ac5a28d98a475eda160cbf9b07d23439bdd339ee44283002ee0819063a66aab7

Analysis

max time kernel
150s
max time network
119s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
24/05/2024, 01:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ac5a28d98a475eda160cbf9b07d23439bdd339ee44283002ee0819063a66aab7.exe
Size

184KB
MD5

34fc10e6b37428e0408a8f579df0c821
SHA1

ba3ba966181b5427a6c7d9cdad43f3fdf4f91bef
SHA256

ac5a28d98a475eda160cbf9b07d23439bdd339ee44283002ee0819063a66aab7
SHA512

31ea7017fa417219e0419ac52b0ed40963d9031476b864b577a6718b9e1fd4c97693aee62b6996333961a94e06ac610be598c1bfc066aadec2ca5ab877d5d075
SSDEEP

3072:tYJJto+KJaTdHtneGaLRCsj3lnViF7n3:tYZoqJHtoLIsj3lnViF7

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2088	Unicorn-16884.exe
1728	Unicorn-10114.exe
2732	Unicorn-55786.exe
2844	Unicorn-17566.exe
2616	Unicorn-37432.exe
3016	Unicorn-37432.exe
2436	Unicorn-14422.exe
2700	Unicorn-46410.exe
2804	Unicorn-46410.exe
1532	Unicorn-26544.exe
2816	Unicorn-60286.exe
2412	Unicorn-18348.exe
1436	Unicorn-38214.exe
1212	Unicorn-53865.exe
2008	Unicorn-51597.exe
1936	Unicorn-5925.exe
872	Unicorn-6117.exe
1852	Unicorn-38406.exe
1424	Unicorn-51789.exe
704	Unicorn-14327.exe
2892	Unicorn-6455.exe
1860	Unicorn-36667.exe
1232	Unicorn-24245.exe
1932	Unicorn-39512.exe
2644	Unicorn-19646.exe
916	Unicorn-57109.exe
2900	Unicorn-49823.exe
2148	Unicorn-4151.exe
1456	Unicorn-34363.exe
1964	Unicorn-5098.exe
1216	Unicorn-24964.exe
1608	Unicorn-31098.exe
2608	Unicorn-12493.exe
2768	Unicorn-62955.exe
2612	Unicorn-17284.exe
2524	Unicorn-41600.exe
2464	Unicorn-30055.exe
2968	Unicorn-30823.exe
2660	Unicorn-12348.exe
2684	Unicorn-42944.exe
312	Unicorn-42944.exe
1580	Unicorn-42944.exe
2820	Unicorn-13344.exe
2796	Unicorn-33210.exe
2984	Unicorn-19874.exe
2988	Unicorn-200.exe
2304	Unicorn-20066.exe
2912	Unicorn-51202.exe
1120	Unicorn-14123.exe
1320	Unicorn-1508.exe
1712	Unicorn-49832.exe
1028	Unicorn-30158.exe
2232	Unicorn-34949.exe
708	Unicorn-12945.exe
2784	Unicorn-2276.exe
2172	Unicorn-49266.exe
2536	Unicorn-49458.exe
924	Unicorn-54632.exe
2596	Unicorn-22344.exe
2736	Unicorn-33012.exe
2456	Unicorn-22344.exe
2472	Unicorn-2058.exe
2652	Unicorn-17326.exe
2460	Unicorn-2250.exe

Loads dropped DLL 64 IoCs

pid	Process
1584	ac5a28d98a475eda160cbf9b07d23439bdd339ee44283002ee0819063a66aab7.exe
1584	ac5a28d98a475eda160cbf9b07d23439bdd339ee44283002ee0819063a66aab7.exe
1584	ac5a28d98a475eda160cbf9b07d23439bdd339ee44283002ee0819063a66aab7.exe
2088	Unicorn-16884.exe
1584	ac5a28d98a475eda160cbf9b07d23439bdd339ee44283002ee0819063a66aab7.exe
2088	Unicorn-16884.exe
2088	Unicorn-16884.exe
1728	Unicorn-10114.exe
2732	Unicorn-55786.exe
2088	Unicorn-16884.exe
2732	Unicorn-55786.exe
1728	Unicorn-10114.exe
1956	WerFault.exe
1956	WerFault.exe
1956	WerFault.exe
1956	WerFault.exe
1956	WerFault.exe
2844	Unicorn-17566.exe
2844	Unicorn-17566.exe
2616	Unicorn-37432.exe
3016	Unicorn-37432.exe
2616	Unicorn-37432.exe
3016	Unicorn-37432.exe
2732	Unicorn-55786.exe
2732	Unicorn-55786.exe
1728	Unicorn-10114.exe
1728	Unicorn-10114.exe
2176	WerFault.exe
2176	WerFault.exe
2176	WerFault.exe
2176	WerFault.exe
2328	WerFault.exe
2328	WerFault.exe
2328	WerFault.exe
2328	WerFault.exe
2328	WerFault.exe
2176	WerFault.exe
2844	Unicorn-17566.exe
2436	Unicorn-14422.exe
2844	Unicorn-17566.exe
2436	Unicorn-14422.exe
2816	Unicorn-60286.exe
2816	Unicorn-60286.exe
1532	Unicorn-26544.exe
2616	Unicorn-37432.exe
1532	Unicorn-26544.exe
2616	Unicorn-37432.exe
2700	Unicorn-46410.exe
2804	Unicorn-46410.exe
2700	Unicorn-46410.exe
2804	Unicorn-46410.exe
3016	Unicorn-37432.exe
3016	Unicorn-37432.exe
544	WerFault.exe
544	WerFault.exe
544	WerFault.exe
544	WerFault.exe
1484	WerFault.exe
1484	WerFault.exe
1484	WerFault.exe
1484	WerFault.exe
544	WerFault.exe
1588	WerFault.exe
1588	WerFault.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2884	1584	WerFault.exe	27
1956	2088	WerFault.exe	28
2328	1728	WerFault.exe	30
2176	2732	WerFault.exe	29
544	2844	WerFault.exe	32
1588	3016	WerFault.exe	33
1484	2616	WerFault.exe	34
1960	2436	WerFault.exe	36
1444	2816	WerFault.exe	39
380	1532	WerFault.exe	40
1736	2700	WerFault.exe	37
1544	2804	WerFault.exe	38
284	1456	WerFault.exe	63
1124	2412	WerFault.exe	43
1052	872	WerFault.exe	49
648	1436	WerFault.exe	44
604	1424	WerFault.exe	50
540	2008	WerFault.exe	47
2252	1936	WerFault.exe	46
1704	1212	WerFault.exe	45
1336	1852	WerFault.exe	48
1904	2736	WerFault.exe	107
1284	704	WerFault.exe	54
1328	2892	WerFault.exe	55
1304	1860	WerFault.exe	56
2092	2644	WerFault.exe	58
628	2148	WerFault.exe	62
2108	1232	WerFault.exe	57
2636	2900	WerFault.exe	61
384	1932	WerFault.exe	59
1732	1964	WerFault.exe	69
2744	1216	WerFault.exe	70
2724	1608	WerFault.exe	71
2508	2768	WerFault.exe	73
2432	2608	WerFault.exe	72
1884	2612	WerFault.exe	74
2540	2524	WerFault.exe	75
1628	2464	WerFault.exe	76
3188	2968	WerFault.exe	77
3240	1580	WerFault.exe	80
3232	2684	WerFault.exe	79
3272	2660	WerFault.exe	78
3264	2820	WerFault.exe	84
3284	312	WerFault.exe	81
3324	2796	WerFault.exe	83
3332	2984	WerFault.exe	86
3412	2988	WerFault.exe	87
3444	2304	WerFault.exe	88
3536	1120	WerFault.exe	97
3524	2912	WerFault.exe	96
3648	1320	WerFault.exe	98
3704	2232	WerFault.exe	101
3664	1712	WerFault.exe	99
3752	2472	WerFault.exe	110
3872	776	WerFault.exe	115
3984	2460	WerFault.exe	112
4016	2456	WerFault.exe	108
4080	916	WerFault.exe	60
3228	2784	WerFault.exe	103
3936	2652	WerFault.exe	111
4112	2596	WerFault.exe	109
4132	2860	WerFault.exe	119
4296	2272	WerFault.exe	113
4304	1028	WerFault.exe	100

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1584	ac5a28d98a475eda160cbf9b07d23439bdd339ee44283002ee0819063a66aab7.exe
2088	Unicorn-16884.exe
1728	Unicorn-10114.exe
2732	Unicorn-55786.exe
2844	Unicorn-17566.exe
3016	Unicorn-37432.exe
2616	Unicorn-37432.exe
2436	Unicorn-14422.exe
2700	Unicorn-46410.exe
1532	Unicorn-26544.exe
2816	Unicorn-60286.exe
2804	Unicorn-46410.exe
2412	Unicorn-18348.exe
1436	Unicorn-38214.exe
1212	Unicorn-53865.exe
872	Unicorn-6117.exe
1852	Unicorn-38406.exe
2008	Unicorn-51597.exe
1936	Unicorn-5925.exe
1424	Unicorn-51789.exe
704	Unicorn-14327.exe
2892	Unicorn-6455.exe
1860	Unicorn-36667.exe
1232	Unicorn-24245.exe
2644	Unicorn-19646.exe
1932	Unicorn-39512.exe
916	Unicorn-57109.exe
2148	Unicorn-4151.exe
2900	Unicorn-49823.exe
1456	Unicorn-34363.exe
1964	Unicorn-5098.exe
1216	Unicorn-24964.exe
1608	Unicorn-31098.exe
2608	Unicorn-12493.exe
2612	Unicorn-17284.exe
2768	Unicorn-62955.exe
2524	Unicorn-41600.exe
2464	Unicorn-30055.exe
2968	Unicorn-30823.exe
2684	Unicorn-42944.exe
2660	Unicorn-12348.exe
1580	Unicorn-42944.exe
312	Unicorn-42944.exe
2796	Unicorn-33210.exe
2820	Unicorn-13344.exe
2984	Unicorn-19874.exe
2988	Unicorn-200.exe
2304	Unicorn-20066.exe
2912	Unicorn-51202.exe
1120	Unicorn-14123.exe
1320	Unicorn-1508.exe
1712	Unicorn-49832.exe
1028	Unicorn-30158.exe
2232	Unicorn-34949.exe
708	Unicorn-12945.exe
2784	Unicorn-2276.exe
2172	Unicorn-49266.exe
2536	Unicorn-49458.exe
924	Unicorn-54632.exe
2456	Unicorn-22344.exe
2736	Unicorn-33012.exe
2596	Unicorn-22344.exe
2472	Unicorn-2058.exe
2652	Unicorn-17326.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1584 wrote to memory of 2088	1584	ac5a28d98a475eda160cbf9b07d23439bdd339ee44283002ee0819063a66aab7.exe	28
PID 1584 wrote to memory of 2088	1584	ac5a28d98a475eda160cbf9b07d23439bdd339ee44283002ee0819063a66aab7.exe	28
PID 1584 wrote to memory of 2088	1584	ac5a28d98a475eda160cbf9b07d23439bdd339ee44283002ee0819063a66aab7.exe	28
PID 1584 wrote to memory of 2088	1584	ac5a28d98a475eda160cbf9b07d23439bdd339ee44283002ee0819063a66aab7.exe	28
PID 1584 wrote to memory of 2732	1584	ac5a28d98a475eda160cbf9b07d23439bdd339ee44283002ee0819063a66aab7.exe	29
PID 1584 wrote to memory of 2732	1584	ac5a28d98a475eda160cbf9b07d23439bdd339ee44283002ee0819063a66aab7.exe	29
PID 1584 wrote to memory of 2732	1584	ac5a28d98a475eda160cbf9b07d23439bdd339ee44283002ee0819063a66aab7.exe	29
PID 1584 wrote to memory of 2732	1584	ac5a28d98a475eda160cbf9b07d23439bdd339ee44283002ee0819063a66aab7.exe	29
PID 2088 wrote to memory of 1728	2088	Unicorn-16884.exe	30
PID 2088 wrote to memory of 1728	2088	Unicorn-16884.exe	30
PID 2088 wrote to memory of 1728	2088	Unicorn-16884.exe	30
PID 2088 wrote to memory of 1728	2088	Unicorn-16884.exe	30
PID 1584 wrote to memory of 2884	1584	ac5a28d98a475eda160cbf9b07d23439bdd339ee44283002ee0819063a66aab7.exe	31
PID 1584 wrote to memory of 2884	1584	ac5a28d98a475eda160cbf9b07d23439bdd339ee44283002ee0819063a66aab7.exe	31
PID 1584 wrote to memory of 2884	1584	ac5a28d98a475eda160cbf9b07d23439bdd339ee44283002ee0819063a66aab7.exe	31
PID 1584 wrote to memory of 2884	1584	ac5a28d98a475eda160cbf9b07d23439bdd339ee44283002ee0819063a66aab7.exe	31
PID 2088 wrote to memory of 2844	2088	Unicorn-16884.exe	32
PID 2088 wrote to memory of 2844	2088	Unicorn-16884.exe	32
PID 2088 wrote to memory of 2844	2088	Unicorn-16884.exe	32
PID 2088 wrote to memory of 2844	2088	Unicorn-16884.exe	32
PID 2732 wrote to memory of 2616	2732	Unicorn-55786.exe	34
PID 2732 wrote to memory of 2616	2732	Unicorn-55786.exe	34
PID 2732 wrote to memory of 2616	2732	Unicorn-55786.exe	34
PID 2732 wrote to memory of 2616	2732	Unicorn-55786.exe	34
PID 1728 wrote to memory of 3016	1728	Unicorn-10114.exe	33
PID 1728 wrote to memory of 3016	1728	Unicorn-10114.exe	33
PID 1728 wrote to memory of 3016	1728	Unicorn-10114.exe	33
PID 1728 wrote to memory of 3016	1728	Unicorn-10114.exe	33
PID 2088 wrote to memory of 1956	2088	Unicorn-16884.exe	35
PID 2088 wrote to memory of 1956	2088	Unicorn-16884.exe	35
PID 2088 wrote to memory of 1956	2088	Unicorn-16884.exe	35
PID 2088 wrote to memory of 1956	2088	Unicorn-16884.exe	35
PID 2844 wrote to memory of 2436	2844	Unicorn-17566.exe	36
PID 2844 wrote to memory of 2436	2844	Unicorn-17566.exe	36
PID 2844 wrote to memory of 2436	2844	Unicorn-17566.exe	36
PID 2844 wrote to memory of 2436	2844	Unicorn-17566.exe	36
PID 2616 wrote to memory of 2700	2616	Unicorn-37432.exe	37
PID 2616 wrote to memory of 2700	2616	Unicorn-37432.exe	37
PID 2616 wrote to memory of 2700	2616	Unicorn-37432.exe	37
PID 2616 wrote to memory of 2700	2616	Unicorn-37432.exe	37
PID 3016 wrote to memory of 2804	3016	Unicorn-37432.exe	38
PID 3016 wrote to memory of 2804	3016	Unicorn-37432.exe	38
PID 3016 wrote to memory of 2804	3016	Unicorn-37432.exe	38
PID 3016 wrote to memory of 2804	3016	Unicorn-37432.exe	38
PID 2732 wrote to memory of 2816	2732	Unicorn-55786.exe	39
PID 2732 wrote to memory of 2816	2732	Unicorn-55786.exe	39
PID 2732 wrote to memory of 2816	2732	Unicorn-55786.exe	39
PID 2732 wrote to memory of 2816	2732	Unicorn-55786.exe	39
PID 1728 wrote to memory of 1532	1728	Unicorn-10114.exe	40
PID 1728 wrote to memory of 1532	1728	Unicorn-10114.exe	40
PID 1728 wrote to memory of 1532	1728	Unicorn-10114.exe	40
PID 1728 wrote to memory of 1532	1728	Unicorn-10114.exe	40
PID 2732 wrote to memory of 2176	2732	Unicorn-55786.exe	41
PID 2732 wrote to memory of 2176	2732	Unicorn-55786.exe	41
PID 2732 wrote to memory of 2176	2732	Unicorn-55786.exe	41
PID 2732 wrote to memory of 2176	2732	Unicorn-55786.exe	41
PID 1728 wrote to memory of 2328	1728	Unicorn-10114.exe	42
PID 1728 wrote to memory of 2328	1728	Unicorn-10114.exe	42
PID 1728 wrote to memory of 2328	1728	Unicorn-10114.exe	42
PID 1728 wrote to memory of 2328	1728	Unicorn-10114.exe	42
PID 2844 wrote to memory of 2412	2844	Unicorn-17566.exe	43
PID 2844 wrote to memory of 2412	2844	Unicorn-17566.exe	43
PID 2844 wrote to memory of 2412	2844	Unicorn-17566.exe	43
PID 2844 wrote to memory of 2412	2844	Unicorn-17566.exe	43

C:\Users\Admin\AppData\Local\Temp\ac5a28d98a475eda160cbf9b07d23439bdd339ee44283002ee0819063a66aab7.exe
"C:\Users\Admin\AppData\Local\Temp\ac5a28d98a475eda160cbf9b07d23439bdd339ee44283002ee0819063a66aab7.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1584
- C:\Users\Admin\AppData\Local\Temp\Unicorn-16884.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-16884.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2088
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10114.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10114.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37432.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37432.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46410.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6117.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6455.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31098.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51202.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39324.exe
        10⤵
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1465.exe
        11⤵
        
        PID:3432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38129.exe
        12⤵
        
        PID:3116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32682.exe
        13⤵
        
        PID:5564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4427.exe
        14⤵
        
        PID:10152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49877.exe
        15⤵
        
        PID:12336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10152 -s 204
        15⤵
        
        PID:8948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5564 -s 204
        14⤵
        
        PID:11036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3116 -s 216
        13⤵
        
        PID:8004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3432 -s 236
        12⤵
        
        PID:5352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26644.exe
        11⤵
        
        PID:3832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42801.exe
        12⤵
        
        PID:5896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9434.exe
        13⤵
        
        PID:8480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47454.exe
        14⤵
        
        PID:6760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8480 -s 220
        14⤵
        
        PID:6700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5896 -s 216
        13⤵
        
        PID:10272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3832 -s 236
        12⤵
        
        PID:7444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2072 -s 240
        11⤵
        
        PID:5076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48398.exe
        10⤵
        
        PID:3460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8938.exe
        11⤵
        
        PID:3452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31914.exe
        12⤵
        
        PID:6084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17152.exe
        13⤵
        
        PID:9828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48469.exe
        14⤵
        
        PID:12772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9828 -s 216
        14⤵
        
        PID:10040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6084 -s 220
        13⤵
        
        PID:10992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3452 -s 216
        12⤵
        
        PID:7948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3460 -s 236
        11⤵
        
        PID:5312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2912 -s 220
        10⤵
        Program crash
        
        PID:3524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58662.exe
        9⤵
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35098.exe
        10⤵
        
        PID:3500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22670.exe
        11⤵
        
        PID:3888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6444.exe
        12⤵
        
        PID:5548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21615.exe
        13⤵
        
        PID:10072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31969.exe
        14⤵
        
        PID:7108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10072 -s 220
        14⤵
        
        PID:6168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5548 -s 220
        13⤵
        
        PID:11084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3500 -s 236
        11⤵
        
        PID:5624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18263.exe
        10⤵
        
        PID:3076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38157.exe
        11⤵
        
        PID:5760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17982.exe
        12⤵
        
        PID:9396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38855.exe
        13⤵
        
        PID:12632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9396 -s 216
        13⤵
        
        PID:9256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3076 -s 216
        11⤵
        
        PID:7176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2352 -s 240
        10⤵
        
        PID:5496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1608 -s 240
        9⤵
        Program crash
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14123.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23488.exe
        9⤵
        
        PID:3400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4880.exe
        10⤵
        
        PID:3420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7762.exe
        11⤵
        
        PID:5860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59819.exe
        12⤵
        
        PID:9276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28928.exe
        13⤵
        
        PID:13072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9276 -s 220
        13⤵
        
        PID:9084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5860 -s 220
        12⤵
        
        PID:10236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3420 -s 216
        11⤵
        
        PID:7380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3400 -s 236
        10⤵
        
        PID:5632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1120 -s 236
        9⤵
        Program crash
        
        PID:3536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2892 -s 240
        8⤵
        Program crash
        
        PID:1328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12493.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2681.exe
        8⤵
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12902.exe
        9⤵
        
        PID:3208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8170.exe
        10⤵
        
        PID:3108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16756.exe
        11⤵
        
        PID:5240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18942.exe
        12⤵
        
        PID:9484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22436.exe
        13⤵
        
        PID:6728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9484 -s 220
        13⤵
        
        PID:8512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5240 -s 216
        12⤵
        
        PID:10456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3108 -s 236
        11⤵
        
        PID:7804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3208 -s 216
        10⤵
        
        PID:5160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36820.exe
        9⤵
        
        PID:3148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1737.exe
        10⤵
        
        PID:6000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61240.exe
        11⤵
        
        PID:9356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2383.exe
        12⤵
        
        PID:13064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9356 -s 220
        12⤵
        
        PID:7632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6000 -s 216
        11⤵
        
        PID:10476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3148 -s 216
        10⤵
        
        PID:7892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1700 -s 240
        9⤵
        
        PID:5304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2608 -s 236
        8⤵
        Program crash
        
        PID:2432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 872 -s 240
        7⤵
        Program crash
        
        PID:1052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36667.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17284.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49832.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28771.exe
        9⤵
        
        PID:3612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62161.exe
        10⤵
        
        PID:3996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-201.exe
        11⤵
        
        PID:5712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5712 -s 208
        12⤵
        
        PID:9936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3996 -s 216
        11⤵
        
        PID:8016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3612 -s 236
        10⤵
        
        PID:5360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1712 -s 236
        9⤵
        Program crash
        
        PID:3664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9570.exe
        8⤵
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58912.exe
        9⤵
        
        PID:3756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8407.exe
        10⤵
        
        PID:5068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50268.exe
        11⤵
        
        PID:8080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50083.exe
        12⤵
        
        PID:11908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62843.exe
        13⤵
        
        PID:9480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8080 -s 216
        12⤵
        
        PID:12476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5068 -s 236
        11⤵
        
        PID:9572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3756 -s 216
        10⤵
        
        PID:6148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2600 -s 216
        9⤵
        
        PID:5104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2612 -s 240
        8⤵
        Program crash
        
        PID:1884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30158.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13758.exe
        8⤵
        
        PID:1004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24678.exe
        9⤵
        
        PID:3880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3378.exe
        10⤵
        
        PID:4448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9857.exe
        11⤵
        
        PID:6536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34665.exe
        12⤵
        
        PID:10796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2528.exe
        13⤵
        
        PID:7648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10796 -s 236
        13⤵
        
        PID:9764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6536 -s 216
        12⤵
        
        PID:11648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4448 -s 216
        11⤵
        
        PID:8544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3880 -s 216
        10⤵
        
        PID:6292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40601.exe
        9⤵
        
        PID:4580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16013.exe
        10⤵
        
        PID:7528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33079.exe
        11⤵
        
        PID:11860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52895.exe
        12⤵
        
        PID:9924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7528 -s 216
        11⤵
        
        PID:11740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4580 -s 216
        10⤵
        
        PID:8868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1004 -s 240
        9⤵
        
        PID:6308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37676.exe
        8⤵
        
        PID:3940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22523.exe
        9⤵
        
        PID:4260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27378.exe
        10⤵
        
        PID:7232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3830.exe
        11⤵
        
        PID:11372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34092.exe
        12⤵
        
        PID:10492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7232 -s 216
        11⤵
        
        PID:12572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4260 -s 236
        10⤵
        
        PID:9724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3940 -s 216
        9⤵
        
        PID:6436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1028 -s 240
        8⤵
        Program crash
        
        PID:4304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1860 -s 240
        7⤵
        Program crash
        
        PID:1304
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2804 -s 240
        6⤵
        Program crash
        
        PID:1544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51789.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39512.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33210.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50574.exe
        8⤵
        
        PID:776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14801.exe
        9⤵
        
        PID:2344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10920.exe
        10⤵
        
        PID:3916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-244.exe
        11⤵
        
        PID:4828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49526.exe
        12⤵
        
        PID:7548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20039.exe
        13⤵
        
        PID:11592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26139.exe
        14⤵
        
        PID:9976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7548 -s 220
        13⤵
        
        PID:12304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4828 -s 216
        12⤵
        
        PID:8680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3916 -s 216
        11⤵
        
        PID:7040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2344 -s 236
        10⤵
        
        PID:4680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23919.exe
        9⤵
        
        PID:3964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40950.exe
        10⤵
        
        PID:4716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43703.exe
        11⤵
        
        PID:7268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63042.exe
        12⤵
        
        PID:11692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34291.exe
        13⤵
        
        PID:9960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7268 -s 216
        12⤵
        
        PID:11584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4716 -s 216
        11⤵
        
        PID:8772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3964 -s 216
        10⤵
        
        PID:6352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 776 -s 240
        9⤵
        Program crash
        
        PID:3872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61734.exe
        8⤵
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60038.exe
        9⤵
        
        PID:3628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10389.exe
        10⤵
        
        PID:4548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53765.exe
        11⤵
        
        PID:7124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60736.exe
        12⤵
        
        PID:10664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58651.exe
        13⤵
        
        PID:13252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10664 -s 236
        13⤵
        
        PID:9320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7124 -s 216
        12⤵
        
        PID:11564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4548 -s 216
        11⤵
        
        PID:8452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3628 -s 236
        10⤵
        
        PID:6300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56637.exe
        9⤵
        
        PID:4668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64974.exe
        10⤵
        
        PID:7056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23299.exe
        11⤵
        
        PID:11348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63218.exe
        12⤵
        
        PID:8344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11348 -s 216
        12⤵
        
        PID:9264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7056 -s 216
        11⤵
        
        PID:12076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4668 -s 216
        10⤵
        
        PID:8688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2244 -s 240
        9⤵
        
        PID:6344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2796 -s 240
        8⤵
        Program crash
        
        PID:3324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30708.exe
        7⤵
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11537.exe
        8⤵
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27174.exe
        9⤵
        
        PID:3568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29113.exe
        10⤵
        
        PID:4996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14704.exe
        11⤵
        
        PID:7196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16902.exe
        12⤵
        
        PID:10836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40338.exe
        13⤵
        
        PID:8600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10836 -s 216
        13⤵
        
        PID:9612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7196 -s 216
        12⤵
        
        PID:11672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4996 -s 216
        11⤵
        
        PID:8696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3568 -s 216
        10⤵
        
        PID:6632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30757.exe
        9⤵
        
        PID:4200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50579.exe
        10⤵
        
        PID:7696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20184.exe
        11⤵
        
        PID:12260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41940.exe
        12⤵
        
        PID:12968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7696 -s 216
        11⤵
        
        PID:4960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4200 -s 216
        10⤵
        
        PID:9016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2808 -s 240
        9⤵
        
        PID:6764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22959.exe
        8⤵
        
        PID:3680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40478.exe
        9⤵
        
        PID:4740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7466.exe
        10⤵
        
        PID:5716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27654.exe
        11⤵
        
        PID:9864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36148.exe
        12⤵
        
        PID:12880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9864 -s 216
        12⤵
        
        PID:12792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5716 -s 216
        11⤵
        
        PID:10984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4740 -s 236
        10⤵
        
        PID:7348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39956.exe
        9⤵
        
        PID:5832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9434.exe
        10⤵
        
        PID:9208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61366.exe
        11⤵
        
        PID:13236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9208 -s 216
        11⤵
        
        PID:8308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5832 -s 216
        10⤵
        
        PID:5944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3680 -s 240
        9⤵
        
        PID:7404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2832 -s 220
        8⤵
        
        PID:4420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1932 -s 240
        7⤵
        Program crash
        
        PID:384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13344.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2058.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44999.exe
        8⤵
        
        PID:3656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55150.exe
        9⤵
        
        PID:3668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25002.exe
        10⤵
        
        PID:5236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62776.exe
        11⤵
        
        PID:9268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11138.exe
        12⤵
        
        PID:13012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9268 -s 220
        12⤵
        
        PID:8736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5236 -s 220
        11⤵
        
        PID:10404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3668 -s 216
        10⤵
        
        PID:8152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3656 -s 236
        9⤵
        
        PID:5440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2472 -s 216
        8⤵
        Program crash
        
        PID:3752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29061.exe
        7⤵
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27942.exe
        8⤵
        
        PID:3796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15943.exe
        9⤵
        
        PID:4208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38645.exe
        10⤵
        
        PID:6672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39549.exe
        11⤵
        
        PID:9692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28398.exe
        12⤵
        
        PID:12532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9692 -s 216
        12⤵
        
        PID:9448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6672 -s 216
        11⤵
        
        PID:10760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4208 -s 216
        10⤵
        
        PID:7980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3796 -s 236
        9⤵
        
        PID:5576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2840 -s 216
        8⤵
        
        PID:4636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2820 -s 240
        7⤵
        Program crash
        
        PID:3264
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1424 -s 220
        6⤵
        Program crash
        
        PID:604
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3016 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:1588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26544.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26544.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5925.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41600.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34949.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44319.exe
        8⤵
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55238.exe
        9⤵
        
        PID:4084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58101.exe
        10⤵
        
        PID:5008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19132.exe
        11⤵
        
        PID:7716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20999.exe
        12⤵
        
        PID:11664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53040.exe
        13⤵
        
        PID:10228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7716 -s 236
        12⤵
        
        PID:12344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5008 -s 236
        11⤵
        
        PID:8740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4084 -s 216
        10⤵
        
        PID:7148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3036 -s 236
        9⤵
        
        PID:4288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18351.exe
        8⤵
        
        PID:3184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52688.exe
        9⤵
        
        PID:4368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38088.exe
        10⤵
        
        PID:6896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53248.exe
        11⤵
        
        PID:10772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63986.exe
        12⤵
        
        PID:8836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10772 -s 236
        12⤵
        
        PID:9288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6896 -s 216
        11⤵
        
        PID:11632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4368 -s 216
        10⤵
        
        PID:8560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3184 -s 236
        9⤵
        
        PID:6268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2232 -s 240
        8⤵
        Program crash
        
        PID:3704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57318.exe
        7⤵
        
        PID:332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25446.exe
        8⤵
        
        PID:4056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25875.exe
        9⤵
        
        PID:4760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11606.exe
        10⤵
        
        PID:7324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30775.exe
        11⤵
        
        PID:11784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32736.exe
        12⤵
        
        PID:13260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7324 -s 216
        11⤵
        
        PID:11724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4760 -s 216
        10⤵
        
        PID:8796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4056 -s 216
        9⤵
        
        PID:6392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 332 -s 236
        8⤵
        
        PID:4244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2524 -s 240
        7⤵
        Program crash
        
        PID:2540
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1936 -s 216
        6⤵
        Program crash
        
        PID:2252
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1532 -s 236
        5⤵
        Program crash
        
        PID:380
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1728 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:2328
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17566.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17566.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14422.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14422.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38214.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24245.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12348.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17326.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11537.exe
        9⤵
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27942.exe
        10⤵
        
        PID:3780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23929.exe
        11⤵
        
        PID:4792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43703.exe
        12⤵
        
        PID:7256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2326.exe
        13⤵
        
        PID:11816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31987.exe
        14⤵
        
        PID:9392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7256 -s 216
        13⤵
        
        PID:11856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4792 -s 216
        12⤵
        
        PID:8748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3780 -s 216
        11⤵
        
        PID:6360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25692.exe
        10⤵
        
        PID:4924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24300.exe
        11⤵
        
        PID:6200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10082.exe
        12⤵
        
        PID:10508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27806.exe
        13⤵
        
        PID:12896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10508 -s 216
        13⤵
        
        PID:10380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6200 -s 216
        12⤵
        
        PID:11520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4924 -s 236
        11⤵
        
        PID:8468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2688 -s 240
        10⤵
        
        PID:6564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56400.exe
        9⤵
        
        PID:3848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20146.exe
        10⤵
        
        PID:4724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7486.exe
        11⤵
        
        PID:7156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2275.exe
        12⤵
        
        PID:11456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24437.exe
        13⤵
        
        PID:9220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7156 -s 220
        12⤵
        
        PID:4932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4724 -s 216
        11⤵
        
        PID:9200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3848 -s 236
        10⤵
        
        PID:7020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2652 -s 240
        9⤵
        Program crash
        
        PID:3936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61734.exe
        8⤵
        
        PID:1500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23910.exe
        9⤵
        
        PID:3512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59336.exe
        10⤵
        
        PID:4280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5484.exe
        11⤵
        
        PID:6044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21936.exe
        12⤵
        
        PID:9780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37172.exe
        13⤵
        
        PID:8316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9780 -s 236
        13⤵
        
        PID:9548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6044 -s 216
        12⤵
        
        PID:11020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4280 -s 216
        11⤵
        
        PID:7316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3512 -s 216
        10⤵
        
        PID:5504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4831.exe
        9⤵
        
        PID:4860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18125.exe
        10⤵
        
        PID:7456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2326.exe
        11⤵
        
        PID:11828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62362.exe
        12⤵
        
        PID:8336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7456 -s 216
        11⤵
        
        PID:11824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4860 -s 216
        10⤵
        
        PID:8852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1500 -s 240
        9⤵
        
        PID:6428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2660 -s 240
        8⤵
        Program crash
        
        PID:3272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32462.exe
        7⤵
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45087.exe
        8⤵
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40355.exe
        9⤵
        
        PID:3120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47873.exe
        10⤵
        
        PID:5100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28302.exe
        11⤵
        
        PID:5944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20501.exe
        12⤵
        
        PID:8584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38855.exe
        13⤵
        
        PID:6184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8584 -s 216
        13⤵
        
        PID:9032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5100 -s 216
        11⤵
        
        PID:7556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37626.exe
        10⤵
        
        PID:6052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28210.exe
        11⤵
        
        PID:8888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45113.exe
        12⤵
        
        PID:13192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8888 -s 216
        12⤵
        
        PID:12580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6052 -s 216
        11⤵
        
        PID:9876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3120 -s 220
        10⤵
        
        PID:7636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2500 -s 236
        9⤵
        
        PID:4412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53354.exe
        8⤵
        
        PID:3336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22331.exe
        9⤵
        
        PID:4164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11160.exe
        10⤵
        
        PID:8052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44865.exe
        11⤵
        
        PID:11808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64379.exe
        12⤵
        
        PID:9316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8052 -s 216
        11⤵
        
        PID:12460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4164 -s 216
        10⤵
        
        PID:8240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3336 -s 216
        9⤵
        
        PID:6404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2272 -s 240
        8⤵
        Program crash
        
        PID:4296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1232 -s 240
        7⤵
        Program crash
        
        PID:2108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42944.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22344.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16255.exe
        8⤵
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25638.exe
        9⤵
        
        PID:4048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42206.exe
        10⤵
        
        PID:4456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23694.exe
        11⤵
        
        PID:5772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40379.exe
        12⤵
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19006.exe
        13⤵
        
        PID:12776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1748 -s 216
        13⤵
        
        PID:12744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5772 -s 216
        12⤵
        
        PID:10280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4456 -s 236
        11⤵
        
        PID:7368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39956.exe
        10⤵
        
        PID:5824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61074.exe
        11⤵
        
        PID:9044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34254.exe
        12⤵
        
        PID:12932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9044 -s 216
        12⤵
        
        PID:13024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5824 -s 216
        11⤵
        
        PID:10000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4048 -s 220
        10⤵
        
        PID:7420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2224 -s 236
        9⤵
        
        PID:4804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3634.exe
        8⤵
        
        PID:2396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25875.exe
        9⤵
        
        PID:4768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11414.exe
        10⤵
        
        PID:7296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29132.exe
        11⤵
        
        PID:11460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45761.exe
        12⤵
        
        PID:6748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11460 -s 216
        12⤵
        
        PID:9624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7296 -s 216
        11⤵
        
        PID:12272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4768 -s 216
        10⤵
        
        PID:8788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2396 -s 216
        9⤵
        
        PID:6368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2456 -s 240
        8⤵
        Program crash
        
        PID:4016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28376.exe
        7⤵
        
        PID:2560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39177.exe
        8⤵
        
        PID:3552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8853.exe
        9⤵
        
        PID:4808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18125.exe
        10⤵
        
        PID:7468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11885.exe
        11⤵
        
        PID:11916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63569.exe
        12⤵
        
        PID:9804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7468 -s 220
        11⤵
        
        PID:11880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4808 -s 216
        10⤵
        
        PID:8844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3552 -s 236
        9⤵
        
        PID:6376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2560 -s 216
        8⤵
        
        PID:4520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1580 -s 240
        7⤵
        Program crash
        
        PID:3240
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1436 -s 240
        6⤵
        Program crash
        
        PID:648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19646.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30055.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2276.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15897.exe
        8⤵
        
        PID:320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17667.exe
        9⤵
        
        PID:3728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27219.exe
        10⤵
        
        PID:4480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9857.exe
        11⤵
        
        PID:6968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53248.exe
        12⤵
        
        PID:10780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13871.exe
        13⤵
        
        PID:12796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10780 -s 236
        13⤵
        
        PID:10092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6968 -s 216
        12⤵
        
        PID:11612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4480 -s 216
        11⤵
        
        PID:8552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3728 -s 216
        10⤵
        
        PID:6276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8121.exe
        9⤵
        
        PID:4612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45239.exe
        10⤵
        
        PID:6992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39640.exe
        11⤵
        
        PID:11044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63218.exe
        12⤵
        
        PID:8724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11044 -s 216
        12⤵
        
        PID:9792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6992 -s 236
        11⤵
        
        PID:11732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4612 -s 216
        10⤵
        
        PID:8704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 320 -s 220
        9⤵
        
        PID:6336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22025.exe
        8⤵
        
        PID:3824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15647.exe
        9⤵
        
        PID:4376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7922.exe
        10⤵
        
        PID:7912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60209.exe
        11⤵
        
        PID:11932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26628.exe
        12⤵
        
        PID:12980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11932 -s 216
        12⤵
        
        PID:10496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7912 -s 220
        11⤵
        
        PID:11640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4376 -s 216
        10⤵
        
        PID:9136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3824 -s 236
        9⤵
        
        PID:6788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2784 -s 240
        8⤵
        Program crash
        
        PID:3228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44547.exe
        7⤵
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53245.exe
        8⤵
        
        PID:3692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29489.exe
        9⤵
        
        PID:3440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5484.exe
        10⤵
        
        PID:5232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22383.exe
        11⤵
        
        PID:10132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1807.exe
        12⤵
        
        PID:13016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10132 -s 236
        12⤵
        
        PID:7332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5232 -s 216
        11⤵
        
        PID:11128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3440 -s 216
        10⤵
        
        PID:7292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3692 -s 236
        9⤵
        
        PID:5488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23546.exe
        8⤵
        
        PID:3428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25552.exe
        9⤵
        
        PID:5452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50846.exe
        10⤵
        
        PID:9432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24626.exe
        11⤵
        
        PID:720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9432 -s 216
        11⤵
        
        PID:2380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5452 -s 216
        10⤵
        
        PID:10532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3428 -s 216
        9⤵
        
        PID:7436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2128 -s 240
        8⤵
        
        PID:5616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2464 -s 240
        7⤵
        Program crash
        
        PID:1628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49458.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64220.exe
        7⤵
        
        PID:1492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40163.exe
        8⤵
        
        PID:3092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10109.exe
        9⤵
        
        PID:4628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-969.exe
        10⤵
        
        PID:5812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28402.exe
        11⤵
        
        PID:8940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52062.exe
        12⤵
        
        PID:12836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8940 -s 216
        12⤵
        
        PID:6164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5812 -s 216
        11⤵
        
        PID:9904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4628 -s 216
        10⤵
        
        PID:7824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3092 -s 216
        9⤵
        
        PID:5904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1492 -s 236
        8⤵
        
        PID:4312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3276.exe
        7⤵
        
        PID:3248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23457.exe
        8⤵
        
        PID:4852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61618.exe
        9⤵
        
        PID:6232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18532.exe
        10⤵
        
        PID:9656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1486.exe
        11⤵
        
        PID:7684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9656 -s 236
        11⤵
        
        PID:13100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6232 -s 216
        10⤵
        
        PID:10736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4852 -s 236
        9⤵
        
        PID:6128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3248 -s 236
        8⤵
        
        PID:5284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2536 -s 220
        7⤵
        
        PID:4696
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2644 -s 240
        6⤵
        Program crash
        
        PID:2092
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2436 -s 240
        5⤵
        Program crash
        
        PID:1960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18348.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18348.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14327.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24964.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20066.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6869.exe
        8⤵
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58756.exe
        9⤵
        
        PID:1792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40459.exe
        10⤵
        
        PID:3904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59822.exe
        11⤵
        
        PID:5840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23132.exe
        12⤵
        
        PID:8264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41273.exe
        13⤵
        
        PID:13160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8264 -s 216
        13⤵
        
        PID:5804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5840 -s 216
        12⤵
        
        PID:10204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3904 -s 236
        11⤵
        
        PID:7396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1792 -s 216
        10⤵
        
        PID:4432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3572.exe
        9⤵
        
        PID:4044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33258.exe
        10⤵
        
        PID:5748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7706.exe
        11⤵
        
        PID:9100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10100.exe
        12⤵
        
        PID:12384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9100 -s 216
        12⤵
        
        PID:8804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5748 -s 220
        11⤵
        
        PID:10300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4044 -s 216
        10⤵
        
        PID:7812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1720 -s 240
        9⤵
        
        PID:5260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9290.exe
        8⤵
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8170.exe
        9⤵
        
        PID:3144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65162.exe
        10⤵
        
        PID:5368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5368 -s 212
        11⤵
        
        PID:9812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3144 -s 216
        10⤵
        
        PID:7972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3056 -s 236
        9⤵
        
        PID:5344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2304 -s 240
        8⤵
        Program crash
        
        PID:3444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22006.exe
        7⤵
        
        PID:308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14080.exe
        8⤵
        
        PID:3084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37169.exe
        9⤵
        
        PID:4040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8400.exe
        10⤵
        
        PID:5992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62200.exe
        11⤵
        
        PID:9168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15102.exe
        12⤵
        
        PID:13112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9168 -s 216
        12⤵
        
        PID:13220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5992 -s 220
        11⤵
        
        PID:10344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4040 -s 236
        10⤵
        
        PID:7592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3084 -s 236
        9⤵
        
        PID:5136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52306.exe
        8⤵
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47508.exe
        9⤵
        
        PID:5480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9434.exe
        10⤵
        
        PID:8372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27539.exe
        11⤵
        
        PID:12960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8372 -s 216
        11⤵
        
        PID:13040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5480 -s 216
        10⤵
        
        PID:10084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2564 -s 236
        9⤵
        
        PID:7752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 308 -s 220
        8⤵
        
        PID:5184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1216 -s 240
        7⤵
        Program crash
        
        PID:2744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-200.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24083.exe
        7⤵
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25124.exe
        8⤵
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54600.exe
        9⤵
        
        PID:3808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15027.exe
        10⤵
        
        PID:5584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34017.exe
        11⤵
        
        PID:9468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40139.exe
        12⤵
        
        PID:6188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9468 -s 220
        12⤵
        
        PID:9668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5584 -s 216
        11⤵
        
        PID:10560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3808 -s 236
        10⤵
        
        PID:7784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2860 -s 236
        8⤵
        Program crash
        
        PID:4132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5450.exe
        7⤵
        
        PID:448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8746.exe
        8⤵
        
        PID:3220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37965.exe
        9⤵
        
        PID:5580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33161.exe
        10⤵
        
        PID:10108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11019.exe
        11⤵
        
        PID:13208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10108 -s 236
        11⤵
        
        PID:13276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5580 -s 204
        10⤵
        
        PID:11248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3220 -s 216
        9⤵
        
        PID:8184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 448 -s 236
        8⤵
        
        PID:5532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2988 -s 240
        7⤵
        Program crash
        
        PID:3412
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 704 -s 240
        6⤵
        Program crash
        
        PID:1284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5098.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19874.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8431.exe
        7⤵
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42913.exe
        8⤵
        
        PID:960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37169.exe
        9⤵
        
        PID:4032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40269.exe
        10⤵
        
        PID:5952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43041.exe
        11⤵
        
        PID:9244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33624.exe
        12⤵
        
        PID:13280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9244 -s 220
        12⤵
        
        PID:13076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5952 -s 220
        11⤵
        
        PID:10436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4032 -s 216
        10⤵
        
        PID:8112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 960 -s 236
        9⤵
        
        PID:5408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50552.exe
        8⤵
        
        PID:3176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62666.exe
        9⤵
        
        PID:5692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35719.exe
        10⤵
        
        PID:9596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9596 -s 220
        11⤵
        
        PID:13244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5692 -s 220
        10⤵
        
        PID:10644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3176 -s 216
        9⤵
        
        PID:7792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2960 -s 240
        8⤵
        
        PID:5220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59560.exe
        7⤵
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55726.exe
        8⤵
        
        PID:3960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35095.exe
        9⤵
        
        PID:5928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65319.exe
        10⤵
        
        PID:9532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28160.exe
        11⤵
        
        PID:12984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9532 -s 220
        11⤵
        
        PID:12816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5928 -s 216
        10⤵
        
        PID:10468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3960 -s 216
        9⤵
        
        PID:7840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1596 -s 236
        8⤵
        
        PID:5288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2984 -s 240
        7⤵
        Program crash
        
        PID:3332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4217.exe
        6⤵
        
        PID:1856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62596.exe
        7⤵
        
        PID:3136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4112.exe
        8⤵
        
        PID:3712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24234.exe
        9⤵
        
        PID:5768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32201.exe
        10⤵
        
        PID:9896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27849.exe
        11⤵
        
        PID:13172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9896 -s 216
        11⤵
        
        PID:13224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5768 -s 216
        10⤵
        
        PID:11028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3712 -s 216
        9⤵
        
        PID:8064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3136 -s 236
        8⤵
        
        PID:5400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19249.exe
        7⤵
        
        PID:3876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3876 -s 220
        8⤵
        
        PID:5988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1856 -s 240
        7⤵
        
        PID:5420
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1964 -s 240
        6⤵
        Program crash
        
        PID:1732
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2412 -s 240
        5⤵
        Program crash
        
        PID:1124
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2844 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:544
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2088 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:1956
- C:\Users\Admin\AppData\Local\Temp\Unicorn-55786.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-55786.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2732
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37432.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37432.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46410.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46410.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38406.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4151.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12945.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13950.exe
        8⤵
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9218.exe
        9⤵
        
        PID:3908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9621.exe
        10⤵
        
        PID:4892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23371.exe
        11⤵
        
        PID:6624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61696.exe
        12⤵
        
        PID:10704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45953.exe
        13⤵
        
        PID:12780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10704 -s 216
        13⤵
        
        PID:9312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6624 -s 216
        12⤵
        
        PID:11576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4892 -s 216
        11⤵
        
        PID:8536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3908 -s 216
        10⤵
        
        PID:6480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9439.exe
        9⤵
        
        PID:5024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45239.exe
        10⤵
        
        PID:7096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53990.exe
        11⤵
        
        PID:10868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18133.exe
        12⤵
        
        PID:8196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10868 -s 236
        12⤵
        
        PID:9892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7096 -s 216
        11⤵
        
        PID:11680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5024 -s 216
        10⤵
        
        PID:8712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2308 -s 240
        9⤵
        
        PID:6660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22601.exe
        8⤵
        
        PID:3968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56150.exe
        9⤵
        
        PID:5208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45887.exe
        10⤵
        
        PID:9036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49877.exe
        11⤵
        
        PID:12360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9036 -s 216
        11⤵
        
        PID:13128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5208 -s 236
        10⤵
        
        PID:10116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3968 -s 236
        9⤵
        
        PID:6940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 708 -s 240
        8⤵
        
        PID:4404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2148 -s 216
        7⤵
        Program crash
        
        PID:628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42944.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2250.exe
        7⤵
        Executes dropped EXE
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16063.exe
        8⤵
        
        PID:1192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10920.exe
        9⤵
        
        PID:3900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47681.exe
        10⤵
        
        PID:5036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42532.exe
        11⤵
        
        PID:6212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41034.exe
        12⤵
        
        PID:9552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63915.exe
        13⤵
        
        PID:13288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9552 -s 216
        13⤵
        
        PID:9420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6212 -s 236
        12⤵
        
        PID:11000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5036 -s 216
        11⤵
        
        PID:8276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3900 -s 216
        10⤵
        
        PID:7076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1192 -s 216
        9⤵
        
        PID:4676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2460 -s 236
        8⤵
        Program crash
        
        PID:3984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28184.exe
        7⤵
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29114.exe
        8⤵
        
        PID:4000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21266.exe
        9⤵
        
        PID:6448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33161.exe
        10⤵
        
        PID:10100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47262.exe
        11⤵
        
        PID:6456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10100 -s 216
        11⤵
        
        PID:8272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6448 -s 204
        10⤵
        
        PID:11240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4000 -s 236
        9⤵
        
        PID:7584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2920 -s 236
        8⤵
        
        PID:5736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 312 -s 240
        7⤵
        Program crash
        
        PID:3284
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1852 -s 240
        6⤵
        Program crash
        
        PID:1336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34363.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1456
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1456 -s 240
        6⤵
        Program crash
        
        PID:284
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2700 -s 240
        5⤵
        Program crash
        
        PID:1736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51597.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51597.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62955.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1508.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63644.exe
        7⤵
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17885.exe
        8⤵
        
        PID:3540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49616.exe
        9⤵
        
        PID:4140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61281.exe
        10⤵
        
        PID:7100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34384.exe
        11⤵
        
        PID:9880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47696.exe
        12⤵
        
        PID:6252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9880 -s 236
        12⤵
        
        PID:4400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7100 -s 216
        11⤵
        
        PID:10768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4140 -s 216
        10⤵
        
        PID:8208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3540 -s 236
        9⤵
        
        PID:6408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62807.exe
        8⤵
        
        PID:4180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1084.exe
        9⤵
        
        PID:6736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38017.exe
        10⤵
        
        PID:9368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47655.exe
        11⤵
        
        PID:8288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9368 -s 216
        11⤵
        
        PID:10068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6736 -s 216
        10⤵
        
        PID:11444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4180 -s 216
        9⤵
        
        PID:8376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2452 -s 240
        8⤵
        
        PID:6416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15808.exe
        7⤵
        
        PID:3572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29489.exe
        8⤵
        
        PID:3644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26024.exe
        9⤵
        
        PID:5568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19484.exe
        10⤵
        
        PID:9184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1615.exe
        11⤵
        
        PID:13000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9184 -s 216
        11⤵
        
        PID:7360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5568 -s 216
        10⤵
        
        PID:10180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3644 -s 236
        9⤵
        
        PID:6880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3572 -s 236
        8⤵
        
        PID:3836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1320 -s 240
        7⤵
        Program crash
        
        PID:3648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11106.exe
        6⤵
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9794.exe
        7⤵
        
        PID:4024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42206.exe
        8⤵
        
        PID:4516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7425.exe
        9⤵
        
        PID:6864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48646.exe
        10⤵
        
        PID:9988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5291.exe
        11⤵
        
        PID:12752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9988 -s 236
        11⤵
        
        PID:13264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6864 -s 216
        10⤵
        
        PID:11208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4516 -s 216
        9⤵
        
        PID:7476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4024 -s 216
        8⤵
        
        PID:5848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2692 -s 216
        7⤵
        
        PID:4172
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 240
        6⤵
        Program crash
        
        PID:2508
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2008 -s 236
        5⤵
        Program crash
        
        PID:540
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2616 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1484
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60286.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60286.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53865.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53865.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57109.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30823.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54632.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62876.exe
        8⤵
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42825.exe
        9⤵
        
        PID:3716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-820.exe
        10⤵
        
        PID:4912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9194.exe
        11⤵
        
        PID:5644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5644 -s 220
        12⤵
        
        PID:9516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4912 -s 236
        11⤵
        
        PID:7220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55442.exe
        10⤵
        
        PID:5684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18716.exe
        11⤵
        
        PID:9148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38855.exe
        12⤵
        
        PID:6180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9148 -s 216
        12⤵
        
        PID:9056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5684 -s 236
        11⤵
        
        PID:10160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3716 -s 220
        10⤵
        
        PID:7284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2772 -s 236
        9⤵
        
        PID:4620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8076.exe
        8⤵
        
        PID:3764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30660.exe
        9⤵
        
        PID:4220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61089.exe
        10⤵
        
        PID:7064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33206.exe
        11⤵
        
        PID:9964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56269.exe
        12⤵
        
        PID:12948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9964 -s 236
        12⤵
        
        PID:9704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7064 -s 216
        11⤵
        
        PID:5760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4220 -s 216
        10⤵
        
        PID:8200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3764 -s 216
        9⤵
        
        PID:7008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 924 -s 220
        8⤵
        
        PID:5112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28869.exe
        7⤵
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43785.exe
        8⤵
        
        PID:4004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63716.exe
        9⤵
        
        PID:4336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-201.exe
        10⤵
        
        PID:5680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5680 -s 208
        11⤵
        
        PID:9908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4336 -s 216
        10⤵
        
        PID:8024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4004 -s 216
        9⤵
        
        PID:5700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1564 -s 236
        8⤵
        
        PID:4784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2968 -s 240
        7⤵
        Program crash
        
        PID:3188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33012.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2736 -s 188
        7⤵
        Program crash
        
        PID:1904
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 916 -s 240
        6⤵
        Program crash
        
        PID:4080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42944.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22344.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48050.exe
        7⤵
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38985.exe
        8⤵
        
        PID:3472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5708.exe
        9⤵
        
        PID:4228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34476.exe
        10⤵
        
        PID:7060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27898.exe
        11⤵
        
        PID:10588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50613.exe
        12⤵
        
        PID:13296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10588 -s 216
        12⤵
        
        PID:9352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7060 -s 236
        11⤵
        
        PID:11536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4228 -s 216
        10⤵
        
        PID:8428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3472 -s 236
        9⤵
        
        PID:6488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18899.exe
        8⤵
        
        PID:4272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16495.exe
        9⤵
        
        PID:6892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51409.exe
        9⤵
        
        PID:7624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24584.exe
        10⤵
        
        PID:11600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24514.exe
        11⤵
        
        PID:7164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7624 -s 216
        10⤵
        
        PID:11452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4272 -s 220
        9⤵
        
        PID:8980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1648 -s 220
        8⤵
        
        PID:6256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40172.exe
        7⤵
        
        PID:3608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-820.exe
        8⤵
        
        PID:4920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29273.exe
        9⤵
        
        PID:5656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18532.exe
        10⤵
        
        PID:9648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38855.exe
        11⤵
        
        PID:6668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9648 -s 216
        11⤵
        
        PID:13156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5656 -s 216
        10⤵
        
        PID:10744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4920 -s 216
        9⤵
        
        PID:8072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3608 -s 236
        8⤵
        
        PID:6064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2596 -s 240
        7⤵
        Program crash
        
        PID:4112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61926.exe
        6⤵
        
        PID:1152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39177.exe
        7⤵
        
        PID:3548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29124.exe
        8⤵
        
        PID:4148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40819.exe
        9⤵
        
        PID:5864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21615.exe
        10⤵
        
        PID:10060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25707.exe
        11⤵
        
        PID:12784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10060 -s 236
        11⤵
        
        PID:8236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5864 -s 216
        10⤵
        
        PID:11076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4148 -s 236
        9⤵
        
        PID:7452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3548 -s 216
        8⤵
        
        PID:5980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1152 -s 216
        7⤵
        
        PID:4528
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2684 -s 240
        6⤵
        Program crash
        
        PID:3232
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1212 -s 240
        5⤵
        Program crash
        
        PID:1704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49823.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49823.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49266.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10769.exe
        6⤵
        
        PID:2240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56774.exe
        7⤵
        
        PID:3784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42486.exe
        8⤵
        
        PID:4508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61928.exe
        9⤵
        
        PID:7028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40965.exe
        10⤵
        
        PID:11012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19679.exe
        11⤵
        
        PID:7536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11012 -s 236
        11⤵
        
        PID:9512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7028 -s 236
        10⤵
        
        PID:11980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4508 -s 216
        9⤵
        
        PID:8672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3784 -s 236
        8⤵
        
        PID:6284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23388.exe
        7⤵
        
        PID:4640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19220.exe
        8⤵
        
        PID:7564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64589.exe
        9⤵
        
        PID:12104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38702.exe
        10⤵
        
        PID:1692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7564 -s 236
        9⤵
        
        PID:11624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4640 -s 216
        8⤵
        
        PID:8880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2240 -s 240
        7⤵
        
        PID:6328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54698.exe
        6⤵
        
        PID:3852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42206.exe
        7⤵
        
        PID:4384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56496.exe
        8⤵
        
        PID:5968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22658.exe
        9⤵
        
        PID:9236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16168.exe
        10⤵
        
        PID:7872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9236 -s 220
        10⤵
        
        PID:9388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5968 -s 216
        9⤵
        
        PID:10260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4384 -s 216
        8⤵
        
        PID:7692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3852 -s 216
        7⤵
        
        PID:5792
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2172 -s 220
        6⤵
        
        PID:4360
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2900 -s 236
        5⤵
        Program crash
        
        PID:2636
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2816 -s 240
      4⤵
      Program crash
      PID:1444
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2732 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2176
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1584 -s 240
  2⤵
  - Program crash
  PID:2884

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10114.exe

Filesize
184KB

MD5
714c54e150e3b7bdf49ab096b06905ef

SHA1
bcddbde4f4ca581290a2de70726da6ee7a596c13

SHA256
93c4324b4246fd004cc75b7bd213cbd6c7ac2bdcf2101f9de37c63c678a9bd32

SHA512
8d4c2ed185ea930d11761408864918374a31217d6d6f527ae95767da3e2500e9e736e8a1eecda3f44894a35594d45a387ca351850c6907fe29182f294d905e68

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16884.exe

Filesize
184KB

MD5
d761d85bac48b6c778ef029150700d6a

SHA1
55315606a8b8ec223c616efd74ca0fd77b4cd788

SHA256
058e3db7cf4a958bbd828640237dd0830662ff2a59cab9edbeff1abd947bf07f

SHA512
171c93e526c7ba275a4e2f26cf8c45416f00094d2026a861145d5c28e71a2e02e7f3860cc1ff11f9294d27e57066069eb484a8fab04f75940e87d232290aa61a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18348.exe

Filesize
184KB

MD5
f195f881299463f89b91fc76e1d5a2e3

SHA1
5829d665ff699d432843e76c30f50deb66d0c6bc

SHA256
ea2201727dd5366d70485b7e52c86fe826e160108849808accc3e7d0537c76fd

SHA512
6b4914279ab064f9c4fe25d5620ff5110a55e296405430123623ea5cff237447a1a8f20c31e471f356013bc44c5a5289e10f631ead94a0816700e9f1c64407e8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21936.exe

Filesize
184KB

MD5
fbb7529437287c2aa823b03920339302

SHA1
59dae42797c5a880e33d33cee14b004b2a8bb393

SHA256
3b50d0612d8cc2d5d10b7255dc659a41713959ffd8bc60a686f5d3405aa8ae21

SHA512
d861a944c1ca8f512a62bccf8e9c0100b16ef23aba31df6a404e49275ade5b761326f6d0a0ce25a5df480d94aedfd20ea3d6a700814f133994f931db0718e069

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26544.exe

Filesize
184KB

MD5
64762b03a2bc34309232ae46f26980ae

SHA1
8b5f62500db88853948c35991673e51cb0125720

SHA256
a42dce777787eecf861d6a692d44c92ee6515b2d330f853db9003f54f208b7bf

SHA512
4760b2271e24942c5e86b08af91812b241929b7a15f04e651e283721a0e208cdc9da2d65f98d402ddbc7de5c3f89c482ef7dc3678f79003c12eeb4d2cc507c46

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38214.exe

Filesize
184KB

MD5
2294d4778f0f912a30d847c0ee7a0cfc

SHA1
8e4cd4eb8248a10066f97e0b5629fbff62caa686

SHA256
5937e0c06ff3fd59b33998114c15106380521a4821ac2ba0bb479a8d37e6575e

SHA512
4980c51c8a06624130030627b75ebaa687436c22e41404f1290410c0b98a6408de6ef9426a2f858db9597afeb0b3738ac07bfe5a73f696f18bfe7281cab2bff2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38702.exe

Filesize
184KB

MD5
486077b5f29e7a2b999af1e6260eb490

SHA1
92f8ab37a986a1e594a5b651d398f3abcfec10df

SHA256
ced1ede3c8df56052e33f2c89c3ca38428256d0a3d89f836555ddc78b5660935

SHA512
0c7d3fc2069fc58fb06723f5e45a4a1440702ce63358bd7e956b865b32a318805add4d783d1c10cf8ba2747d89756e718e608fb1a08b290b4a58791feb976f81

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40172.exe

Filesize
184KB

MD5
64d262dcc4d1dd6999e8c0236c75e9d2

SHA1
dfe6c060dbdd8623781ce96b1839bc047c42d98e

SHA256
67f49db6cdf790f8264651c15364ac3ab1d1e68090d36b49decc3455c2a1182d

SHA512
ddd202924b9332ba6b90b878d68e276b10c48ab56d3553dcd339f753bdbf42cdd833f13bdf36aea50763684316e42ad7a5f53c6ea275eb90c966c2fa81279d81

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55786.exe

Filesize
184KB

MD5
26d41db9602aa10e0759c6565333b583

SHA1
8c6b4debe21cfe43d973dbc09bc417e4825909d9

SHA256
ac5c26d16e7dce3fe51a1ec5b0dc36a027272bf12e30afa31593a0d77c15b019

SHA512
2b8f91e848b99f6fdaa2ba73a63e9d54ef34b57972aff7cfb097ddbad82686dd98e26fe2bc582bb7240042b4a0e999e60d2bbc5012d0b8122823aef6448ce163

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56400.exe

Filesize
184KB

MD5
5612c9df893945540192c20a68718a2d

SHA1
75aa3ccc983fc0319975ee578ef796a4b24a4747

SHA256
df05f3e2e294998b3755d3b30b45fe078d84e4e958520718028981ef5e345951

SHA512
c5b2e28c8f902c4103cddb521e0882db798394d5cb297ac870972a9634f842bd4d30a715d573f88945a0afa5313bcfd5ec308b51b8ccd4b5d1b3fa4a7f9f6595

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5708.exe

Filesize
184KB

MD5
4cfc40ddc3f9e7dd83a5de368cce7932

SHA1
bd06e727af975d78f45c418a153e4b8fb7915502

SHA256
b32fb9c13fba194fdb594f4c83ed1b54178169c561efe0f93b20e7a11bf57e58

SHA512
ea4471197b5f29e6808e7f2f46fb9d4dac0f3e11878c4bc7cd7100f9f7639f5892c87fe6e4bb4949eb3003047aed0ec0a87f81b7e58f033f92076c3d153d70e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5925.exe

Filesize
184KB

MD5
a526e73d59e226fff7a99f0bfadd147d

SHA1
94f2ad189774e03b193dae359baed376a0b71b4f

SHA256
385150d976e9145fdc94e1d1d37f41522c669a302732fb5f3eadaa193db2c5ee

SHA512
f6f328526963b866ebc9de4ea934d871b2c1779028b6c29bef6feb22301a9a10d2e175ebccc730566a09d25290ad345b81388c23d2f3d4afb76d7e59256d1e83

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6117.exe

Filesize
184KB

MD5
66ac5d461eb0d495f60a84c3a9d996ef

SHA1
46b418795d0f0354f45bb3de17e13cdeea9fff96

SHA256
bdc5b0b425e043da606d954ca77857f24eaaad0d7828565597bf913554c9d44d

SHA512
68cd0df6561f23454bbad94fb9565cabc89aafa12dbd9676fe9e289bf722c560627428c387e055521e8d32096de30461f60a57c845f305111f73a07ad5e9a34e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62843.exe

Filesize
184KB

MD5
2450f8b64f912af1cb00fcf1fbc3a7a1

SHA1
b60f5cf09991938ef5c9fe43a6fd7530eae617b3

SHA256
b46b80c80b2a511cb52c762aea48450adff936f1ad4a2f603ce586adeb943836

SHA512
4a98dc00d6878dc8eea91a301640749af9291ef415379cba37fd8b0aa12bfedbce20f3248c0b303cae5b023d9f220dc275d292979a79fc22a4e0f56403b905de

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6455.exe

Filesize
184KB

MD5
f38133c543b958f797c6ca35963470e7

SHA1
927d2dbcafb3c8a27bd99d73f35af689d6faf391

SHA256
37e1f79d3dcf9286af025aad06f0688ce24ce4b241444f60c85586afabcf6a47

SHA512
b40f4411352ad191e7e75eeedfc12d7e8c2690269f2762ddf0b4269eaf7582f6ed4cc89a52a08d1b39ccba312b2382ba1ea0199997cf62a54b8a2be53f65d646

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-14422.exe

Filesize
184KB

MD5
3d16048e34b4d8dca508e27f073987d5

SHA1
2a314bd25d47a88892ec819a5f2f26c31e22be33

SHA256
79397575d106fe335bc2d546f91c2fdaa34555085879711fac3d0289503a6802

SHA512
47e9aff2d7a29d968251691085f3459c87adf451cb04037c42eff209ed7ff33640ad68fdc34c56a36b11649c00529b59bc15d0101808a018c8d3e5dd38c699ac

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-17566.exe

Filesize
184KB

MD5
7756d3224d5390d65fcabfdd22cc0675

SHA1
fb53ff4be80fc03bed6b2b35a7a0334d4470b917

SHA256
ab3cacfc8cbcc7f609874c2f856c0fec45e29e79ec11cc585e49b9d4c8e4b796

SHA512
31bdc91cbbabffbd1146232157d88009dd5eef5217d8ed4c71971a1778d730e9a3bf69a8a4f98b8a43b187240e9b2c9e1c1961fcd9cae342192df0547162f8ac

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-37432.exe

Filesize
184KB

MD5
24c7c13cd0c6a568b105453e4f4124c4

SHA1
c6206e25cec479ef6f29b636118a8513cf19460a

SHA256
1de73cb669ba81e615018afcf160902de3a0961a1327b070930f1456ad9b04fa

SHA512
5a8fda94c59537df413f1dbfcd2b67d6d0e7c84dd0ef2a9949e05aae62d67dc2ce868494b3dfaa842cb86a2729c05fa227cf4bcb2e257d92eeadf701dca581c8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-46410.exe

Filesize
184KB

MD5
7d80990acca099b239126f5add58be6e

SHA1
bd46c2905472ab2ebe5ee38e2b013dab2cd34912

SHA256
95fae496f65d747f966b5e0887a003a117584657df2c5441e9d71b459595fe55

SHA512
02395a2d8c5196a1fb41ad9529cbfd1f1103bec88724f1f2e371b9f105016de5235f5076eb0a7a4cd4732330f3fa50f7d5b74c22f587674efb52c188e7a077b4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-53865.exe

Filesize
184KB

MD5
58c320585aab63f59e1e9409642cef64

SHA1
ed2a3a6846b123bf63caf98fdf4704857f17e926

SHA256
05a21e264e061606e92b954a5eda622cf0c090d89354b655e317ec7e4a49941b

SHA512
192176d5d8ac2326e6b392b14723a933e4f5ef01b38cd2f76d3ca0354d6b6ba18389ee15a0d4315518f1a86f483b67c718744d08d6259ec25c8741d25fe1e1f2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60286.exe

Filesize
184KB

MD5
45a5c6886a1c04e839386f2ca43686ef

SHA1
42acb4877f16a7b709d2bea6ba34125278eb40db

SHA256
ec97ca11817773c827d42c3832ecf41d48435b0ebe1a7c7968d12de3b8446b0d

SHA512
aa9c1f2a1b9a4b025e8ff96b9939810e3db12db4e9e68e5c7ca767600151ac79240ee82df7544bda6b6e375d7142b53ce0e3791504a209f301259a105fecc831

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads