de45f942f05e1e2233584875607ddd390dcdd63c331da8f6c7b6ec76d2505b59

Analysis

max time kernel
150s
max time network
121s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
23/05/2024, 03:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

de45f942f05e1e2233584875607ddd390dcdd63c331da8f6c7b6ec76d2505b59.exe
Size

184KB
MD5

5a1ffaf28007a189c9c6d9054edb4223
SHA1

de82496346610360b9815192c7c3ab741d7dac05
SHA256

de45f942f05e1e2233584875607ddd390dcdd63c331da8f6c7b6ec76d2505b59
SHA512

5d2a319ae7f34864fc794ceb081d7feca62883fb4356b638e2683ceef220d9789d9ca8d6b7381732442393699abbb652686e0131cdaec5f5a384e060f174dfe1
SSDEEP

3072:MRSPxvo8d/fjdRjoecmLplJ/IK02Pmgg+PKd569UlAhlnVOFq:MR8ooZRjTL3J/IqfLXhlnVOF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
1076	Unicorn-6688.exe
1716	Unicorn-4073.exe
2532	Unicorn-49745.exe
2576	Unicorn-12926.exe
2476	Unicorn-42453.exe
2832	Unicorn-62319.exe
2948	Unicorn-28389.exe
1652	Unicorn-44533.exe
1264	Unicorn-44533.exe
932	Unicorn-24667.exe
380	Unicorn-44839.exe
2828	Unicorn-15696.exe
2964	Unicorn-14927.exe
2068	Unicorn-30195.exe
2936	Unicorn-60599.exe
1684	Unicorn-11590.exe
844	Unicorn-63251.exe
2748	Unicorn-60527.exe
1148	Unicorn-44191.exe
1452	Unicorn-60013.exe
2064	Unicorn-309.exe
1660	Unicorn-45919.exe
1620	Unicorn-61741.exe
1732	Unicorn-32790.exe
1112	Unicorn-65462.exe
900	Unicorn-45597.exe
2100	Unicorn-48550.exe
2988	Unicorn-28684.exe
2044	Unicorn-7185.exe
1696	Unicorn-2203.exe
2168	Unicorn-56002.exe
2868	Unicorn-19800.exe
2256	Unicorn-39666.exe
2864	Unicorn-11700.exe
2620	Unicorn-40843.exe
2512	Unicorn-529966157233464.exe
2448	Unicorn-41035.exe
1196	Unicorn-43989.exe
1984	Unicorn-44181.exe
2136	Unicorn-44181.exe
2176	Unicorn-44181.exe
936	Unicorn-38186.exe
1280	Unicorn-63013.exe
1828	Unicorn-25188.exe
940	Unicorn-10667.exe
1632	Unicorn-16688.exe
2332	Unicorn-53937.exe
2060	Unicorn-32448.exe
268	Unicorn-61783.exe
1900	Unicorn-45639.exe
1552	Unicorn-563444359645269.exe
776	Unicorn-103134967171435.exe
1844	Unicorn-63475.exe
272	Unicorn-31872.exe
2920	Unicorn-61207.exe
2152	Unicorn-49827.exe
3056	Unicorn-31030.exe
3044	Unicorn-34368.exe
1820	Unicorn-50128.exe
2556	Unicorn-65395.exe
2664	Unicorn-29385.exe
2616	Unicorn-32915.exe
2444	Unicorn-45722.exe
2736	Unicorn-50.exe

Loads dropped DLL 64 IoCs

pid	Process
2356	de45f942f05e1e2233584875607ddd390dcdd63c331da8f6c7b6ec76d2505b59.exe
2356	de45f942f05e1e2233584875607ddd390dcdd63c331da8f6c7b6ec76d2505b59.exe
2356	de45f942f05e1e2233584875607ddd390dcdd63c331da8f6c7b6ec76d2505b59.exe
1076	Unicorn-6688.exe
2356	de45f942f05e1e2233584875607ddd390dcdd63c331da8f6c7b6ec76d2505b59.exe
1076	Unicorn-6688.exe
2532	Unicorn-49745.exe
2532	Unicorn-49745.exe
1076	Unicorn-6688.exe
1716	Unicorn-4073.exe
1076	Unicorn-6688.exe
1716	Unicorn-4073.exe
2508	WerFault.exe
2508	WerFault.exe
2508	WerFault.exe
2508	WerFault.exe
2508	WerFault.exe
2576	Unicorn-12926.exe
2576	Unicorn-12926.exe
2832	Unicorn-62319.exe
2476	Unicorn-42453.exe
2832	Unicorn-62319.exe
2476	Unicorn-42453.exe
1716	Unicorn-4073.exe
1716	Unicorn-4073.exe
1208	WerFault.exe
1208	WerFault.exe
1208	WerFault.exe
1208	WerFault.exe
1208	WerFault.exe
2436	WerFault.exe
2436	WerFault.exe
2436	WerFault.exe
2436	WerFault.exe
2436	WerFault.exe
2576	Unicorn-12926.exe
2948	Unicorn-28389.exe
2576	Unicorn-12926.exe
2948	Unicorn-28389.exe
2476	Unicorn-42453.exe
1652	Unicorn-44533.exe
1652	Unicorn-44533.exe
1264	Unicorn-44533.exe
1264	Unicorn-44533.exe
2476	Unicorn-42453.exe
2832	Unicorn-62319.exe
932	Unicorn-24667.exe
2832	Unicorn-62319.exe
932	Unicorn-24667.exe
1028	WerFault.exe
1028	WerFault.exe
1028	WerFault.exe
1028	WerFault.exe
1028	WerFault.exe
584	WerFault.exe
584	WerFault.exe
584	WerFault.exe
584	WerFault.exe
592	WerFault.exe
592	WerFault.exe
592	WerFault.exe
592	WerFault.exe
592	WerFault.exe
584	WerFault.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2660	2356	WerFault.exe	27
2508	1076	WerFault.exe	28
1208	2532	WerFault.exe	30
2436	1716	WerFault.exe	29
1028	2576	WerFault.exe	32
592	2832	WerFault.exe	34
584	2476	WerFault.exe	33
892	2948	WerFault.exe	36
2148	1652	WerFault.exe	38
3040	2044	WerFault.exe	64
2372	1264	WerFault.exe	37
2328	932	WerFault.exe	39
2760	380	WerFault.exe	42
1464	2828	WerFault.exe	43
1580	2964	WerFault.exe	45
2116	2936	WerFault.exe	44
1248	1684	WerFault.exe	47
1488	844	WerFault.exe	48
828	2068	WerFault.exe	46
2028	1148	WerFault.exe	53
696	1452	WerFault.exe	54
448	1660	WerFault.exe	56
2112	2064	WerFault.exe	55
1144	1620	WerFault.exe	57
328	1732	WerFault.exe	58
1200	1112	WerFault.exe	59
1856	2988	WerFault.exe	62
2892	900	WerFault.exe	60
2908	2100	WerFault.exe	61
1964	2556	WerFault.exe	106
2296	2736	WerFault.exe	109
804	1696	WerFault.exe	67
2012	2168	WerFault.exe	70
2568	2868	WerFault.exe	72
1816	2256	WerFault.exe	71
2880	1196	WerFault.exe	77
1868	2448	WerFault.exe	76
3124	2176	WerFault.exe	79
3140	1280	WerFault.exe	82
3148	1984	WerFault.exe	78
3340	1828	WerFault.exe	83
3448	2748	WerFault.exe	52
3472	2620	WerFault.exe	74
3708	2136	WerFault.exe	80
3728	2512	WerFault.exe	75
3736	936	WerFault.exe	81
3796	2864	WerFault.exe	73
3844	940	WerFault.exe	84
3364	2060	WerFault.exe	91
3932	3056	WerFault.exe	103
3980	2616	WerFault.exe	108
3084	2684	WerFault.exe	114
3116	1668	WerFault.exe	112
3308	2152	WerFault.exe	102
3320	268	WerFault.exe	92
3396	1820	WerFault.exe	105
3408	2664	WerFault.exe	107
3492	776	WerFault.exe	98
3752	1632	WerFault.exe	88
3564	1900	WerFault.exe	94
3672	292	WerFault.exe	118
3860	2920	WerFault.exe	101
3224	3044	WerFault.exe	104
3284	3052	WerFault.exe	127

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2356	de45f942f05e1e2233584875607ddd390dcdd63c331da8f6c7b6ec76d2505b59.exe
1076	Unicorn-6688.exe
2532	Unicorn-49745.exe
1716	Unicorn-4073.exe
2576	Unicorn-12926.exe
2476	Unicorn-42453.exe
2832	Unicorn-62319.exe
2948	Unicorn-28389.exe
1652	Unicorn-44533.exe
1264	Unicorn-44533.exe
932	Unicorn-24667.exe
380	Unicorn-44839.exe
2828	Unicorn-15696.exe
2964	Unicorn-14927.exe
2936	Unicorn-60599.exe
2068	Unicorn-30195.exe
844	Unicorn-63251.exe
1684	Unicorn-11590.exe
2748	Unicorn-60527.exe
1148	Unicorn-44191.exe
1452	Unicorn-60013.exe
2064	Unicorn-309.exe
1660	Unicorn-45919.exe
1620	Unicorn-61741.exe
1732	Unicorn-32790.exe
1112	Unicorn-65462.exe
2988	Unicorn-28684.exe
900	Unicorn-45597.exe
2100	Unicorn-48550.exe
1696	Unicorn-2203.exe
2168	Unicorn-56002.exe
2868	Unicorn-19800.exe
2256	Unicorn-39666.exe
2864	Unicorn-11700.exe
2512	Unicorn-529966157233464.exe
2620	Unicorn-40843.exe
2448	Unicorn-41035.exe
1196	Unicorn-43989.exe
936	Unicorn-38186.exe
2136	Unicorn-44181.exe
2176	Unicorn-44181.exe
1984	Unicorn-44181.exe
1828	Unicorn-25188.exe
1280	Unicorn-63013.exe
940	Unicorn-10667.exe
1632	Unicorn-16688.exe
2332	Unicorn-53937.exe
2060	Unicorn-32448.exe
268	Unicorn-61783.exe
1900	Unicorn-45639.exe
1552	Unicorn-563444359645269.exe
776	Unicorn-103134967171435.exe
1844	Unicorn-63475.exe
2152	Unicorn-49827.exe
2920	Unicorn-61207.exe
272	Unicorn-31872.exe
3056	Unicorn-31030.exe
3044	Unicorn-34368.exe
2556	Unicorn-65395.exe
1820	Unicorn-50128.exe
2664	Unicorn-29385.exe
2444	Unicorn-45722.exe
2616	Unicorn-32915.exe
2736	Unicorn-50.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2356 wrote to memory of 1076	2356	de45f942f05e1e2233584875607ddd390dcdd63c331da8f6c7b6ec76d2505b59.exe	28
PID 2356 wrote to memory of 1076	2356	de45f942f05e1e2233584875607ddd390dcdd63c331da8f6c7b6ec76d2505b59.exe	28
PID 2356 wrote to memory of 1076	2356	de45f942f05e1e2233584875607ddd390dcdd63c331da8f6c7b6ec76d2505b59.exe	28
PID 2356 wrote to memory of 1076	2356	de45f942f05e1e2233584875607ddd390dcdd63c331da8f6c7b6ec76d2505b59.exe	28
PID 2356 wrote to memory of 2532	2356	de45f942f05e1e2233584875607ddd390dcdd63c331da8f6c7b6ec76d2505b59.exe	30
PID 1076 wrote to memory of 1716	1076	Unicorn-6688.exe	29
PID 1076 wrote to memory of 1716	1076	Unicorn-6688.exe	29
PID 2356 wrote to memory of 2532	2356	de45f942f05e1e2233584875607ddd390dcdd63c331da8f6c7b6ec76d2505b59.exe	30
PID 1076 wrote to memory of 1716	1076	Unicorn-6688.exe	29
PID 2356 wrote to memory of 2532	2356	de45f942f05e1e2233584875607ddd390dcdd63c331da8f6c7b6ec76d2505b59.exe	30
PID 1076 wrote to memory of 1716	1076	Unicorn-6688.exe	29
PID 2356 wrote to memory of 2532	2356	de45f942f05e1e2233584875607ddd390dcdd63c331da8f6c7b6ec76d2505b59.exe	30
PID 2356 wrote to memory of 2660	2356	de45f942f05e1e2233584875607ddd390dcdd63c331da8f6c7b6ec76d2505b59.exe	31
PID 2356 wrote to memory of 2660	2356	de45f942f05e1e2233584875607ddd390dcdd63c331da8f6c7b6ec76d2505b59.exe	31
PID 2356 wrote to memory of 2660	2356	de45f942f05e1e2233584875607ddd390dcdd63c331da8f6c7b6ec76d2505b59.exe	31
PID 2356 wrote to memory of 2660	2356	de45f942f05e1e2233584875607ddd390dcdd63c331da8f6c7b6ec76d2505b59.exe	31
PID 2532 wrote to memory of 2576	2532	Unicorn-49745.exe	32
PID 2532 wrote to memory of 2576	2532	Unicorn-49745.exe	32
PID 2532 wrote to memory of 2576	2532	Unicorn-49745.exe	32
PID 2532 wrote to memory of 2576	2532	Unicorn-49745.exe	32
PID 1076 wrote to memory of 2476	1076	Unicorn-6688.exe	33
PID 1076 wrote to memory of 2476	1076	Unicorn-6688.exe	33
PID 1076 wrote to memory of 2476	1076	Unicorn-6688.exe	33
PID 1076 wrote to memory of 2476	1076	Unicorn-6688.exe	33
PID 1716 wrote to memory of 2832	1716	Unicorn-4073.exe	34
PID 1716 wrote to memory of 2832	1716	Unicorn-4073.exe	34
PID 1716 wrote to memory of 2832	1716	Unicorn-4073.exe	34
PID 1716 wrote to memory of 2832	1716	Unicorn-4073.exe	34
PID 1076 wrote to memory of 2508	1076	Unicorn-6688.exe	35
PID 1076 wrote to memory of 2508	1076	Unicorn-6688.exe	35
PID 1076 wrote to memory of 2508	1076	Unicorn-6688.exe	35
PID 1076 wrote to memory of 2508	1076	Unicorn-6688.exe	35
PID 2576 wrote to memory of 2948	2576	Unicorn-12926.exe	36
PID 2576 wrote to memory of 2948	2576	Unicorn-12926.exe	36
PID 2576 wrote to memory of 2948	2576	Unicorn-12926.exe	36
PID 2576 wrote to memory of 2948	2576	Unicorn-12926.exe	36
PID 2832 wrote to memory of 1264	2832	Unicorn-62319.exe	37
PID 2832 wrote to memory of 1264	2832	Unicorn-62319.exe	37
PID 2832 wrote to memory of 1264	2832	Unicorn-62319.exe	37
PID 2832 wrote to memory of 1264	2832	Unicorn-62319.exe	37
PID 2476 wrote to memory of 1652	2476	Unicorn-42453.exe	38
PID 2476 wrote to memory of 1652	2476	Unicorn-42453.exe	38
PID 2476 wrote to memory of 1652	2476	Unicorn-42453.exe	38
PID 2476 wrote to memory of 1652	2476	Unicorn-42453.exe	38
PID 1716 wrote to memory of 932	1716	Unicorn-4073.exe	39
PID 1716 wrote to memory of 932	1716	Unicorn-4073.exe	39
PID 1716 wrote to memory of 932	1716	Unicorn-4073.exe	39
PID 1716 wrote to memory of 932	1716	Unicorn-4073.exe	39
PID 2532 wrote to memory of 1208	2532	Unicorn-49745.exe	40
PID 2532 wrote to memory of 1208	2532	Unicorn-49745.exe	40
PID 2532 wrote to memory of 1208	2532	Unicorn-49745.exe	40
PID 2532 wrote to memory of 1208	2532	Unicorn-49745.exe	40
PID 1716 wrote to memory of 2436	1716	Unicorn-4073.exe	41
PID 1716 wrote to memory of 2436	1716	Unicorn-4073.exe	41
PID 1716 wrote to memory of 2436	1716	Unicorn-4073.exe	41
PID 1716 wrote to memory of 2436	1716	Unicorn-4073.exe	41
PID 2576 wrote to memory of 380	2576	Unicorn-12926.exe	42
PID 2576 wrote to memory of 380	2576	Unicorn-12926.exe	42
PID 2576 wrote to memory of 380	2576	Unicorn-12926.exe	42
PID 2576 wrote to memory of 380	2576	Unicorn-12926.exe	42
PID 2948 wrote to memory of 2828	2948	Unicorn-28389.exe	43
PID 2948 wrote to memory of 2828	2948	Unicorn-28389.exe	43
PID 2948 wrote to memory of 2828	2948	Unicorn-28389.exe	43
PID 2948 wrote to memory of 2828	2948	Unicorn-28389.exe	43

C:\Users\Admin\AppData\Local\Temp\de45f942f05e1e2233584875607ddd390dcdd63c331da8f6c7b6ec76d2505b59.exe
"C:\Users\Admin\AppData\Local\Temp\de45f942f05e1e2233584875607ddd390dcdd63c331da8f6c7b6ec76d2505b59.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2356
- C:\Users\Admin\AppData\Local\Temp\Unicorn-6688.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-6688.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1076
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4073.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4073.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62319.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62319.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44533.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30195.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65462.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44181.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2736 -s 220
        10⤵
        Program crash
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16062.exe
        9⤵
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54833.exe
        10⤵
        
        PID:3136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33822.exe
        11⤵
        
        PID:4228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25258.exe
        12⤵
        
        PID:6812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54945.exe
        13⤵
        
        PID:8992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2185.exe
        14⤵
        
        PID:11468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8992 -s 216
        14⤵
        
        PID:12076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6812 -s 216
        13⤵
        
        PID:9680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4228 -s 236
        12⤵
        
        PID:8148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3136 -s 216
        11⤵
        
        PID:5780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2776 -s 236
        10⤵
        
        PID:4896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2176 -s 240
        9⤵
        Program crash
        
        PID:3124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1112 -s 320
        8⤵
        Program crash
        
        PID:1200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2068 -s 236
        7⤵
        Program crash
        
        PID:828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45597.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63013.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32339.exe
        8⤵
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52456.exe
        9⤵
        
        PID:3020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37838.exe
        10⤵
        
        PID:3884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27268.exe
        11⤵
        
        PID:4996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22736.exe
        12⤵
        
        PID:6348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49984.exe
        13⤵
        
        PID:8816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24619.exe
        14⤵
        
        PID:11256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8816 -s 216
        14⤵
        
        PID:12060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6348 -s 216
        13⤵
        
        PID:9640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4996 -s 216
        12⤵
        
        PID:7748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3884 -s 236
        11⤵
        
        PID:5528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3020 -s 216
        10⤵
        
        PID:4568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49384.exe
        9⤵
        
        PID:3960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64574.exe
        10⤵
        
        PID:4600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58122.exe
        11⤵
        
        PID:6780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53936.exe
        12⤵
        
        PID:9012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20755.exe
        13⤵
        
        PID:10468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9012 -s 236
        13⤵
        
        PID:11552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6780 -s 220
        12⤵
        
        PID:9732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4600 -s 216
        11⤵
        
        PID:8116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3960 -s 236
        10⤵
        
        PID:5564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2692 -s 240
        9⤵
        
        PID:4680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65071.exe
        8⤵
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52337.exe
        9⤵
        
        PID:3092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34014.exe
        10⤵
        
        PID:4752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25258.exe
        11⤵
        
        PID:6836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27722.exe
        12⤵
        
        PID:8484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29669.exe
        13⤵
        
        PID:11968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8484 -s 220
        13⤵
        
        PID:6476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6836 -s 216
        12⤵
        
        PID:10212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4752 -s 216
        11⤵
        
        PID:8164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3092 -s 236
        10⤵
        
        PID:5996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2052 -s 236
        9⤵
        
        PID:4808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1280 -s 240
        8⤵
        Program crash
        
        PID:3140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61482.exe
        7⤵
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34921.exe
        8⤵
        
        PID:1192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43562.exe
        9⤵
        
        PID:3952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37779.exe
        10⤵
        
        PID:5492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28351.exe
        11⤵
        
        PID:7116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51658.exe
        12⤵
        
        PID:9176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40473.exe
        13⤵
        
        PID:11708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7116 -s 216
        12⤵
        
        PID:9272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5492 -s 216
        11⤵
        
        PID:7728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3952 -s 216
        10⤵
        
        PID:6948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1192 -s 216
        9⤵
        
        PID:4396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2684 -s 236
        8⤵
        Program crash
        
        PID:3084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 900 -s 240
        7⤵
        Program crash
        
        PID:2892
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1264 -s 240
        6⤵
        Program crash
        
        PID:2372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11590.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32790.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44181.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48675.exe
        8⤵
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36120.exe
        9⤵
        
        PID:1688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1631.exe
        10⤵
        
        PID:3628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18563.exe
        11⤵
        
        PID:5420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59679.exe
        12⤵
        
        PID:6532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3417.exe
        13⤵
        
        PID:9080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5496.exe
        14⤵
        
        PID:11636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9080 -s 220
        14⤵
        
        PID:12188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6532 -s 216
        13⤵
        
        PID:10204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3628 -s 216
        11⤵
        
        PID:6524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1688 -s 216
        10⤵
        
        PID:4452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31625.exe
        9⤵
        
        PID:3908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34816.exe
        10⤵
        
        PID:4636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42684.exe
        11⤵
        
        PID:7108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11193.exe
        12⤵
        
        PID:8512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12989.exe
        13⤵
        
        PID:10852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8512 -s 216
        13⤵
        
        PID:11588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7108 -s 216
        12⤵
        
        PID:10156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4636 -s 236
        11⤵
        
        PID:7780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3908 -s 216
        10⤵
        
        PID:6248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2528 -s 240
        9⤵
        
        PID:4960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1984 -s 236
        8⤵
        Program crash
        
        PID:3148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12473.exe
        7⤵
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62440.exe
        8⤵
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17859.exe
        9⤵
        
        PID:3232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17820.exe
        10⤵
        
        PID:6128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56112.exe
        11⤵
        
        PID:7580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5914.exe
        12⤵
        
        PID:9524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41795.exe
        13⤵
        
        PID:6328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9524 -s 216
        13⤵
        
        PID:7992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7580 -s 216
        12⤵
        
        PID:11144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6128 -s 216
        11⤵
        
        PID:8912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3232 -s 216
        10⤵
        
        PID:6748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2956 -s 216
        9⤵
        
        PID:4336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1668 -s 236
        8⤵
        Program crash
        
        PID:3116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1732 -s 220
        7⤵
        Program crash
        
        PID:328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38186.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50128.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19592.exe
        8⤵
        
        PID:1808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29146.exe
        9⤵
        
        PID:3292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34624.exe
        10⤵
        
        PID:4652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46493.exe
        11⤵
        
        PID:6884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40083.exe
        12⤵
        
        PID:9156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60846.exe
        13⤵
        
        PID:10532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9156 -s 220
        13⤵
        
        PID:11644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6884 -s 220
        12⤵
        
        PID:9912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4652 -s 236
        11⤵
        
        PID:5660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3292 -s 216
        10⤵
        
        PID:5712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1808 -s 236
        9⤵
        
        PID:5076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1820 -s 216
        8⤵
        Program crash
        
        PID:3396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5071.exe
        7⤵
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51107.exe
        8⤵
        
        PID:4088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14940.exe
        9⤵
        
        PID:6088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38131.exe
        10⤵
        
        PID:7636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54731.exe
        11⤵
        
        PID:9988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26936.exe
        12⤵
        
        PID:7712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6088 -s 236
        10⤵
        
        PID:8944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4088 -s 216
        9⤵
        
        PID:6712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2816 -s 216
        8⤵
        
        PID:4164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 936 -s 240
        7⤵
        Program crash
        
        PID:3736
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1684 -s 240
        6⤵
        Program crash
        
        PID:1248
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2832 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24667.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24667.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63251.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48550.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25188.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65395.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2556 -s 220
        9⤵
        Program crash
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64064.exe
        8⤵
        
        PID:1016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49296.exe
        9⤵
        
        PID:3256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18864.exe
        10⤵
        
        PID:4256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60748.exe
        11⤵
        
        PID:6344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28957.exe
        12⤵
        
        PID:8620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56690.exe
        13⤵
        
        PID:12136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8620 -s 216
        13⤵
        
        PID:11432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6344 -s 216
        12⤵
        
        PID:10080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4256 -s 216
        11⤵
        
        PID:7924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3256 -s 216
        10⤵
        
        PID:6460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1016 -s 236
        9⤵
        
        PID:4944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1828 -s 240
        8⤵
        Program crash
        
        PID:3340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29385.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19592.exe
        8⤵
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51107.exe
        9⤵
        
        PID:4092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53072.exe
        10⤵
        
        PID:5164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22961.exe
        11⤵
        
        PID:7096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21643.exe
        12⤵
        
        PID:9076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31911.exe
        13⤵
        
        PID:12176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9076 -s 216
        13⤵
        
        PID:5148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5164 -s 216
        11⤵
        
        PID:8500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4092 -s 216
        10⤵
        
        PID:6568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2224 -s 236
        9⤵
        
        PID:5068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2664 -s 236
        8⤵
        Program crash
        
        PID:3408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2100 -s 240
        7⤵
        Program crash
        
        PID:2908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10667.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15811.exe
        7⤵
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19400.exe
        8⤵
        
        PID:1916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35731.exe
        9⤵
        
        PID:3784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51235.exe
        10⤵
        
        PID:5380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12398.exe
        11⤵
        
        PID:7008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61245.exe
        12⤵
        
        PID:8900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2441.exe
        13⤵
        
        PID:10684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8900 -s 216
        13⤵
        
        PID:11668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7008 -s 216
        12⤵
        
        PID:10132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5380 -s 216
        11⤵
        
        PID:5420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3784 -s 216
        10⤵
        
        PID:6920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1916 -s 216
        9⤵
        
        PID:4208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7936.exe
        8⤵
        
        PID:3432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20867.exe
        9⤵
        
        PID:5592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6399.exe
        10⤵
        
        PID:6412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33456.exe
        11⤵
        
        PID:9040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28975.exe
        12⤵
        
        PID:10876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9040 -s 236
        12⤵
        
        PID:11784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6412 -s 216
        11⤵
        
        PID:9660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5592 -s 236
        10⤵
        
        PID:7764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3432 -s 216
        9⤵
        
        PID:5800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1720 -s 240
        8⤵
        
        PID:4832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48735.exe
        7⤵
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43754.exe
        8⤵
        
        PID:3640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55786.exe
        9⤵
        
        PID:5624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35315.exe
        10⤵
        
        PID:6308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34032.exe
        11⤵
        
        PID:8756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20060.exe
        12⤵
        
        PID:11112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8756 -s 236
        12⤵
        
        PID:11944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6308 -s 216
        11⤵
        
        PID:9600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5624 -s 236
        10⤵
        
        PID:7732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3640 -s 216
        9⤵
        
        PID:5244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2976 -s 236
        8⤵
        
        PID:4484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 940 -s 240
        7⤵
        Program crash
        
        PID:3844
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 844 -s 240
        6⤵
        Program crash
        
        PID:1488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28684.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44181.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32915.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18969.exe
        8⤵
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18819.exe
        9⤵
        
        PID:3992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36352.exe
        10⤵
        
        PID:5328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12590.exe
        11⤵
        
        PID:6660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3417.exe
        12⤵
        
        PID:9092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17111.exe
        13⤵
        
        PID:12252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9092 -s 216
        13⤵
        
        PID:11720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6660 -s 216
        12⤵
        
        PID:10196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5328 -s 216
        11⤵
        
        PID:7632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3992 -s 216
        10⤵
        
        PID:6860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1980 -s 216
        9⤵
        
        PID:4156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2616 -s 236
        8⤵
        Program crash
        
        PID:3980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64064.exe
        7⤵
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2866.exe
        8⤵
        
        PID:3892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54115.exe
        9⤵
        
        PID:5472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11739.exe
        10⤵
        
        PID:6256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17921.exe
        11⤵
        
        PID:9056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31343.exe
        12⤵
        
        PID:11952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9056 -s 216
        12⤵
        
        PID:6940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6256 -s 216
        11⤵
        
        PID:10312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5472 -s 216
        10⤵
        
        PID:7896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3892 -s 216
        9⤵
        
        PID:6332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2452 -s 236
        8⤵
        
        PID:4376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2136 -s 240
        7⤵
        Program crash
        
        PID:3708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45722.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36120.exe
        7⤵
        
        PID:1476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37537.exe
        8⤵
        
        PID:3300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49089.exe
        9⤵
        
        PID:4952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25258.exe
        10⤵
        
        PID:6828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33456.exe
        11⤵
        
        PID:9028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62823.exe
        12⤵
        
        PID:11132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9028 -s 216
        12⤵
        
        PID:11332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6828 -s 216
        11⤵
        
        PID:9688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4952 -s 216
        10⤵
        
        PID:8156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3300 -s 236
        9⤵
        
        PID:5864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1476 -s 216
        8⤵
        
        PID:4844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29705.exe
        7⤵
        
        PID:3548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52688.exe
        8⤵
        
        PID:5232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12974.exe
        9⤵
        
        PID:6608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61629.exe
        10⤵
        
        PID:8780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49549.exe
        11⤵
        
        PID:11348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8780 -s 216
        11⤵
        
        PID:11896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6608 -s 216
        10⤵
        
        PID:10228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5232 -s 216
        9⤵
        
        PID:976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3548 -s 216
        8⤵
        
        PID:6684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2444 -s 220
        7⤵
        
        PID:4120
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2988 -s 220
        6⤵
        Program crash
        
        PID:1856
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 932 -s 240
        5⤵
        Program crash
        
        PID:2328
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1716 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:2436
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42453.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42453.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44533.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44533.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14927.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-309.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-529966157233464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-529966157233464.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-563444359645269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-563444359645269.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-452481796188567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-452481796188567.exe
        9⤵
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32411105170042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32411105170042.exe
        10⤵
        
        PID:3968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-563706249103510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-563706249103510.exe
        11⤵
        
        PID:4576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-368127201689149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-368127201689149.exe
        12⤵
        
        PID:6648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-479648462656764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-479648462656764.exe
        13⤵
        
        PID:8984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-265422885815646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-265422885815646.exe
        14⤵
        
        PID:10896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8984 -s 216
        14⤵
        
        PID:11280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6648 -s 216
        13⤵
        
        PID:9668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4576 -s 216
        12⤵
        
        PID:8068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3968 -s 216
        11⤵
        
        PID:5252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2796 -s 216
        10⤵
        
        PID:4672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-139179686274001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-139179686274001.exe
        9⤵
        
        PID:4080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-152644555448474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-152644555448474.exe
        10⤵
        
        PID:5048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-361422831558180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-361422831558180.exe
        11⤵
        
        PID:6728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-104421976537702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-104421976537702.exe
        12⤵
        
        PID:8380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-153395305228765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-153395305228765.exe
        13⤵
        
        PID:4420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8380 -s 216
        13⤵
        
        PID:11544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6728 -s 216
        12⤵
        
        PID:9936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5048 -s 216
        11⤵
        
        PID:8100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4080 -s 236
        10⤵
        
        PID:5556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1552 -s 240
        9⤵
        
        PID:4868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-280739668101857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-280739668101857.exe
        8⤵
        
        PID:540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-164281177042981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-164281177042981.exe
        9⤵
        
        PID:4020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-317338106087616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-317338106087616.exe
        10⤵
        
        PID:5316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-180762753614947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-180762753614947.exe
        11⤵
        
        PID:6584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-391313148392083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-391313148392083.exe
        12⤵
        
        PID:8276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-143976014380698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-143976014380698.exe
        13⤵
        
        PID:11308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8276 -s 216
        13⤵
        
        PID:11868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6584 -s 216
        12⤵
        
        PID:9952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5316 -s 216
        11⤵
        
        PID:8016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4020 -s 216
        10⤵
        
        PID:6108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 540 -s 216
        9⤵
        
        PID:4176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2512 -s 240
        8⤵
        Program crash
        
        PID:3728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-103134967171435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-103134967171435.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-315312827610552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-315312827610552.exe
        8⤵
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-223311060930497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-223311060930497.exe
        9⤵
        
        PID:4052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-404861563031750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-404861563031750.exe
        10⤵
        
        PID:5688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-246767626740281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-246767626740281.exe
        11⤵
        
        PID:6368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-457658477813130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-457658477813130.exe
        12⤵
        
        PID:9020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-369166029873505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-369166029873505.exe
        13⤵
        
        PID:10656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9020 -s 220
        13⤵
        
        PID:6116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6368 -s 216
        12⤵
        
        PID:10148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5688 -s 216
        11⤵
        
        PID:7960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4052 -s 236
        10⤵
        
        PID:6444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 216
        9⤵
        
        PID:5084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 776 -s 216
        8⤵
        Program crash
        
        PID:3492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2064 -s 240
        7⤵
        Program crash
        
        PID:2112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41035.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34368.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49145.exe
        8⤵
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42420.exe
        9⤵
        
        PID:3664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40786.exe
        10⤵
        
        PID:4732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18190.exe
        11⤵
        
        PID:5520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37566.exe
        12⤵
        
        PID:8556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17444.exe
        13⤵
        
        PID:11208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8556 -s 236
        13⤵
        
        PID:11292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5520 -s 216
        12⤵
        
        PID:9432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4732 -s 236
        11⤵
        
        PID:7540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3664 -s 216
        10⤵
        
        PID:5680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2960 -s 236
        9⤵
        
        PID:4368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39933.exe
        8⤵
        
        PID:3764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20776.exe
        9⤵
        
        PID:4620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45460.exe
        10⤵
        
        PID:5456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28116.exe
        11⤵
        
        PID:8476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26520.exe
        12⤵
        
        PID:11100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8476 -s 216
        12⤵
        
        PID:10368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5456 -s 216
        11⤵
        
        PID:9356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4620 -s 216
        10⤵
        
        PID:7356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3764 -s 216
        9⤵
        
        PID:5288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3044 -s 240
        8⤵
        Program crash
        
        PID:3224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45808.exe
        7⤵
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41927.exe
        8⤵
        
        PID:3612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21160.exe
        9⤵
        
        PID:4540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62372.exe
        10⤵
        
        PID:5396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9475.exe
        11⤵
        
        PID:8444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40936.exe
        12⤵
        
        PID:11024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44373.exe
        13⤵
        
        PID:7484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8444 -s 236
        12⤵
        
        PID:10864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5396 -s 216
        11⤵
        
        PID:9348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4540 -s 216
        10⤵
        
        PID:7348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3612 -s 216
        9⤵
        
        PID:5304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1604 -s 236
        8⤵
        
        PID:4340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2448 -s 240
        7⤵
        Program crash
        
        PID:1868
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2964 -s 240
        6⤵
        Program crash
        
        PID:1580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61741.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43989.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49827.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32809.exe
        8⤵
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29893.exe
        9⤵
        
        PID:3460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5015.exe
        10⤵
        
        PID:4580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45652.exe
        11⤵
        
        PID:5572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45573.exe
        12⤵
        
        PID:8360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10375.exe
        13⤵
        
        PID:11060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8360 -s 236
        13⤵
        
        PID:11116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5572 -s 216
        12⤵
        
        PID:9312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4580 -s 236
        11⤵
        
        PID:7388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3460 -s 216
        10⤵
        
        PID:5308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2468 -s 236
        9⤵
        
        PID:4220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21210.exe
        8⤵
        
        PID:3496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33142.exe
        9⤵
        
        PID:4144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38475.exe
        10⤵
        
        PID:5580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58909.exe
        11⤵
        
        PID:7852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51859.exe
        12⤵
        
        PID:10524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57517.exe
        13⤵
        
        PID:7656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7852 -s 216
        12⤵
        
        PID:10636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5580 -s 216
        11⤵
        
        PID:8356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4144 -s 216
        10⤵
        
        PID:6520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3496 -s 236
        9⤵
        
        PID:5908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2152 -s 240
        8⤵
        Program crash
        
        PID:3308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30540.exe
        7⤵
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43764.exe
        8⤵
        
        PID:3556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51481.exe
        9⤵
        
        PID:4432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26581.exe
        10⤵
        
        PID:6004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45007.exe
        11⤵
        
        PID:7616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32991.exe
        12⤵
        
        PID:10640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10640 -s 224
        13⤵
        
        PID:8568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7616 -s 216
        12⤵
        
        PID:11136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6004 -s 216
        11⤵
        
        PID:9192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4432 -s 216
        10⤵
        
        PID:7228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3556 -s 236
        9⤵
        
        PID:5160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2676 -s 236
        8⤵
        
        PID:4276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1196 -s 240
        7⤵
        Program crash
        
        PID:2880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31030.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2248.exe
        7⤵
        
        PID:1128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43370.exe
        8⤵
        
        PID:3780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62522.exe
        9⤵
        
        PID:5652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44303.exe
        10⤵
        
        PID:7136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5036.exe
        11⤵
        
        PID:9136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50253.exe
        12⤵
        
        PID:2204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9136 -s 216
        12⤵
        
        PID:6632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7136 -s 216
        11⤵
        
        PID:1708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5652 -s 236
        10⤵
        
        PID:7804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3780 -s 216
        9⤵
        
        PID:6272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1128 -s 236
        8⤵
        
        PID:4740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3056 -s 236
        7⤵
        Program crash
        
        PID:3932
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1620 -s 240
        6⤵
        Program crash
        
        PID:1144
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1652 -s 240
        5⤵
        Program crash
        
        PID:2148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60599.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60599.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45919.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11700.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31872.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18393.exe
        8⤵
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51600.exe
        9⤵
        
        PID:3392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2418.exe
        10⤵
        
        PID:5264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15356.exe
        11⤵
        
        PID:7080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61738.exe
        12⤵
        
        PID:9196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34292.exe
        13⤵
        
        PID:10740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9196 -s 216
        13⤵
        
        PID:11464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7080 -s 216
        12⤵
        
        PID:9944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5264 -s 236
        11⤵
        
        PID:7664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3392 -s 216
        10⤵
        
        PID:6232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2464 -s 216
        9⤵
        
        PID:4140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47303.exe
        8⤵
        
        PID:3608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34432.exe
        9⤵
        
        PID:4632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42959.exe
        10⤵
        
        PID:6468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61629.exe
        11⤵
        
        PID:8796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39970.exe
        12⤵
        
        PID:12092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8796 -s 220
        12⤵
        
        PID:11488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6468 -s 216
        11⤵
        
        PID:10096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4632 -s 216
        10⤵
        
        PID:2268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3608 -s 236
        9⤵
        
        PID:6596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 272 -s 240
        8⤵
        
        PID:4984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42574.exe
        7⤵
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34387.exe
        8⤵
        
        PID:3200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40218.exe
        9⤵
        
        PID:5532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32134.exe
        10⤵
        
        PID:6796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39628.exe
        11⤵
        
        PID:8452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3498.exe
        12⤵
        
        PID:11852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8452 -s 216
        12⤵
        
        PID:11276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6796 -s 216
        11⤵
        
        PID:10256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5532 -s 216
        10⤵
        
        PID:7720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3200 -s 216
        9⤵
        
        PID:6956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1608 -s 216
        8⤵
        
        PID:4560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2864 -s 240
        7⤵
        Program crash
        
        PID:3796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61207.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22554.exe
        7⤵
        
        PID:3648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31336.exe
        8⤵
        
        PID:4508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62180.exe
        9⤵
        
        PID:5256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36553.exe
        10⤵
        
        PID:9120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26763.exe
        11⤵
        
        PID:11888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9120 -s 216
        11⤵
        
        PID:11316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5256 -s 216
        10⤵
        
        PID:9872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4508 -s 236
        9⤵
        
        PID:7340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3648 -s 216
        8⤵
        
        PID:5280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2920 -s 216
        7⤵
        Program crash
        
        PID:3860
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1660 -s 240
        6⤵
        Program crash
        
        PID:448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40843.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63475.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18009.exe
        7⤵
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34496.exe
        8⤵
        
        PID:3456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35859.exe
        9⤵
        
        PID:5196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20899.exe
        10⤵
        
        PID:6512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33840.exe
        11⤵
        
        PID:8892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59040.exe
        12⤵
        
        PID:5468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8892 -s 216
        12⤵
        
        PID:11736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6512 -s 216
        11⤵
        
        PID:9616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5196 -s 236
        10⤵
        
        PID:7840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3456 -s 216
        9⤵
        
        PID:6044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1744 -s 216
        8⤵
        
        PID:5112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29321.exe
        7⤵
        
        PID:3696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35475.exe
        8⤵
        
        PID:5292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5522.exe
        9⤵
        
        PID:6376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55713.exe
        10⤵
        
        PID:8784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33962.exe
        11⤵
        
        PID:10744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8784 -s 216
        11⤵
        
        PID:11740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6376 -s 216
        10⤵
        
        PID:9608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5292 -s 216
        9⤵
        
        PID:7756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3696 -s 216
        8⤵
        
        PID:5648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1844 -s 240
        7⤵
        
        PID:4188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42190.exe
        6⤵
        
        PID:1440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51216.exe
        7⤵
        
        PID:3508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53456.exe
        8⤵
        
        PID:5136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61983.exe
        9⤵
        
        PID:6752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15809.exe
        10⤵
        
        PID:8236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49975.exe
        11⤵
        
        PID:12224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8236 -s 216
        11⤵
        
        PID:7056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6752 -s 216
        10⤵
        
        PID:10264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5136 -s 216
        9⤵
        
        PID:7624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3508 -s 236
        8⤵
        
        PID:6928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1440 -s 236
        7⤵
        
        PID:5052
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2620 -s 240
        6⤵
        Program crash
        
        PID:3472
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2936 -s 240
        5⤵
        Program crash
        
        PID:2116
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2476 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:584
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1076 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2508
- C:\Users\Admin\AppData\Local\Temp\Unicorn-49745.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-49745.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2532
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12926.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12926.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28389.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28389.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15696.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44191.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56002.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57702.exe
        8⤵
        
        PID:292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21403.exe
        9⤵
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26188.exe
        10⤵
        
        PID:4000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32943.exe
        11⤵
        
        PID:6028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41402.exe
        12⤵
        
        PID:6736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49600.exe
        13⤵
        
        PID:8928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20947.exe
        14⤵
        
        PID:10336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8928 -s 216
        14⤵
        
        PID:11492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6736 -s 216
        13⤵
        
        PID:9632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6028 -s 216
        12⤵
        
        PID:8108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4000 -s 216
        11⤵
        
        PID:5348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2824 -s 236
        10⤵
        
        PID:5788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 292 -s 236
        9⤵
        Program crash
        
        PID:3672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2168 -s 236
        8⤵
        Program crash
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45639.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33193.exe
        8⤵
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13940.exe
        9⤵
        
        PID:3384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13406.exe
        10⤵
        
        PID:4196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54235.exe
        11⤵
        
        PID:5668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10092.exe
        12⤵
        
        PID:7808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22337.exe
        13⤵
        
        PID:10428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42608.exe
        14⤵
        
        PID:8044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7808 -s 216
        13⤵
        
        PID:10252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5668 -s 216
        12⤵
        
        PID:8316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4196 -s 216
        11⤵
        
        PID:6592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3384 -s 236
        10⤵
        
        PID:5952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2588 -s 236
        9⤵
        
        PID:4168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21594.exe
        8⤵
        
        PID:3412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15575.exe
        9⤵
        
        PID:4464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61941.exe
        10⤵
        
        PID:6084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51307.exe
        11⤵
        
        PID:8284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7365.exe
        12⤵
        
        PID:10868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8284 -s 236
        12⤵
        
        PID:10536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6084 -s 216
        11⤵
        
        PID:9252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4464 -s 216
        10⤵
        
        PID:7284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3412 -s 236
        9⤵
        
        PID:5204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1900 -s 240
        8⤵
        Program crash
        
        PID:3564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1148 -s 240
        7⤵
        Program crash
        
        PID:2028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19800.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32448.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49062.exe
        8⤵
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56789.exe
        9⤵
        
        PID:3184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35446.exe
        10⤵
        
        PID:4284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7722.exe
        11⤵
        
        PID:5808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53891.exe
        12⤵
        
        PID:7676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16060.exe
        13⤵
        
        PID:10172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44917.exe
        14⤵
        
        PID:11632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7676 -s 216
        13⤵
        
        PID:11012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5808 -s 216
        12⤵
        
        PID:8836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4284 -s 236
        11⤵
        
        PID:6716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3184 -s 236
        10⤵
        
        PID:5980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2228 -s 236
        9⤵
        
        PID:3692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4443.exe
        8⤵
        
        PID:3212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41564.exe
        9⤵
        
        PID:3776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34152.exe
        10⤵
        
        PID:5388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20430.exe
        11⤵
        
        PID:7416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15930.exe
        12⤵
        
        PID:9824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28256.exe
        13⤵
        
        PID:5180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9824 -s 216
        13⤵
        
        PID:6404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7416 -s 216
        12⤵
        
        PID:10700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5388 -s 216
        11⤵
        
        PID:8848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3776 -s 216
        10⤵
        
        PID:6984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3212 -s 216
        9⤵
        
        PID:5856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2060 -s 240
        8⤵
        Program crash
        
        PID:3364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45533.exe
        7⤵
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30853.exe
        8⤵
        
        PID:3272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47039.exe
        9⤵
        
        PID:4104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5994.exe
        10⤵
        
        PID:5552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15022.exe
        11⤵
        
        PID:7684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-126.exe
        12⤵
        
        PID:10668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56801.exe
        13⤵
        
        PID:6604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7684 -s 216
        12⤵
        
        PID:7636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5552 -s 216
        11⤵
        
        PID:8200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4104 -s 216
        10⤵
        
        PID:7156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3272 -s 216
        9⤵
        
        PID:5884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3000 -s 236
        8⤵
        
        PID:3584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2868 -s 220
        7⤵
        Program crash
        
        PID:2568
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2828 -s 240
        6⤵
        Program crash
        
        PID:1464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60013.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39666.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53937.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2824.exe
        8⤵
        
        PID:2020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53105.exe
        9⤵
        
        PID:3912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50350.exe
        10⤵
        
        PID:4664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42170.exe
        11⤵
        
        PID:6636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55329.exe
        12⤵
        
        PID:8864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11847.exe
        13⤵
        
        PID:10676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8864 -s 216
        13⤵
        
        PID:12212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6636 -s 216
        12⤵
        
        PID:9624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4664 -s 216
        11⤵
        
        PID:8060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3912 -s 236
        10⤵
        
        PID:5324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2020 -s 236
        9⤵
        
        PID:4704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32855.exe
        8⤵
        
        PID:4012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34014.exe
        9⤵
        
        PID:4780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25258.exe
        10⤵
        
        PID:6820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44442.exe
        11⤵
        
        PID:8464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49549.exe
        12⤵
        
        PID:11356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8464 -s 216
        12⤵
        
        PID:11864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6820 -s 216
        11⤵
        
        PID:10220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4780 -s 216
        10⤵
        
        PID:8140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4012 -s 216
        9⤵
        
        PID:5828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2332 -s 240
        8⤵
        
        PID:4772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47920.exe
        7⤵
        
        PID:788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53790.exe
        8⤵
        
        PID:4040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34014.exe
        9⤵
        
        PID:4756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26026.exe
        10⤵
        
        PID:6696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54945.exe
        11⤵
        
        PID:8976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31869.exe
        12⤵
        
        PID:11396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8976 -s 216
        12⤵
        
        PID:11996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6696 -s 216
        11⤵
        
        PID:9652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4756 -s 216
        10⤵
        
        PID:8092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4040 -s 216
        9⤵
        
        PID:5416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 788 -s 236
        8⤵
        
        PID:4800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2256 -s 240
        7⤵
        Program crash
        
        PID:1816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61783.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62056.exe
        7⤵
        
        PID:2120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61901.exe
        8⤵
        
        PID:3720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10638.exe
        9⤵
        
        PID:5928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47892.exe
        10⤵
        
        PID:7240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56334.exe
        11⤵
        
        PID:9452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58323.exe
        12⤵
        
        PID:11872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9452 -s 216
        12⤵
        
        PID:7976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7240 -s 236
        11⤵
        
        PID:10564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5928 -s 216
        10⤵
        
        PID:8684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3720 -s 216
        9⤵
        
        PID:6536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2120 -s 236
        8⤵
        
        PID:5408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 268 -s 236
        7⤵
        Program crash
        
        PID:3320
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1452 -s 240
        6⤵
        Program crash
        
        PID:696
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2948 -s 240
        5⤵
        Program crash
        
        PID:892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44839.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44839.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60527.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7185.exe
        6⤵
        Executes dropped EXE
        
        PID:2044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2044 -s 148
        7⤵
        Program crash
        
        PID:3040
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2748 -s 236
        6⤵
        Program crash
        
        PID:3448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2203.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16688.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33302.exe
        7⤵
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25378.exe
        8⤵
        
        PID:1184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58476.exe
        9⤵
        
        PID:3488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53337.exe
        10⤵
        
        PID:5228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59978.exe
        11⤵
        
        PID:7884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62051.exe
        12⤵
        
        PID:10720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40434.exe
        13⤵
        
        PID:7076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7884 -s 220
        12⤵
        
        PID:11204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5228 -s 236
        11⤵
        
        PID:8456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3488 -s 216
        10⤵
        
        PID:6880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1184 -s 236
        9⤵
        
        PID:5840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3052 -s 236
        8⤵
        Program crash
        
        PID:3284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38568.exe
        7⤵
        
        PID:3100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19110.exe
        8⤵
        
        PID:4244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40587.exe
        9⤵
        
        PID:5768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21966.exe
        10⤵
        
        PID:7512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14030.exe
        11⤵
        
        PID:9972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52226.exe
        12⤵
        
        PID:11304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9972 -s 216
        12⤵
        
        PID:8604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7512 -s 216
        11⤵
        
        PID:10908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5768 -s 216
        10⤵
        
        PID:9108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4244 -s 216
        9⤵
        
        PID:6644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3100 -s 216
        8⤵
        
        PID:5960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1632 -s 220
        7⤵
        Program crash
        
        PID:3752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61869.exe
        6⤵
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7780.exe
        7⤵
        
        PID:3240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58092.exe
        8⤵
        
        PID:3192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17816.exe
        9⤵
        
        PID:5428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54467.exe
        10⤵
        
        PID:7608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60102.exe
        11⤵
        
        PID:9840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63767.exe
        12⤵
        
        PID:7444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64471.exe
        13⤵
        
        PID:8412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9840 -s 236
        12⤵
        
        PID:8228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7608 -s 216
        11⤵
        
        PID:11088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5428 -s 216
        10⤵
        
        PID:8872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3192 -s 216
        9⤵
        
        PID:7004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2580 -s 236
        7⤵
        
        PID:4068
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1696 -s 240
        6⤵
        Program crash
        
        PID:804
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 380 -s 240
        5⤵
        Program crash
        
        PID:2760
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2576 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1028
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2532 -s 236
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:1208
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2356 -s 240
  2⤵
  - Program crash
  PID:2660

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-12926.exe

Filesize
184KB

MD5
56a29fc42329313d883f103f815e6b1c

SHA1
63e0bc7a2a6b4024ab9d0e91af1c832708e39676

SHA256
566bbd61c1209120b4e5c3c2e92f1338686286b83ee74f3ecb64d839b47006ed

SHA512
c10d08cb1bd8845d0418374017223f214155d871b87c573386ec6db1c0685fcafcb51b6dcbca37085f80e4bcca03d120aecd251d324eedb23526e57007f73f12

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24667.exe

Filesize
184KB

MD5
d77a32e923b3411aa625999013d66651

SHA1
ea4c4fed268a7fa4ac85cf073f84c479a7e46c67

SHA256
b62b83ee851534a1b39695f7e943fcf9ea40065ba686ae7ae42ad6dc1992141d

SHA512
a9ca519228ec46ee59f03bb34b6181251c97f654490d1b77969c6850dff47c476b75c398a7be975356028154d224508f0289e7bdeae1d64c27373e3fdf9c280b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39933.exe

Filesize
184KB

MD5
445fba9e4692419b2924a3c78b52b774

SHA1
c0b95401a9be9b52b5c241db9242ce561bd1ae9d

SHA256
a87a70611f3fc6da2e992df4a0919f0fa752dad813c1b6c541d826a109d7e246

SHA512
daae63ca15f1cc02f6f3693f7b174d27ee699724320b0157985ac0f833e4896210556dc5e810020a7b15d8242d37d44e10ef69bbf63a0ed16b8f22b0d86f5aa6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40843.exe

Filesize
184KB

MD5
f4e325e377abb698ed3b5a718902bb22

SHA1
a2e9a1f80f7e182c86b4a4738b6543105c7bf84f

SHA256
4015ec50255d0f3e37ba182b69d1b6c076984a86a5438ebfcc48718623d3bcff

SHA512
a5e42002116966e78dfc5527e9e91ad10a2073cd28ff1e023bea8672d30e2eb11000b9f04df2cc4d3378dd70676ce1f6a5eeec88f634d98fccc0c69d8eba0832

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41035.exe

Filesize
184KB

MD5
e87c9afe25d4d45bba1d5e6b93c857b6

SHA1
2ce686a87f9afb51a014ce70a996fee5d0a476e7

SHA256
789bce64ebebf4bb3a9533bb0459385b7dfea7e8e83bbd15ce9fbb9ff749cca6

SHA512
1722dcf66957b7ace33f801ab59a47c54c18a9d854838f2bfe9f3dc3b608e76f1ea2e3c22e51eecb211af92df8b7abfe84b54d744f43d1cf3559ed6d428aa984

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44533.exe

Filesize
184KB

MD5
9df9de7e139061caec3b58b34baf28a8

SHA1
24041f79466f524c9d71ed5ac13a57c9ec36daa3

SHA256
d996db476419523eb7588f6fa30c5de912dfcad9ac53158cae21671c50f16c4f

SHA512
de9fefcc4fcb6e149bf1f92557f92084a0216e1582be63934e472425ababab9c13d04641c3a2eb7c249c31f99a6133577ac9c0b01504bd9380cb722a636b01cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54731.exe

Filesize
184KB

MD5
0d8b26143970a55d739f1d38d0a9903a

SHA1
e56540c00d58b93ae12f89dd6e79ccb046a1d277

SHA256
43041c605ca8f65c58587dd2d1ea4b2d68cf77041afe3c317e99d491a7420444

SHA512
f86af6bed6d4c6d0f38fbe80c170c68cb0695c721ada9ad7278ee93e0e9c2ccc97ca6457f35c924a86b8949f978ebe5d821b5c99f4350ebac193ad5eb4e67409

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5522.exe

Filesize
184KB

MD5
11832f9e41b514ddd724e5c36551570b

SHA1
7a87c89dbb0cd136090d567ed3ed2d3ff6db6c45

SHA256
369a011be189589920340698ada60fb8f91b410f77e5c4aab95cc011285b1e9e

SHA512
19442a9d9bdbc6d4d9691fb74e70793390bc853a3008a46defc02ff8225b3e9868314f6cc1ef3b75d2b0c6caf01c60582947103fbf89b99dc6fc6065f9c28b1f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62319.exe

Filesize
184KB

MD5
d3e44f285139804f8b7601a4d2223f33

SHA1
a2c0048c7782f65850dd10bb35eccfa757678724

SHA256
d767f2ce21bf906fed6ada97a26619409ea204cba2468c28ce5d539d54194634

SHA512
0670a5505699e5dd61bc9951dd88ba1f5fc0480b659713744ec59fb90ad3ff55bb8d86caef1617593c82e1ae820895c6de5368b62d415bd59a6b4760cde4c8ca

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-14927.exe

Filesize
184KB

MD5
948af2af870c92442def9ceae9561d0f

SHA1
082ff4c0fe3aee8a6828f58fc621f1cb98cd73cb

SHA256
e134036d2bb76c044189ac6e9092f0fd9f1500bc69c4a67a58127a5fdd94a7b6

SHA512
dec253a99977d255575df594d37256d8160af34616286a2030e595fb8d707b5ff69b17d830e7aec00e9ddcf13112565c74260c91e6755c5b58f12246667f0cc4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-15696.exe

Filesize
184KB

MD5
461ccf96472ff34d422ed5ddce5fdfd9

SHA1
6025f5f8b91ec1eaa1ee2e5ca5725ee2dd10da9e

SHA256
2ba61d9896680b1fa68e499ada1e3284c5ea15186546e22451554e9661560319

SHA512
caee3220a8f73b45121b312c31cb73ba8b840ef0f7a94069de61108aecc1821d9e0c1b77642d3fce05128bca1ec3889dc03c42df02fb5a1281e3b56797bea9f2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-28389.exe

Filesize
184KB

MD5
acebc01dae9edc73af4afbf774b87080

SHA1
a7650f47d8159f3696da888d20904601acd7104b

SHA256
b6ecf2975c09d6870bcc236ef448d4a1f61a4cd05ff66959c487de5f919763ff

SHA512
dac5bb24f1b44705d9b87d7e266269a20857175f06a86bd8024757fe25398157b7b5d31c55a56ee1f7d1cad4e29ca5548fde25366b397097d538063d9ee81303

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-4073.exe

Filesize
184KB

MD5
3ed80218b0a6ee9ef1ba5a3e97e39ff9

SHA1
c90b1eaee5cd5c26a9dbdd778e105116cf03acd3

SHA256
f52da402f49bcd0f4d225098661c4c11b5321cf8bf61bf247dd186db30550398

SHA512
ac87f31db787cb6f5fb54a6a1bf5b390bcd6283c5a84a0688e86f25e5df009715266b5add7e7a0245798deddccd781bf9557c30a938c9f6545f152bf2845b475

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-42453.exe

Filesize
184KB

MD5
48ee2264ca588800c0e9381ae547307e

SHA1
b06d535cba7680b0a3a4cd8791400782a93ba158

SHA256
416e488af6d3081bd7f03c1c289d2a526eb53fb41c1632cb199b4609e8ff43d4

SHA512
55f661d3ed93702275306ae114801bafda5063c2a94b453ee0138a51b6816bea79fec36f0111e86b4013b0b63361f5a2d235fa6bef3b67d4f3ef6a62b849a776

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-44839.exe

Filesize
184KB

MD5
2e2cde3385830f14d87010e9f6289680

SHA1
fc562b6655e4e42e1ce378cade4c2e0f7e2e331b

SHA256
3c6ddca1e73e1a375dcc7560e2b699d1fd3e95005a33691e502c4fff10a73736

SHA512
e0b264ff659b74ec34868bd2cdc3ec256d9f9f60905b9fe754f73e9fad8683d5a0004e72038050d322afc213c4b4ec2d9aa0de156524dadb8d50e57e625d3f07

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49745.exe

Filesize
184KB

MD5
083771f043e493347329fbff3a7d93af

SHA1
2723dfd1d51b4ec2ed35d0654eabda3db7418d20

SHA256
234d55aaa6ec5af8f09657cd526644d521dc3e4d364c3085d55c8dc47abb446d

SHA512
affaf07a3f2c2d0aed8bf480b7f0ee12abc809f73437eb54d1d0167fcebddac5bb9f4161cf02ec077ecedeaa512f9a6f76f4477e8fb832320e78d46a4d6b9ee4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60599.exe

Filesize
184KB

MD5
a4c6736378954eb6b203fe130cd73c04

SHA1
48ad588b50dd6189f0fe61d45c2084751a8f112a

SHA256
73737cc07c90993f7a91a3b4711962022b9a1f3e4468675cceb51386a394056d

SHA512
06449e7686ff41497042c71cc883977157a6f5d8f10c3162401bfacef4c25a29d378209c4e348cc5ff6cbb29897fb5ae06cfd70e89790fac04207f351c40131f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-6688.exe

Filesize
184KB

MD5
6d3fddcf9282164a2d0a4a9a8e0ea573

SHA1
00f59301a2d58091c282b38615d5c31d641bae0b

SHA256
2f6029cd090826a42b932aa138929e7c43881d58e4d353e95884bf8902b30197

SHA512
ab1abd3980906d7f4f4111dcf7223e919d238afc5f04daf76bd447bcd40b8bc35c04aeeaad23a6ace79b3e7b9eb55045a7482cd827381b26624033940d5c7975

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads