19e2d1890e521fc882cd86864353395f52fbfa8ebd7ceb1d81f18ebd19678f38

Analysis

max time kernel
150s
max time network
118s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 19:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

19e2d1890e521fc882cd86864353395f52fbfa8ebd7ceb1d81f18ebd19678f38.exe
Size

184KB
MD5

e695ccd03a78cf892f990f0caa6c8704
SHA1

9a986a34b6daafc82653e443baf2018f3f3e0a32
SHA256

19e2d1890e521fc882cd86864353395f52fbfa8ebd7ceb1d81f18ebd19678f38
SHA512

2a94bf448332af53751cc7a39893375fda23ab167894db2710d1cc1727ad3df0ac76df67e4f3c83692ad050c60ca85a853939134a4d5999b60fec5cf79d6a3c6
SSDEEP

3072:ARefp8ofu+QCd3aWMDELRxGEhlTViFInl:ARvo8u3aQLfGEhlTViFI

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-48515.exeUnicorn-23025.exeUnicorn-33885.exeUnicorn-62002.exeUnicorn-7326.exeUnicorn-1701.exeUnicorn-13953.exeUnicorn-59625.exeUnicorn-32475.exeUnicorn-1748.exeUnicorn-43335.exeUnicorn-43335.exeUnicorn-9916.exeUnicorn-45578.exeUnicorn-52355.exeUnicorn-61914.exeUnicorn-23020.exeUnicorn-50217.exeUnicorn-35272.exeUnicorn-46133.exeUnicorn-35032.exeUnicorn-54898.exeUnicorn-16004.exeUnicorn-51369.exeUnicorn-16558.exeUnicorn-5697.exeUnicorn-22034.exeUnicorn-32894.exeUnicorn-48676.exeUnicorn-48676.exeUnicorn-10336.exeUnicorn-60928.exeUnicorn-7918.exeUnicorn-35115.exeUnicorn-54981.exeUnicorn-24255.exeUnicorn-51452.exeUnicorn-13948.exeUnicorn-44675.exeUnicorn-41145.exeUnicorn-38453.exeUnicorn-11810.exeUnicorn-11810.exeUnicorn-11810.exeUnicorn-53398.exeUnicorn-53398.exeUnicorn-54789.exeUnicorn-113.exeUnicorn-50705.exeUnicorn-61566.exeUnicorn-36590.exeUnicorn-59703.exeUnicorn-53481.exeUnicorn-15978.exeUnicorn-8364.exeUnicorn-40482.exeUnicorn-37130.exeUnicorn-2319.exeUnicorn-43907.exeUnicorn-25432.exeUnicorn-41214.exeUnicorn-49382.exeUnicorn-41768.exeUnicorn-57550.exe

pid	process
1628	Unicorn-48515.exe
2112	Unicorn-23025.exe
2180	Unicorn-33885.exe
2676	Unicorn-62002.exe
2528	Unicorn-7326.exe
2532	Unicorn-1701.exe
2936	Unicorn-13953.exe
1936	Unicorn-59625.exe
1328	Unicorn-32475.exe
864	Unicorn-1748.exe
2192	Unicorn-43335.exe
2580	Unicorn-43335.exe
2588	Unicorn-9916.exe
3028	Unicorn-45578.exe
304	Unicorn-52355.exe
676	Unicorn-61914.exe
1484	Unicorn-23020.exe
2468	Unicorn-50217.exe
1492	Unicorn-35272.exe
448	Unicorn-46133.exe
960	Unicorn-35032.exe
772	Unicorn-54898.exe
2044	Unicorn-16004.exe
1056	Unicorn-51369.exe
1516	Unicorn-16558.exe
2116	Unicorn-5697.exe
3060	Unicorn-22034.exe
2428	Unicorn-32894.exe
2096	Unicorn-48676.exe
2088	Unicorn-48676.exe
2988	Unicorn-10336.exe
1600	Unicorn-60928.exe
2996	Unicorn-7918.exe
2732	Unicorn-35115.exe
2852	Unicorn-54981.exe
2544	Unicorn-24255.exe
3004	Unicorn-51452.exe
2596	Unicorn-13948.exe
2416	Unicorn-44675.exe
2484	Unicorn-41145.exe
3052	Unicorn-38453.exe
852	Unicorn-11810.exe
2324	Unicorn-11810.exe
632	Unicorn-11810.exe
2196	Unicorn-53398.exe
2176	Unicorn-53398.exe
2172	Unicorn-54789.exe
1636	Unicorn-113.exe
2408	Unicorn-50705.exe
1028	Unicorn-61566.exe
2500	Unicorn-36590.exe
792	Unicorn-59703.exe
2012	Unicorn-53481.exe
3036	Unicorn-15978.exe
2976	Unicorn-8364.exe
2260	Unicorn-40482.exe
1984	Unicorn-37130.exe
1584	Unicorn-2319.exe
1664	Unicorn-43907.exe
1284	Unicorn-25432.exe
1796	Unicorn-41214.exe
2644	Unicorn-49382.exe
2868	Unicorn-41768.exe
2524	Unicorn-57550.exe

Loads dropped DLL 64 IoCs

Processes:

19e2d1890e521fc882cd86864353395f52fbfa8ebd7ceb1d81f18ebd19678f38.exeUnicorn-48515.exeWerFault.exeUnicorn-23025.exeWerFault.exeUnicorn-62002.exeUnicorn-7326.exeWerFault.exeUnicorn-1701.exeUnicorn-13953.exeUnicorn-59625.exeWerFault.exeWerFault.exeUnicorn-32475.exeUnicorn-43335.exeUnicorn-43335.exeUnicorn-1748.exe

pid	process
2100	19e2d1890e521fc882cd86864353395f52fbfa8ebd7ceb1d81f18ebd19678f38.exe
2100	19e2d1890e521fc882cd86864353395f52fbfa8ebd7ceb1d81f18ebd19678f38.exe
1628	Unicorn-48515.exe
1628	Unicorn-48515.exe
2100	19e2d1890e521fc882cd86864353395f52fbfa8ebd7ceb1d81f18ebd19678f38.exe
2100	19e2d1890e521fc882cd86864353395f52fbfa8ebd7ceb1d81f18ebd19678f38.exe
1808	WerFault.exe
1808	WerFault.exe
1808	WerFault.exe
1808	WerFault.exe
1808	WerFault.exe
1808	WerFault.exe
1808	WerFault.exe
2112	Unicorn-23025.exe
2112	Unicorn-23025.exe
1628	Unicorn-48515.exe
1628	Unicorn-48515.exe
2772	WerFault.exe
2772	WerFault.exe
2772	WerFault.exe
2772	WerFault.exe
2772	WerFault.exe
2676	Unicorn-62002.exe
2676	Unicorn-62002.exe
2528	Unicorn-7326.exe
2528	Unicorn-7326.exe
2112	Unicorn-23025.exe
2112	Unicorn-23025.exe
2320	WerFault.exe
2320	WerFault.exe
2320	WerFault.exe
2320	WerFault.exe
2320	WerFault.exe
2532	Unicorn-1701.exe
2936	Unicorn-13953.exe
2532	Unicorn-1701.exe
2936	Unicorn-13953.exe
2528	Unicorn-7326.exe
2676	Unicorn-62002.exe
2528	Unicorn-7326.exe
2676	Unicorn-62002.exe
1936	Unicorn-59625.exe
1936	Unicorn-59625.exe
2800	WerFault.exe
2800	WerFault.exe
2800	WerFault.exe
2800	WerFault.exe
2800	WerFault.exe
1308	WerFault.exe
1308	WerFault.exe
1308	WerFault.exe
1308	WerFault.exe
1308	WerFault.exe
1328	Unicorn-32475.exe
1328	Unicorn-32475.exe
2936	Unicorn-13953.exe
2936	Unicorn-13953.exe
2580	Unicorn-43335.exe
2580	Unicorn-43335.exe
2192	Unicorn-43335.exe
2192	Unicorn-43335.exe
1936	Unicorn-59625.exe
1936	Unicorn-59625.exe
864	Unicorn-1748.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
1808	2180	WerFault.exe	Unicorn-33885.exe
2772	1628	WerFault.exe	Unicorn-48515.exe
2320	2112	WerFault.exe	Unicorn-23025.exe
2908	2100	WerFault.exe	19e2d1890e521fc882cd86864353395f52fbfa8ebd7ceb1d81f18ebd19678f38.exe
2800	2676	WerFault.exe	Unicorn-62002.exe
1308	2528	WerFault.exe	Unicorn-7326.exe
1764	2532	WerFault.exe	Unicorn-1701.exe
1744	2936	WerFault.exe	Unicorn-13953.exe
1340	1936	WerFault.exe	Unicorn-59625.exe
1800	1328	WerFault.exe	Unicorn-32475.exe
2912	2580	WerFault.exe	Unicorn-43335.exe
2844	2192	WerFault.exe	Unicorn-43335.exe
2904	2588	WerFault.exe	Unicorn-9916.exe
2768	864	WerFault.exe	Unicorn-1748.exe
2276	3028	WerFault.exe	Unicorn-45578.exe
332	304	WerFault.exe	Unicorn-52355.exe
1040	676	WerFault.exe	Unicorn-61914.exe
1476	1484	WerFault.exe	Unicorn-23020.exe
2312	448	WerFault.exe	Unicorn-46133.exe
1812	1492	WerFault.exe	Unicorn-35272.exe
2884	2468	WerFault.exe	Unicorn-50217.exe
828	772	WerFault.exe	Unicorn-54898.exe
1604	960	WerFault.exe	Unicorn-35032.exe
900	2044	WerFault.exe	Unicorn-16004.exe
1740	1516	WerFault.exe	Unicorn-16558.exe
1564	2116	WerFault.exe	Unicorn-5697.exe
2840	1056	WerFault.exe	Unicorn-51369.exe
2792	2096	WerFault.exe	Unicorn-48676.exe
2520	2988	WerFault.exe	Unicorn-10336.exe
2832	3060	WerFault.exe	Unicorn-22034.exe
2164	1600	WerFault.exe	Unicorn-60928.exe
2924	2428	WerFault.exe	Unicorn-32894.exe
1436	2088	WerFault.exe	Unicorn-48676.exe
2784	2996	WerFault.exe	Unicorn-7918.exe
784	2852	WerFault.exe	Unicorn-54981.exe
3120	2732	WerFault.exe	Unicorn-35115.exe
3136	2596	WerFault.exe	Unicorn-13948.exe
3144	2544	WerFault.exe	Unicorn-24255.exe
3176	3004	WerFault.exe	Unicorn-51452.exe
3208	3052	WerFault.exe	Unicorn-38453.exe
3224	2416	WerFault.exe	Unicorn-44675.exe
3252	1636	WerFault.exe	Unicorn-113.exe
3244	632	WerFault.exe	Unicorn-11810.exe
3260	2484	WerFault.exe	Unicorn-41145.exe
3300	852	WerFault.exe	Unicorn-11810.exe
3332	2196	WerFault.exe	Unicorn-53398.exe
3372	2172	WerFault.exe	Unicorn-54789.exe
3396	2176	WerFault.exe	Unicorn-53398.exe
3404	1028	WerFault.exe	Unicorn-61566.exe
3772	2408	WerFault.exe	Unicorn-50705.exe
3920	2324	WerFault.exe	Unicorn-11810.exe
3840	2500	WerFault.exe	Unicorn-36590.exe
3996	792	WerFault.exe	Unicorn-59703.exe
3444	1284	WerFault.exe	Unicorn-25432.exe
3600	2012	WerFault.exe	Unicorn-53481.exe
3700	2208	WerFault.exe	Unicorn-11042.exe
3792	1292	WerFault.exe	Unicorn-27378.exe
3852	2644	WerFault.exe	Unicorn-49382.exe
3816	3036	WerFault.exe	Unicorn-15978.exe
4032	2260	WerFault.exe	Unicorn-40482.exe
4340	1584	WerFault.exe	Unicorn-2319.exe
4368	1184	WerFault.exe	Unicorn-4841.exe
4376	1032	WerFault.exe	Unicorn-13009.exe
4428	2624	WerFault.exe	Unicorn-26008.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

19e2d1890e521fc882cd86864353395f52fbfa8ebd7ceb1d81f18ebd19678f38.exeUnicorn-48515.exeUnicorn-23025.exeUnicorn-33885.exeUnicorn-62002.exeUnicorn-7326.exeUnicorn-1701.exeUnicorn-13953.exeUnicorn-59625.exeUnicorn-32475.exeUnicorn-1748.exeUnicorn-43335.exeUnicorn-43335.exeUnicorn-9916.exeUnicorn-45578.exeUnicorn-52355.exeUnicorn-61914.exeUnicorn-23020.exeUnicorn-50217.exeUnicorn-46133.exeUnicorn-35272.exeUnicorn-54898.exeUnicorn-35032.exeUnicorn-16004.exeUnicorn-51369.exeUnicorn-16558.exeUnicorn-5697.exeUnicorn-32894.exeUnicorn-48676.exeUnicorn-22034.exeUnicorn-48676.exeUnicorn-10336.exeUnicorn-60928.exeUnicorn-7918.exeUnicorn-54981.exeUnicorn-35115.exeUnicorn-24255.exeUnicorn-51452.exeUnicorn-13948.exeUnicorn-44675.exeUnicorn-41145.exeUnicorn-38453.exeUnicorn-11810.exeUnicorn-11810.exeUnicorn-11810.exeUnicorn-53398.exeUnicorn-53398.exeUnicorn-54789.exeUnicorn-113.exeUnicorn-50705.exeUnicorn-61566.exeUnicorn-36590.exeUnicorn-59703.exeUnicorn-53481.exeUnicorn-15978.exeUnicorn-8364.exeUnicorn-40482.exeUnicorn-37130.exeUnicorn-2319.exeUnicorn-43907.exeUnicorn-25432.exeUnicorn-41214.exeUnicorn-49382.exeUnicorn-41768.exe

pid	process
2100	19e2d1890e521fc882cd86864353395f52fbfa8ebd7ceb1d81f18ebd19678f38.exe
1628	Unicorn-48515.exe
2112	Unicorn-23025.exe
2180	Unicorn-33885.exe
2676	Unicorn-62002.exe
2528	Unicorn-7326.exe
2532	Unicorn-1701.exe
2936	Unicorn-13953.exe
1936	Unicorn-59625.exe
1328	Unicorn-32475.exe
864	Unicorn-1748.exe
2192	Unicorn-43335.exe
2580	Unicorn-43335.exe
2588	Unicorn-9916.exe
3028	Unicorn-45578.exe
304	Unicorn-52355.exe
676	Unicorn-61914.exe
1484	Unicorn-23020.exe
2468	Unicorn-50217.exe
448	Unicorn-46133.exe
1492	Unicorn-35272.exe
772	Unicorn-54898.exe
960	Unicorn-35032.exe
2044	Unicorn-16004.exe
1056	Unicorn-51369.exe
1516	Unicorn-16558.exe
2116	Unicorn-5697.exe
2428	Unicorn-32894.exe
2088	Unicorn-48676.exe
3060	Unicorn-22034.exe
2096	Unicorn-48676.exe
2988	Unicorn-10336.exe
1600	Unicorn-60928.exe
2996	Unicorn-7918.exe
2852	Unicorn-54981.exe
2732	Unicorn-35115.exe
2544	Unicorn-24255.exe
3004	Unicorn-51452.exe
2596	Unicorn-13948.exe
2416	Unicorn-44675.exe
2484	Unicorn-41145.exe
3052	Unicorn-38453.exe
852	Unicorn-11810.exe
632	Unicorn-11810.exe
2324	Unicorn-11810.exe
2196	Unicorn-53398.exe
2176	Unicorn-53398.exe
2172	Unicorn-54789.exe
1636	Unicorn-113.exe
2408	Unicorn-50705.exe
1028	Unicorn-61566.exe
2500	Unicorn-36590.exe
792	Unicorn-59703.exe
2012	Unicorn-53481.exe
3036	Unicorn-15978.exe
2976	Unicorn-8364.exe
2260	Unicorn-40482.exe
1984	Unicorn-37130.exe
1584	Unicorn-2319.exe
1664	Unicorn-43907.exe
1284	Unicorn-25432.exe
1796	Unicorn-41214.exe
2644	Unicorn-49382.exe
2868	Unicorn-41768.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

19e2d1890e521fc882cd86864353395f52fbfa8ebd7ceb1d81f18ebd19678f38.exeUnicorn-48515.exeUnicorn-33885.exeUnicorn-23025.exeUnicorn-62002.exeUnicorn-7326.exeUnicorn-1701.exeUnicorn-13953.exeUnicorn-59625.exe

description	pid	process	target process
PID 2100 wrote to memory of 1628	2100	19e2d1890e521fc882cd86864353395f52fbfa8ebd7ceb1d81f18ebd19678f38.exe	Unicorn-48515.exe
PID 2100 wrote to memory of 1628	2100	19e2d1890e521fc882cd86864353395f52fbfa8ebd7ceb1d81f18ebd19678f38.exe	Unicorn-48515.exe
PID 2100 wrote to memory of 1628	2100	19e2d1890e521fc882cd86864353395f52fbfa8ebd7ceb1d81f18ebd19678f38.exe	Unicorn-48515.exe
PID 2100 wrote to memory of 1628	2100	19e2d1890e521fc882cd86864353395f52fbfa8ebd7ceb1d81f18ebd19678f38.exe	Unicorn-48515.exe
PID 1628 wrote to memory of 2112	1628	Unicorn-48515.exe	Unicorn-23025.exe
PID 1628 wrote to memory of 2112	1628	Unicorn-48515.exe	Unicorn-23025.exe
PID 1628 wrote to memory of 2112	1628	Unicorn-48515.exe	Unicorn-23025.exe
PID 1628 wrote to memory of 2112	1628	Unicorn-48515.exe	Unicorn-23025.exe
PID 2100 wrote to memory of 2180	2100	19e2d1890e521fc882cd86864353395f52fbfa8ebd7ceb1d81f18ebd19678f38.exe	Unicorn-33885.exe
PID 2100 wrote to memory of 2180	2100	19e2d1890e521fc882cd86864353395f52fbfa8ebd7ceb1d81f18ebd19678f38.exe	Unicorn-33885.exe
PID 2100 wrote to memory of 2180	2100	19e2d1890e521fc882cd86864353395f52fbfa8ebd7ceb1d81f18ebd19678f38.exe	Unicorn-33885.exe
PID 2100 wrote to memory of 2180	2100	19e2d1890e521fc882cd86864353395f52fbfa8ebd7ceb1d81f18ebd19678f38.exe	Unicorn-33885.exe
PID 2180 wrote to memory of 1808	2180	Unicorn-33885.exe	WerFault.exe
PID 2180 wrote to memory of 1808	2180	Unicorn-33885.exe	WerFault.exe
PID 2180 wrote to memory of 1808	2180	Unicorn-33885.exe	WerFault.exe
PID 2180 wrote to memory of 1808	2180	Unicorn-33885.exe	WerFault.exe
PID 2112 wrote to memory of 2676	2112	Unicorn-23025.exe	Unicorn-62002.exe
PID 2112 wrote to memory of 2676	2112	Unicorn-23025.exe	Unicorn-62002.exe
PID 2112 wrote to memory of 2676	2112	Unicorn-23025.exe	Unicorn-62002.exe
PID 2112 wrote to memory of 2676	2112	Unicorn-23025.exe	Unicorn-62002.exe
PID 1628 wrote to memory of 2528	1628	Unicorn-48515.exe	Unicorn-7326.exe
PID 1628 wrote to memory of 2528	1628	Unicorn-48515.exe	Unicorn-7326.exe
PID 1628 wrote to memory of 2528	1628	Unicorn-48515.exe	Unicorn-7326.exe
PID 1628 wrote to memory of 2528	1628	Unicorn-48515.exe	Unicorn-7326.exe
PID 1628 wrote to memory of 2772	1628	Unicorn-48515.exe	WerFault.exe
PID 1628 wrote to memory of 2772	1628	Unicorn-48515.exe	WerFault.exe
PID 1628 wrote to memory of 2772	1628	Unicorn-48515.exe	WerFault.exe
PID 1628 wrote to memory of 2772	1628	Unicorn-48515.exe	WerFault.exe
PID 2676 wrote to memory of 2532	2676	Unicorn-62002.exe	Unicorn-1701.exe
PID 2676 wrote to memory of 2532	2676	Unicorn-62002.exe	Unicorn-1701.exe
PID 2676 wrote to memory of 2532	2676	Unicorn-62002.exe	Unicorn-1701.exe
PID 2676 wrote to memory of 2532	2676	Unicorn-62002.exe	Unicorn-1701.exe
PID 2528 wrote to memory of 2936	2528	Unicorn-7326.exe	Unicorn-13953.exe
PID 2528 wrote to memory of 2936	2528	Unicorn-7326.exe	Unicorn-13953.exe
PID 2528 wrote to memory of 2936	2528	Unicorn-7326.exe	Unicorn-13953.exe
PID 2528 wrote to memory of 2936	2528	Unicorn-7326.exe	Unicorn-13953.exe
PID 2112 wrote to memory of 1936	2112	Unicorn-23025.exe	Unicorn-59625.exe
PID 2112 wrote to memory of 1936	2112	Unicorn-23025.exe	Unicorn-59625.exe
PID 2112 wrote to memory of 1936	2112	Unicorn-23025.exe	Unicorn-59625.exe
PID 2112 wrote to memory of 1936	2112	Unicorn-23025.exe	Unicorn-59625.exe
PID 2112 wrote to memory of 2320	2112	Unicorn-23025.exe	WerFault.exe
PID 2112 wrote to memory of 2320	2112	Unicorn-23025.exe	WerFault.exe
PID 2112 wrote to memory of 2320	2112	Unicorn-23025.exe	WerFault.exe
PID 2112 wrote to memory of 2320	2112	Unicorn-23025.exe	WerFault.exe
PID 2532 wrote to memory of 864	2532	Unicorn-1701.exe	Unicorn-1748.exe
PID 2532 wrote to memory of 864	2532	Unicorn-1701.exe	Unicorn-1748.exe
PID 2532 wrote to memory of 864	2532	Unicorn-1701.exe	Unicorn-1748.exe
PID 2532 wrote to memory of 864	2532	Unicorn-1701.exe	Unicorn-1748.exe
PID 2936 wrote to memory of 1328	2936	Unicorn-13953.exe	Unicorn-32475.exe
PID 2936 wrote to memory of 1328	2936	Unicorn-13953.exe	Unicorn-32475.exe
PID 2936 wrote to memory of 1328	2936	Unicorn-13953.exe	Unicorn-32475.exe
PID 2936 wrote to memory of 1328	2936	Unicorn-13953.exe	Unicorn-32475.exe
PID 2528 wrote to memory of 2192	2528	Unicorn-7326.exe	Unicorn-43335.exe
PID 2528 wrote to memory of 2192	2528	Unicorn-7326.exe	Unicorn-43335.exe
PID 2528 wrote to memory of 2192	2528	Unicorn-7326.exe	Unicorn-43335.exe
PID 2528 wrote to memory of 2192	2528	Unicorn-7326.exe	Unicorn-43335.exe
PID 2676 wrote to memory of 2580	2676	Unicorn-62002.exe	Unicorn-43335.exe
PID 2676 wrote to memory of 2580	2676	Unicorn-62002.exe	Unicorn-43335.exe
PID 2676 wrote to memory of 2580	2676	Unicorn-62002.exe	Unicorn-43335.exe
PID 2676 wrote to memory of 2580	2676	Unicorn-62002.exe	Unicorn-43335.exe
PID 1936 wrote to memory of 2588	1936	Unicorn-59625.exe	Unicorn-9916.exe
PID 1936 wrote to memory of 2588	1936	Unicorn-59625.exe	Unicorn-9916.exe
PID 1936 wrote to memory of 2588	1936	Unicorn-59625.exe	Unicorn-9916.exe
PID 1936 wrote to memory of 2588	1936	Unicorn-59625.exe	Unicorn-9916.exe

C:\Users\Admin\AppData\Local\Temp\19e2d1890e521fc882cd86864353395f52fbfa8ebd7ceb1d81f18ebd19678f38.exe
"C:\Users\Admin\AppData\Local\Temp\19e2d1890e521fc882cd86864353395f52fbfa8ebd7ceb1d81f18ebd19678f38.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2100
- C:\Users\Admin\AppData\Local\Temp\Unicorn-48515.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-48515.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1628
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23025.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23025.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62002.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62002.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1701.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1748.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35272.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48676.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50705.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47244.exe
        10⤵
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6870.exe
        11⤵
        
        PID:1788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56922.exe
        12⤵
        
        PID:4048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47898.exe
        13⤵
        
        PID:5780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14810.exe
        14⤵
        
        PID:7200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19147.exe
        15⤵
        
        PID:11160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7200 -s 220
        15⤵
        
        PID:11988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5780 -s 216
        14⤵
        
        PID:8528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4048 -s 216
        13⤵
        
        PID:7076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1788 -s 236
        12⤵
        
        PID:4596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53393.exe
        11⤵
        
        PID:3436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15609.exe
        12⤵
        
        PID:6080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64587.exe
        13⤵
        
        PID:7344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31700.exe
        14⤵
        
        PID:10620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7344 -s 216
        14⤵
        
        PID:11468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6080 -s 216
        13⤵
        
        PID:8656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3436 -s 216
        12⤵
        
        PID:6528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2608 -s 240
        11⤵
        
        PID:4820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60710.exe
        10⤵
        
        PID:688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30088.exe
        11⤵
        
        PID:3284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58204.exe
        12⤵
        
        PID:5744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23808.exe
        13⤵
        
        PID:7396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60563.exe
        14⤵
        
        PID:10388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7396 -s 220
        14⤵
        
        PID:12064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5744 -s 216
        13⤵
        
        PID:9368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3284 -s 216
        12⤵
        
        PID:7068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 688 -s 236
        11⤵
        
        PID:4244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2408 -s 220
        10⤵
        Program crash
        
        PID:3772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2088 -s 236
        9⤵
        Program crash
        
        PID:1436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61566.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19293.exe
        9⤵
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3637.exe
        10⤵
        
        PID:3552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3165.exe
        11⤵
        
        PID:5400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31422.exe
        12⤵
        
        PID:7312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2234.exe
        13⤵
        
        PID:11080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7312 -s 220
        13⤵
        
        PID:11872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5400 -s 216
        12⤵
        
        PID:9376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3552 -s 216
        11⤵
        
        PID:6832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2564 -s 236
        10⤵
        
        PID:5572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1028 -s 236
        9⤵
        Program crash
        
        PID:3404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1492 -s 240
        8⤵
        Program crash
        
        PID:1812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10336.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11810.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39076.exe
        9⤵
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10954.exe
        10⤵
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7145.exe
        11⤵
        
        PID:3192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3192 -s 224
        12⤵
        
        PID:5724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2128 -s 236
        11⤵
        
        PID:4212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22090.exe
        10⤵
        
        PID:3476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19310.exe
        11⤵
        
        PID:5688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33477.exe
        12⤵
        
        PID:8008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15363.exe
        13⤵
        
        PID:10528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8008 -s 216
        13⤵
        
        PID:11484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5688 -s 216
        12⤵
        
        PID:8940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3476 -s 216
        11⤵
        
        PID:7060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1964 -s 220
        10⤵
        
        PID:4148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29983.exe
        9⤵
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24442.exe
        10⤵
        
        PID:3968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8292.exe
        11⤵
        
        PID:5892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56427.exe
        12⤵
        
        PID:7908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20958.exe
        13⤵
        
        PID:11392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7908 -s 236
        13⤵
        
        PID:12116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5892 -s 236
        12⤵
        
        PID:10224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3968 -s 216
        11⤵
        
        PID:7660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2392 -s 216
        10⤵
        
        PID:5696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2324 -s 220
        9⤵
        Program crash
        
        PID:3920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27378.exe
        8⤵
        
        PID:1292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27291.exe
        9⤵
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63336.exe
        10⤵
        
        PID:4044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8292.exe
        11⤵
        
        PID:5720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57052.exe
        12⤵
        
        PID:9132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53137.exe
        13⤵
        
        PID:11676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9132 -s 236
        13⤵
        
        PID:12132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5720 -s 216
        12⤵
        
        PID:10108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4044 -s 216
        11⤵
        
        PID:7668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1724 -s 236
        10⤵
        
        PID:5704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1292 -s 236
        9⤵
        Program crash
        
        PID:3792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2988 -s 240
        8⤵
        Program crash
        
        PID:2520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 864 -s 240
        7⤵
        Program crash
        
        PID:2768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46133.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48676.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11810.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-181.exe
        9⤵
        
        PID:1836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 852 -s 236
        9⤵
        Program crash
        
        PID:3300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23294.exe
        8⤵
        
        PID:352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25345.exe
        9⤵
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53331.exe
        10⤵
        
        PID:3820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64919.exe
        11⤵
        
        PID:5384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63627.exe
        12⤵
        
        PID:7852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26931.exe
        13⤵
        
        PID:10996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7852 -s 220
        13⤵
        
        PID:11752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5384 -s 216
        12⤵
        
        PID:8800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3820 -s 216
        11⤵
        
        PID:6860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 216
        10⤵
        
        PID:4524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1670.exe
        9⤵
        
        PID:4012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40415.exe
        10⤵
        
        PID:5260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12480.exe
        11⤵
        
        PID:7788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33646.exe
        12⤵
        
        PID:10780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7788 -s 216
        12⤵
        
        PID:11568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5260 -s 216
        11⤵
        
        PID:8756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4012 -s 216
        10⤵
        
        PID:6772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 352 -s 240
        9⤵
        
        PID:4332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 240
        8⤵
        Program crash
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53398.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59496.exe
        8⤵
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45765.exe
        9⤵
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24058.exe
        10⤵
        
        PID:3660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62672.exe
        11⤵
        
        PID:6132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63710.exe
        12⤵
        
        PID:7940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58508.exe
        13⤵
        
        PID:10952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7940 -s 236
        13⤵
        
        PID:11388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6132 -s 216
        12⤵
        
        PID:9284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3660 -s 216
        11⤵
        
        PID:6720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1596 -s 216
        10⤵
        
        PID:5328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47171.exe
        9⤵
        
        PID:3888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15417.exe
        10⤵
        
        PID:5464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44058.exe
        11⤵
        
        PID:7860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20901.exe
        12⤵
        
        PID:10296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7860 -s 240
        12⤵
        
        PID:12108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5464 -s 220
        11⤵
        
        PID:9492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3888 -s 236
        10⤵
        
        PID:6976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2336 -s 220
        9⤵
        
        PID:5596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64794.exe
        8⤵
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48754.exe
        9⤵
        
        PID:3880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45760.exe
        10⤵
        
        PID:5964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21225.exe
        11⤵
        
        PID:7960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23340.exe
        12⤵
        
        PID:10828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7960 -s 216
        12⤵
        
        PID:11656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5964 -s 216
        11⤵
        
        PID:8920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3880 -s 216
        10⤵
        
        PID:6180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2584 -s 216
        9⤵
        
        PID:4400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2176 -s 240
        8⤵
        Program crash
        
        PID:3396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 448 -s 240
        7⤵
        Program crash
        
        PID:2312
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2532 -s 240
        6⤵
        Program crash
        
        PID:1764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43335.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61914.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5697.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44675.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57550.exe
        9⤵
        Executes dropped EXE
        
        PID:2524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10954.exe
        10⤵
        
        PID:756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5199.exe
        11⤵
        
        PID:3868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44499.exe
        12⤵
        
        PID:5192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16565.exe
        13⤵
        
        PID:7756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31377.exe
        14⤵
        
        PID:11116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58747.exe
        15⤵
        
        PID:8096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11116 -s 216
        15⤵
        
        PID:13040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7756 -s 216
        14⤵
        
        PID:11948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5192 -s 216
        13⤵
        
        PID:8720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3868 -s 216
        12⤵
        
        PID:6736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 756 -s 216
        11⤵
        
        PID:4316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45718.exe
        10⤵
        
        PID:4052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27971.exe
        11⤵
        
        PID:5488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32901.exe
        12⤵
        
        PID:7808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57382.exe
        13⤵
        
        PID:9864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7808 -s 216
        13⤵
        
        PID:10948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5488 -s 216
        12⤵
        
        PID:8788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4052 -s 236
        11⤵
        
        PID:6884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2524 -s 220
        10⤵
        
        PID:4960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2416 -s 236
        9⤵
        Program crash
        
        PID:3224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11042.exe
        8⤵
        
        PID:2208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56071.exe
        9⤵
        
        PID:2200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22304.exe
        10⤵
        
        PID:3512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21121.exe
        11⤵
        
        PID:5396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21809.exe
        12⤵
        
        PID:9328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27803.exe
        13⤵
        
        PID:12144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9328 -s 236
        13⤵
        
        PID:700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5396 -s 216
        12⤵
        
        PID:9688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3512 -s 236
        11⤵
        
        PID:7900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2200 -s 236
        10⤵
        
        PID:5736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2208 -s 236
        9⤵
        Program crash
        
        PID:3700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2116 -s 240
        8⤵
        Program crash
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41145.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16278.exe
        8⤵
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26497.exe
        9⤵
        
        PID:3860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9257.exe
        10⤵
        
        PID:4652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38308.exe
        11⤵
        
        PID:6632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2104.exe
        12⤵
        
        PID:9936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-994.exe
        13⤵
        
        PID:7208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9936 -s 204
        13⤵
        
        PID:13076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6632 -s 236
        12⤵
        
        PID:10872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4652 -s 236
        11⤵
        
        PID:7416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2604 -s 236
        9⤵
        
        PID:4544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2484 -s 216
        8⤵
        Program crash
        
        PID:3260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 676 -s 240
        7⤵
        Program crash
        
        PID:1040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16558.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13948.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37130.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32060.exe
        9⤵
        
        PID:2444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28251.exe
        10⤵
        
        PID:4020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13580.exe
        11⤵
        
        PID:4672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63435.exe
        12⤵
        
        PID:7400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27978.exe
        13⤵
        
        PID:10888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7400 -s 236
        13⤵
        
        PID:11768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4672 -s 216
        12⤵
        
        PID:8512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4020 -s 216
        11⤵
        
        PID:6396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2444 -s 236
        10⤵
        
        PID:4900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47280.exe
        9⤵
        
        PID:4084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44307.exe
        10⤵
        
        PID:4720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44961.exe
        11⤵
        
        PID:7456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3749.exe
        12⤵
        
        PID:9904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28919.exe
        13⤵
        
        PID:12732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7456 -s 216
        12⤵
        
        PID:10384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4720 -s 216
        11⤵
        
        PID:8540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4084 -s 216
        10⤵
        
        PID:6424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1984 -s 240
        9⤵
        
        PID:4796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18224.exe
        8⤵
        
        PID:1304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63637.exe
        9⤵
        
        PID:3632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46637.exe
        10⤵
        
        PID:4776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41261.exe
        11⤵
        
        PID:7612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30740.exe
        12⤵
        
        PID:9300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18203.exe
        13⤵
        
        PID:13016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7612 -s 216
        12⤵
        
        PID:10980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4776 -s 216
        11⤵
        
        PID:8684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3632 -s 216
        10⤵
        
        PID:6696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1304 -s 236
        9⤵
        
        PID:4128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2596 -s 240
        8⤵
        Program crash
        
        PID:3136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43907.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64732.exe
        8⤵
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15266.exe
        9⤵
        
        PID:4120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60399.exe
        10⤵
        
        PID:6244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62706.exe
        11⤵
        
        PID:9896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48446.exe
        12⤵
        
        PID:12208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9896 -s 216
        12⤵
        
        PID:12284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6244 -s 216
        11⤵
        
        PID:10940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4120 -s 216
        10⤵
        
        PID:7472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2808 -s 216
        9⤵
        
        PID:5916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17129.exe
        8⤵
        
        PID:3680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65111.exe
        9⤵
        
        PID:4584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10534.exe
        10⤵
        
        PID:7692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51160.exe
        11⤵
        
        PID:10272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51067.exe
        12⤵
        
        PID:12980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7692 -s 216
        11⤵
        
        PID:6232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4584 -s 216
        10⤵
        
        PID:8708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3680 -s 216
        9⤵
        
        PID:6688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1664 -s 240
        8⤵
        
        PID:4108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1516 -s 240
        7⤵
        Program crash
        
        PID:1740
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2580 -s 240
        6⤵
        Program crash
        
        PID:2912
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2676 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:2800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59625.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59625.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9916.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51369.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38453.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49382.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33273.exe
        9⤵
        
        PID:3824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1089.exe
        10⤵
        
        PID:4624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26056.exe
        11⤵
        
        PID:6432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46536.exe
        12⤵
        
        PID:9916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27658.exe
        13⤵
        
        PID:12640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4624 -s 216
        11⤵
        
        PID:7440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3824 -s 236
        10⤵
        
        PID:5500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2644 -s 236
        9⤵
        Program crash
        
        PID:3852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9563.exe
        8⤵
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53331.exe
        9⤵
        
        PID:3844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17665.exe
        10⤵
        
        PID:4792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36793.exe
        11⤵
        
        PID:7428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26500.exe
        12⤵
        
        PID:9880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27741.exe
        13⤵
        
        PID:12896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7428 -s 216
        12⤵
        
        PID:10324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4792 -s 216
        11⤵
        
        PID:8520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3844 -s 216
        10⤵
        
        PID:6456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2956 -s 216
        9⤵
        
        PID:5108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3052 -s 240
        8⤵
        Program crash
        
        PID:3208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41768.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45765.exe
        8⤵
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44670.exe
        9⤵
        
        PID:4000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23778.exe
        10⤵
        
        PID:6100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47374.exe
        11⤵
        
        PID:7816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41622.exe
        12⤵
        
        PID:10312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7816 -s 216
        12⤵
        
        PID:3948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6100 -s 216
        11⤵
        
        PID:9248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4000 -s 216
        10⤵
        
        PID:6664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2008 -s 216
        9⤵
        
        PID:5336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41140.exe
        8⤵
        
        PID:3088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36030.exe
        9⤵
        
        PID:5188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42029.exe
        10⤵
        
        PID:7360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37730.exe
        11⤵
        
        PID:10736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7360 -s 216
        11⤵
        
        PID:11640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5188 -s 216
        10⤵
        
        PID:8576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3088 -s 216
        9⤵
        
        PID:6744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2868 -s 220
        8⤵
        
        PID:5344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1056 -s 240
        7⤵
        Program crash
        
        PID:2840
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2588 -s 236
        6⤵
        Program crash
        
        PID:2904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50217.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60928.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54789.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47244.exe
        8⤵
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21261.exe
        9⤵
        
        PID:956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54208.exe
        10⤵
        
        PID:3556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29424.exe
        11⤵
        
        PID:5864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4587.exe
        12⤵
        
        PID:7500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58342.exe
        13⤵
        
        PID:10560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29225.exe
        14⤵
        
        PID:7136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10560 -s 216
        14⤵
        
        PID:12596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7500 -s 216
        13⤵
        
        PID:11496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5864 -s 220
        12⤵
        
        PID:8880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3556 -s 216
        11⤵
        
        PID:7160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 956 -s 216
        10⤵
        
        PID:4828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38426.exe
        9⤵
        
        PID:3664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9003.exe
        10⤵
        
        PID:5832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14810.exe
        11⤵
        
        PID:7176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21394.exe
        12⤵
        
        PID:10700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7176 -s 216
        12⤵
        
        PID:11528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5832 -s 216
        11⤵
        
        PID:2316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3664 -s 216
        10⤵
        
        PID:7084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2948 -s 220
        9⤵
        
        PID:4632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28037.exe
        8⤵
        
        PID:996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19398.exe
        9⤵
        
        PID:3604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42361.exe
        10⤵
        
        PID:5440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63627.exe
        11⤵
        
        PID:7844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33262.exe
        12⤵
        
        PID:10372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7844 -s 216
        12⤵
        
        PID:11400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5440 -s 216
        11⤵
        
        PID:8808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3604 -s 216
        10⤵
        
        PID:6876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 996 -s 216
        9⤵
        
        PID:4636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2172 -s 240
        8⤵
        Program crash
        
        PID:3372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8904.exe
        7⤵
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30799.exe
        8⤵
        
        PID:292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19398.exe
        9⤵
        
        PID:3640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60150.exe
        10⤵
        
        PID:5896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9356.exe
        11⤵
        
        PID:7280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23532.exe
        12⤵
        
        PID:10576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7280 -s 216
        12⤵
        
        PID:11460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5896 -s 216
        11⤵
        
        PID:8556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3640 -s 216
        10⤵
        
        PID:5712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 292 -s 236
        9⤵
        
        PID:4928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20720.exe
        8⤵
        
        PID:3724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15609.exe
        9⤵
        
        PID:6056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47374.exe
        10⤵
        
        PID:7840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2919.exe
        11⤵
        
        PID:10764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19573.exe
        12⤵
        
        PID:12868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7840 -s 216
        11⤵
        
        PID:11560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6056 -s 216
        10⤵
        
        PID:9276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3724 -s 216
        9⤵
        
        PID:6576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2284 -s 240
        8⤵
        
        PID:5044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1600 -s 220
        7⤵
        Program crash
        
        PID:2164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-113.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16278.exe
        7⤵
        
        PID:1676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35049.exe
        8⤵
        
        PID:3468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16933.exe
        9⤵
        
        PID:4600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26055.exe
        10⤵
        
        PID:7412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16542.exe
        11⤵
        
        PID:9932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7412 -s 216
        11⤵
        
        PID:10548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4600 -s 216
        10⤵
        
        PID:8200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3468 -s 216
        9⤵
        
        PID:6380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1676 -s 216
        8⤵
        
        PID:5028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1636 -s 216
        7⤵
        Program crash
        
        PID:3252
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2468 -s 240
        6⤵
        Program crash
        
        PID:2884
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1936 -s 240
        5⤵
        Program crash
        
        PID:1340
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2112 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:2320
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7326.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7326.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13953.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13953.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32475.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45578.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54898.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7918.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36590.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33622.exe
        10⤵
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37789.exe
        11⤵
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41354.exe
        12⤵
        
        PID:3472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14706.exe
        13⤵
        
        PID:5680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41326.exe
        14⤵
        
        PID:9768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21337.exe
        15⤵
        
        PID:4752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9768 -s 216
        15⤵
        
        PID:7212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5680 -s 216
        14⤵
        
        PID:10360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3472 -s 236
        13⤵
        
        PID:8172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2860 -s 236
        12⤵
        
        PID:5808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11182.exe
        11⤵
        
        PID:4092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-316.exe
        12⤵
        
        PID:6156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14491.exe
        13⤵
        
        PID:9628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28462.exe
        14⤵
        
        PID:11620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9628 -s 216
        14⤵
        
        PID:6224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6156 -s 216
        13⤵
        
        PID:10132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4092 -s 216
        12⤵
        
        PID:7264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2600 -s 240
        11⤵
        
        PID:5880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22007.exe
        10⤵
        
        PID:984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24250.exe
        11⤵
        
        PID:4080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55739.exe
        12⤵
        
        PID:6140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51056.exe
        13⤵
        
        PID:9680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57133.exe
        14⤵
        
        PID:11700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9680 -s 216
        14⤵
        
        PID:12272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6140 -s 236
        13⤵
        
        PID:10336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4080 -s 216
        12⤵
        
        PID:8128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 984 -s 216
        11⤵
        
        PID:5776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2500 -s 240
        10⤵
        Program crash
        
        PID:3840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26008.exe
        9⤵
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34089.exe
        10⤵
        
        PID:3584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25594.exe
        11⤵
        
        PID:4712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44338.exe
        12⤵
        
        PID:6956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39437.exe
        13⤵
        
        PID:9776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9776 -s 208
        14⤵
        
        PID:12608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6956 -s 216
        13⤵
        
        PID:11068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4712 -s 216
        12⤵
        
        PID:7776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2624 -s 236
        10⤵
        Program crash
        
        PID:4428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2996 -s 240
        9⤵
        Program crash
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59703.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41790.exe
        9⤵
        
        PID:2372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44395.exe
        10⤵
        
        PID:3416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63720.exe
        11⤵
        
        PID:4160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17229.exe
        12⤵
        
        PID:6356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17206.exe
        13⤵
        
        PID:9828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35234.exe
        14⤵
        
        PID:11684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9828 -s 216
        14⤵
        
        PID:7236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6356 -s 216
        13⤵
        
        PID:10632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4160 -s 216
        12⤵
        
        PID:7532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3416 -s 236
        11⤵
        
        PID:5980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53969.exe
        10⤵
        
        PID:4236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40171.exe
        11⤵
        
        PID:6624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-952.exe
        12⤵
        
        PID:10120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62883.exe
        13⤵
        
        PID:5364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 216
        13⤵
        
        PID:12396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6624 -s 216
        12⤵
        
        PID:10508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4236 -s 216
        11⤵
        
        PID:7588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2372 -s 240
        10⤵
        
        PID:6052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1971.exe
        9⤵
        
        PID:3460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49906.exe
        10⤵
        
        PID:4272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60098.exe
        11⤵
        
        PID:6748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58897.exe
        12⤵
        
        PID:9788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25608.exe
        13⤵
        
        PID:7248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9788 -s 216
        13⤵
        
        PID:12856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6748 -s 216
        12⤵
        
        PID:10800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4272 -s 216
        11⤵
        
        PID:8004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3460 -s 216
        10⤵
        
        PID:6116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 792 -s 240
        9⤵
        Program crash
        
        PID:3996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 772 -s 240
        8⤵
        Program crash
        
        PID:828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35115.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40482.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3471.exe
        9⤵
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36035.exe
        10⤵
        
        PID:3716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50290.exe
        11⤵
        
        PID:4576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3497.exe
        12⤵
        
        PID:6476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42452.exe
        13⤵
        
        PID:9996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45509.exe
        14⤵
        
        PID:12456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4576 -s 236
        12⤵
        
        PID:7452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3716 -s 216
        11⤵
        
        PID:5480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2024 -s 236
        10⤵
        
        PID:4476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12085.exe
        9⤵
        
        PID:3744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6050.exe
        10⤵
        
        PID:4812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19642.exe
        11⤵
        
        PID:6516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1419.exe
        12⤵
        
        PID:10040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7429.exe
        13⤵
        
        PID:12716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6516 -s 236
        12⤵
        
        PID:11132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4812 -s 236
        11⤵
        
        PID:7392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3744 -s 236
        10⤵
        
        PID:5608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2260 -s 240
        9⤵
        Program crash
        
        PID:4032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45059.exe
        8⤵
        
        PID:1148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42641.exe
        9⤵
        
        PID:3956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4872.exe
        10⤵
        
        PID:4228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36409.exe
        11⤵
        
        PID:7292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41238.exe
        12⤵
        
        PID:9824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63537.exe
        13⤵
        
        PID:12804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7292 -s 216
        12⤵
        
        PID:10572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4228 -s 236
        11⤵
        
        PID:8396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3956 -s 236
        10⤵
        
        PID:6208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1148 -s 236
        9⤵
        
        PID:4836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2732 -s 240
        8⤵
        Program crash
        
        PID:3120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3028 -s 240
        7⤵
        Program crash
        
        PID:2276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35032.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54981.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15978.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13009.exe
        9⤵
        
        PID:1032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56647.exe
        10⤵
        
        PID:3540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19180.exe
        11⤵
        
        PID:4308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2729.exe
        12⤵
        
        PID:6784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36339.exe
        13⤵
        
        PID:1768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51098.exe
        14⤵
        
        PID:5236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1768 -s 236
        14⤵
        
        PID:12664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6784 -s 236
        13⤵
        
        PID:10804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4308 -s 236
        12⤵
        
        PID:8036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3540 -s 236
        11⤵
        
        PID:5136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1032 -s 236
        10⤵
        Program crash
        
        PID:4376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57202.exe
        9⤵
        
        PID:3652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20441.exe
        10⤵
        
        PID:4764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48422.exe
        11⤵
        
        PID:6172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52758.exe
        12⤵
        
        PID:9836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20237.exe
        13⤵
        
        PID:4844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9836 -s 216
        13⤵
        
        PID:13124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4764 -s 236
        11⤵
        
        PID:7836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3652 -s 236
        10⤵
        
        PID:4492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3036 -s 240
        9⤵
        Program crash
        
        PID:3816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23870.exe
        8⤵
        
        PID:2268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22413.exe
        9⤵
        
        PID:3796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3912.exe
        10⤵
        
        PID:4932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48998.exe
        11⤵
        
        PID:6988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14164.exe
        12⤵
        
        PID:10152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37943.exe
        13⤵
        
        PID:4552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10152 -s 216
        13⤵
        
        PID:13108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6988 -s 216
        12⤵
        
        PID:11012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4932 -s 216
        11⤵
        
        PID:7448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3796 -s 236
        10⤵
        
        PID:5944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2268 -s 236
        9⤵
        
        PID:4528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2852 -s 240
        8⤵
        Program crash
        
        PID:784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8364.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38282.exe
        8⤵
        
        PID:1848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63061.exe
        9⤵
        
        PID:3988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43767.exe
        10⤵
        
        PID:4280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59460.exe
        11⤵
        
        PID:7180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61118.exe
        12⤵
        
        PID:9848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18203.exe
        13⤵
        
        PID:13024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7180 -s 216
        12⤵
        
        PID:10404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4280 -s 216
        11⤵
        
        PID:8308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3988 -s 236
        10⤵
        
        PID:6216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1848 -s 216
        9⤵
        
        PID:4892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16553.exe
        8⤵
        
        PID:4056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2734.exe
        9⤵
        
        PID:4436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19881.exe
        10⤵
        
        PID:7336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50812.exe
        11⤵
        
        PID:10044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54959.exe
        12⤵
        
        PID:13052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7336 -s 216
        11⤵
        
        PID:10540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4436 -s 216
        10⤵
        
        PID:8432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4056 -s 236
        9⤵
        
        PID:6312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2976 -s 240
        8⤵
        
        PID:4484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 960 -s 240
        7⤵
        Program crash
        
        PID:1604
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1328 -s 240
        6⤵
        Program crash
        
        PID:1800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52355.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16004.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24255.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2319.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10378.exe
        9⤵
        
        PID:592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33740.exe
        10⤵
        
        PID:3892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60399.exe
        11⤵
        
        PID:6284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37626.exe
        12⤵
        
        PID:9856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25997.exe
        13⤵
        
        PID:924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9856 -s 216
        13⤵
        
        PID:6844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6284 -s 216
        12⤵
        
        PID:10716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3892 -s 236
        11⤵
        
        PID:7480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 592 -s 236
        10⤵
        
        PID:5876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23351.exe
        9⤵
        
        PID:3520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37737.exe
        10⤵
        
        PID:4192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58391.exe
        11⤵
        
        PID:7256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17756.exe
        12⤵
        
        PID:10104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29225.exe
        13⤵
        
        PID:7104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10104 -s 236
        13⤵
        
        PID:12588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7256 -s 216
        12⤵
        
        PID:11156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4192 -s 216
        11⤵
        
        PID:8316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3520 -s 236
        10⤵
        
        PID:5616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1584 -s 240
        9⤵
        Program crash
        
        PID:4340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50897.exe
        8⤵
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16575.exe
        9⤵
        
        PID:3592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37893.exe
        10⤵
        
        PID:4324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20265.exe
        11⤵
        
        PID:7520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8373.exe
        12⤵
        
        PID:9840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63106.exe
        13⤵
        
        PID:12520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7520 -s 216
        12⤵
        
        PID:10524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4324 -s 216
        11⤵
        
        PID:8580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3592 -s 236
        10⤵
        
        PID:6600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1748 -s 216
        9⤵
        
        PID:5056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2544 -s 240
        8⤵
        Program crash
        
        PID:3144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25432.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18547.exe
        8⤵
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47939.exe
        9⤵
        
        PID:4196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17805.exe
        10⤵
        
        PID:6520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29650.exe
        11⤵
        
        PID:10000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36194.exe
        12⤵
        
        PID:11848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10000 -s 216
        12⤵
        
        PID:5320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6520 -s 216
        11⤵
        
        PID:11104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4196 -s 216
        10⤵
        
        PID:7556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2612 -s 216
        9⤵
        
        PID:6004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1284 -s 236
        8⤵
        Program crash
        
        PID:3444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2044 -s 240
        7⤵
        Program crash
        
        PID:900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51452.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41214.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32937.exe
        8⤵
        
        PID:1924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8468.exe
        9⤵
        
        PID:3696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18791.exe
        10⤵
        
        PID:5840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-.exe
        11⤵
        
        PID:9752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-.exe
        12⤵
        
        PID:11516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9752 -s 236
        12⤵
        
        PID:5544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5840 -s 216
        11⤵
        
        PID:10352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3696 -s 216
        10⤵
        
        PID:7196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1924 -s 216
        9⤵
        
        PID:5800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29573.exe
        8⤵
        
        PID:3292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25833.exe
        9⤵
        
        PID:4884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34655.exe
        10⤵
        
        PID:7488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12649.exe
        11⤵
        
        PID:10420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7488 -s 216
        11⤵
        
        PID:11452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4884 -s 216
        10⤵
        
        PID:8612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3292 -s 236
        9⤵
        
        PID:6480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1796 -s 240
        8⤵
        
        PID:4860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25323.exe
        7⤵
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9776.exe
        8⤵
        
        PID:3104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13580.exe
        9⤵
        
        PID:4668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38931.exe
        10⤵
        
        PID:7368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8181.exe
        11⤵
        
        PID:10076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7368 -s 216
        11⤵
        
        PID:11040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4668 -s 216
        10⤵
        
        PID:8488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3104 -s 216
        9⤵
        
        PID:6404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1532 -s 236
        8⤵
        
        PID:4964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3004 -s 240
        7⤵
        Program crash
        
        PID:3176
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 304 -s 240
        6⤵
        Program crash
        
        PID:332
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2936 -s 240
        5⤵
        Program crash
        
        PID:1744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43335.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43335.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23020.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22034.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11810.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4265.exe
        8⤵
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15038.exe
        9⤵
        
        PID:2376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54400.exe
        10⤵
        
        PID:3704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62397.exe
        11⤵
        
        PID:4744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55651.exe
        12⤵
        
        PID:7568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19448.exe
        13⤵
        
        PID:10500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7568 -s 216
        13⤵
        
        PID:11444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4744 -s 216
        12⤵
        
        PID:8628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3704 -s 216
        11⤵
        
        PID:6648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2376 -s 236
        10⤵
        
        PID:5072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11976.exe
        9⤵
        
        PID:3752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19995.exe
        10⤵
        
        PID:4772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2366.exe
        11⤵
        
        PID:7648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8949.exe
        12⤵
        
        PID:10860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7648 -s 216
        12⤵
        
        PID:11708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4772 -s 216
        11⤵
        
        PID:8696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3752 -s 236
        10⤵
        
        PID:6708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2944 -s 240
        9⤵
        
        PID:4156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7425.exe
        8⤵
        
        PID:1792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36502.exe
        9⤵
        
        PID:3784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33508.exe
        10⤵
        
        PID:5932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64587.exe
        11⤵
        
        PID:7320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39375.exe
        12⤵
        
        PID:10268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7320 -s 220
        12⤵
        
        PID:12044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5932 -s 216
        11⤵
        
        PID:8568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3784 -s 216
        10⤵
        
        PID:6148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1792 -s 236
        9⤵
        
        PID:4916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 632 -s 240
        8⤵
        Program crash
        
        PID:3244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58105.exe
        7⤵
        
        PID:1996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8240.exe
        8⤵
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1115.exe
        9⤵
        
        PID:3908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46445.exe
        10⤵
        
        PID:5412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12480.exe
        11⤵
        
        PID:7796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20002.exe
        12⤵
        
        PID:10660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7796 -s 216
        12⤵
        
        PID:11508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5412 -s 216
        11⤵
        
        PID:8740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3908 -s 216
        10⤵
        
        PID:6892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2464 -s 236
        9⤵
        
        PID:4568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63123.exe
        8⤵
        
        PID:3076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3466.exe
        9⤵
        
        PID:5356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4312.exe
        10⤵
        
        PID:7728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61658.exe
        11⤵
        
        PID:10048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7728 -s 216
        11⤵
        
        PID:10492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5356 -s 216
        10⤵
        
        PID:8764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3076 -s 216
        9⤵
        
        PID:6868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1996 -s 240
        8⤵
        
        PID:4516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3060 -s 220
        7⤵
        Program crash
        
        PID:2832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53398.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39076.exe
        7⤵
        
        PID:1852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58017.exe
        8⤵
        
        PID:1052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32226.exe
        9⤵
        
        PID:3740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15609.exe
        10⤵
        
        PID:6088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39206.exe
        11⤵
        
        PID:7736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48866.exe
        12⤵
        
        PID:10140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5291.exe
        13⤵
        
        PID:12772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7736 -s 236
        12⤵
        
        PID:10380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6088 -s 216
        11⤵
        
        PID:9264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3740 -s 216
        10⤵
        
        PID:6532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1052 -s 216
        9⤵
        
        PID:5124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63507.exe
        8⤵
        
        PID:3080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44774.exe
        9⤵
        
        PID:5512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1271.exe
        10⤵
        
        PID:7584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11362.exe
        11⤵
        
        PID:10480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7584 -s 220
        11⤵
        
        PID:12072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5512 -s 220
        10⤵
        
        PID:9444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1852 -s 240
        8⤵
        
        PID:5648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3341.exe
        7⤵
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13943.exe
        8⤵
        
        PID:3952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53928.exe
        9⤵
        
        PID:5992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27255.exe
        10⤵
        
        PID:8144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21394.exe
        11⤵
        
        PID:10692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8144 -s 216
        11⤵
        
        PID:11536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5992 -s 216
        10⤵
        
        PID:9040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3952 -s 216
        9⤵
        
        PID:6192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2552 -s 216
        8⤵
        
        PID:4560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2196 -s 240
        7⤵
        Program crash
        
        PID:3332
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1484 -s 240
        6⤵
        Program crash
        
        PID:1476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32894.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53481.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4841.exe
        7⤵
        
        PID:1184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30005.exe
        8⤵
        
        PID:3504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51660.exe
        9⤵
        
        PID:4504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26056.exe
        10⤵
        
        PID:6444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1912.exe
        11⤵
        
        PID:10052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48716.exe
        12⤵
        
        PID:12556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6444 -s 216
        11⤵
        
        PID:11004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4504 -s 216
        10⤵
        
        PID:7984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3504 -s 236
        9⤵
        
        PID:5436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1184 -s 236
        8⤵
        Program crash
        
        PID:4368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26475.exe
        7⤵
        
        PID:3624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45630.exe
        8⤵
        
        PID:4404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6621.exe
        9⤵
        
        PID:6964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55389.exe
        10⤵
        
        PID:9872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23854.exe
        11⤵
        
        PID:8084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9872 -s 216
        11⤵
        
        PID:12956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6964 -s 236
        10⤵
        
        PID:10852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4404 -s 216
        9⤵
        
        PID:1688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3624 -s 236
        8⤵
        
        PID:5392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2012 -s 240
        7⤵
        Program crash
        
        PID:3600
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2428 -s 236
        6⤵
        Program crash
        
        PID:2924
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2192 -s 240
        5⤵
        Program crash
        
        PID:2844
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2528 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1308
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1628 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2772
- C:\Users\Admin\AppData\Local\Temp\Unicorn-33885.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-33885.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2180
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2180 -s 200
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:1808
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2100 -s 240
  2⤵
  - Program crash
  PID:2908

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-2234.exe

Filesize
184KB

MD5
223c02b372f6a082a15b6b1724f427f1

SHA1
bb7b96d0599aaff9f90e376444085168ef07e1c3

SHA256
b5b0c29a60a55be2cc66e71ccece67a55e19b718e5c1aefbb486cad9bbe1a7e3

SHA512
5f0ecf37dbd02269d91a5e52eba863318d903aa2d11cb08b8b37d18802a99a87b6391f6c9f00e4357c23ff1107382fa612c84c4fcdfdbd3cf6b5427e3d0ffbe5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26931.exe

Filesize
184KB

MD5
155052240c91045276a846f2c403ae8f

SHA1
568d21c588b949cb5498ef28b20256e7483e73e8

SHA256
33df11fc6120606cbdac723e7c499f933df818952f94706e82ad23c163cbc0d9

SHA512
afd713c7875d24ddbc7b13b941a86fe40686007f98f71515823bf1ac56f1b6f0efecf9d42b202d2b92f9d213912bf1117cc19b94af47c0e78b716b3e08f46c60

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28462.exe

Filesize
184KB

MD5
16fc07bc26130a9b6fbc0b9f71267f82

SHA1
31ea796963beca15623fbb9bd601cd6c2fcc3c0d

SHA256
8521148aa755eb94a863b37e46b61f194803a4e70f2952ce5aafdf5f48022f99

SHA512
958548256fca4fc7ab6c54c7a3d09620d32d7c671cd08a7f5b5e55dcaa8b233eac13e2f59f26cfefd143c057473580157355925b380c04977572a78c71d495fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31377.exe

Filesize
184KB

MD5
24fad2facecca11737b655772913fa59

SHA1
d187687ad13c36a91076bc51e72acf1115a0d502

SHA256
622399d7024c2c493874158fbc04407573bc5b51cedc794e6f4f837f3b7200d3

SHA512
903ef85cd02483fd83959ffb1d171f0848714b8c41fec21b4698488838710566ff42223c8dd49dd56db1d5aa751288cac4e441511b0929444e2a134d9b91548c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33262.exe

Filesize
184KB

MD5
1a420a56be62ee43ebdc1e6ad78d010f

SHA1
d19b90371f193a4cefa2ff31f2018cbd1d294b88

SHA256
1221f974ceb9f7eff3cf251eac0a47207c3b6dfbe18b448ff6695196c2b90927

SHA512
15e9146288b1abfe4b91af73bf6520414e186cb8a5eda4e4445509bede6edcb130f2c0eb47209670549827d204052137cc0104284ecff7965967406346d30206

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41354.exe

Filesize
184KB

MD5
b2858542c1066120607d790c477cdd7a

SHA1
359d382e7584547fcd759178e15be7ad2d9f6472

SHA256
699c7fa1980fd2e6a94755c07b3209e17a77664d0d406d16dca3eb160718f3eb

SHA512
19a91ccb16f5c22f746a4b7cfcc8fba28cac5241c71fd576ce51de55d54f45d11b97e64b207721495d44d008b17a746b086e3bf74122ddbcdc4131c1d172af6f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43335.exe

Filesize
184KB

MD5
504a671a3ea96b25dcc76e36b9ea08d0

SHA1
de8359570b3e71660d775f13ab0d71cbfb3f7a15

SHA256
94e30a5f85cf5fe6548682f7af24a6caa4a7bf312174fde5f929f45f9953ff9f

SHA512
a8a1d0ff5c5e6e26dc501e737304d07f21f4300545ab944c4b70d20e5426e4676ab498152ff33069abc3022bfaeab01c3839d330fb2b409d684c279e68f1e107

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46536.exe

Filesize
184KB

MD5
13ad3d9bfbcc04a972b2eab4f75e1406

SHA1
7c05c192cceaa2b19be896b7decca851953ccc9a

SHA256
b6ecb3a38d6ca7eb4861d04e09da0cff9a261dbb57716d55f52b50ecd620aa91

SHA512
a4ee5a32984ae177ab479d34925993a786bae1795cb89ac36b4a163e57fc0ec075859fcb21b42cb30d17d89bb5cb8c03e39190e574c8495d7690dfe0d2baaf95

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5697.exe

Filesize
184KB

MD5
416762f717f0daf5c80298917939037f

SHA1
1ca03f2db49c8d2621551b43ecac52d2a26f73bf

SHA256
877d2b30a20b8a49471937e556cb63528698d05e62b45c10f47f07afcacb32e5

SHA512
5525f1ab515db86abcae4dad34f664ff15f8ca0e7a852eb147e8c3ef2533e9382164f75dfc9a6564bdd267f3ec26320b476d4eee710896e83aebfe7727cb68ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6050.exe

Filesize
184KB

MD5
68a6038d638a6f2e752e29d0d6d44af5

SHA1
19be2eda3742db2396655eea468c98967ebfda98

SHA256
ac8d068781f2cc485e9dda03b7669629ee87edec5db39dd225cb3d08b4b6e529

SHA512
3cdfd075eb21f6c08e804cfcdf766996e096f74aa6c42626cd1938ce03c006fe2e39bd1a1c933d6c420aeb182a1200548b4be68f454fffab97c3fdb374aba952

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9916.exe

Filesize
184KB

MD5
aa5b2223bdad08637f3d8e24551c4878

SHA1
0e930b2306ba958366da5454f21b93fb752add98

SHA256
303176530f6225c181115fc2f52803aa217f969a23f2334ccb1d9e590f6888c3

SHA512
bb93a35af7c54375a6ddb08cdd55f05a2cccc15f57587436a150620b1631bb24fd01f28619482634cf093334dcb2e6e9c479dc4dfbb31c15eadc6e1f72a5e57e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-13953.exe

Filesize
184KB

MD5
ca08fe99e0e682b54721ddb04d3751e0

SHA1
034307e264926404679c5beaa69ecd17dd2f1047

SHA256
8a7958a5485c1a9c52406b59c09a27d7f0d35264f33548979066bed1cf4bd06a

SHA512
03e60837f685cc772a6b13aca2688ac66b970a21cde5915353a37b6a8ad64bafc43a36d0c6d87cedc4f6a307f4a670b6ad1fb83070a3fbe7bedb72ea8e4e369f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-1701.exe

Filesize
184KB

MD5
0073727d43a5faf365b07dda9c5dde68

SHA1
85d961d3f7d3c0676f0e78878da347728dd92f4c

SHA256
a77324eadf025d813075f728c45bcffd200f2cf1f6ce1ef1d626c71e40315a31

SHA512
4598b0d9039c0495fbab3a8528117c0db7a81177e4e2b019eca11445ea6af89c5cbf747bae77957e60ce92dd6cc686adc2aabb336fbc211d34a5c62b4c0b9d2e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-1748.exe

Filesize
184KB

MD5
9eaecce3e3133d9f0323658f7f66bf00

SHA1
e9c1aa776184bcdc706bc8114ea6605a98b6bd9b

SHA256
1d8084213c335bc9669c4923dfb9e15156af05f846cbb559c4375d60f3a2c2f1

SHA512
63c7931465f81b9d68694771496bb35a43b4cfda16d4505c773a1fe42f1fae5516305d34ab2abcddad6237d7f114671ece5265a0e424cffe3b7df08a8fc17c71

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-23025.exe

Filesize
184KB

MD5
0d15b742fa485bf07edb2a6e42a18a74

SHA1
f259be0c7e2009e64f8ba46d1170dc6c96094aae

SHA256
44d0f648a6ff7b90a78b35f1cac291a0e319c4eec0041c08c96755499bb3357b

SHA512
ea7f0fca54c27ce7c6c5be554d5d8c277da548b8fa72d41f5f56965a52761ad7b1fcef48483ae4a1e5d6a17c47fe389d44c0bd88a712c5cac2dd1cc8595bc759

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-32475.exe

Filesize
184KB

MD5
c40c4d3a8be00a21d1401482585d972e

SHA1
bd5179d5e618f9616c585b2d7eb0ff3ba477c41d

SHA256
ea05d0979f4ff365b310cd5e31b79bcfb8acee8f6b4c2dc11f4cbafa2b824701

SHA512
d3c458212f9ac3416494005fd3cd4983da56e7c6d6d34dcb9e0e61c055c0625cdd8d8cbec9474c4cd858efedb7505d24a26ca815db33d54a9aba64279bbd4c9c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-33885.exe

Filesize
184KB

MD5
00122317143240f53dc09af78d045a93

SHA1
ce42839fcc65c9f588d9be501bdfa86edf361894

SHA256
1b1cfad1bbaaf10154021a0938eb460f74c26c08d90debcd5d72adf2a433ac67

SHA512
1937af6bb69d5164f962749baf6a91c65cc4c17a4eee82b6f46e4befa36571e1fd790513ce191b793541be49114c46a06aa46d8de2667b1b4b2339d6632b2615

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48515.exe

Filesize
184KB

MD5
63adfe89a3270b99ff17ca4021ab5c1e

SHA1
28ae42fea610fd19a64d38a8f438a020636c44e9

SHA256
67350893294dbc5145690984cb15479d968d191c78978c2e61df536b65337503

SHA512
f16e1e7304f939fefcd0e764172e3203cdf95abda236f5fb59792c1e49918f54ddbc0f0d52ca126e72f87d616e73cd2d7289782c290c3dbf3431f1b8a8e0786b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-59625.exe

Filesize
184KB

MD5
d531cbf639cf222f149d48752b315b74

SHA1
83d681eda3634bc10fd92c8af22252734f7872cf

SHA256
59e69e78ee24a39a6e98e841fd149007c3f19e1667210b3137a18eec5d1171e4

SHA512
d5c186c0fd4bc5f95f7e21c46a3942293a0cb1ddd26d535ad419633605e5932858c9c3bf19886ec6a53b79c0194a568a4e18799f4e3dbfb66e40a153e4f853ed

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-62002.exe

Filesize
184KB

MD5
2eb92159a6fa96a582f98f68942f6a3c

SHA1
47be260fb67bf9db53ab1d15cfadd194c27db1b9

SHA256
4b2dbb9599c60f211a7b2a0ec2517d11ee96f0f430a614abb483e4409cf9dc36

SHA512
be0387ddc6069e7ba05fb8a7883ed630afe4fe3ff86b0436ada3c3d338a82d599e51e1cce860b028d26af74387fad244b78e98f87a52c96a4005d56ca03ab7b1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-7326.exe

Filesize
184KB

MD5
9b25400597a0e4dc6ca2dd92a0f38dfe

SHA1
44d0425938b8fec692d35b0db7a8495f6123e958

SHA256
bdc990b40d9d804ca631ffca49ba18b6f990c601b5c552ed5ad9936e6669ac8f

SHA512
1f71e9e971cbc328c7c83a83b6ab5abfae29c5fefb5720e617b4a2880c7fb6ee9cd60d8fc97ea8fc2fcb10a39d17efd459f78c0b042c9418caa837792f49fb07

Download Submit