2b99c40655f607a6d69f14a1d97fb2dc5db714c92dcc9b5c93fb485a25a8f528

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
23/05/2024, 19:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2b99c40655f607a6d69f14a1d97fb2dc5db714c92dcc9b5c93fb485a25a8f528.exe
Size

184KB
MD5

b794e3070dc0fc7378b26542f2aa1624
SHA1

8b91febdec16b1f11d49171a25675f186abc9761
SHA256

2b99c40655f607a6d69f14a1d97fb2dc5db714c92dcc9b5c93fb485a25a8f528
SHA512

729b864e3949b398763e3521ccda1c78a8009af9d4046062bf84224d5b2db1e13059ba749db56ec654ade6dd9f6b54965ebd4b46d587e924052f7a3d8591ae6a
SSDEEP

1536:W7Sy6oZAW3yxoPF1t+pAoawM1Lvy2Zclzmd865LR2VhntQGl5hj5VizpvA:Ayu3yxoN7+p0d1LPee5LRwtQGlnniFI

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
3036	Unicorn-22067.exe
2676	Unicorn-33010.exe
2876	Unicorn-52876.exe
2936	Unicorn-17080.exe
2460	Unicorn-23856.exe
2532	Unicorn-43722.exe
2720	Unicorn-13078.exe
2772	Unicorn-50582.exe
984	Unicorn-8994.exe
1744	Unicorn-8994.exe
1572	Unicorn-44360.exe
652	Unicorn-21330.exe
2036	Unicorn-9077.exe
2984	Unicorn-19938.exe
2836	Unicorn-13161.exe
2260	Unicorn-24022.exe
2892	Unicorn-25414.exe
628	Unicorn-9632.exe
2332	Unicorn-20404.exe
1036	Unicorn-538.exe
1932	Unicorn-47046.exe
1448	Unicorn-57907.exe
944	Unicorn-31264.exe
1860	Unicorn-64150.exe
828	Unicorn-16019.exe
2872	Unicorn-33978.exe
1640	Unicorn-53844.exe
1968	Unicorn-53844.exe
1844	Unicorn-38062.exe
344	Unicorn-14949.exe
3056	Unicorn-8234.exe
2380	Unicorn-53906.exe
2712	Unicorn-47897.exe
2468	Unicorn-51981.exe
1632	Unicorn-62842.exe
2656	Unicorn-37591.exe
2580	Unicorn-45759.exe
2464	Unicorn-29977.exe
316	Unicorn-4726.exe
2768	Unicorn-23755.exe
2780	Unicorn-8810.exe
2804	Unicorn-11503.exe
2196	Unicorn-642.exe
2164	Unicorn-642.exe
1532	Unicorn-642.exe
1476	Unicorn-1197.exe
2372	Unicorn-1197.exe
2820	Unicorn-9085.exe
2220	Unicorn-25422.exe
2824	Unicorn-62925.exe
1092	Unicorn-6947.exe
448	Unicorn-45842.exe
1704	Unicorn-11031.exe
1588	Unicorn-56703.exe
328	Unicorn-13724.exe
2300	Unicorn-33590.exe
3024	Unicorn-17808.exe
2316	Unicorn-27368.exe
1772	Unicorn-46397.exe
1936	Unicorn-6755.exe
2216	Unicorn-45650.exe
2620	Unicorn-33398.exe
2756	Unicorn-10839.exe
2996	Unicorn-44259.exe

Loads dropped DLL 64 IoCs

pid	Process
1712	2b99c40655f607a6d69f14a1d97fb2dc5db714c92dcc9b5c93fb485a25a8f528.exe
1712	2b99c40655f607a6d69f14a1d97fb2dc5db714c92dcc9b5c93fb485a25a8f528.exe
1712	2b99c40655f607a6d69f14a1d97fb2dc5db714c92dcc9b5c93fb485a25a8f528.exe
1712	2b99c40655f607a6d69f14a1d97fb2dc5db714c92dcc9b5c93fb485a25a8f528.exe
3036	Unicorn-22067.exe
3036	Unicorn-22067.exe
2676	Unicorn-33010.exe
2676	Unicorn-33010.exe
3036	Unicorn-22067.exe
3036	Unicorn-22067.exe
2876	Unicorn-52876.exe
2876	Unicorn-52876.exe
1440	WerFault.exe
1440	WerFault.exe
1440	WerFault.exe
1440	WerFault.exe
1440	WerFault.exe
2936	Unicorn-17080.exe
2936	Unicorn-17080.exe
2676	Unicorn-33010.exe
2676	Unicorn-33010.exe
2460	Unicorn-23856.exe
2532	Unicorn-43722.exe
2532	Unicorn-43722.exe
2460	Unicorn-23856.exe
2876	Unicorn-52876.exe
2876	Unicorn-52876.exe
2200	WerFault.exe
2200	WerFault.exe
2200	WerFault.exe
2200	WerFault.exe
2200	WerFault.exe
2124	WerFault.exe
2124	WerFault.exe
2124	WerFault.exe
2124	WerFault.exe
2124	WerFault.exe
2720	Unicorn-13078.exe
2720	Unicorn-13078.exe
2772	Unicorn-50582.exe
2772	Unicorn-50582.exe
2936	Unicorn-17080.exe
2936	Unicorn-17080.exe
984	Unicorn-8994.exe
984	Unicorn-8994.exe
2460	Unicorn-23856.exe
2460	Unicorn-23856.exe
1744	Unicorn-8994.exe
1744	Unicorn-8994.exe
2532	Unicorn-43722.exe
2532	Unicorn-43722.exe
892	WerFault.exe
892	WerFault.exe
892	WerFault.exe
892	WerFault.exe
892	WerFault.exe
1740	WerFault.exe
1740	WerFault.exe
1740	WerFault.exe
1740	WerFault.exe
1740	WerFault.exe
1528	WerFault.exe
1528	WerFault.exe
1528	WerFault.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2652	1712	WerFault.exe	27
1440	3036	WerFault.exe	28
2200	2676	WerFault.exe	29
2124	2876	WerFault.exe	30
892	2936	WerFault.exe	32
1740	2460	WerFault.exe	33
1528	2532	WerFault.exe	34
2356	2720	WerFault.exe	36
1652	2772	WerFault.exe	37
1484	984	WerFault.exe	39
1612	1744	WerFault.exe	38
2752	1572	WerFault.exe	40
532	652	WerFault.exe	43
2160	2036	WerFault.exe	44
1828	2984	WerFault.exe	45
2008	2892	WerFault.exe	48
2940	2260	WerFault.exe	47
2328	2836	WerFault.exe	46
2116	628	WerFault.exe	49
2084	1092	WerFault.exe	97
772	2332	WerFault.exe	53
696	1932	WerFault.exe	55
340	1036	WerFault.exe	54
600	1448	WerFault.exe	56
1864	944	WerFault.exe	57
1660	1860	WerFault.exe	58
2856	828	WerFault.exe	59
2852	344	WerFault.exe	64
2384	1968	WerFault.exe	62
2724	1844	WerFault.exe	63
556	2380	WerFault.exe	71
1780	3056	WerFault.exe	70
2032	2656	WerFault.exe	75
992	2468	WerFault.exe	73
2000	1632	WerFault.exe	74
2524	2580	WerFault.exe	76
1892	2464	WerFault.exe	77
3192	2780	WerFault.exe	80
3244	2804	WerFault.exe	81
3532	2372	WerFault.exe	86
3732	2768	WerFault.exe	79
3772	1476	WerFault.exe	85
3340	2820	WerFault.exe	89
3960	2220	WerFault.exe	94
3968	1588	WerFault.exe	100
4064	3024	WerFault.exe	103
4088	1704	WerFault.exe	99
3308	2756	WerFault.exe	108
3360	2216	WerFault.exe	107
3348	2360	WerFault.exe	118
3572	2864	WerFault.exe	112
3584	2712	WerFault.exe	72
316	2824	WerFault.exe	96
3504	2300	WerFault.exe	102
3724	2316	WerFault.exe	104
3824	1540	WerFault.exe	123
4048	2604	WerFault.exe	130
3264	2572	WerFault.exe	133
3560	2136	WerFault.exe	135
3568	2952	WerFault.exe	134
3880	1004	WerFault.exe	137
3616	1764	WerFault.exe	138
4152	580	WerFault.exe	140
4376	448	WerFault.exe	98

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1712	2b99c40655f607a6d69f14a1d97fb2dc5db714c92dcc9b5c93fb485a25a8f528.exe
3036	Unicorn-22067.exe
2676	Unicorn-33010.exe
2876	Unicorn-52876.exe
2936	Unicorn-17080.exe
2460	Unicorn-23856.exe
2532	Unicorn-43722.exe
2720	Unicorn-13078.exe
2772	Unicorn-50582.exe
984	Unicorn-8994.exe
1744	Unicorn-8994.exe
1572	Unicorn-44360.exe
652	Unicorn-21330.exe
2984	Unicorn-19938.exe
2036	Unicorn-9077.exe
2836	Unicorn-13161.exe
2260	Unicorn-24022.exe
2892	Unicorn-25414.exe
628	Unicorn-9632.exe
2332	Unicorn-20404.exe
1036	Unicorn-538.exe
1932	Unicorn-47046.exe
1448	Unicorn-57907.exe
944	Unicorn-31264.exe
1860	Unicorn-64150.exe
828	Unicorn-16019.exe
1640	Unicorn-53844.exe
2872	Unicorn-33978.exe
1968	Unicorn-53844.exe
1844	Unicorn-38062.exe
344	Unicorn-14949.exe
2380	Unicorn-53906.exe
3056	Unicorn-8234.exe
2712	Unicorn-47897.exe
2468	Unicorn-51981.exe
1632	Unicorn-62842.exe
2656	Unicorn-37591.exe
2580	Unicorn-45759.exe
2464	Unicorn-29977.exe
316	Unicorn-4726.exe
2768	Unicorn-23755.exe
2780	Unicorn-8810.exe
2804	Unicorn-11503.exe
2164	Unicorn-642.exe
2196	Unicorn-642.exe
1532	Unicorn-642.exe
1476	Unicorn-1197.exe
2372	Unicorn-1197.exe
2820	Unicorn-9085.exe
2220	Unicorn-25422.exe
2824	Unicorn-62925.exe
1092	Unicorn-6947.exe
448	Unicorn-45842.exe
1704	Unicorn-11031.exe
1588	Unicorn-56703.exe
328	Unicorn-13724.exe
2300	Unicorn-33590.exe
3024	Unicorn-17808.exe
2316	Unicorn-27368.exe
1772	Unicorn-46397.exe
1936	Unicorn-6755.exe
2216	Unicorn-45650.exe
2620	Unicorn-33398.exe
2756	Unicorn-10839.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1712 wrote to memory of 3036	1712	2b99c40655f607a6d69f14a1d97fb2dc5db714c92dcc9b5c93fb485a25a8f528.exe	28
PID 1712 wrote to memory of 3036	1712	2b99c40655f607a6d69f14a1d97fb2dc5db714c92dcc9b5c93fb485a25a8f528.exe	28
PID 1712 wrote to memory of 3036	1712	2b99c40655f607a6d69f14a1d97fb2dc5db714c92dcc9b5c93fb485a25a8f528.exe	28
PID 1712 wrote to memory of 3036	1712	2b99c40655f607a6d69f14a1d97fb2dc5db714c92dcc9b5c93fb485a25a8f528.exe	28
PID 1712 wrote to memory of 2676	1712	2b99c40655f607a6d69f14a1d97fb2dc5db714c92dcc9b5c93fb485a25a8f528.exe	29
PID 1712 wrote to memory of 2676	1712	2b99c40655f607a6d69f14a1d97fb2dc5db714c92dcc9b5c93fb485a25a8f528.exe	29
PID 1712 wrote to memory of 2676	1712	2b99c40655f607a6d69f14a1d97fb2dc5db714c92dcc9b5c93fb485a25a8f528.exe	29
PID 1712 wrote to memory of 2676	1712	2b99c40655f607a6d69f14a1d97fb2dc5db714c92dcc9b5c93fb485a25a8f528.exe	29
PID 3036 wrote to memory of 2876	3036	Unicorn-22067.exe	30
PID 3036 wrote to memory of 2876	3036	Unicorn-22067.exe	30
PID 3036 wrote to memory of 2876	3036	Unicorn-22067.exe	30
PID 3036 wrote to memory of 2876	3036	Unicorn-22067.exe	30
PID 1712 wrote to memory of 2652	1712	2b99c40655f607a6d69f14a1d97fb2dc5db714c92dcc9b5c93fb485a25a8f528.exe	31
PID 1712 wrote to memory of 2652	1712	2b99c40655f607a6d69f14a1d97fb2dc5db714c92dcc9b5c93fb485a25a8f528.exe	31
PID 1712 wrote to memory of 2652	1712	2b99c40655f607a6d69f14a1d97fb2dc5db714c92dcc9b5c93fb485a25a8f528.exe	31
PID 1712 wrote to memory of 2652	1712	2b99c40655f607a6d69f14a1d97fb2dc5db714c92dcc9b5c93fb485a25a8f528.exe	31
PID 2676 wrote to memory of 2936	2676	Unicorn-33010.exe	32
PID 2676 wrote to memory of 2936	2676	Unicorn-33010.exe	32
PID 2676 wrote to memory of 2936	2676	Unicorn-33010.exe	32
PID 2676 wrote to memory of 2936	2676	Unicorn-33010.exe	32
PID 3036 wrote to memory of 2460	3036	Unicorn-22067.exe	33
PID 3036 wrote to memory of 2460	3036	Unicorn-22067.exe	33
PID 3036 wrote to memory of 2460	3036	Unicorn-22067.exe	33
PID 3036 wrote to memory of 2460	3036	Unicorn-22067.exe	33
PID 2876 wrote to memory of 2532	2876	Unicorn-52876.exe	34
PID 2876 wrote to memory of 2532	2876	Unicorn-52876.exe	34
PID 2876 wrote to memory of 2532	2876	Unicorn-52876.exe	34
PID 2876 wrote to memory of 2532	2876	Unicorn-52876.exe	34
PID 3036 wrote to memory of 1440	3036	Unicorn-22067.exe	35
PID 3036 wrote to memory of 1440	3036	Unicorn-22067.exe	35
PID 3036 wrote to memory of 1440	3036	Unicorn-22067.exe	35
PID 3036 wrote to memory of 1440	3036	Unicorn-22067.exe	35
PID 2936 wrote to memory of 2720	2936	Unicorn-17080.exe	36
PID 2936 wrote to memory of 2720	2936	Unicorn-17080.exe	36
PID 2936 wrote to memory of 2720	2936	Unicorn-17080.exe	36
PID 2936 wrote to memory of 2720	2936	Unicorn-17080.exe	36
PID 2676 wrote to memory of 2772	2676	Unicorn-33010.exe	37
PID 2676 wrote to memory of 2772	2676	Unicorn-33010.exe	37
PID 2676 wrote to memory of 2772	2676	Unicorn-33010.exe	37
PID 2676 wrote to memory of 2772	2676	Unicorn-33010.exe	37
PID 2532 wrote to memory of 1744	2532	Unicorn-43722.exe	38
PID 2532 wrote to memory of 1744	2532	Unicorn-43722.exe	38
PID 2532 wrote to memory of 1744	2532	Unicorn-43722.exe	38
PID 2532 wrote to memory of 1744	2532	Unicorn-43722.exe	38
PID 2460 wrote to memory of 984	2460	Unicorn-23856.exe	39
PID 2460 wrote to memory of 984	2460	Unicorn-23856.exe	39
PID 2460 wrote to memory of 984	2460	Unicorn-23856.exe	39
PID 2460 wrote to memory of 984	2460	Unicorn-23856.exe	39
PID 2876 wrote to memory of 1572	2876	Unicorn-52876.exe	40
PID 2876 wrote to memory of 1572	2876	Unicorn-52876.exe	40
PID 2876 wrote to memory of 1572	2876	Unicorn-52876.exe	40
PID 2876 wrote to memory of 1572	2876	Unicorn-52876.exe	40
PID 2676 wrote to memory of 2200	2676	Unicorn-33010.exe	41
PID 2676 wrote to memory of 2200	2676	Unicorn-33010.exe	41
PID 2676 wrote to memory of 2200	2676	Unicorn-33010.exe	41
PID 2676 wrote to memory of 2200	2676	Unicorn-33010.exe	41
PID 2876 wrote to memory of 2124	2876	Unicorn-52876.exe	42
PID 2876 wrote to memory of 2124	2876	Unicorn-52876.exe	42
PID 2876 wrote to memory of 2124	2876	Unicorn-52876.exe	42
PID 2876 wrote to memory of 2124	2876	Unicorn-52876.exe	42
PID 2720 wrote to memory of 652	2720	Unicorn-13078.exe	43
PID 2720 wrote to memory of 652	2720	Unicorn-13078.exe	43
PID 2720 wrote to memory of 652	2720	Unicorn-13078.exe	43
PID 2720 wrote to memory of 652	2720	Unicorn-13078.exe	43

C:\Users\Admin\AppData\Local\Temp\2b99c40655f607a6d69f14a1d97fb2dc5db714c92dcc9b5c93fb485a25a8f528.exe
"C:\Users\Admin\AppData\Local\Temp\2b99c40655f607a6d69f14a1d97fb2dc5db714c92dcc9b5c93fb485a25a8f528.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1712
- C:\Users\Admin\AppData\Local\Temp\Unicorn-22067.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-22067.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3036
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52876.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52876.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43722.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43722.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8994.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25414.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16019.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4726.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45650.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56423.exe
        10⤵
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23580.exe
        11⤵
        
        PID:3848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37918.exe
        12⤵
        
        PID:5268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3294.exe
        13⤵
        
        PID:7100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9978.exe
        14⤵
        
        PID:9200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62459.exe
        15⤵
        
        PID:10460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47841.exe
        16⤵
        
        PID:7536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9200 -s 236
        15⤵
        
        PID:11172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7100 -s 216
        14⤵
        
        PID:9596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5268 -s 236
        13⤵
        
        PID:7948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3848 -s 216
        12⤵
        
        PID:6744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2800 -s 236
        11⤵
        
        PID:4904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2216 -s 216
        10⤵
        Program crash
        
        PID:3360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1747.exe
        9⤵
        
        PID:2440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25888.exe
        10⤵
        
        PID:3600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49485.exe
        11⤵
        
        PID:5788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33828.exe
        12⤵
        
        PID:8012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26336.exe
        13⤵
        
        PID:6548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16980.exe
        14⤵
        
        PID:10468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6548 -s 216
        14⤵
        
        PID:11788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8012 -s 216
        13⤵
        
        PID:9268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5788 -s 216
        12⤵
        
        PID:8252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3600 -s 216
        11⤵
        
        PID:7076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2440 -s 236
        10⤵
        
        PID:5040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44259.exe
        8⤵
        Executes dropped EXE
        
        PID:2996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55053.exe
        9⤵
        
        PID:800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36818.exe
        10⤵
        
        PID:3812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26460.exe
        11⤵
        
        PID:2588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2588 -s 240
        12⤵
        
        PID:6596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3812 -s 216
        11⤵
        
        PID:5240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 800 -s 236
        10⤵
        
        PID:4792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15582.exe
        9⤵
        
        PID:3916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12946.exe
        10⤵
        
        PID:4300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4389.exe
        11⤵
        
        PID:6304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50736.exe
        12⤵
        
        PID:8444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24084.exe
        13⤵
        
        PID:10624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35340.exe
        14⤵
        
        PID:11564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10624 -s 216
        14⤵
        
        PID:6204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8444 -s 220
        13⤵
        
        PID:10888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6304 -s 216
        12⤵
        
        PID:6116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4300 -s 216
        11⤵
        
        PID:7940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3916 -s 216
        10⤵
        
        PID:5444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2996 -s 240
        9⤵
        
        PID:4544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 828 -s 240
        8⤵
        Program crash
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23755.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6755.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11306.exe
        9⤵
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35256.exe
        10⤵
        
        PID:3116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33450.exe
        11⤵
        
        PID:5024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19823.exe
        12⤵
        
        PID:6692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14555.exe
        13⤵
        
        PID:9048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35433.exe
        14⤵
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8562.exe
        15⤵
        
        PID:6936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6692 -s 236
        13⤵
        
        PID:9560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5024 -s 216
        12⤵
        
        PID:4128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3116 -s 216
        11⤵
        
        PID:6384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1600 -s 236
        10⤵
        
        PID:4108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9168.exe
        9⤵
        
        PID:3484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10699.exe
        10⤵
        
        PID:5224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54825.exe
        11⤵
        
        PID:6700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49065.exe
        12⤵
        
        PID:8572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5282.exe
        13⤵
        
        PID:10724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51240.exe
        14⤵
        
        PID:8080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8572 -s 216
        13⤵
        
        PID:10452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6700 -s 236
        12⤵
        
        PID:9700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5224 -s 216
        11⤵
        
        PID:7176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3484 -s 216
        10⤵
        
        PID:6652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1936 -s 220
        9⤵
        
        PID:4248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39271.exe
        8⤵
        
        PID:608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27088.exe
        9⤵
        
        PID:3172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63408.exe
        10⤵
        
        PID:4328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55920.exe
        11⤵
        
        PID:6704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14363.exe
        12⤵
        
        PID:8664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52132.exe
        13⤵
        
        PID:10400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39673.exe
        14⤵
        
        PID:11796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 240
        8⤵
        Program crash
        
        PID:3732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2892 -s 240
        7⤵
        Program crash
        
        PID:2008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33978.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2872
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1744 -s 220
        6⤵
        Program crash
        
        PID:1612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9632.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14949.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8810.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33398.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3138.exe
        9⤵
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47508.exe
        10⤵
        
        PID:3236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33258.exe
        11⤵
        
        PID:5184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48603.exe
        12⤵
        
        PID:7104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47503.exe
        13⤵
        
        PID:8752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64981.exe
        14⤵
        
        PID:8000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64644.exe
        15⤵
        
        PID:4404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8752 -s 236
        14⤵
        
        PID:11312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7104 -s 216
        13⤵
        
        PID:9856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5184 -s 216
        12⤵
        
        PID:7308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3236 -s 216
        11⤵
        
        PID:6620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3000 -s 236
        10⤵
        
        PID:4236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64399.exe
        9⤵
        
        PID:3620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-585.exe
        10⤵
        
        PID:5148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55619.exe
        11⤵
        
        PID:6208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49558.exe
        12⤵
        
        PID:8904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9475.exe
        13⤵
        
        PID:11152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10508.exe
        14⤵
        
        PID:12272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11152 -s 216
        14⤵
        
        PID:8128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8904 -s 216
        13⤵
        
        PID:11248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5148 -s 216
        11⤵
        
        PID:7464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3620 -s 216
        10⤵
        
        PID:6468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2620 -s 240
        9⤵
        
        PID:4200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39271.exe
        8⤵
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23149.exe
        9⤵
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37451.exe
        10⤵
        
        PID:4396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24042.exe
        11⤵
        
        PID:6036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15157.exe
        12⤵
        
        PID:4932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32122.exe
        13⤵
        
        PID:9828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24987.exe
        14⤵
        
        PID:11952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2780 -s 240
        8⤵
        Program crash
        
        PID:3192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48343.exe
        7⤵
        
        PID:2120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28411.exe
        8⤵
        
        PID:1396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59760.exe
        9⤵
        
        PID:3520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8753.exe
        10⤵
        
        PID:5028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61047.exe
        11⤵
        
        PID:6272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9786.exe
        12⤵
        
        PID:8352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63829.exe
        13⤵
        
        PID:10320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25475.exe
        14⤵
        
        PID:7512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8352 -s 216
        13⤵
        
        PID:11024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6272 -s 216
        12⤵
        
        PID:9640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5028 -s 216
        11⤵
        
        PID:8056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3520 -s 216
        10⤵
        
        PID:6416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1396 -s 236
        9⤵
        
        PID:4136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50777.exe
        8⤵
        
        PID:3720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42002.exe
        9⤵
        
        PID:5296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48603.exe
        10⤵
        
        PID:7084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39335.exe
        11⤵
        
        PID:8684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30363.exe
        12⤵
        
        PID:10740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35480.exe
        13⤵
        
        PID:12136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8684 -s 216
        12⤵
        
        PID:5552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7084 -s 216
        11⤵
        
        PID:9832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5296 -s 236
        10⤵
        
        PID:4472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3720 -s 236
        9⤵
        
        PID:6760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2120 -s 240
        8⤵
        
        PID:4976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 344 -s 240
        7⤵
        Program crash
        
        PID:2852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11503.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57902.exe
        7⤵
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11306.exe
        8⤵
        
        PID:1520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41623.exe
        9⤵
        
        PID:3948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49127.exe
        10⤵
        
        PID:5072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20918.exe
        11⤵
        
        PID:6172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19434.exe
        12⤵
        
        PID:8240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14462.exe
        13⤵
        
        PID:10444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42055.exe
        14⤵
        
        PID:11272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10444 -s 216
        14⤵
        
        PID:11964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8240 -s 216
        13⤵
        
        PID:8180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6172 -s 216
        12⤵
        
        PID:5232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5072 -s 236
        11⤵
        
        PID:7728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3948 -s 216
        10⤵
        
        PID:5176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1520 -s 236
        9⤵
        
        PID:4456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2864 -s 236
        8⤵
        Program crash
        
        PID:3572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39271.exe
        7⤵
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20674.exe
        8⤵
        
        PID:3476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57295.exe
        9⤵
        
        PID:4124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12557.exe
        10⤵
        
        PID:6244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40430.exe
        11⤵
        
        PID:8472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40612.exe
        12⤵
        
        PID:10552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63051.exe
        13⤵
        
        PID:11500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2804 -s 240
        7⤵
        Program crash
        
        PID:3244
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 628 -s 240
        6⤵
        Program crash
        
        PID:2116
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2532 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:1528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44360.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44360.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57907.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37591.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45842.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34057.exe
        8⤵
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17119.exe
        9⤵
        
        PID:3860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32791.exe
        10⤵
        
        PID:4960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29086.exe
        11⤵
        
        PID:6012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5043.exe
        12⤵
        
        PID:8268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10570.exe
        13⤵
        
        PID:10312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31017.exe
        14⤵
        
        PID:12016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10312 -s 216
        14⤵
        
        PID:11576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8268 -s 216
        13⤵
        
        PID:11260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6012 -s 216
        12⤵
        
        PID:2544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4960 -s 216
        11⤵
        
        PID:7692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3860 -s 216
        10⤵
        
        PID:6120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2272 -s 236
        9⤵
        
        PID:4408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36147.exe
        8⤵
        
        PID:3888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43097.exe
        9⤵
        
        PID:4920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24426.exe
        10⤵
        
        PID:6000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17680.exe
        11⤵
        
        PID:7868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19725.exe
        12⤵
        
        PID:9516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35101.exe
        13⤵
        
        PID:12048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9516 -s 216
        13⤵
        
        PID:11624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7868 -s 216
        12⤵
        
        PID:10648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6000 -s 236
        11⤵
        
        PID:8828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4920 -s 216
        10⤵
        
        PID:7620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3888 -s 216
        9⤵
        
        PID:6108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 448 -s 220
        8⤵
        Program crash
        
        PID:4376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42779.exe
        7⤵
        
        PID:396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61706.exe
        8⤵
        
        PID:3388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23061.exe
        9⤵
        
        PID:1556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33554.exe
        10⤵
        
        PID:6492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6492 -s 188
        11⤵
        
        PID:6784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1556 -s 216
        10⤵
        
        PID:8136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3388 -s 216
        9⤵
        
        PID:5612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 396 -s 236
        8⤵
        
        PID:4620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2656 -s 240
        7⤵
        Program crash
        
        PID:2032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56703.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22298.exe
        7⤵
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57191.exe
        8⤵
        
        PID:3164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40684.exe
        9⤵
        
        PID:3492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41509.exe
        10⤵
        
        PID:6016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55640.exe
        11⤵
        
        PID:8088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54732.exe
        12⤵
        
        PID:9320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11141.exe
        13⤵
        
        PID:11112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9320 -s 236
        13⤵
        
        PID:11880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8088 -s 216
        12⤵
        
        PID:9824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6016 -s 216
        11⤵
        
        PID:8312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3492 -s 216
        10⤵
        
        PID:6404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3164 -s 216
        9⤵
        
        PID:5408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2572 -s 236
        8⤵
        Program crash
        
        PID:3264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41409.exe
        7⤵
        
        PID:3204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46138.exe
        8⤵
        
        PID:4056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41509.exe
        9⤵
        
        PID:6040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10907.exe
        10⤵
        
        PID:7824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64846.exe
        11⤵
        
        PID:5972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22434.exe
        12⤵
        
        PID:10244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5972 -s 236
        12⤵
        
        PID:11752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7824 -s 216
        11⤵
        
        PID:9792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6040 -s 216
        10⤵
        
        PID:9088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4056 -s 216
        9⤵
        
        PID:6372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3204 -s 216
        8⤵
        
        PID:5460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1588 -s 220
        7⤵
        Program crash
        
        PID:3968
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1448 -s 240
        6⤵
        Program crash
        
        PID:600
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1572 -s 236
        5⤵
        Program crash
        
        PID:2752
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2876 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:2124
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23856.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23856.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8994.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8994.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13161.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53844.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-642.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49734.exe
        8⤵
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63221.exe
        9⤵
        
        PID:1560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52806.exe
        10⤵
        
        PID:3212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26076.exe
        11⤵
        
        PID:4804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39776.exe
        12⤵
        
        PID:6456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64934.exe
        13⤵
        
        PID:8592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9693.exe
        14⤵
        
        PID:10700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26980.exe
        15⤵
        
        PID:11548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11114.exe
        9⤵
        
        PID:3268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37451.exe
        10⤵
        
        PID:4360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37891.exe
        11⤵
        
        PID:6148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46844.exe
        12⤵
        
        PID:8860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60046.exe
        13⤵
        
        PID:11088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40659.exe
        14⤵
        
        PID:12236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61830.exe
        8⤵
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62043.exe
        9⤵
        
        PID:4068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30845.exe
        10⤵
        
        PID:4852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53206.exe
        11⤵
        
        PID:5232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54436.exe
        12⤵
        
        PID:8180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5334.exe
        13⤵
        
        PID:9936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64483.exe
        14⤵
        
        PID:6736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33952.exe
        7⤵
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28411.exe
        8⤵
        
        PID:676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47124.exe
        9⤵
        
        PID:3728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26652.exe
        10⤵
        
        PID:5068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61374.exe
        11⤵
        
        PID:5344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19386.exe
        12⤵
        
        PID:8964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23674.exe
        13⤵
        
        PID:11216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47073.exe
        14⤵
        
        PID:11320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11216 -s 216
        14⤵
        
        PID:7276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8964 -s 236
        13⤵
        
        PID:1620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5344 -s 216
        12⤵
        
        PID:9500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5068 -s 216
        11⤵
        
        PID:7584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3728 -s 236
        10⤵
        
        PID:6056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 676 -s 216
        9⤵
        
        PID:4720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47679.exe
        8⤵
        
        PID:3852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20238.exe
        9⤵
        
        PID:4676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31992.exe
        10⤵
        
        PID:6804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12225.exe
        11⤵
        
        PID:8708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18630.exe
        12⤵
        
        PID:11004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35314.exe
        13⤵
        
        PID:12084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11004 -s 216
        13⤵
        
        PID:4396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8708 -s 216
        12⤵
        
        PID:8476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6804 -s 216
        11⤵
        
        PID:9300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4676 -s 216
        10⤵
        
        PID:7204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3852 -s 216
        9⤵
        
        PID:5876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1568 -s 240
        8⤵
        
        PID:4812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1968 -s 220
        7⤵
        Program crash
        
        PID:2384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1197.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61986.exe
        7⤵
        
        PID:1272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60507.exe
        8⤵
        
        PID:1408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30980.exe
        9⤵
        
        PID:3280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47757.exe
        10⤵
        
        PID:4268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47944.exe
        11⤵
        
        PID:6428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32262.exe
        12⤵
        
        PID:8508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15916.exe
        13⤵
        
        PID:10660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63051.exe
        14⤵
        
        PID:6076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10660 -s 216
        14⤵
        
        PID:12004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8508 -s 216
        13⤵
        
        PID:10996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6428 -s 236
        12⤵
        
        PID:8816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4268 -s 216
        11⤵
        
        PID:8112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3280 -s 216
        10⤵
        
        PID:5424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1408 -s 236
        9⤵
        
        PID:4528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41840.exe
        8⤵
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51649.exe
        9⤵
        
        PID:4736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59620.exe
        10⤵
        
        PID:6336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42568.exe
        11⤵
        
        PID:8332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4156.exe
        12⤵
        
        PID:10480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48277.exe
        13⤵
        
        PID:12256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10480 -s 216
        13⤵
        
        PID:7848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8332 -s 216
        12⤵
        
        PID:10684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6336 -s 216
        11⤵
        
        PID:3184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4736 -s 216
        10⤵
        
        PID:7968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2196 -s 216
        9⤵
        
        PID:5768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1272 -s 240
        8⤵
        
        PID:4636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22167.exe
        7⤵
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14835.exe
        8⤵
        
        PID:4028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12453.exe
        9⤵
        
        PID:4728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63979.exe
        10⤵
        
        PID:7088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28562.exe
        11⤵
        
        PID:8736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8515.exe
        12⤵
        
        PID:10940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40576.exe
        13⤵
        
        PID:6860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10940 -s 216
        13⤵
        
        PID:11676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8736 -s 216
        12⤵
        
        PID:10560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7088 -s 216
        11⤵
        
        PID:9356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4728 -s 216
        10⤵
        
        PID:7384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4028 -s 216
        9⤵
        
        PID:6196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3052 -s 236
        8⤵
        
        PID:4344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2372 -s 240
        7⤵
        Program crash
        
        PID:3532
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2836 -s 240
        6⤵
        Program crash
        
        PID:2328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38062.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-642.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14923.exe
        7⤵
        
        PID:2364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46117.exe
        8⤵
        
        PID:2204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25287.exe
        9⤵
        
        PID:3800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36875.exe
        10⤵
        
        PID:5016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30264.exe
        11⤵
        
        PID:5972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13211.exe
        12⤵
        
        PID:8084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35630.exe
        13⤵
        
        PID:9580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46969.exe
        14⤵
        
        PID:11908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9505.exe
        8⤵
        
        PID:3828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24623.exe
        9⤵
        
        PID:5044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18972.exe
        10⤵
        
        PID:6140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7181.exe
        11⤵
        
        PID:8108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38583.exe
        12⤵
        
        PID:10276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52013.exe
        13⤵
        
        PID:12148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48810.exe
        7⤵
        
        PID:2492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61514.exe
        8⤵
        
        PID:3684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15687.exe
        9⤵
        
        PID:4468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42132.exe
        10⤵
        
        PID:5336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48515.exe
        11⤵
        
        PID:8000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35246.exe
        12⤵
        
        PID:9348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64679.exe
        6⤵
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29781.exe
        7⤵
        
        PID:1548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52806.exe
        8⤵
        
        PID:3216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8862.exe
        9⤵
        
        PID:4220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43476.exe
        10⤵
        
        PID:6116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58328.exe
        11⤵
        
        PID:8200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53165.exe
        12⤵
        
        PID:9924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31401.exe
        13⤵
        
        PID:12188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1548 -s 216
        8⤵
        
        PID:4568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2360 -s 236
        7⤵
        Program crash
        
        PID:3348
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1844 -s 240
        6⤵
        Program crash
        
        PID:2724
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 984 -s 240
        5⤵
        Program crash
        
        PID:1484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24022.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24022.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53844.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-642.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53818.exe
        7⤵
        
        PID:1436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46117.exe
        8⤵
        
        PID:896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12842.exe
        9⤵
        
        PID:3152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30160.exe
        10⤵
        
        PID:4884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47368.exe
        11⤵
        
        PID:6276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58904.exe
        12⤵
        
        PID:8380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14353.exe
        13⤵
        
        PID:10768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11219.exe
        14⤵
        
        PID:6972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39271.exe
        7⤵
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20674.exe
        8⤵
        
        PID:3428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11685.exe
        9⤵
        
        PID:4936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21302.exe
        10⤵
        
        PID:6548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20010.exe
        11⤵
        
        PID:8416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13969.exe
        12⤵
        
        PID:10568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5106.exe
        13⤵
        
        PID:11324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1197.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10839.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36003.exe
        7⤵
        
        PID:1140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39340.exe
        8⤵
        
        PID:3328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10699.exe
        9⤵
        
        PID:5216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37913.exe
        10⤵
        
        PID:6240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8525.exe
        11⤵
        
        PID:8936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27182.exe
        12⤵
        
        PID:11116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18101.exe
        13⤵
        
        PID:12200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11116 -s 216
        13⤵
        
        PID:8228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8936 -s 216
        12⤵
        
        PID:11252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6240 -s 216
        11⤵
        
        PID:9492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5216 -s 236
        10⤵
        
        PID:7504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3328 -s 216
        9⤵
        
        PID:6660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1140 -s 236
        8⤵
        
        PID:4288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2756 -s 236
        7⤵
        Program crash
        
        PID:3308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28389.exe
        6⤵
        
        PID:264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48084.exe
        7⤵
        
        PID:3884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19444.exe
        8⤵
        
        PID:5324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32843.exe
        9⤵
        
        PID:6792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57617.exe
        10⤵
        
        PID:8820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32309.exe
        11⤵
        
        PID:10960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18952.exe
        12⤵
        
        PID:7460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8820 -s 216
        11⤵
        
        PID:10500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6792 -s 216
        10⤵
        
        PID:9900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5324 -s 216
        9⤵
        
        PID:7832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3884 -s 236
        8⤵
        
        PID:6864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 264 -s 236
        7⤵
        
        PID:5004
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1476 -s 240
        6⤵
        Program crash
        
        PID:3772
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2260 -s 240
        5⤵
        Program crash
        
        PID:2940
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2460 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1740
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3036 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:1440
- C:\Users\Admin\AppData\Local\Temp\Unicorn-33010.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-33010.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2676
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17080.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17080.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13078.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13078.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21330.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20404.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8234.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25422.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51716.exe
        9⤵
        
        PID:3132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19496.exe
        10⤵
        
        PID:3664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1208.exe
        11⤵
        
        PID:5160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9407.exe
        12⤵
        
        PID:7388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2770.exe
        13⤵
        
        PID:9132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38422.exe
        14⤵
        
        PID:11240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1821.exe
        15⤵
        
        PID:9828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9132 -s 216
        14⤵
        
        PID:11420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7388 -s 216
        13⤵
        
        PID:10028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5160 -s 216
        12⤵
        
        PID:8576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3664 -s 216
        11⤵
        
        PID:6564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3132 -s 216
        10⤵
        
        PID:5580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2220 -s 236
        9⤵
        Program crash
        
        PID:3960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53579.exe
        8⤵
        
        PID:2952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7990.exe
        9⤵
        
        PID:3296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46138.exe
        10⤵
        
        PID:4024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56439.exe
        11⤵
        
        PID:5208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3377.exe
        12⤵
        
        PID:7344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19107.exe
        13⤵
        
        PID:8340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5557.exe
        14⤵
        
        PID:10436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44608.exe
        15⤵
        
        PID:11760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8340 -s 216
        14⤵
        
        PID:11484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7344 -s 216
        13⤵
        
        PID:10064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5208 -s 216
        12⤵
        
        PID:8364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4024 -s 216
        11⤵
        
        PID:6584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3296 -s 236
        10⤵
        
        PID:5668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2952 -s 236
        9⤵
        Program crash
        
        PID:3568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3056 -s 240
        8⤵
        Program crash
        
        PID:1780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62925.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46309.exe
        8⤵
        
        PID:580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57575.exe
        9⤵
        
        PID:3656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1104.exe
        10⤵
        
        PID:4192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25905.exe
        11⤵
        
        PID:5576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39195.exe
        12⤵
        
        PID:7304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28749.exe
        13⤵
        
        PID:9736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56533.exe
        14⤵
        
        PID:8776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9736 -s 216
        14⤵
        
        PID:11636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7304 -s 216
        13⤵
        
        PID:10348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5576 -s 216
        12⤵
        
        PID:8616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4192 -s 236
        11⤵
        
        PID:6332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3656 -s 216
        10⤵
        
        PID:5868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 580 -s 236
        9⤵
        Program crash
        
        PID:4152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33625.exe
        8⤵
        
        PID:3704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23663.exe
        9⤵
        
        PID:4224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48463.exe
        10⤵
        
        PID:5712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55531.exe
        11⤵
        
        PID:7332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20389.exe
        12⤵
        
        PID:9808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21723.exe
        13⤵
        
        PID:8668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9808 -s 216
        13⤵
        
        PID:11640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7332 -s 236
        12⤵
        
        PID:10420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5712 -s 236
        11⤵
        
        PID:8672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4224 -s 236
        10⤵
        
        PID:6348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3704 -s 216
        9⤵
        
        PID:5884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2824 -s 240
        8⤵
        Program crash
        
        PID:316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2332 -s 240
        7⤵
        Program crash
        
        PID:772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53906.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9085.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2069.exe
        8⤵
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45131.exe
        9⤵
        
        PID:2480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45946.exe
        10⤵
        
        PID:3124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64368.exe
        11⤵
        
        PID:5496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56278.exe
        12⤵
        
        PID:7232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25329.exe
        13⤵
        
        PID:9020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13725.exe
        14⤵
        
        PID:10288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5713.exe
        15⤵
        
        PID:6948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9020 -s 216
        14⤵
        
        PID:11476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7232 -s 236
        13⤵
        
        PID:10004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5496 -s 236
        12⤵
        
        PID:4360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3124 -s 236
        11⤵
        
        PID:7028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2480 -s 236
        10⤵
        
        PID:4140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50585.exe
        9⤵
        
        PID:3180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41810.exe
        10⤵
        
        PID:5428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54332.exe
        11⤵
        
        PID:7136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33689.exe
        12⤵
        
        PID:8960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24717.exe
        13⤵
        
        PID:11136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44032.exe
        14⤵
        
        PID:4220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8960 -s 216
        13⤵
        
        PID:11328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7136 -s 236
        12⤵
        
        PID:9964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5428 -s 216
        11⤵
        
        PID:7844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3180 -s 216
        10⤵
        
        PID:7012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3028 -s 240
        9⤵
        
        PID:5104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13013.exe
        8⤵
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62282.exe
        9⤵
        
        PID:3332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28188.exe
        10⤵
        
        PID:5600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56278.exe
        11⤵
        
        PID:7240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14638.exe
        12⤵
        
        PID:8872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20057.exe
        13⤵
        
        PID:11032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37426.exe
        14⤵
        
        PID:12120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8872 -s 216
        13⤵
        
        PID:5700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7240 -s 216
        12⤵
        
        PID:9928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5600 -s 216
        11⤵
        
        PID:7224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3332 -s 236
        10⤵
        
        PID:7052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2644 -s 216
        9⤵
        
        PID:4120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2820 -s 240
        8⤵
        Program crash
        
        PID:3340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12930.exe
        7⤵
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18489.exe
        8⤵
        
        PID:1928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41670.exe
        9⤵
        
        PID:3564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64944.exe
        10⤵
        
        PID:5724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43834.exe
        11⤵
        
        PID:7288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-632.exe
        12⤵
        
        PID:8412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7503.exe
        13⤵
        
        PID:932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-127.exe
        14⤵
        
        PID:6544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8412 -s 216
        13⤵
        
        PID:11532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7288 -s 216
        12⤵
        
        PID:10056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5724 -s 216
        11⤵
        
        PID:8100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3564 -s 236
        10⤵
        
        PID:7060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1928 -s 236
        9⤵
        
        PID:4952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1540 -s 236
        8⤵
        Program crash
        
        PID:3824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2380 -s 240
        7⤵
        Program crash
        
        PID:556
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 652 -s 240
        6⤵
        Program crash
        
        PID:532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-538.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51981.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11031.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11991.exe
        8⤵
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42801.exe
        9⤵
        
        PID:3256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30378.exe
        10⤵
        
        PID:3176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64067.exe
        11⤵
        
        PID:6060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29190.exe
        12⤵
        
        PID:7980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32366.exe
        13⤵
        
        PID:6552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45376.exe
        14⤵
        
        PID:8596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6552 -s 216
        14⤵
        
        PID:11828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7980 -s 216
        13⤵
        
        PID:9316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6060 -s 216
        12⤵
        
        PID:8212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3176 -s 216
        11⤵
        
        PID:3428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3256 -s 216
        10⤵
        
        PID:5468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2136 -s 236
        9⤵
        Program crash
        
        PID:3560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27019.exe
        8⤵
        
        PID:3312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61104.exe
        9⤵
        
        PID:3632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23767.exe
        10⤵
        
        PID:6132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24374.exe
        11⤵
        
        PID:7440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59947.exe
        12⤵
        
        PID:8600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42807.exe
        13⤵
        
        PID:4256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20296.exe
        14⤵
        
        PID:9580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8600 -s 216
        13⤵
        
        PID:11412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7440 -s 216
        12⤵
        
        PID:10092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6132 -s 216
        11⤵
        
        PID:8644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3632 -s 216
        10⤵
        
        PID:6480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3312 -s 216
        9⤵
        
        PID:5588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1704 -s 240
        8⤵
        Program crash
        
        PID:4088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48426.exe
        7⤵
        
        PID:2560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29179.exe
        8⤵
        
        PID:3380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40108.exe
        9⤵
        
        PID:3148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25173.exe
        10⤵
        
        PID:5980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40866.exe
        11⤵
        
        PID:7748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15069.exe
        12⤵
        
        PID:8720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26710.exe
        13⤵
        
        PID:11128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8720 -s 236
        13⤵
        
        PID:11704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7748 -s 216
        12⤵
        
        PID:6028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5980 -s 216
        11⤵
        
        PID:9072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3148 -s 216
        10⤵
        
        PID:6316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3380 -s 236
        9⤵
        
        PID:5400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5852.exe
        8⤵
        
        PID:3396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39563.exe
        9⤵
        
        PID:5952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36782.exe
        10⤵
        
        PID:7704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21292.exe
        11⤵
        
        PID:8568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36824.exe
        12⤵
        
        PID:4260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8568 -s 216
        12⤵
        
        PID:11728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7704 -s 216
        11⤵
        
        PID:9424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5952 -s 216
        10⤵
        
        PID:9028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3396 -s 216
        9⤵
        
        PID:6324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2560 -s 240
        8⤵
        
        PID:5356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2468 -s 240
        7⤵
        Program crash
        
        PID:992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13724.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64783.exe
        7⤵
        
        PID:1296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10896.exe
        8⤵
        
        PID:3920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6148.exe
        9⤵
        
        PID:4988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10035.exe
        10⤵
        
        PID:4072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41992.exe
        11⤵
        
        PID:7596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56289.exe
        12⤵
        
        PID:9604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54151.exe
        13⤵
        
        PID:12096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9604 -s 216
        13⤵
        
        PID:6892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7596 -s 216
        12⤵
        
        PID:10760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4072 -s 216
        11⤵
        
        PID:8716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4988 -s 216
        10⤵
        
        PID:7632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3920 -s 216
        9⤵
        
        PID:5128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1296 -s 216
        8⤵
        
        PID:4424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48400.exe
        7⤵
        
        PID:3992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37451.exe
        8⤵
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64280.exe
        9⤵
        
        PID:6520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15734.exe
        10⤵
        
        PID:8772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21344.exe
        11⤵
        
        PID:11044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49512.exe
        12⤵
        
        PID:12140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3992 -s 216
        8⤵
        
        PID:3800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 328 -s 240
        7⤵
        
        PID:4608
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1036 -s 240
        6⤵
        Program crash
        
        PID:340
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2720 -s 240
        5⤵
        Program crash
        
        PID:2356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19938.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19938.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64150.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45759.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27368.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19427.exe
        8⤵
        
        PID:3496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39807.exe
        9⤵
        
        PID:4336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18313.exe
        10⤵
        
        PID:5836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15458.exe
        11⤵
        
        PID:7804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18718.exe
        12⤵
        
        PID:10204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20244.exe
        13⤵
        
        PID:11664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10204 -s 236
        13⤵
        
        PID:12012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7804 -s 216
        12⤵
        
        PID:10868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5836 -s 216
        11⤵
        
        PID:8724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4336 -s 216
        10⤵
        
        PID:6684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3496 -s 216
        9⤵
        
        PID:5316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2316 -s 216
        8⤵
        Program crash
        
        PID:3724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7969.exe
        7⤵
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57959.exe
        8⤵
        
        PID:4032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49127.exe
        9⤵
        
        PID:5084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43476.exe
        10⤵
        
        PID:3692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3097.exe
        11⤵
        
        PID:7592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55495.exe
        12⤵
        
        PID:10380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42247.exe
        13⤵
        
        PID:12224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5084 -s 216
        10⤵
        
        PID:7676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4032 -s 216
        9⤵
        
        PID:5168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2816 -s 236
        8⤵
        
        PID:4448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2580 -s 220
        7⤵
        Program crash
        
        PID:2524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46397.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27835.exe
        7⤵
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2199.exe
        8⤵
        
        PID:3528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5764.exe
        9⤵
        
        PID:4764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16450.exe
        10⤵
        
        PID:3268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55998.exe
        11⤵
        
        PID:7360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34644.exe
        12⤵
        
        PID:10148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35101.exe
        13⤵
        
        PID:12056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10148 -s 220
        13⤵
        
        PID:11572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7360 -s 236
        12⤵
        
        PID:10524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3268 -s 236
        11⤵
        
        PID:8376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4764 -s 236
        10⤵
        
        PID:7552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3528 -s 236
        9⤵
        
        PID:5784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2680 -s 236
        8⤵
        
        PID:4384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33480.exe
        7⤵
        
        PID:3604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3604 -s 220
        8⤵
        
        PID:5036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1772 -s 220
        7⤵
        
        PID:4712
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1860 -s 240
        6⤵
        Program crash
        
        PID:1660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29977.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61939.exe
        6⤵
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10128.exe
        7⤵
        
        PID:3100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58582.exe
        8⤵
        
        PID:3932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33533.exe
        9⤵
        
        PID:5904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5904 -s 188
        10⤵
        
        PID:6088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3932 -s 216
        9⤵
        
        PID:6268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3100 -s 236
        8⤵
        
        PID:5244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2604 -s 236
        7⤵
        Program crash
        
        PID:4048
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2464 -s 236
        6⤵
        Program crash
        
        PID:1892
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2984 -s 240
        5⤵
        Program crash
        
        PID:1828
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2936 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:892
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50582.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50582.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9077.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9077.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47046.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47897.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6947.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1092 -s 200
        8⤵
        Program crash
        
        PID:2084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2712 -s 236
        7⤵
        Program crash
        
        PID:3584
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1932 -s 236
        6⤵
        Program crash
        
        PID:696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62842.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33590.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60699.exe
        7⤵
        
        PID:1004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12650.exe
        8⤵
        
        PID:3440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-673.exe
        9⤵
        
        PID:4892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40762.exe
        10⤵
        
        PID:3212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34016.exe
        11⤵
        
        PID:8048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46367.exe
        12⤵
        
        PID:9388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45407.exe
        13⤵
        
        PID:11988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9388 -s 216
        13⤵
        
        PID:7316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8048 -s 216
        12⤵
        
        PID:10616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3212 -s 216
        11⤵
        
        PID:8620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4892 -s 236
        10⤵
        
        PID:7644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3440 -s 216
        9⤵
        
        PID:6084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1004 -s 236
        8⤵
        Program crash
        
        PID:3880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46070.exe
        7⤵
        
        PID:3468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15302.exe
        8⤵
        
        PID:4276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26481.exe
        9⤵
        
        PID:5856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54353.exe
        10⤵
        
        PID:7720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14057.exe
        11⤵
        
        PID:10128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34250.exe
        12⤵
        
        PID:11556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10128 -s 216
        12⤵
        
        PID:11976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7720 -s 216
        11⤵
        
        PID:10824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5856 -s 216
        10⤵
        
        PID:8660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4276 -s 216
        9⤵
        
        PID:6644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3468 -s 236
        8⤵
        
        PID:5124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2300 -s 240
        7⤵
        Program crash
        
        PID:3504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22359.exe
        6⤵
        
        PID:1136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37155.exe
        7⤵
        
        PID:3624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50798.exe
        8⤵
        
        PID:3228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41509.exe
        9⤵
        
        PID:6048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51748.exe
        10⤵
        
        PID:7872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23622.exe
        11⤵
        
        PID:5748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2013.exe
        12⤵
        
        PID:8204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5748 -s 216
        12⤵
        
        PID:11720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7872 -s 216
        11⤵
        
        PID:1244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6048 -s 216
        10⤵
        
        PID:9136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3228 -s 216
        9⤵
        
        PID:6380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3624 -s 236
        8⤵
        
        PID:5416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51353.exe
        7⤵
        
        PID:3188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56439.exe
        8⤵
        
        PID:5252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14067.exe
        9⤵
        
        PID:7468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49833.exe
        10⤵
        
        PID:9212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56704.exe
        11⤵
        
        PID:10476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6349.exe
        12⤵
        
        PID:7568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9212 -s 216
        11⤵
        
        PID:11524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7468 -s 216
        10⤵
        
        PID:10036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5252 -s 236
        9⤵
        
        PID:8688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3188 -s 216
        8⤵
        
        PID:6572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1136 -s 240
        7⤵
        
        PID:5660
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1632 -s 240
        6⤵
        Program crash
        
        PID:2000
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2036 -s 240
        5⤵
        Program crash
        
        PID:2160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31264.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31264.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17808.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17721.exe
        6⤵
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55629.exe
        7⤵
        
        PID:3548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21333.exe
        8⤵
        
        PID:4308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12090.exe
        9⤵
        
        PID:5992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3014.exe
        10⤵
        
        PID:2188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51390.exe
        11⤵
        
        PID:9232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24520.exe
        12⤵
        
        PID:11628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9232 -s 216
        12⤵
        
        PID:7036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2188 -s 216
        11⤵
        
        PID:10896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5992 -s 216
        10⤵
        
        PID:1400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4308 -s 216
        9⤵
        
        PID:6812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3548 -s 216
        8⤵
        
        PID:5276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1764 -s 236
        7⤵
        Program crash
        
        PID:3616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25457.exe
        6⤵
        
        PID:3592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38546.exe
        7⤵
        
        PID:3680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64799.exe
        8⤵
        
        PID:6100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16938.exe
        9⤵
        
        PID:7912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60570.exe
        10⤵
        
        PID:8784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59958.exe
        11⤵
        
        PID:10632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8784 -s 236
        11⤵
        
        PID:11780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7912 -s 216
        10⤵
        
        PID:10216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6100 -s 216
        9⤵
        
        PID:9156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3680 -s 216
        8⤵
        
        PID:6476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3592 -s 236
        7⤵
        
        PID:5528
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3024 -s 240
        6⤵
        Program crash
        
        PID:4064
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 944 -s 216
        5⤵
        Program crash
        
        PID:1864
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2772 -s 240
      4⤵
      Program crash
      PID:1652
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2676 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2200
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1712 -s 240
  2⤵
  - Program crash
  PID:2652

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10839.exe

Filesize
184KB

MD5
59b045fa26fb1117ead4826b974dd756

SHA1
441f844599b90ef5eb35e2f1c214bcfad7816b34

SHA256
ce704b964f6b9a83dcd50c86c0fbe6a6804aaa0530f219f66335454309c5bec1

SHA512
67890373f90897ab7df995431a6ee68cd1a8d94f909a276330347f637aff692789b002a3f809f62dab630e3976b329126b1d782862cb6ffc6505a003a539d1d2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23149.exe

Filesize
184KB

MD5
1f04dceca00047fdbd1e399f9fef9487

SHA1
472c2a64c420ae5ecfe1130b2f47206e5ebfb2b9

SHA256
857509ae7d96f4cb6d081af5595a90be0bef3c8bd4a0e651c5de683537b42bef

SHA512
1a992f91d4db867cf6e284dee58717c2b3f577b7cc33e9959c4b270da32443a67f30166729956c471bb8cefe47e859b2d39a60420794186d789d84ae1dbc0ff2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23856.exe

Filesize
184KB

MD5
a33b393f81d9a1d938bde7646a95d38b

SHA1
538397a7c3d675e00cede4e0d6dde41010f75881

SHA256
44eb2addc41048c87115ad15df7eab728fcc6856ba3cd267be7b2d750060f7f3

SHA512
e952d91dcf2400d7d37ecdda4c2303fe92404cdd39f9e9cb290432948eae879706a166a02c679aacb8a937cc1f2718794055e48e3b74b1d1f9a0f3ff41eee497

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39335.exe

Filesize
184KB

MD5
7be5bd555ed38becb5a3ea4f57607a5e

SHA1
c99297c43989f3ca1e1b58a21673e64bfcddc60f

SHA256
dae10ac206c9020611b543551cec29af2326b7a9906dc4aeedacc8f6ab175f02

SHA512
1ec6e86f4255ea04935799c31fc7405ce65f481b7a6333c02a603867f8b880f3f983cfddee43ad72b297af5936daf2d1ddbcc4ae8af2426cd9961d2799de5329

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40430.exe

Filesize
184KB

MD5
c81662c9b4a7d49cf82b8c4eddac10ff

SHA1
74785e7175c41e462db043ac36d49ec6eddaaf2d

SHA256
4372f402b9a415b11d83bda26876813d51462e7d5bd45280d3b5d52d514c1324

SHA512
3f31d83d78be7a2212032eee317945515400d0253ab7a7c96af6532c2060e2480c6af0c70839365764d94c21c735883d95c4d81e77edb3f571cb047c6091af36

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40866.exe

Filesize
184KB

MD5
d43f3bc9cdfdcfaedd93f9d4c9050de6

SHA1
80f51895695c40d1a6fbb306fffedb83f081703c

SHA256
ff7d4d7139834211b2c17662e2a5331c4dead3f6d554da36e7ba54d0c17e12ec

SHA512
2c99845e573ba02dd12660e0e3d94b878b1c9ff1265c40c5b78b2d0eea22ca9ebd91ac7c13f48b4504441dc86086f20b6f9e274423cd3b2e45ad5e9626c5d790

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41509.exe

Filesize
184KB

MD5
d75d474081fec683bb6bbe468858c456

SHA1
0cf37aceb92f341fbe712bf252492958e76f9244

SHA256
70e1fe4829986423c024a5691eaccdb624b5c093cefa33dbce68106c2c486005

SHA512
47621c4e4f53f4bdbad411ba0710a4a3fceeca2be80fa3a6f1a9527459c4d8a0db131049d0381909f1f4f2f72bebc3dbe3464c880826b71ebda4c78acbd8d12e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44360.exe

Filesize
184KB

MD5
37f4c877c976b8eb867987abc737234f

SHA1
3a50722abf0a8d2e8cc2e0c160b5e794b7db73c9

SHA256
95180e8aebba634a0cbc6014145332fbce482b1b037d4dcb635403a05223cf4f

SHA512
82d730f5f28b4892aaeabdc2e435b036e2cb786b6dc93bf80af023fcc17df91be265274ebade5bf31040afd90ba1aa76700102d4e9c08f57dc7ca8aee3b29097

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46844.exe

Filesize
184KB

MD5
8de9099d7f014a2f17c65120787843f1

SHA1
c79509f7a3af5b438ea45639724dfffd37d3654b

SHA256
802b8aec14f27466d654f9c0efb3bab0447f0d7142bcb0524cca45866deae31e

SHA512
581b6aa9affdb07fee5ea94d276d4ee0065d92dbd1da69567c4df1a575c1a1740d7404481c436dca97eb5497fa562059b6c9df8e68e4dd6a1be3e0ef095aa34b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46969.exe

Filesize
184KB

MD5
8526ab38ed794a8d2c6e0a28c473cf11

SHA1
d6b37c26e6fe433c193420efa7e23204fb07ee22

SHA256
225036f19af1e975911c2cf141aad63fb41b3f13130b838ae5e60ae369a8db08

SHA512
00d241e4320d34585ce1d776e3380094ec929f8f761749b242cf47bee5ada5aea18ecc94735d62b47c0614856a2a025f3933dc91ea1547a99878c3b1707fbd05

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50582.exe

Filesize
184KB

MD5
2beb8dd27e668f3ce258150a7231fea8

SHA1
b1e1d7875add4402e448e6082270ff1961072db0

SHA256
2af26dde1bc6cf2a63455586f64d13d8368617bcd74d8cf85a2e5a1bb598287f

SHA512
d86aa4f5d5524d22a6767a72c022003bb5e146a394e0dd7490c66dc0d29be9d83ad82fc331f272e48da4545703fb5a3c2944cc41501c1e618c4eaf91376f0ec2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52876.exe

Filesize
184KB

MD5
6068e7431231ac6845cc995eb7e44cdb

SHA1
b395a0cdc4e253a155046dd46c970b09534a3b52

SHA256
7001eda16f997d31b7a6d2f2ac197ee8323eb0b567cd9010cbad660ef165e751

SHA512
8414346e33215522c09309257dbe66627c520da2a3f6558cf5beb2dc15a3b0a153a45b492be217dac86cd69785b8790c4fb69dc924b8fb9c2576651afb0b04d4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5764.exe

Filesize
184KB

MD5
a11c8e62c1bd17c042e8516f73d269e8

SHA1
daecf85166858cece8819933744e38e9437e2f8b

SHA256
4c3d4cebb14d5927b3fea41a63c7618d8a095f7e11a177ee9106d5a96c374735

SHA512
bec59a7e04a74b8ef6efd4ee2380e2030c53f0f552767212c7b7783927e53d6e7c4ae608569a4628a0933310822cc7ba615095d12ef7e269ce265d144f14550f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6755.exe

Filesize
184KB

MD5
ef7206af6d13221a441fd890db27f0bf

SHA1
595904f8a52a5191240d433cd0b404d4c65314d2

SHA256
8bcdbf30e7d4d30da699603027ea1f14fe506749d20044596365b8d3c7882786

SHA512
fbc0035d9e4981f13d8458bf5d672d3eb3ab0c5ad651fd11105adc141f2899dd55afb85062a0147a1393653cca1703f79ab1c1a5ea283ed5edb03d5a8fbe8b56

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8994.exe

Filesize
184KB

MD5
072899f36b76625ea812640df852c856

SHA1
e2f3fed2913d61459ea2ebbe5233d94f475b9625

SHA256
047589131b08dcf9536b41ddcbb98589aacbe30d4d580cfcd012e333218512c1

SHA512
b9a29e92656435ff40093acb9b48e6637beeb38ff8a61b06b0f5258d961b09d442f743ee15bbff5b6aa0ee0f28227876eb34a89ac7a738cd69fce9a235f4dfe7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-13078.exe

Filesize
184KB

MD5
06ed378963a14cde0f80b64bd3d7c6ba

SHA1
c23e8a9f2dd2697bb53f88bf663592a2ffc0fa63

SHA256
fb5a20b6f386f84b8203456c729fc770e8659f5be9bca5961a80191b8f9de5f4

SHA512
6ce11942dfc518eeed084d8785dce500abf6a2e1b4b828e1db3d4ccd2aa190a21c1b0fc985bb7208d0cff78c3da0a22b144d4f83e60f2a3bef90fd00d3573b0a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-17080.exe

Filesize
184KB

MD5
b3a2067fb7be2345b4d1d1ceb1f274ba

SHA1
3bc11db9442ad7eb21a81bb42063e8956710e95a

SHA256
f649a43b90a9c4baa2a3ae2a20807500690b1b5bf628805ef79807ee064f0e69

SHA512
bb83d5ee26c379faf35e5947db11526afd4a3275cb533fca56bf5a1f26ba668bf0cbab57ed5bf03e4bb3652a6a3aa5c588038bbd936fad5d80260c89be1de632

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-19938.exe

Filesize
184KB

MD5
cc74e0a3bbe4fe8d13e03c205a073153

SHA1
90379bfe84e11fccc0c94c58fd7f7ed7e56f6417

SHA256
7d3cd65e13daeaeef46ec2f7eeeb827e2844a1377d8d86f277661537fe7c5d42

SHA512
de293524bbb6fb150e109d172083861cfe211bae19a3fea095c78789b40616011c8f0542ebb129a3bd27ba34a43b8408b4714507fc8c95e95e495ef277fec593

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-21330.exe

Filesize
184KB

MD5
16606ef946e8f376c360d2562d3ac9e7

SHA1
1cb709bf8a7e8fb2e6a311832bed5ee608e8207c

SHA256
f2546071748c841237dfab4b815b3ed21365091ce40071c8b6a459f768c1ee53

SHA512
08428e4716f3af1425453ef5a4d2f00e5d3e6d8945c9082114b50b2c8d7ac9a5cd164d561008d6d3215ca75eab2914d449a0835931599225a1e2d6b6ec371df2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-22067.exe

Filesize
184KB

MD5
6009130d9ea972fa847ee1a07a5be960

SHA1
9dac66786098d897029fecd6cf88de06a2945b87

SHA256
72b525e9b7d13d014a5d57fa9f3cb8c7babfa7452d648af82c79a32b2b553929

SHA512
4485cb532c88c6bd50b9f4c8849f6c058160227a493c9ad4ded5a10ca47fdc7490be6d4d7ce8ecc4c3993be6c6066010925e0faa2aa8652f95b596bde273a570

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-33010.exe

Filesize
184KB

MD5
c8deda6797e21c294e0d7a0e398bb2d6

SHA1
2e8ef3ffc5a863b643a926c21cad94cdeeedac97

SHA256
78d7d3502a3637a49447b23c4fdb9b408147925a8fcceb896e93a3a8e4fa633d

SHA512
50137f4b0b5a36e5df589538ab392b698d3497146a3616e2b14233c193fd3b6bdda64da1e72fd7b82f25792480744fdceb6c1dc335591c2df0b5701ab3ef8dba

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-43722.exe

Filesize
184KB

MD5
0b4fdd1abe88ae01f935b72c6c27ec50

SHA1
ef24f76f0da7425fe19723ecc843cf833d3c74ce

SHA256
71a790378a09fe30b5165b08b574f6f55857554d2a2ee6f6d501e780ff496694

SHA512
50b3a082a4a472556ed2e8c2324209935fa7fb8434363cbe9ebd0f750b599d4de5868ac970e4f942dc25c252a4e4c68490c8cc23339af8e37e06f5a90745a738

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9077.exe

Filesize
184KB

MD5
d3ebd323f62ccfb205d04bbde6d01e39

SHA1
925ea89683f59e4c9a27390aec9a86a4a2cd22d7

SHA256
649983055d29bde2003031174ca4fa0c56cd74b8cb2ecb9862efa2413ad5f621

SHA512
97bfda695d520d34b66f72f87c618563687ffa41a109378579a1422db3efe02317946e42a6f97abe16c02450ff90f6263265c31fa36b5cb13e2776da5ba5bad5

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads