8528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51866.exe
        13⤵
        
        PID:11816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35489.exe
        14⤵
        
        PID:9664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8528 -s 216
        13⤵
        
        PID:12868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5504 -s 216
        12⤵
        
        PID:9952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4228 -s 216
        11⤵
        
        PID:7704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3528 -s 236
        10⤵
        
        PID:6140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28852.exe
        9⤵
        
        PID:4256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33542.exe
        10⤵
        
        PID:6460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17881.exe
        11⤵
        
        PID:10188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55914.exe
        12⤵
        
        PID:7548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10188 -s 216
        12⤵
        
        PID:2732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6460 -s 236
        11⤵
        
        PID:11008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4256 -s 216
        10⤵
        
        PID:7576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2780 -s 220
        9⤵
        
        PID:5800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3689.exe
        8⤵
        
        PID:3628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65054.exe
        9⤵
        
        PID:4412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57929.exe
        10⤵
        
        PID:5484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39375.exe
        11⤵
        
        PID:8480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45836.exe
        12⤵
        
        PID:11784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31296.exe
        13⤵
        
        PID:8728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8480 -s 216
        12⤵
        
        PID:12804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5484 -s 216
        11⤵
        
        PID:9900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4412 -s 236
        10⤵
        
        PID:5408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3628 -s 236
        9⤵
        
        PID:5228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1476 -s 240
        8⤵
        Program crash
        
        PID:4008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54177.exe
        7⤵
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13824.exe
        8⤵
        
        PID:3832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62916.exe
        9⤵
        
        PID:4564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37351.exe
        10⤵
        
        PID:6176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28851.exe
        11⤵
        
        PID:9140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7346.exe
        12⤵
        
        PID:12512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9140 -s 216
        12⤵
        
        PID:12600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6176 -s 216
        11⤵
        
        PID:9864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4564 -s 216
        10⤵
        
        PID:7812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3832 -s 236
        9⤵
        
        PID:5172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53165.exe
        8⤵
        
        PID:4668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-752.exe
        9⤵
        
        PID:5276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9525.exe
        10⤵
        
        PID:8328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48659.exe
        11⤵
        
        PID:11620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5229.exe
        12⤵
        
        PID:9464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8328 -s 220
        11⤵
        
        PID:12652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4668 -s 236
        9⤵
        
        PID:7112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2592 -s 240
        8⤵
        
        PID:5004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2652 -s 240
        7⤵
        Program crash
        
        PID:500
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 636 -s 240
        6⤵
        Program crash
        
        PID:2748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26444.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50477.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11665.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16674.exe
        8⤵
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60503.exe
        9⤵
        
        PID:3496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26160.exe
        10⤵
        
        PID:4264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25099.exe
        11⤵
        
        PID:5952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47600.exe
        12⤵
        
        PID:9260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51643.exe
        13⤵
        
        PID:13024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9260 -s 220
        13⤵
        
        PID:6572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5952 -s 216
        12⤵
        
        PID:10516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4264 -s 216
        11⤵
        
        PID:7804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3496 -s 236
        10⤵
        
        PID:5908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14462.exe
        9⤵
        
        PID:4356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29650.exe
        10⤵
        
        PID:6708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14346.exe
        11⤵
        
        PID:10708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17954.exe
        12⤵
        
        PID:8896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6708 -s 216
        11⤵
        
        PID:11528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4356 -s 216
        10⤵
        
        PID:8316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2508 -s 220
        9⤵
        
        PID:5860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61058.exe
        8⤵
        
        PID:3560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28298.exe
        9⤵
        
        PID:4156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53461.exe
        10⤵
        
        PID:4572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59857.exe
        11⤵
        
        PID:7644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3137.exe
        12⤵
        
        PID:11232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7668.exe
        13⤵
        
        PID:8904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7644 -s 216
        12⤵
        
        PID:12028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4572 -s 216
        11⤵
        
        PID:8552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4156 -s 236
        10⤵
        
        PID:6852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41763.exe
        9⤵
        
        PID:4884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58980.exe
        10⤵
        
        PID:7264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15581.exe
        11⤵
        
        PID:10716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30206.exe
        12⤵
        
        PID:8736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10716 -s 236
        12⤵
        
        PID:9936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7264 -s 216
        11⤵
        
        PID:11392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4884 -s 216
        10⤵
        
        PID:9160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2144 -s 240
        8⤵
        Program crash
        
        PID:4040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60975.exe
        7⤵
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22377.exe
        8⤵
        
        PID:3196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61388.exe
        9⤵
        
        PID:6020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24710.exe
        10⤵
        
        PID:7484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15581.exe
        11⤵
        
        PID:10340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49168.exe
        12⤵
        
        PID:9484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7484 -s 216
        11⤵
        
        PID:11220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6020 -s 216
        10⤵
        
        PID:8816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3196 -s 216
        9⤵
        
        PID:6540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2036 -s 236
        8⤵
        
        PID:5256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2696 -s 240
        7⤵
        Program crash
        
        PID:2912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18442.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-337.exe
        7⤵
        
        PID:2532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2532 -s 240
        8⤵
        Program crash
        
        PID:3672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24109.exe
        7⤵
        
        PID:3700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17992.exe
        8⤵
        
        PID:4236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53879.exe
        9⤵
        
        PID:5884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34772.exe
        10⤵
        
        PID:8856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7320.exe
        11⤵
        
        PID:13012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8856 -s 216
        11⤵
        
        PID:12816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5884 -s 216
        10⤵
        
        PID:9792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4236 -s 216
        9⤵
        
        PID:7720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3700 -s 216
        8⤵
        
        PID:5460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1356 -s 240
        7⤵
        Program crash
        
        PID:3992
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1644 -s 240
        6⤵
        Program crash
        
        PID:1984
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2740 -s 240
        5⤵
        Program crash
        
        PID:1508
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2400 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1956
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26532.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26532.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34193.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34193.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59548.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27836.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17613.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19642.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9958.exe
        9⤵
        
        PID:2428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3326.exe
        10⤵
        
        PID:3524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44943.exe
        11⤵
        
        PID:5136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32058.exe
        12⤵
        
        PID:8652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15296.exe
        13⤵
        
        PID:13152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8652 -s 220
        13⤵
        
        PID:5332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5136 -s 220
        12⤵
        
        PID:2384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3524 -s 216
        11⤵
        
        PID:7352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2428 -s 236
        10⤵
        
        PID:6000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3881.exe
        9⤵
        
        PID:3652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11058.exe
        10⤵
        
        PID:5164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17694.exe
        11⤵
        
        PID:8248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2390.exe
        12⤵
        
        PID:11468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8248 -s 236
        12⤵
        
        PID:11748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5164 -s 216
        11⤵
        
        PID:9648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3652 -s 216
        10⤵
        
        PID:7036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2492 -s 220
        9⤵
        
        PID:4932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2345.exe
        8⤵
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54665.exe
        9⤵
        
        PID:3904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37125.exe
        10⤵
        
        PID:4496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26993.exe
        11⤵
        
        PID:7712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17528.exe
        12⤵
        
        PID:11160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7712 -s 216
        12⤵
        
        PID:12180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4496 -s 216
        11⤵
        
        PID:8516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3904 -s 236
        10⤵
        
        PID:6844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2796 -s 216
        9⤵
        
        PID:4868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 320 -s 240
        8⤵
        Program crash
        
        PID:3252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61229.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9958.exe
        8⤵
        
        PID:924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13632.exe
        9⤵
        
        PID:4044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63959.exe
        10⤵
        
        PID:4744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-589.exe
        11⤵
        
        PID:7604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42224.exe
        12⤵
        
        PID:11252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36667.exe
        13⤵
        
        PID:9060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7604 -s 216
        12⤵
        
        PID:11340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4744 -s 216
        11⤵
        
        PID:8636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4044 -s 216
        10⤵
        
        PID:6696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 924 -s 236
        9⤵
        
        PID:4924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44914.exe
        8⤵
        
        PID:3152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49328.exe
        9⤵
        
        PID:5608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42473.exe
        10⤵
        
        PID:8680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60501.exe
        11⤵
        
        PID:11752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8680 -s 216
        11⤵
        
        PID:12388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5608 -s 216
        10⤵
        
        PID:10088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3152 -s 216
        9⤵
        
        PID:6196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2800 -s 240
        8⤵
        
        PID:4364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1840 -s 220
        7⤵
        Program crash
        
        PID:1728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59200.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36746.exe
        7⤵
        
        PID:1968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32517.exe
        8⤵
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51219.exe
        9⤵
        
        PID:4604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29458.exe
        10⤵
        
        PID:6428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56583.exe
        11⤵
        
        PID:9984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20528.exe
        12⤵
        
        PID:8064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9984 -s 216
        12⤵
        
        PID:8940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6428 -s 216
        11⤵
        
        PID:10940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4604 -s 216
        10⤵
        
        PID:7416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2516 -s 236
        9⤵
        
        PID:5496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44914.exe
        8⤵
        
        PID:3176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47623.exe
        9⤵
        
        PID:4628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28939.exe
        10⤵
        
        PID:7884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48254.exe
        11⤵
        
        PID:11176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8846.exe
        12⤵
        
        PID:9148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7884 -s 216
        11⤵
        
        PID:12000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4628 -s 216
        10⤵
        
        PID:8524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3176 -s 236
        9⤵
        
        PID:6680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1968 -s 220
        8⤵
        Program crash
        
        PID:4776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59714.exe
        7⤵
        
        PID:1192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42221.exe
        8⤵
        
        PID:3492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30854.exe
        9⤵
        
        PID:5720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41046.exe
        10⤵
        
        PID:7568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15581.exe
        11⤵
        
        PID:10728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48919.exe
        12⤵
        
        PID:8352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7568 -s 216
        11⤵
        
        PID:11368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5720 -s 216
        10⤵
        
        PID:9040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3492 -s 216
        9⤵
        
        PID:6244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1192 -s 216
        8⤵
        
        PID:4548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2928 -s 220
        7⤵
        Program crash
        
        PID:3372
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1156 -s 220
        6⤵
        Program crash
        
        PID:1352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42780.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52423.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54452.exe
        7⤵
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42823.exe
        8⤵
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54665.exe
        9⤵
        
        PID:3896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54037.exe
        10⤵
        
        PID:5196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46282.exe
        11⤵
        
        PID:8284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19879.exe
        12⤵
        
        PID:11664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3859.exe
        13⤵
        
        PID:9800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8284 -s 216
        12⤵
        
        PID:12760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5196 -s 216
        11⤵
        
        PID:9672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3896 -s 236
        10⤵
        
        PID:7072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2812 -s 236
        9⤵
        
        PID:4972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55220.exe
        8⤵
        
        PID:3928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15971.exe
        9⤵
        
        PID:6088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42665.exe
        10⤵
        
        PID:8992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10890.exe
        11⤵
        
        PID:12412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8992 -s 216
        11⤵
        
        PID:13272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6088 -s 216
        10⤵
        
        PID:9600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3928 -s 216
        9⤵
        
        PID:7016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2788 -s 240
        8⤵
        
        PID:5424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31125.exe
        7⤵
        
        PID:780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36191.exe
        8⤵
        
        PID:3964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18410.exe
        9⤵
        
        PID:5876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55109.exe
        10⤵
        
        PID:8956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17305.exe
        11⤵
        
        PID:12308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4295.exe
        12⤵
        
        PID:8976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8956 -s 216
        11⤵
        
        PID:13232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5876 -s 220
        10⤵
        
        PID:9288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3964 -s 216
        9⤵
        
        PID:6476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 780 -s 216
        8⤵
        
        PID:4600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2936 -s 220
        7⤵
        Program crash
        
        PID:3308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47607.exe
        6⤵
        
        PID:1428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8012.exe
        7⤵
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42221.exe
        8⤵
        
        PID:3388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6432.exe
        9⤵
        
        PID:5680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34772.exe
        10⤵
        
        PID:8864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25603.exe
        11⤵
        
        PID:13080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8864 -s 220
        11⤵
        
        PID:12800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5680 -s 216
        10⤵
        
        PID:10224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3388 -s 216
        9⤵
        
        PID:7856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2320 -s 216
        8⤵
        
        PID:5388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1428 -s 216
        7⤵
        Program crash
        
        PID:3696
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 920 -s 220
        6⤵
        Program crash
        
        PID:2836
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2168 -s 240
        5⤵
        Program crash
        
        PID:1596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8956.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8956.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40088.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20388.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10150.exe
        7⤵
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19170.exe
        8⤵
        
        PID:3988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20055.exe
        9⤵
        
        PID:6124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42665.exe
        10⤵
        
        PID:9000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30782.exe
        11⤵
        
        PID:12580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9000 -s 220
        11⤵
        
        PID:12468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6124 -s 216
        10⤵
        
        PID:9560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3988 -s 216
        9⤵
        
        PID:6404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2512 -s 236
        8⤵
        
        PID:5368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15640.exe
        7⤵
        
        PID:3136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63417.exe
        8⤵
        
        PID:5984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46209.exe
        9⤵
        
        PID:9224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-496.exe
        10⤵
        
        PID:12936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9224 -s 220
        10⤵
        
        PID:7080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5984 -s 216
        9⤵
        
        PID:10456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3136 -s 216
        8⤵
        
        PID:7336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1996 -s 220
        7⤵
        
        PID:5780
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2884 -s 236
        6⤵
        Program crash
        
        PID:2104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1831.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27810.exe
        6⤵
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46907.exe
        7⤵
        
        PID:1344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36191.exe
        8⤵
        
        PID:3956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44909.exe
        9⤵
        
        PID:4420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30501.exe
        10⤵
        
        PID:7588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17528.exe
        11⤵
        
        PID:11152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47549.exe
        12⤵
        
        PID:9884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7588 -s 216
        11⤵
        
        PID:12084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4420 -s 216
        10⤵
        
        PID:8380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3956 -s 236
        9⤵
        
        PID:6600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1344 -s 236
        8⤵
        
        PID:4892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59304.exe
        7⤵
        
        PID:4028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51274.exe
        8⤵
        
        PID:5756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43329.exe
        9⤵
        
        PID:7772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56230.exe
        10⤵
        
        PID:11048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17783.exe
        11⤵
        
        PID:9996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7772 -s 216
        10⤵
        
        PID:12096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5756 -s 216
        9⤵
        
        PID:8476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4028 -s 216
        8⤵
        
        PID:6272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2476 -s 240
        7⤵
        
        PID:4684
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1944 -s 236
        6⤵
        Program crash
        
        PID:3292
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 596 -s 240
        5⤵
        Program crash
        
        PID:1120
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2792 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:2992
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1256 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:1804
- C:\Users\Admin\AppData\Local\Temp\Unicorn-52023.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-52023.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2596
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46398.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46398.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46445.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46445.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32906.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27836.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63367.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40877.exe
        8⤵
        
        PID:1896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21308.exe
        9⤵
        
        PID:3600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32800.exe
        10⤵
        
        PID:5812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27891.exe
        11⤵
        
        PID:8888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5654.exe
        12⤵
        
        PID:12264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16631.exe
        13⤵
        
        PID:9084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8888 -s 216
        12⤵
        
        PID:12504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5812 -s 220
        11⤵
        
        PID:10208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3600 -s 216
        10⤵
        
        PID:6448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1896 -s 216
        9⤵
        
        PID:4216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 768 -s 216
        8⤵
        Program crash
        
        PID:3768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1324 -s 236
        7⤵
        Program crash
        
        PID:3004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44810.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32662.exe
        7⤵
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3928.exe
        8⤵
        
        PID:848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12947.exe
        9⤵
        
        PID:3656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55215.exe
        10⤵
        
        PID:4288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10272.exe
        11⤵
        
        PID:7420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57792.exe
        12⤵
        
        PID:11092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1721.exe
        13⤵
        
        PID:9696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7420 -s 216
        12⤵
        
        PID:11956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4288 -s 236
        11⤵
        
        PID:9092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3656 -s 236
        10⤵
        
        PID:6564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 848 -s 236
        9⤵
        
        PID:4348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21670.exe
        8⤵
        
        PID:4056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28607.exe
        9⤵
        
        PID:6052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43459.exe
        10⤵
        
        PID:8464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37284.exe
        11⤵
        
        PID:11692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40751.exe
        12⤵
        
        PID:8452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8464 -s 216
        11⤵
        
        PID:12752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6052 -s 216
        10⤵
        
        PID:9892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4056 -s 216
        9⤵
        
        PID:7344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1632 -s 240
        8⤵
        
        PID:5772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4483.exe
        7⤵
        
        PID:888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56611.exe
        8⤵
        
        PID:3088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49966.exe
        9⤵
        
        PID:5992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28358.exe
        10⤵
        
        PID:9104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38623.exe
        11⤵
        
        PID:12424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9104 -s 220
        11⤵
        
        PID:12344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5992 -s 216
        10⤵
        
        PID:10300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3088 -s 216
        9⤵
        
        PID:7928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 888 -s 216
        8⤵
        
        PID:4304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1868 -s 240
        7⤵
        Program crash
        
        PID:3396
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2632 -s 240
        6⤵
        Program crash
        
        PID:764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20222.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21697.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32662.exe
        7⤵
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8012.exe
        8⤵
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21308.exe
        9⤵
        
        PID:3612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53412.exe
        10⤵
        
        PID:5672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9608.exe
        11⤵
        
        PID:8740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9655.exe
        12⤵
        
        PID:12236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8740 -s 216
        12⤵
        
        PID:13132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5672 -s 216
        11⤵
        
        PID:10108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3612 -s 216
        10⤵
        
        PID:6204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2276 -s 236
        9⤵
        
        PID:4400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4457.exe
        8⤵
        
        PID:3824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40065.exe
        9⤵
        
        PID:6228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35239.exe
        10⤵
        
        PID:9708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28400.exe
        11⤵
        
        PID:13280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9708 -s 236
        11⤵
        
        PID:8120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6228 -s 216
        10⤵
        
        PID:10752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3824 -s 216
        9⤵
        
        PID:7816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1672 -s 240
        8⤵
        
        PID:5748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61852.exe
        7⤵
        
        PID:2940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19855.exe
        8⤵
        
        PID:3868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9556.exe
        9⤵
        
        PID:5532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63469.exe
        10⤵
        
        PID:8292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28810.exe
        11⤵
        
        PID:12996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8292 -s 216
        11⤵
        
        PID:12696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5532 -s 220
        10⤵
        
        PID:10152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3868 -s 216
        9⤵
        
        PID:7224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2940 -s 216
        8⤵
        
        PID:5596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1584 -s 240
        7⤵
        Program crash
        
        PID:3404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55775.exe
        6⤵
        
        PID:1548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9719.exe
        7⤵
        
        PID:3744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3601.exe
        8⤵
        
        PID:4384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19152.exe
        9⤵
        
        PID:6496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52260.exe
        10⤵
        
        PID:9428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26563.exe
        11⤵
        
        PID:5264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9428 -s 220
        11⤵
        
        PID:6952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6496 -s 216
        10⤵
        
        PID:10628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4384 -s 216
        9⤵
        
        PID:7596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3744 -s 236
        8⤵
        
        PID:5896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1548 -s 236
        7⤵
        Program crash
        
        PID:3788
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2408 -s 220
        6⤵
        Program crash
        
        PID:3000
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1676 -s 240
        5⤵
        Program crash
        
        PID:1792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13040.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13040.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54478.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44255.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58261.exe
        7⤵
        
        PID:1524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2942.exe
        8⤵
        
        PID:3776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38412.exe
        9⤵
        
        PID:4452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57579.exe
        10⤵
        
        PID:5696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3853.exe
        11⤵
        
        PID:9024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15681.exe
        12⤵
        
        PID:13252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9024 -s 216
        12⤵
        
        PID:952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5696 -s 216
        11⤵
        
        PID:10308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4452 -s 216
        10⤵
        
        PID:7976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3776 -s 236
        9⤵
        
        PID:5624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26714.exe
        8⤵
        
        PID:4516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12545.exe
        9⤵
        
        PID:6388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6183.exe
        10⤵
        
        PID:8948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20533.exe
        11⤵
        
        PID:12616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8948 -s 216
        11⤵
        
        PID:12688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6388 -s 220
        10⤵
        
        PID:10408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4516 -s 216
        9⤵
        
        PID:7748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1524 -s 240
        8⤵
        
        PID:5980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2520 -s 236
        7⤵
        Program crash
        
        PID:3300
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1360 -s 236
        6⤵
        Program crash
        
        PID:1696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59200.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54452.exe
        6⤵
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36601.exe
        7⤵
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27831.exe
        8⤵
        
        PID:3864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49136.exe
        9⤵
        
        PID:5924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54066.exe
        10⤵
        
        PID:7688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12421.exe
        11⤵
        
        PID:11280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1913.exe
        12⤵
        
        PID:9700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7688 -s 216
        11⤵
        
        PID:11772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5924 -s 216
        10⤵
        
        PID:9488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3864 -s 216
        9⤵
        
        PID:6488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1972 -s 236
        8⤵
        
        PID:4284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34306.exe
        7⤵
        
        PID:3940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18493.exe
        8⤵
        
        PID:5544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37813.exe
        9⤵
        
        PID:8624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11409.exe
        10⤵
        
        PID:11992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12136.exe
        11⤵
        
        PID:9080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8624 -s 216
        10⤵
        
        PID:12852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5544 -s 216
        9⤵
        
        PID:10044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3940 -s 236
        8⤵
        
        PID:8016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2804 -s 240
        7⤵
        
        PID:5420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59714.exe
        6⤵
        
        PID:2304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18594.exe
        7⤵
        
        PID:3828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8741.exe
        8⤵
        
        PID:6012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46209.exe
        9⤵
        
        PID:8988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12364.exe
        10⤵
        
        PID:12588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8988 -s 216
        10⤵
        
        PID:3560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6012 -s 220
        9⤵
        
        PID:10448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3828 -s 216
        8⤵
        
        PID:7328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2304 -s 216
        7⤵
        
        PID:5060
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2628 -s 220
        6⤵
        Program crash
        
        PID:3284
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2440 -s 240
        5⤵
        Program crash
        
        PID:2376
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2568 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1824
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26579.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26579.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1172.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1172.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44447.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40446.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49730.exe
        7⤵
        
        PID:788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10918.exe
        8⤵
        
        PID:1760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13523.exe
        9⤵
        
        PID:3660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62026.exe
        10⤵
        
        PID:5836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54896.exe
        11⤵
        
        PID:8188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15581.exe
        12⤵
        
        PID:10764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55006.exe
        13⤵
        
        PID:9912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8188 -s 216
        12⤵
        
        PID:11428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5836 -s 216
        11⤵
        
        PID:9136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3660 -s 216
        10⤵
        
        PID:7272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1760 -s 236
        9⤵
        
        PID:4544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1826.exe
        8⤵
        
        PID:3708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30711.exe
        9⤵
        
        PID:4200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4200 -s 224
        10⤵
        
        PID:8068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3708 -s 236
        9⤵
        
        PID:6532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 788 -s 220
        8⤵
        Program crash
        
        PID:4712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3305.exe
        7⤵
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56502.exe
        8⤵
        
        PID:3912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29341.exe
        9⤵
        
        PID:5324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44720.exe
        10⤵
        
        PID:8384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16672.exe
        11⤵
        
        PID:11728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8384 -s 216
        11⤵
        
        PID:12744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5324 -s 220
        10⤵
        
        PID:9824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3912 -s 236
        9⤵
        
        PID:7144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2720 -s 236
        8⤵
        
        PID:4676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1964 -s 240
        7⤵
        Program crash
        
        PID:3316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56507.exe
        6⤵
        
        PID:1048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56673.exe
        7⤵
        
        PID:3860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44559.exe
        8⤵
        
        PID:5220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40527.exe
        9⤵
        
        PID:9052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33304.exe
        10⤵
        
        PID:12668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25759.exe
        11⤵
        
        PID:2552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9052 -s 220
        10⤵
        
        PID:12632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5220 -s 216
        9⤵
        
        PID:9736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3860 -s 216
        8⤵
        
        PID:6492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1048 -s 236
        7⤵
        
        PID:5508
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2184 -s 240
        6⤵
        Program crash
        
        PID:2416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63559.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45646.exe
        6⤵
        
        PID:2068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19087.exe
        7⤵
        
        PID:3076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5355.exe
        8⤵
        
        PID:3380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51274.exe
        9⤵
        
        PID:5764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64839.exe
        10⤵
        
        PID:8840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34627.exe
        11⤵
        
        PID:2892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8840 -s 220
        11⤵
        
        PID:12836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5764 -s 220
        10⤵
        
        PID:10140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3380 -s 236
        9⤵
        
        PID:5576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3076 -s 236
        8⤵
        
        PID:4624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24384.exe
        7⤵
        
        PID:3120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55249.exe
        8⤵
        
        PID:5904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16734.exe
        9⤵
        
        PID:7904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61274.exe
        10⤵
        
        PID:11148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55006.exe
        11⤵
        
        PID:9452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7904 -s 216
        10⤵
        
        PID:11484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5904 -s 236
        9⤵
        
        PID:9292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3120 -s 216
        8⤵
        
        PID:7320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2068 -s 240
        7⤵
        
        PID:5656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34031.exe
        6⤵
        
        PID:3112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29668.exe
        7⤵
        
        PID:3132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4452.exe
        8⤵
        
        PID:4280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22909.exe
        9⤵
        
        PID:7676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57792.exe
        10⤵
        
        PID:11068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30398.exe
        11⤵
        
        PID:9188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11068 -s 216
        11⤵
        
        PID:8828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7676 -s 216
        10⤵
        
        PID:11948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4280 -s 216
        9⤵
        
        PID:8588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3132 -s 236
        8⤵
        
        PID:6800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17259.exe
        7⤵
        
        PID:4440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12794.exe
        8⤵
        
        PID:7616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-999.exe
        9⤵
        
        PID:10464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47549.exe
        10⤵
        
        PID:8848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7616 -s 216
        9⤵
        
        PID:12052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3112 -s 240
        7⤵
        
        PID:6836
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2004 -s 220
        6⤵
        Program crash
        
        PID:3512
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1636 -s 240
        5⤵
        Program crash
        
        PID:1432
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2024 -s 236
      4⤵
      Program crash
      PID:1504
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2596 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2148
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2364 -s 240
  2⤵
  - Program crash
  PID:2612

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-16055.exe

Filesize
184KB

MD5
8ebd4968827fcb4026d7c6b720b2a49d

SHA1
4787f5dbbb99ef0d69a85fbfba8196b782ef8d33

SHA256
d9f8bdb86bcb3190f91e942a815221bc7a2cd23b784993f7ff98757f4e6c37db

SHA512
77a3b64d386c241d1c8209a3b2621c6658f0410685a94d7896b4abc500e652b32e9ad717860dd852daf35e3e400e12189ad186b758dfaa8b75442690f9b57c48

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-1913.exe

Filesize
184KB

MD5
2209b710503c38d26d9ecdad7642ac58

SHA1
7279a7b01663f962741f85693f577e8c173e8dc6

SHA256
64c52029d3f03de9f4c9f3d7a2dbd5e1bcfbb814c254955ed9e9b00333a4ed38

SHA512
1b57f3a2bec6e7d2ee5ea20864563fe95fe0a3560b7f72869865e912c036cdc2aeedd812b2b24a37f60ec5100f34515cef45ee482b41a7cacb352f3702e5ce5a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23563.exe

Filesize
184KB

MD5
fb13fa992c8df2d9c3a3b787575d99ae

SHA1
5b1323e693a4972950b7b462a2a7ef4b180c9294

SHA256
5619dd8bb2292506c290e6b6fc1cc07443f17be6e4233b95dde934318b850824

SHA512
07918f471dcb52f20516f0cfb2174e2eef759ad212aa0a78aebf5a1c01f4e04ab93fdb6454e138b4a752a1a8ee92e295e6c3351624fc0705429f0e0896327aa4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24384.exe

Filesize
184KB

MD5
c2d1d2102ae2cb36a2c9b8169c7da316

SHA1
1d4d87a9a36ca8e3115d04062f17d0efa674d428

SHA256
fd90bf95588801ca1862f934c58d83ecc86570d1d809f6e474b49b4496fe7b21

SHA512
b0cb7e87e40138508db17ed4fa8d229e6cd96a6e10a5a248ca8ffce51036eca07ff7d13a706541eabd18888194e2b19696bac1ddf78980cfab10e2f392dafff1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26579.exe

Filesize
184KB

MD5
2ea910553c42ad8d4c198699ec460b2a

SHA1
a990b65e783010f6efb2865d764cd496ccee67c7

SHA256
5bb433b3eee11720e92405c5899bd377456b8bc2f592ce94046191d8c92da05f

SHA512
3a625ba5a6691543e00553aef5de8ee17ac7b6156e08ed6a169c3c9d314a9c6d426b7e089d23db694277e34dd5bbf4679877f9295c2f9938e36227abf50f8b77

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28939.exe

Filesize
184KB

MD5
139f7a442e823d10bb8c133d3c5040f4

SHA1
612e37ff3063881ddf9677721c5f0f877a324417

SHA256
3568a80cb1a251942df3b40bcf0a36319588da3a9568a7274be4ea9f3387244d

SHA512
481496aa0db39753e1d8f972eadbb59db0ff3907af3ddb5638f86274261a4c9d79f8eb7619201cb89d1c6474cd53c62d122d650fe07484827ed7b7a73f9a8a57

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34193.exe

Filesize
184KB

MD5
32b1c0cc24221951a7de1505a6198f77

SHA1
ec3de177feb59823eb865180efdf40bf754a8272

SHA256
85ec1996a34c5958846a09043306183cfc629f4236e0c8553eebc11ba710cdfa

SHA512
b5a245f8980f49bb68de5a39239402f06a999c2dd9af6e611c76bee1e5bb07e3f015d4aa99189acaf0a98407c6f87e91826d252bbbcd4337c376692fa2039eb0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46398.exe

Filesize
184KB

MD5
9c1261a2170fd21121ad9028847c62e5

SHA1
c163ceb17d4e9a19af332aaaf71d7c53900b911c

SHA256
6c51cc4fe900bb226c9e2d97de5b376628aa3337b636fa14f66cf7e7139e8e29

SHA512
eaf163af345660824220a018ff8230d6c98d080f213a2c5791c2b9717319570c72a83262d3c947432cdb5d18e2883c124004878de9b5ec7ca28c9971a7366730

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50612.exe

Filesize
184KB

MD5
87b6fbfd2e86dd2b9175f194a3aaaf36

SHA1
1af23427a77c6354d14ab75e091523fa37a78614

SHA256
45c826d55538977f08cefd8ab117000ef3cee0fb93da8b501633247d4e26e3d0

SHA512
0b40429c1de70ca3d65914bf49f4dbe261183ace17b91c41fba977bb2908c2fe1e385eee9a40c9ba647199fbea4ea6a9bd34752ee3510cfec7598058da192a2d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5443.exe

Filesize
184KB

MD5
fa4948ac2dc6c4f78bedb3512681399a

SHA1
f7509af0052aa6bd8cd122fff8c214505143230a

SHA256
c20e6be5be6c358ac00dafe2a4fe0e7e517d842565c421c1359f9a05a9bb1a09

SHA512
7ac6f7cc0b04efe98ec9b755e9eb183470ff338680e470cfe5f0f852ca9dd69b5ef07f5ff0439e0dcfa0cf6fcfb839063a0e6cd63439f4a838e1c3636309d994

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5464.exe

Filesize
184KB

MD5
28a25960943e0ec49434b4b4a5961d9f

SHA1
e2db51bbc65611a545084873fb3be1e959abed95

SHA256
00303fbc12d73262c514e86cbedb0e56304139c7bed9ac6f9db6ca7cddcc8b18

SHA512
10ed0c26c35c8f5f99b4908805d428e47a30af5c7aab80cb41fc726e400832ac0f412dc0ab75bae617c0921b73bb2b626f8758172be636cf56ac05fbeae7d45c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-11587.exe

Filesize
184KB

MD5
e8ef8f1a9f1bf22aeddd68c8b46e22d2

SHA1
1c2a0c4653da8fb825c75f0d2a7cd758f1d157d4

SHA256
9c96a7d5b8fd9245e743c7d3c6d4e4dbbff277abda86eb6e6fac0171a3fd7c49

SHA512
c67d045b4f607c37043d80b2ae524332d8c93ef15906043112593a61f686931c36142b75a4340012964ed7ad5b4d7ee08901640d4dbc811db964aa24155c619b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-18411.exe

Filesize
184KB

MD5
ba089efb0973849d08ad3936fffdf9e6

SHA1
b04a639abbdfe7e1fb94723d15ede682b0fc865d

SHA256
55445c4751cac080b6a6a82c59d501a486588f8a353b5d757878d5015abbfaa1

SHA512
98e23bfe4a6ac9b06efa30be6d86aa7a2eda71e455bfd7739b314a9e14450744b74fbb03f9dc42d14a4d3accfa35be992fa98596a428a0c133db2127133d2144

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26532.exe

Filesize
184KB

MD5
47a6e236a5ab0def54578cf0388a3b8f

SHA1
3623b01736c7e973d9ff2fe2553f7286881eb84a

SHA256
37517bea0c0b74eefb15758c4ea351316f4fc492304acdf20a89f8d710598018

SHA512
c415c8e9ddb4c82e37a3bfef2d5e5be3c54e10d0c3e37566b16aaa3a15e6cd8bda51e1512c38181a2a839cbee7805d04e86257213de4c07c98972394a52f70a4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-28910.exe

Filesize
184KB

MD5
5a90946b63c4e6333fec71aeb6905c78

SHA1
c4ff09dbe0e996e566a8b0cbc8cd5129e18fe65f

SHA256
7e93fbc35806843fd9b567156efa26fac54a9c137e83118e9f5012e5d7729a21

SHA512
33503dad5e9103d5f150c3741e26e1b0ed92255d2a42c2591b57af8c1740a6a08c346e0f5808357402efb046ab3d901c847e73f1042ee28a7a2cda15c7bf4405

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-32911.exe

Filesize
184KB

MD5
b4f555ef016d4e61738da6839972af61

SHA1
9d0a05dba1b9aab95f025b0bc3ac5badb35dd942

SHA256
51004e7a28fb4b9ed9d58e8f9ff1c648e815a8270813807cddf393a99641e845

SHA512
4081a15f9796fd92749c56917634b2d46d63b099eee129ec455ce1c9e18b8f3df12db3c5619c2067047c235f88a3b14018c3981300bf157825a28e6160e61ea5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-38277.exe

Filesize
184KB

MD5
60fe3f3595370152836c565b0e1f2f48

SHA1
9434822a630ab205bdc93dea4331bbaac093c634

SHA256
43d7a93d969b410405640cc3eaad925a03d255e002ccf9799f75d49d600fdc29

SHA512
b03f0893879f9b8b2124be1a8b5ad93c8c196c6ea5095a97b88a928625aa0b3e334b2974837217ebbe44ef945b8794f28b8f8021dc6de5c7ff2b24bfcb15a9b6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-46445.exe

Filesize
184KB

MD5
2a414df1f9bfa933007a6854066fa2af

SHA1
de97950ff15b5906cae3bacdd581a98c255c9d31

SHA256
63bd2e6755e674d804871771ea7e12a009a4be18fd1495dc6ff8eabd54d61700

SHA512
f0eefd65f6653047a33ceb21decd282304b206afbaa18d50e5c58e381ac3304d28cb9b2332383999c2c024e6c10f8b2d024782eaecdba49fec70d3af7e2bb0d3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-52023.exe

Filesize
184KB

MD5
d8dadd529e1a61ff5adc6c2cd770b109

SHA1
bab605bf582e780c5756ab93a52311d16a4d73cd

SHA256
48caaa27b402c413d19406c7b809389191f991247f57631ea4e2dabf8121e6a1

SHA512
5319fa28c7d402cf3dc020c8f99bb03c84fd1b95bd1131dfd47c66b594b1507f6769fe75b781f8c3c27524d8b1d81f1f90238c952a510f87cff7870f38c00328

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-63632.exe

Filesize
184KB

MD5
c5a15f7633d9a1e452344c0c2a1881c6

SHA1
d619ebcd958758022f8950e968b8b91f0422f996

SHA256
b86dde6567355eff0b980cd8c18969a782978f167e42897ff4b6a7999bf20699

SHA512
af8bc5432f6bc7675d0dca947c70d02278c1986f5e16e0e9aa1c1f6c90d5b7a54ba3f0b308a4904849954ee9501d9996d79762bc2d8c6a3b61e3ee0e317996b4

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads