b961dba29496d5a22897fc64a34be8fe997585f7e8eb05778740dccf3c78b97f

Analysis

max time kernel
150s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
24-05-2024 02:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b961dba29496d5a22897fc64a34be8fe997585f7e8eb05778740dccf3c78b97f.exe
Size

184KB
MD5

95c74eee9e0e8c38273128158ed004f4
SHA1

83dd3b56247b5dfc783cb6c86252a2784b7caeef
SHA256

b961dba29496d5a22897fc64a34be8fe997585f7e8eb05778740dccf3c78b97f
SHA512

365eb409fb270fcbe0914d25d4807cfee8a51ff407b7ea8820da1a8094963b047ac435bee742dd9d044ed7780f788f7f5aef919752e879cb41ac74f7bedc2290
SSDEEP

3072:rw2JPgol+DCYdwv9eKTwplqStgjYlIci3HrqOO5/xUs2hlgVOFwn/:rwfoNEwvzw7qStgXLa2hlgVOFw

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
1736	Unicorn-55586.exe
2924	Unicorn-8829.exe
2992	Unicorn-28695.exe
2544	Unicorn-13103.exe
2548	Unicorn-45776.exe
2392	Unicorn-42246.exe
1256	Unicorn-35413.exe
1356	Unicorn-15547.exe
1744	Unicorn-2356.exe
320	Unicorn-64364.exe
2024	Unicorn-317.exe
2696	Unicorn-62325.exe
2712	Unicorn-45797.exe
1920	Unicorn-16270.exe
2076	Unicorn-65470.exe
268	Unicorn-26061.exe
1772	Unicorn-51962.exe
992	Unicorn-38771.exe
1204	Unicorn-5714.exe
2368	Unicorn-38387.exe
1468	Unicorn-34857.exe
948	Unicorn-13711.exe
276	Unicorn-58314.exe
1864	Unicorn-53260.exe
900	Unicorn-36540.exe
2288	Unicorn-62668.exe
1528	Unicorn-19362.exe
1508	Unicorn-39228.exe
2316	Unicorn-2964.exe
2480	Unicorn-5979.exe
2608	Unicorn-32107.exe
2540	Unicorn-48444.exe
2396	Unicorn-51973.exe
2424	Unicorn-51973.exe
2496	Unicorn-26465.exe
2552	Unicorn-6599.exe
1564	Unicorn-49537.exe
2624	Unicorn-49537.exe
1276	Unicorn-63413.exe
1752	Unicorn-32817.exe
2160	Unicorn-1021.exe
2148	Unicorn-46693.exe
1560	Unicorn-17166.exe
2016	Unicorn-12567.exe
1184	Unicorn-48577.exe
1652	Unicorn-13252.exe
2964	Unicorn-32926.exe
1616	Unicorn-16590.exe
1904	Unicorn-16590.exe
700	Unicorn-45733.exe
1416	Unicorn-49262.exe
644	Unicorn-29396.exe
812	Unicorn-24042.exe
1292	Unicorn-20512.exe
744	Unicorn-52858.exe
1880	Unicorn-6802.exe
1648	Unicorn-6802.exe
2208	Unicorn-35945.exe
2572	Unicorn-35945.exe
1908	Unicorn-6610.exe
2588	Unicorn-35753.exe
2340	Unicorn-55619.exe
2576	Unicorn-39091.exe
2400	Unicorn-22563.exe

Loads dropped DLL 64 IoCs

pid	Process
1948	b961dba29496d5a22897fc64a34be8fe997585f7e8eb05778740dccf3c78b97f.exe
1948	b961dba29496d5a22897fc64a34be8fe997585f7e8eb05778740dccf3c78b97f.exe
1948	b961dba29496d5a22897fc64a34be8fe997585f7e8eb05778740dccf3c78b97f.exe
1736	Unicorn-55586.exe
1948	b961dba29496d5a22897fc64a34be8fe997585f7e8eb05778740dccf3c78b97f.exe
1736	Unicorn-55586.exe
2924	Unicorn-8829.exe
2924	Unicorn-8829.exe
2992	Unicorn-28695.exe
2992	Unicorn-28695.exe
1736	Unicorn-55586.exe
1736	Unicorn-55586.exe
2864	WerFault.exe
2864	WerFault.exe
2864	WerFault.exe
2864	WerFault.exe
2864	WerFault.exe
2544	Unicorn-13103.exe
2544	Unicorn-13103.exe
2924	Unicorn-8829.exe
2924	Unicorn-8829.exe
2392	Unicorn-42246.exe
2392	Unicorn-42246.exe
2992	Unicorn-28695.exe
2992	Unicorn-28695.exe
2320	WerFault.exe
2320	WerFault.exe
2320	WerFault.exe
2320	WerFault.exe
2320	WerFault.exe
2064	WerFault.exe
2064	WerFault.exe
2064	WerFault.exe
2064	WerFault.exe
2064	WerFault.exe
1256	Unicorn-35413.exe
2548	Unicorn-45776.exe
1256	Unicorn-35413.exe
2548	Unicorn-45776.exe
2544	Unicorn-13103.exe
2544	Unicorn-13103.exe
1356	Unicorn-15547.exe
1744	Unicorn-2356.exe
1744	Unicorn-2356.exe
1356	Unicorn-15547.exe
2392	Unicorn-42246.exe
2392	Unicorn-42246.exe
572	WerFault.exe
572	WerFault.exe
572	WerFault.exe
572	WerFault.exe
572	WerFault.exe
2632	WerFault.exe
2632	WerFault.exe
576	WerFault.exe
576	WerFault.exe
2632	WerFault.exe
2632	WerFault.exe
576	WerFault.exe
576	WerFault.exe
576	WerFault.exe
2632	WerFault.exe
2356	WerFault.exe
2356	WerFault.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2776	1948	WerFault.exe	27
2864	1736	WerFault.exe	28
2320	2924	WerFault.exe	30
2064	2992	WerFault.exe	29
572	2544	WerFault.exe	32
576	2392	WerFault.exe	34
2632	2548	WerFault.exe	33
2356	2024	WerFault.exe	42
1544	2076	WerFault.exe	45
2920	1256	WerFault.exe	36
2192	1356	WerFault.exe	37
2988	1744	WerFault.exe	38
2388	2696	WerFault.exe	43
2144	2712	WerFault.exe	44
2124	1920	WerFault.exe	46
2364	268	WerFault.exe	47
296	1772	WerFault.exe	52
916	1204	WerFault.exe	54
2976	1468	WerFault.exe	56
1592	2368	WerFault.exe	55
1896	276	WerFault.exe	59
1428	948	WerFault.exe	58
872	1864	WerFault.exe	62
780	900	WerFault.exe	64
908	2288	WerFault.exe	65
2628	1528	WerFault.exe	67
2436	1508	WerFault.exe	66
2168	2316	WerFault.exe	68
332	2480	WerFault.exe	69
2160	2540	WerFault.exe	71
112	2608	WerFault.exe	70
2280	2424	WerFault.exe	73
2736	2396	WerFault.exe	72
2412	2496	WerFault.exe	75
708	2552	WerFault.exe	76
1748	1564	WerFault.exe	80
3084	1752	WerFault.exe	83
3136	2624	WerFault.exe	81
3180	2148	WerFault.exe	85
3236	1276	WerFault.exe	82
3276	2016	WerFault.exe	87
3332	1652	WerFault.exe	89
3348	1560	WerFault.exe	86
3364	1184	WerFault.exe	88
3424	1616	WerFault.exe	92
3520	644	WerFault.exe	95
3512	700	WerFault.exe	93
3536	1416	WerFault.exe	94
3544	2964	WerFault.exe	90
3552	1904	WerFault.exe	91
4008	812	WerFault.exe	97
4080	1292	WerFault.exe	98
3648	744	WerFault.exe	101
3972	1908	WerFault.exe	109
3756	2588	WerFault.exe	110
3592	2400	WerFault.exe	113
3220	448	WerFault.exe	124
3160	1228	WerFault.exe	120
3464	2156	WerFault.exe	117
4920	1408	WerFault.exe	126
4940	2532	WerFault.exe	132
5008	2128	WerFault.exe	116
5032	560	WerFault.exe	144
5056	1404	WerFault.exe	127

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1948	b961dba29496d5a22897fc64a34be8fe997585f7e8eb05778740dccf3c78b97f.exe
1736	Unicorn-55586.exe
2924	Unicorn-8829.exe
2992	Unicorn-28695.exe
2544	Unicorn-13103.exe
2548	Unicorn-45776.exe
2392	Unicorn-42246.exe
1256	Unicorn-35413.exe
1356	Unicorn-15547.exe
1744	Unicorn-2356.exe
320	Unicorn-64364.exe
2024	Unicorn-317.exe
2696	Unicorn-62325.exe
2712	Unicorn-45797.exe
1920	Unicorn-16270.exe
2076	Unicorn-65470.exe
268	Unicorn-26061.exe
1772	Unicorn-51962.exe
992	Unicorn-38771.exe
1204	Unicorn-5714.exe
1468	Unicorn-34857.exe
2368	Unicorn-38387.exe
948	Unicorn-13711.exe
276	Unicorn-58314.exe
1864	Unicorn-53260.exe
900	Unicorn-36540.exe
2288	Unicorn-62668.exe
1508	Unicorn-39228.exe
1528	Unicorn-19362.exe
2316	Unicorn-2964.exe
2480	Unicorn-5979.exe
2608	Unicorn-32107.exe
2540	Unicorn-48444.exe
2396	Unicorn-51973.exe
2424	Unicorn-51973.exe
2496	Unicorn-26465.exe
2552	Unicorn-6599.exe
1564	Unicorn-49537.exe
2624	Unicorn-49537.exe
1276	Unicorn-63413.exe
1752	Unicorn-32817.exe
2148	Unicorn-46693.exe
1560	Unicorn-17166.exe
2016	Unicorn-12567.exe
1184	Unicorn-48577.exe
1652	Unicorn-13252.exe
2964	Unicorn-32926.exe
1616	Unicorn-16590.exe
1904	Unicorn-16590.exe
1416	Unicorn-49262.exe
700	Unicorn-45733.exe
644	Unicorn-29396.exe
812	Unicorn-24042.exe
1292	Unicorn-20512.exe
744	Unicorn-52858.exe
1880	Unicorn-6802.exe
1648	Unicorn-6802.exe
2572	Unicorn-35945.exe
2208	Unicorn-35945.exe
1908	Unicorn-6610.exe
2588	Unicorn-35753.exe
2340	Unicorn-55619.exe
2576	Unicorn-39091.exe
2400	Unicorn-22563.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1948 wrote to memory of 1736	1948	b961dba29496d5a22897fc64a34be8fe997585f7e8eb05778740dccf3c78b97f.exe	28
PID 1948 wrote to memory of 1736	1948	b961dba29496d5a22897fc64a34be8fe997585f7e8eb05778740dccf3c78b97f.exe	28
PID 1948 wrote to memory of 1736	1948	b961dba29496d5a22897fc64a34be8fe997585f7e8eb05778740dccf3c78b97f.exe	28
PID 1948 wrote to memory of 1736	1948	b961dba29496d5a22897fc64a34be8fe997585f7e8eb05778740dccf3c78b97f.exe	28
PID 1948 wrote to memory of 2924	1948	b961dba29496d5a22897fc64a34be8fe997585f7e8eb05778740dccf3c78b97f.exe	30
PID 1948 wrote to memory of 2924	1948	b961dba29496d5a22897fc64a34be8fe997585f7e8eb05778740dccf3c78b97f.exe	30
PID 1948 wrote to memory of 2924	1948	b961dba29496d5a22897fc64a34be8fe997585f7e8eb05778740dccf3c78b97f.exe	30
PID 1948 wrote to memory of 2924	1948	b961dba29496d5a22897fc64a34be8fe997585f7e8eb05778740dccf3c78b97f.exe	30
PID 1736 wrote to memory of 2992	1736	Unicorn-55586.exe	29
PID 1736 wrote to memory of 2992	1736	Unicorn-55586.exe	29
PID 1736 wrote to memory of 2992	1736	Unicorn-55586.exe	29
PID 1736 wrote to memory of 2992	1736	Unicorn-55586.exe	29
PID 1948 wrote to memory of 2776	1948	b961dba29496d5a22897fc64a34be8fe997585f7e8eb05778740dccf3c78b97f.exe	31
PID 1948 wrote to memory of 2776	1948	b961dba29496d5a22897fc64a34be8fe997585f7e8eb05778740dccf3c78b97f.exe	31
PID 1948 wrote to memory of 2776	1948	b961dba29496d5a22897fc64a34be8fe997585f7e8eb05778740dccf3c78b97f.exe	31
PID 1948 wrote to memory of 2776	1948	b961dba29496d5a22897fc64a34be8fe997585f7e8eb05778740dccf3c78b97f.exe	31
PID 2924 wrote to memory of 2544	2924	Unicorn-8829.exe	32
PID 2924 wrote to memory of 2544	2924	Unicorn-8829.exe	32
PID 2924 wrote to memory of 2544	2924	Unicorn-8829.exe	32
PID 2924 wrote to memory of 2544	2924	Unicorn-8829.exe	32
PID 2992 wrote to memory of 2548	2992	Unicorn-28695.exe	33
PID 2992 wrote to memory of 2548	2992	Unicorn-28695.exe	33
PID 2992 wrote to memory of 2548	2992	Unicorn-28695.exe	33
PID 2992 wrote to memory of 2548	2992	Unicorn-28695.exe	33
PID 1736 wrote to memory of 2392	1736	Unicorn-55586.exe	34
PID 1736 wrote to memory of 2392	1736	Unicorn-55586.exe	34
PID 1736 wrote to memory of 2392	1736	Unicorn-55586.exe	34
PID 1736 wrote to memory of 2392	1736	Unicorn-55586.exe	34
PID 1736 wrote to memory of 2864	1736	Unicorn-55586.exe	35
PID 1736 wrote to memory of 2864	1736	Unicorn-55586.exe	35
PID 1736 wrote to memory of 2864	1736	Unicorn-55586.exe	35
PID 1736 wrote to memory of 2864	1736	Unicorn-55586.exe	35
PID 2544 wrote to memory of 1256	2544	Unicorn-13103.exe	36
PID 2544 wrote to memory of 1256	2544	Unicorn-13103.exe	36
PID 2544 wrote to memory of 1256	2544	Unicorn-13103.exe	36
PID 2544 wrote to memory of 1256	2544	Unicorn-13103.exe	36
PID 2924 wrote to memory of 1356	2924	Unicorn-8829.exe	37
PID 2924 wrote to memory of 1356	2924	Unicorn-8829.exe	37
PID 2924 wrote to memory of 1356	2924	Unicorn-8829.exe	37
PID 2924 wrote to memory of 1356	2924	Unicorn-8829.exe	37
PID 2392 wrote to memory of 1744	2392	Unicorn-42246.exe	38
PID 2392 wrote to memory of 1744	2392	Unicorn-42246.exe	38
PID 2392 wrote to memory of 1744	2392	Unicorn-42246.exe	38
PID 2392 wrote to memory of 1744	2392	Unicorn-42246.exe	38
PID 2992 wrote to memory of 320	2992	Unicorn-28695.exe	39
PID 2992 wrote to memory of 320	2992	Unicorn-28695.exe	39
PID 2992 wrote to memory of 320	2992	Unicorn-28695.exe	39
PID 2992 wrote to memory of 320	2992	Unicorn-28695.exe	39
PID 2924 wrote to memory of 2320	2924	Unicorn-8829.exe	40
PID 2924 wrote to memory of 2320	2924	Unicorn-8829.exe	40
PID 2924 wrote to memory of 2320	2924	Unicorn-8829.exe	40
PID 2924 wrote to memory of 2320	2924	Unicorn-8829.exe	40
PID 2992 wrote to memory of 2064	2992	Unicorn-28695.exe	41
PID 2992 wrote to memory of 2064	2992	Unicorn-28695.exe	41
PID 2992 wrote to memory of 2064	2992	Unicorn-28695.exe	41
PID 2992 wrote to memory of 2064	2992	Unicorn-28695.exe	41
PID 1256 wrote to memory of 2024	1256	Unicorn-35413.exe	42
PID 1256 wrote to memory of 2024	1256	Unicorn-35413.exe	42
PID 1256 wrote to memory of 2024	1256	Unicorn-35413.exe	42
PID 1256 wrote to memory of 2024	1256	Unicorn-35413.exe	42
PID 2548 wrote to memory of 2696	2548	Unicorn-45776.exe	43
PID 2548 wrote to memory of 2696	2548	Unicorn-45776.exe	43
PID 2548 wrote to memory of 2696	2548	Unicorn-45776.exe	43
PID 2548 wrote to memory of 2696	2548	Unicorn-45776.exe	43

C:\Users\Admin\AppData\Local\Temp\b961dba29496d5a22897fc64a34be8fe997585f7e8eb05778740dccf3c78b97f.exe
"C:\Users\Admin\AppData\Local\Temp\b961dba29496d5a22897fc64a34be8fe997585f7e8eb05778740dccf3c78b97f.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1948
- C:\Users\Admin\AppData\Local\Temp\Unicorn-55586.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-55586.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1736
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28695.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28695.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45776.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45776.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62325.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38771.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36540.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49537.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6610.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6491.exe
        10⤵
        
        PID:560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61473.exe
        11⤵
        
        PID:3564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15534.exe
        12⤵
        
        PID:4884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44674.exe
        13⤵
        
        PID:5232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54816.exe
        14⤵
        
        PID:9772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23116.exe
        15⤵
        
        PID:6840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9772 -s 216
        15⤵
        
        PID:14096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5232 -s 236
        14⤵
        
        PID:10260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4884 -s 236
        13⤵
        
        PID:8300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3564 -s 236
        12⤵
        
        PID:6288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 560 -s 236
        11⤵
        Program crash
        
        PID:5032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9812.exe
        10⤵
        
        PID:3620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35021.exe
        11⤵
        
        PID:4112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23595.exe
        12⤵
        
        PID:7008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39331.exe
        13⤵
        
        PID:9892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42249.exe
        14⤵
        
        PID:8348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9892 -s 220
        14⤵
        
        PID:14180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7008 -s 216
        13⤵
        
        PID:11300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4112 -s 236
        12⤵
        
        PID:8212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3620 -s 216
        11⤵
        
        PID:6216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1908 -s 220
        10⤵
        Program crash
        
        PID:3972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51068.exe
        9⤵
        
        PID:292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19367.exe
        10⤵
        
        PID:4028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30828.exe
        11⤵
        
        PID:4708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39080.exe
        12⤵
        
        PID:6884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27681.exe
        13⤵
        
        PID:9328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23308.exe
        14⤵
        
        PID:7088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9328 -s 216
        14⤵
        
        PID:14088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6884 -s 216
        13⤵
        
        PID:10956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4028 -s 236
        11⤵
        
        PID:5828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42181.exe
        10⤵
        
        PID:4804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55691.exe
        11⤵
        
        PID:7092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-649.exe
        12⤵
        
        PID:10124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60230.exe
        13⤵
        
        PID:7888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10124 -s 236
        13⤵
        
        PID:14248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7092 -s 216
        12⤵
        
        PID:11436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4804 -s 216
        11⤵
        
        PID:8224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 292 -s 240
        10⤵
        
        PID:6240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2624 -s 240
        9⤵
        Program crash
        
        PID:3136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35753.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3284.exe
        9⤵
        
        PID:2020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28609.exe
        10⤵
        
        PID:3652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12763.exe
        11⤵
        
        PID:4316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8986.exe
        12⤵
        
        PID:7156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-981.exe
        13⤵
        
        PID:10252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13077.exe
        14⤵
        
        PID:14144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10252 -s 236
        14⤵
        
        PID:8652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7156 -s 216
        13⤵
        
        PID:11608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4316 -s 216
        12⤵
        
        PID:8260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3652 -s 236
        11⤵
        
        PID:6264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25378.exe
        10⤵
        
        PID:4472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21846.exe
        11⤵
        
        PID:6544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64359.exe
        12⤵
        
        PID:9764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3276.exe
        13⤵
        
        PID:7680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9764 -s 216
        13⤵
        
        PID:13836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6544 -s 216
        12⤵
        
        PID:10828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4472 -s 216
        11⤵
        
        PID:7276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2020 -s 240
        10⤵
        
        PID:5280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25079.exe
        9⤵
        
        PID:3696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2348.exe
        10⤵
        
        PID:4024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54025.exe
        11⤵
        
        PID:6480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48215.exe
        12⤵
        
        PID:9732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19805.exe
        13⤵
        
        PID:6924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6480 -s 216
        12⤵
        
        PID:10804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4024 -s 216
        11⤵
        
        PID:8168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3696 -s 236
        10⤵
        
        PID:5988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2588 -s 240
        9⤵
        Program crash
        
        PID:3756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 900 -s 220
        8⤵
        Program crash
        
        PID:780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63413.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39091.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22226.exe
        9⤵
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17997.exe
        10⤵
        
        PID:3940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28244.exe
        11⤵
        
        PID:4604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17231.exe
        12⤵
        
        PID:7232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34794.exe
        13⤵
        
        PID:10308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7232 -s 216
        13⤵
        
        PID:11980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4604 -s 216
        12⤵
        
        PID:9208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3940 -s 216
        11⤵
        
        PID:6992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2260 -s 216
        10⤵
        
        PID:4856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21203.exe
        9⤵
        
        PID:3232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46884.exe
        10⤵
        
        PID:5132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7064.exe
        11⤵
        
        PID:7472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25033.exe
        12⤵
        
        PID:11484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7472 -s 216
        12⤵
        
        PID:12332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5132 -s 216
        11⤵
        
        PID:8848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3232 -s 236
        10⤵
        
        PID:7124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2576 -s 240
        9⤵
        
        PID:4352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50300.exe
        8⤵
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24925.exe
        9⤵
        
        PID:3988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10361.exe
        10⤵
        
        PID:5148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47418.exe
        11⤵
        
        PID:8968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23289.exe
        12⤵
        
        PID:4252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8968 -s 216
        12⤵
        
        PID:13176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5148 -s 216
        11⤵
        
        PID:9652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3988 -s 216
        10⤵
        
        PID:7636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2528 -s 236
        9⤵
        
        PID:5452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1276 -s 240
        8⤵
        Program crash
        
        PID:3236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62668.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49537.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6802.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37685.exe
        9⤵
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19476.exe
        10⤵
        
        PID:3108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53656.exe
        11⤵
        
        PID:4264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26307.exe
        12⤵
        
        PID:7408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56083.exe
        13⤵
        
        PID:11252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7408 -s 216
        13⤵
        
        PID:11360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4264 -s 216
        12⤵
        
        PID:9168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3108 -s 236
        11⤵
        
        PID:7060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49935.exe
        10⤵
        
        PID:4292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9778.exe
        11⤵
        
        PID:7452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42243.exe
        12⤵
        
        PID:10244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7452 -s 216
        12⤵
        
        PID:11416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4292 -s 216
        11⤵
        
        PID:9176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2748 -s 240
        10⤵
        
        PID:7072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32282.exe
        9⤵
        
        PID:3172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33973.exe
        10⤵
        
        PID:4192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4101.exe
        11⤵
        
        PID:8184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3932.exe
        12⤵
        
        PID:2072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8184 -s 216
        12⤵
        
        PID:11960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4192 -s 216
        11⤵
        
        PID:9116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3172 -s 236
        10⤵
        
        PID:6872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1880 -s 240
        9⤵
        
        PID:4104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2360.exe
        8⤵
        
        PID:444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51655.exe
        9⤵
        
        PID:4068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23833.exe
        10⤵
        
        PID:4132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38512.exe
        11⤵
        
        PID:7180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55424.exe
        12⤵
        
        PID:11044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7180 -s 216
        12⤵
        
        PID:12272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4132 -s 216
        11⤵
        
        PID:9028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4068 -s 216
        10⤵
        
        PID:6960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39327.exe
        9⤵
        
        PID:4180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36483.exe
        10⤵
        
        PID:7260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56083.exe
        11⤵
        
        PID:10336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7260 -s 216
        11⤵
        
        PID:11356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4180 -s 216
        10⤵
        
        PID:9040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 444 -s 240
        9⤵
        
        PID:7032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1564 -s 220
        8⤵
        Program crash
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35945.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37493.exe
        8⤵
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1852.exe
        9⤵
        
        PID:3868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17959.exe
        10⤵
        
        PID:5428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58232.exe
        11⤵
        
        PID:7524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63393.exe
        12⤵
        
        PID:12168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7524 -s 216
        12⤵
        
        PID:12764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5428 -s 216
        11⤵
        
        PID:9244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3868 -s 216
        10⤵
        
        PID:6896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1620 -s 216
        9⤵
        
        PID:4812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54068.exe
        8⤵
        
        PID:3096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21934.exe
        9⤵
        
        PID:5708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12259.exe
        10⤵
        
        PID:8344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15828.exe
        11⤵
        
        PID:12412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5708 -s 216
        10⤵
        
        PID:9908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3096 -s 236
        9⤵
        
        PID:6644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2572 -s 240
        8⤵
        
        PID:4140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2288 -s 240
        7⤵
        Program crash
        
        PID:908
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2696 -s 240
        6⤵
        Program crash
        
        PID:2388
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2548 -s 216
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:2632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64364.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64364.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:320
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2992 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:2064
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42246.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42246.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2356.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2356.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16270.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38387.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5979.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48577.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9599.exe
        9⤵
        
        PID:2156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40674.exe
        10⤵
        
        PID:1972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1972 -s 240
        11⤵
        
        PID:4724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2156 -s 236
        10⤵
        Program crash
        
        PID:3464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1184 -s 236
        9⤵
        Program crash
        
        PID:3364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54202.exe
        8⤵
        
        PID:1556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56133.exe
        9⤵
        
        PID:1260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57898.exe
        10⤵
        
        PID:3928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15441.exe
        11⤵
        
        PID:4956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44428.exe
        12⤵
        
        PID:7868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45834.exe
        13⤵
        
        PID:11208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7868 -s 236
        13⤵
        
        PID:11784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4956 -s 216
        12⤵
        
        PID:8796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3928 -s 236
        11⤵
        
        PID:6532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27864.exe
        10⤵
        
        PID:5096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61340.exe
        11⤵
        
        PID:7752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26483.exe
        12⤵
        
        PID:11180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7752 -s 216
        12⤵
        
        PID:11796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5096 -s 216
        11⤵
        
        PID:8692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1260 -s 240
        10⤵
        
        PID:6568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53985.exe
        9⤵
        
        PID:3156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15140.exe
        10⤵
        
        PID:4288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34335.exe
        11⤵
        
        PID:8068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8068 -s 220
        12⤵
        
        PID:11920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4288 -s 216
        11⤵
        
        PID:9020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3156 -s 216
        10⤵
        
        PID:6832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1556 -s 220
        9⤵
        
        PID:5080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2480 -s 240
        8⤵
        Program crash
        
        PID:332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13252.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41587.exe
        8⤵
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21458.exe
        9⤵
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8396.exe
        10⤵
        
        PID:3124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9842.exe
        11⤵
        
        PID:5296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-905.exe
        12⤵
        
        PID:9004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19807.exe
        13⤵
        
        PID:4412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9004 -s 216
        13⤵
        
        PID:928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5296 -s 216
        12⤵
        
        PID:9788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3124 -s 216
        11⤵
        
        PID:7708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2488 -s 236
        10⤵
        
        PID:5480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54753.exe
        9⤵
        
        PID:3600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42852.exe
        10⤵
        
        PID:4156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20630.exe
        11⤵
        
        PID:8156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3932.exe
        12⤵
        
        PID:11276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8156 -s 216
        12⤵
        
        PID:12020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4156 -s 216
        11⤵
        
        PID:9092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3600 -s 236
        10⤵
        
        PID:6824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2456 -s 240
        9⤵
        
        PID:5072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36267.exe
        8⤵
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41754.exe
        9⤵
        
        PID:3684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9074.exe
        10⤵
        
        PID:5600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32618.exe
        11⤵
        
        PID:9096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52671.exe
        12⤵
        
        PID:12664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9096 -s 216
        12⤵
        
        PID:7796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5600 -s 216
        11⤵
        
        PID:9888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3684 -s 216
        10⤵
        
        PID:7812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2448 -s 216
        9⤵
        
        PID:5580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1652 -s 240
        8⤵
        Program crash
        
        PID:3332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2368 -s 240
        7⤵
        Program crash
        
        PID:1592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32107.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16590.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9215.exe
        8⤵
        
        PID:1404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53445.exe
        9⤵
        
        PID:772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11001.exe
        10⤵
        
        PID:3644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61191.exe
        11⤵
        
        PID:5332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56696.exe
        12⤵
        
        PID:7896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65266.exe
        13⤵
        
        PID:11776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7896 -s 216
        13⤵
        
        PID:12476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5332 -s 216
        12⤵
        
        PID:2896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3644 -s 216
        11⤵
        
        PID:6600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 772 -s 236
        10⤵
        
        PID:4548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40144.exe
        9⤵
        
        PID:3892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31861.exe
        10⤵
        
        PID:4980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1470.exe
        11⤵
        
        PID:8108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19998.exe
        12⤵
        
        PID:11568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8108 -s 216
        12⤵
        
        PID:12384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3892 -s 236
        10⤵
        
        PID:6744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1404 -s 240
        9⤵
        Program crash
        
        PID:5056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18120.exe
        8⤵
        
        PID:1956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24842.exe
        9⤵
        
        PID:4056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47621.exe
        10⤵
        
        PID:4420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4101.exe
        11⤵
        
        PID:7188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3932.exe
        12⤵
        
        PID:11268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7188 -s 216
        12⤵
        
        PID:12032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4420 -s 216
        11⤵
        
        PID:9120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4056 -s 216
        10⤵
        
        PID:6848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1956 -s 216
        9⤵
        
        PID:4204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1904 -s 240
        8⤵
        Program crash
        
        PID:3552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54887.exe
        7⤵
        
        PID:1408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36917.exe
        8⤵
        
        PID:992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24842.exe
        9⤵
        
        PID:4088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29941.exe
        10⤵
        
        PID:4340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28092.exe
        11⤵
        
        PID:7852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26483.exe
        12⤵
        
        PID:11068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7852 -s 216
        12⤵
        
        PID:11580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4340 -s 216
        11⤵
        
        PID:8800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4088 -s 216
        10⤵
        
        PID:6664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 992 -s 216
        9⤵
        
        PID:4188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53793.exe
        8⤵
        
        PID:3420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31970.exe
        9⤵
        
        PID:4900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17101.exe
        10⤵
        
        PID:7788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45834.exe
        11⤵
        
        PID:11224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7788 -s 216
        11⤵
        
        PID:11856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4900 -s 216
        10⤵
        
        PID:8700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3420 -s 236
        9⤵
        
        PID:6524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1408 -s 240
        8⤵
        Program crash
        
        PID:4920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2608 -s 240
        7⤵
        Program crash
        
        PID:112
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1920 -s 240
        6⤵
        Program crash
        
        PID:2124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34857.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2964.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17166.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57923.exe
        8⤵
        
        PID:1452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56133.exe
        9⤵
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58518.exe
        10⤵
        
        PID:4836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55608.exe
        11⤵
        
        PID:6856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22912.exe
        12⤵
        
        PID:9516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22239.exe
        13⤵
        
        PID:6904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9516 -s 216
        13⤵
        
        PID:14080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6856 -s 216
        12⤵
        
        PID:10648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4836 -s 216
        11⤵
        
        PID:8092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1540 -s 216
        10⤵
        
        PID:5140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21203.exe
        9⤵
        
        PID:3284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25712.exe
        10⤵
        
        PID:6028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39587.exe
        11⤵
        
        PID:8860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50367.exe
        12⤵
        
        PID:12536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59679.exe
        12⤵
        
        PID:12544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8860 -s 220
        12⤵
        
        PID:13476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6028 -s 216
        11⤵
        
        PID:10180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3284 -s 216
        10⤵
        
        PID:7588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1452 -s 240
        9⤵
        
        PID:5308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53481.exe
        8⤵
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24842.exe
        9⤵
        
        PID:4064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31861.exe
        10⤵
        
        PID:5040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18191.exe
        11⤵
        
        PID:8024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34794.exe
        12⤵
        
        PID:10492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8024 -s 216
        12⤵
        
        PID:11968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5040 -s 216
        11⤵
        
        PID:9000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4064 -s 216
        10⤵
        
        PID:6780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2856 -s 216
        9⤵
        
        PID:4216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1560 -s 240
        8⤵
        Program crash
        
        PID:3348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5193.exe
        7⤵
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5121.exe
        8⤵
        
        PID:2240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25610.exe
        9⤵
        
        PID:3476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58467.exe
        10⤵
        
        PID:5404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6722.exe
        11⤵
        
        PID:8888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25178.exe
        12⤵
        
        PID:12472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8888 -s 216
        12⤵
        
        PID:13132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5404 -s 216
        11⤵
        
        PID:10204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3476 -s 216
        10⤵
        
        PID:7736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2240 -s 216
        9⤵
        
        PID:5532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4291.exe
        8⤵
        
        PID:3804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14481.exe
        9⤵
        
        PID:4384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64511.exe
        10⤵
        
        PID:7988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34109.exe
        11⤵
        
        PID:988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7988 -s 216
        11⤵
        
        PID:11756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4384 -s 216
        10⤵
        
        PID:8976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3804 -s 236
        9⤵
        
        PID:6688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2128 -s 220
        8⤵
        Program crash
        
        PID:5008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2316 -s 240
        7⤵
        Program crash
        
        PID:2168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12567.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22563.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5396.exe
        8⤵
        
        PID:1676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51982.exe
        9⤵
        
        PID:3852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13723.exe
        10⤵
        
        PID:3384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3013.exe
        11⤵
        
        PID:6452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17188.exe
        12⤵
        
        PID:9676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1164.exe
        13⤵
        
        PID:12556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9676 -s 216
        13⤵
        
        PID:13740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6452 -s 220
        12⤵
        
        PID:10752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3384 -s 216
        11⤵
        
        PID:7420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3852 -s 236
        10⤵
        
        PID:5952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31683.exe
        9⤵
        
        PID:3840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8519.exe
        10⤵
        
        PID:6972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56928.exe
        11⤵
        
        PID:9840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22924.exe
        12⤵
        
        PID:13136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9840 -s 216
        12⤵
        
        PID:14104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6972 -s 220
        11⤵
        
        PID:11060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3840 -s 216
        10⤵
        
        PID:8204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1676 -s 240
        9⤵
        
        PID:6192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64789.exe
        8⤵
        
        PID:3860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56969.exe
        9⤵
        
        PID:3808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38374.exe
        10⤵
        
        PID:6516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48708.exe
        11⤵
        
        PID:9804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2508.exe
        12⤵
        
        PID:12484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9804 -s 216
        12⤵
        
        PID:13876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6516 -s 216
        11⤵
        
        PID:10876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3808 -s 216
        10⤵
        
        PID:7228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3860 -s 236
        9⤵
        
        PID:5236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2400 -s 240
        8⤵
        Program crash
        
        PID:3592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18203.exe
        7⤵
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36964.exe
        8⤵
        
        PID:3992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61964.exe
        9⤵
        
        PID:4304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42697.exe
        10⤵
        
        PID:6768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5293.exe
        11⤵
        
        PID:10060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56338.exe
        12⤵
        
        PID:7676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10060 -s 216
        12⤵
        
        PID:14284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6768 -s 220
        11⤵
        
        PID:11076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4304 -s 216
        10⤵
        
        PID:7516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3992 -s 236
        9⤵
        
        PID:6016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9234.exe
        8⤵
        
        PID:4372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59225.exe
        9⤵
        
        PID:6728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5101.exe
        10⤵
        
        PID:10088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20703.exe
        11⤵
        
        PID:7668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10088 -s 216
        11⤵
        
        PID:14032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6728 -s 220
        10⤵
        
        PID:11108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4372 -s 216
        9⤵
        
        PID:8180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2324 -s 240
        8⤵
        
        PID:5908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2016 -s 240
        7⤵
        Program crash
        
        PID:3276
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1468 -s 240
        6⤵
        Program crash
        
        PID:2976
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1744 -s 240
        5⤵
        Program crash
        
        PID:2988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26061.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26061.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13711.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51973.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49262.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24675.exe
        8⤵
        
        PID:1104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40482.exe
        9⤵
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41069.exe
        10⤵
        
        PID:3372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47066.exe
        11⤵
        
        PID:5864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63292.exe
        12⤵
        
        PID:8496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22521.exe
        13⤵
        
        PID:4424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8496 -s 216
        13⤵
        
        PID:13156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5864 -s 216
        12⤵
        
        PID:10340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3372 -s 216
        11⤵
        
        PID:7968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2948 -s 236
        10⤵
        
        PID:5640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21888.exe
        9⤵
        
        PID:3760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63402.exe
        10⤵
        
        PID:5868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60604.exe
        11⤵
        
        PID:8336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14661.exe
        12⤵
        
        PID:13172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8336 -s 216
        12⤵
        
        PID:13392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5868 -s 216
        11⤵
        
        PID:10292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3760 -s 236
        10⤵
        
        PID:7944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1104 -s 240
        9⤵
        
        PID:5648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36952.exe
        8⤵
        
        PID:2304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41754.exe
        9⤵
        
        PID:3740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7408.exe
        10⤵
        
        PID:5740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14563.exe
        11⤵
        
        PID:8416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21124.exe
        12⤵
        
        PID:12464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8416 -s 216
        12⤵
        
        PID:13068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5740 -s 216
        11⤵
        
        PID:9996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3740 -s 216
        10⤵
        
        PID:7204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2304 -s 236
        9⤵
        
        PID:4300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1416 -s 240
        8⤵
        Program crash
        
        PID:3536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54887.exe
        7⤵
        
        PID:768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39605.exe
        8⤵
        
        PID:2204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8588.exe
        9⤵
        
        PID:3948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40019.exe
        10⤵
        
        PID:5204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44787.exe
        11⤵
        
        PID:8940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20108.exe
        12⤵
        
        PID:12812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8940 -s 216
        12⤵
        
        PID:6092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5204 -s 216
        11⤵
        
        PID:9592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3948 -s 216
        10⤵
        
        PID:7648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2204 -s 216
        9⤵
        
        PID:5468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21203.exe
        8⤵
        
        PID:2560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28618.exe
        9⤵
        
        PID:5504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47885.exe
        10⤵
        
        PID:9140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8872.exe
        11⤵
        
        PID:12996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9140 -s 216
        11⤵
        
        PID:13336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5504 -s 216
        10⤵
        
        PID:9960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2560 -s 216
        9⤵
        
        PID:7820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 768 -s 240
        8⤵
        
        PID:5556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2396 -s 240
        7⤵
        Program crash
        
        PID:2736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45733.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57539.exe
        7⤵
        
        PID:1968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39605.exe
        8⤵
        
        PID:1460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41754.exe
        9⤵
        
        PID:3748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29941.exe
        10⤵
        
        PID:5104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21646.exe
        11⤵
        
        PID:7860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13616.exe
        12⤵
        
        PID:12208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7860 -s 236
        12⤵
        
        PID:12872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5104 -s 216
        11⤵
        
        PID:9280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3748 -s 216
        10⤵
        
        PID:6656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1460 -s 216
        9⤵
        
        PID:5004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38032.exe
        8⤵
        
        PID:3920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28519.exe
        9⤵
        
        PID:5284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5720.exe
        10⤵
        
        PID:7808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40430.exe
        11⤵
        
        PID:12048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5284 -s 216
        10⤵
        
        PID:8908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3920 -s 216
        9⤵
        
        PID:6368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1968 -s 220
        8⤵
        
        PID:4672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20616.exe
        7⤵
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24541.exe
        8⤵
        
        PID:3500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17824.exe
        9⤵
        
        PID:5840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63655.exe
        10⤵
        
        PID:8580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39946.exe
        11⤵
        
        PID:12776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8580 -s 216
        11⤵
        
        PID:4448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5840 -s 216
        10⤵
        
        PID:10192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3500 -s 216
        9⤵
        
        PID:7284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2860 -s 216
        8⤵
        
        PID:4520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 700 -s 220
        7⤵
        Program crash
        
        PID:3512
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 948 -s 220
        6⤵
        Program crash
        
        PID:1428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48444.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16590.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42272.exe
        7⤵
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56818.exe
        8⤵
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18957.exe
        9⤵
        
        PID:3504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61191.exe
        10⤵
        
        PID:5324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23448.exe
        11⤵
        
        PID:8016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26014.exe
        12⤵
        
        PID:12096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8016 -s 220
        12⤵
        
        PID:12692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5324 -s 216
        11⤵
        
        PID:4980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3504 -s 216
        10⤵
        
        PID:7132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2508 -s 236
        9⤵
        
        PID:4696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48100.exe
        8⤵
        
        PID:3584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3791.exe
        9⤵
        
        PID:5936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57262.exe
        10⤵
        
        PID:8784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45006.exe
        11⤵
        
        PID:13080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8784 -s 216
        11⤵
        
        PID:5548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5936 -s 216
        10⤵
        
        PID:10024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3584 -s 216
        9⤵
        
        PID:7392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2752 -s 240
        8⤵
        
        PID:5156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35883.exe
        7⤵
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14060.exe
        8⤵
        
        PID:4968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28276.exe
        9⤵
        
        PID:6624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30162.exe
        10⤵
        
        PID:10500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11474.exe
        11⤵
        
        PID:13352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6624 -s 216
        10⤵
        
        PID:11868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4968 -s 216
        9⤵
        
        PID:8668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2460 -s 216
        8⤵
        
        PID:6704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1616 -s 240
        7⤵
        Program crash
        
        PID:3424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37673.exe
        6⤵
        
        PID:1228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1228 -s 220
        7⤵
        Program crash
        
        PID:3160
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2540 -s 240
        6⤵
        Program crash
        
        PID:2160
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 268 -s 220
        5⤵
        Program crash
        
        PID:2364
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2392 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:576
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1736 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2864
- C:\Users\Admin\AppData\Local\Temp\Unicorn-8829.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-8829.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2924
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13103.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13103.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35413.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35413.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-317.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2024
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2024 -s 240
        6⤵
        Loads dropped DLL
        Program crash
        
        PID:2356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51962.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53260.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26465.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24042.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54540.exe
        9⤵
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43409.exe
        10⤵
        
        PID:3148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1772.exe
        11⤵
        
        PID:4224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53257.exe
        12⤵
        
        PID:6608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32180.exe
        13⤵
        
        PID:9832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35866.exe
        14⤵
        
        PID:7004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9832 -s 220
        14⤵
        
        PID:13928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6608 -s 216
        13⤵
        
        PID:10884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4224 -s 216
        12⤵
        
        PID:7544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3148 -s 236
        11⤵
        
        PID:5340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2532 -s 236
        10⤵
        Program crash
        
        PID:4940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42894.exe
        9⤵
        
        PID:3192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46012.exe
        10⤵
        
        PID:4164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35878.exe
        11⤵
        
        PID:6400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14499.exe
        12⤵
        
        PID:9616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17309.exe
        13⤵
        
        PID:12700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9616 -s 216
        13⤵
        
        PID:13752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6400 -s 216
        12⤵
        
        PID:10700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4164 -s 216
        11⤵
        
        PID:7196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3192 -s 236
        10⤵
        
        PID:5792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 812 -s 240
        9⤵
        Program crash
        
        PID:4008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49942.exe
        8⤵
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28993.exe
        9⤵
        
        PID:3452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45244.exe
        10⤵
        
        PID:4484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53257.exe
        11⤵
        
        PID:6616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17655.exe
        12⤵
        
        PID:9872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19530.exe
        13⤵
        
        PID:12720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9872 -s 220
        13⤵
        
        PID:13884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6616 -s 216
        12⤵
        
        PID:10900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4484 -s 216
        11⤵
        
        PID:7504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3452 -s 236
        10⤵
        
        PID:5388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8850.exe
        9⤵
        
        PID:4532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42697.exe
        10⤵
        
        PID:6760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54110.exe
        11⤵
        
        PID:10116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5305.exe
        12⤵
        
        PID:7624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10116 -s 216
        12⤵
        
        PID:13988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6760 -s 220
        11⤵
        
        PID:11172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4532 -s 216
        10⤵
        
        PID:7476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2592 -s 220
        9⤵
        
        PID:6036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2496 -s 240
        8⤵
        Program crash
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20512.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4270.exe
        8⤵
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12656.exe
        9⤵
        
        PID:3376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1388.exe
        10⤵
        
        PID:4400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20886.exe
        11⤵
        
        PID:6304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64468.exe
        12⤵
        
        PID:9496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64096.exe
        13⤵
        
        PID:6932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9496 -s 216
        13⤵
        
        PID:13696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6304 -s 216
        12⤵
        
        PID:10632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4400 -s 216
        11⤵
        
        PID:7632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3376 -s 216
        10⤵
        
        PID:6136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8850.exe
        9⤵
        
        PID:4524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35878.exe
        10⤵
        
        PID:6408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33524.exe
        11⤵
        
        PID:9696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17117.exe
        12⤵
        
        PID:12816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9696 -s 216
        12⤵
        
        PID:13780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6408 -s 216
        11⤵
        
        PID:10776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4524 -s 216
        10⤵
        
        PID:7500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2900 -s 240
        9⤵
        
        PID:5808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9127.exe
        8⤵
        
        PID:3436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61772.exe
        9⤵
        
        PID:4428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41420.exe
        10⤵
        
        PID:5772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17455.exe
        11⤵
        
        PID:8828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44184.exe
        12⤵
        
        PID:12492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8828 -s 216
        12⤵
        
        PID:13484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5772 -s 216
        11⤵
        
        PID:10432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4428 -s 216
        10⤵
        
        PID:8096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3436 -s 216
        9⤵
        
        PID:5916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1292 -s 220
        8⤵
        Program crash
        
        PID:4080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1864 -s 240
        7⤵
        Program crash
        
        PID:872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6599.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26677.exe
        7⤵
        
        PID:2996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43601.exe
        8⤵
        
        PID:3100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29484.exe
        9⤵
        
        PID:4196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34809.exe
        10⤵
        
        PID:6432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14691.exe
        11⤵
        
        PID:9568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50557.exe
        12⤵
        
        PID:5164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9568 -s 216
        12⤵
        
        PID:13732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6432 -s 216
        11⤵
        
        PID:10668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4196 -s 216
        10⤵
        
        PID:8124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3100 -s 216
        9⤵
        
        PID:5848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30915.exe
        8⤵
        
        PID:4268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34809.exe
        9⤵
        
        PID:6440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33524.exe
        10⤵
        
        PID:9704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-588.exe
        11⤵
        
        PID:12888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9704 -s 216
        11⤵
        
        PID:13804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6440 -s 216
        10⤵
        
        PID:10760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4268 -s 216
        9⤵
        
        PID:3720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2996 -s 240
        8⤵
        
        PID:5996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2552 -s 236
        7⤵
        Program crash
        
        PID:708
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1772 -s 240
        6⤵
        Program crash
        
        PID:296
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1256 -s 240
        5⤵
        Program crash
        
        PID:2920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45797.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45797.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5714.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39228.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32817.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6802.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21157.exe
        9⤵
        
        PID:1940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22164.exe
        10⤵
        
        PID:3388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22785.exe
        11⤵
        
        PID:5872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36686.exe
        12⤵
        
        PID:8628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47901.exe
        13⤵
        
        PID:12704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8628 -s 216
        13⤵
        
        PID:12400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5872 -s 216
        12⤵
        
        PID:10216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3388 -s 216
        11⤵
        
        PID:7292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1940 -s 236
        10⤵
        
        PID:4508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51307.exe
        9⤵
        
        PID:3468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40081.exe
        10⤵
        
        PID:5752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14371.exe
        11⤵
        
        PID:8448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23921.exe
        12⤵
        
        PID:12516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8448 -s 236
        12⤵
        
        PID:13164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5752 -s 216
        11⤵
        
        PID:10004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3468 -s 216
        10⤵
        
        PID:7212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1648 -s 240
        9⤵
        
        PID:4656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18504.exe
        8⤵
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41754.exe
        9⤵
        
        PID:3688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55192.exe
        10⤵
        
        PID:4392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13177.exe
        11⤵
        
        PID:7360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57152.exe
        12⤵
        
        PID:11244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7360 -s 216
        12⤵
        
        PID:11312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4392 -s 216
        11⤵
        
        PID:9152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3688 -s 236
        10⤵
        
        PID:6320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49826.exe
        9⤵
        
        PID:4584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28938.exe
        10⤵
        
        PID:7492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42243.exe
        11⤵
        
        PID:10456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7492 -s 236
        11⤵
        
        PID:11424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4584 -s 216
        10⤵
        
        PID:9200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2616 -s 240
        9⤵
        
        PID:6448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1752 -s 240
        8⤵
        Program crash
        
        PID:3084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35945.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21541.exe
        8⤵
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6019.exe
        9⤵
        
        PID:3204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33589.exe
        10⤵
        
        PID:4208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49903.exe
        11⤵
        
        PID:7300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30492.exe
        12⤵
        
        PID:11316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7300 -s 216
        12⤵
        
        PID:12204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4208 -s 216
        11⤵
        
        PID:8240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3204 -s 236
        10⤵
        
        PID:6944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2512 -s 236
        9⤵
        
        PID:4616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35162.exe
        8⤵
        
        PID:3256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23169.exe
        9⤵
        
        PID:5812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15222.exe
        10⤵
        
        PID:8516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41923.exe
        11⤵
        
        PID:12652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8516 -s 216
        11⤵
        
        PID:12432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5812 -s 216
        10⤵
        
        PID:10164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3256 -s 216
        9⤵
        
        PID:7248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2208 -s 240
        8⤵
        
        PID:4332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1508 -s 240
        7⤵
        Program crash
        
        PID:2436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46693.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55619.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37877.exe
        8⤵
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2428.exe
        9⤵
        
        PID:3632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28327.exe
        10⤵
        
        PID:5344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39784.exe
        11⤵
        
        PID:8104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7648.exe
        12⤵
        
        PID:12132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8104 -s 216
        12⤵
        
        PID:12748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5344 -s 236
        11⤵
        
        PID:9128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3632 -s 236
        10⤵
        
        PID:6628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1732 -s 216
        9⤵
        
        PID:4728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64244.exe
        8⤵
        
        PID:3708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12146.exe
        9⤵
        
        PID:5900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20335.exe
        10⤵
        
        PID:8868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44184.exe
        11⤵
        
        PID:12504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8868 -s 216
        11⤵
        
        PID:13452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5900 -s 216
        10⤵
        
        PID:10440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2340 -s 240
        8⤵
        
        PID:4592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1483.exe
        7⤵
        
        PID:300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60355.exe
        8⤵
        
        PID:4660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36537.exe
        9⤵
        
        PID:6636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22014.exe
        10⤵
        
        PID:10016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56338.exe
        11⤵
        
        PID:13320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10016 -s 216
        11⤵
        
        PID:14276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6636 -s 220
        10⤵
        
        PID:11016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4660 -s 216
        9⤵
        
        PID:8000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 300 -s 216
        8⤵
        
        PID:5664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2148 -s 240
        7⤵
        Program crash
        
        PID:3180
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1204 -s 240
        6⤵
        Program crash
        
        PID:916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19362.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1021.exe
        6⤵
        Executes dropped EXE
        
        PID:2160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52858.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21292.exe
        7⤵
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28993.exe
        8⤵
        
        PID:3444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31404.exe
        9⤵
        
        PID:4620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34015.exe
        10⤵
        
        PID:6348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20613.exe
        11⤵
        
        PID:9440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64672.exe
        12⤵
        
        PID:8344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9440 -s 216
        12⤵
        
        PID:13680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6348 -s 216
        11⤵
        
        PID:10600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4620 -s 216
        10⤵
        
        PID:7664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3444 -s 236
        9⤵
        
        PID:5276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10578.exe
        8⤵
        
        PID:4768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12182.exe
        9⤵
        
        PID:5256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56312.exe
        10⤵
        
        PID:6084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33767.exe
        11⤵
        
        PID:11952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6084 -s 216
        11⤵
        
        PID:12600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5256 -s 216
        10⤵
        
        PID:9064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4768 -s 216
        9⤵
        
        PID:6416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1512 -s 240
        8⤵
        
        PID:4668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25463.exe
        7⤵
        
        PID:3480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27647.exe
        8⤵
        
        PID:4552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20886.exe
        9⤵
        
        PID:6328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4084.exe
        10⤵
        
        PID:9468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13613.exe
        11⤵
        
        PID:12948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9468 -s 216
        11⤵
        
        PID:13636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6328 -s 216
        10⤵
        
        PID:10616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3480 -s 236
        8⤵
        
        PID:5252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 744 -s 240
        7⤵
        Program crash
        
        PID:3648
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1528 -s 240
        6⤵
        Program crash
        
        PID:2628
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2712 -s 240
        5⤵
        Program crash
        
        PID:2144
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2544 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:572
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15547.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15547.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65470.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65470.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2076
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2076 -s 240
        5⤵
        Program crash
        
        PID:1544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58314.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58314.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51973.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32926.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65100.exe
        7⤵
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45822.exe
        8⤵
        
        PID:3732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10783.exe
        9⤵
        
        PID:3980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34809.exe
        10⤵
        
        PID:6424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14499.exe
        11⤵
        
        PID:9628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17117.exe
        12⤵
        
        PID:7016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9628 -s 216
        12⤵
        
        PID:13764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6424 -s 216
        11⤵
        
        PID:10708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3980 -s 216
        10⤵
        
        PID:8152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3732 -s 236
        9⤵
        
        PID:5960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23590.exe
        8⤵
        
        PID:3896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52681.exe
        9⤵
        
        PID:6668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35527.exe
        10⤵
        
        PID:9964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16925.exe
        11⤵
        
        PID:7580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9964 -s 216
        11⤵
        
        PID:13796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6668 -s 220
        10⤵
        
        PID:10992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3896 -s 216
        9⤵
        
        PID:8076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2056 -s 240
        8⤵
        
        PID:5728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2964 -s 216
        7⤵
        Program crash
        
        PID:3544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54887.exe
        6⤵
        
        PID:448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31348.exe
        7⤵
        
        PID:3956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18990.exe
        8⤵
        
        PID:4364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26691.exe
        9⤵
        
        PID:7312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41008.exe
        10⤵
        
        PID:11212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7312 -s 216
        10⤵
        
        PID:12280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4364 -s 216
        9⤵
        
        PID:9084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3956 -s 236
        8⤵
        
        PID:6336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 448 -s 216
        7⤵
        Program crash
        
        PID:3220
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2424 -s 240
        6⤵
        Program crash
        
        PID:2280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29396.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57539.exe
        6⤵
        
        PID:2200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39605.exe
        7⤵
        
        PID:1284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18381.exe
        8⤵
        
        PID:3788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52800.exe
        9⤵
        
        PID:5968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42161.exe
        10⤵
        
        PID:8812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60081.exe
        11⤵
        
        PID:13116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8812 -s 216
        11⤵
        
        PID:13008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5968 -s 236
        10⤵
        
        PID:10072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3788 -s 216
        9⤵
        
        PID:7440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1284 -s 236
        8⤵
        
        PID:5168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21395.exe
        7⤵
        
        PID:4044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61959.exe
        8⤵
        
        PID:5188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56073.exe
        9⤵
        
        PID:7528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56200.exe
        10⤵
        
        PID:11596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7528 -s 216
        10⤵
        
        PID:12424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5188 -s 216
        9⤵
        
        PID:8856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4044 -s 216
        8⤵
        
        PID:5860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2200 -s 220
        7⤵
        
        PID:4560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20616.exe
        6⤵
        
        PID:696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24541.exe
        7⤵
        
        PID:3572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12281.exe
        8⤵
        
        PID:5448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47885.exe
        9⤵
        
        PID:9132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25209.exe
        10⤵
        
        PID:1576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9132 -s 216
        10⤵
        
        PID:13344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5448 -s 216
        9⤵
        
        PID:9952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3572 -s 216
        8⤵
        
        PID:7776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 696 -s 216
        7⤵
        
        PID:5572
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 644 -s 240
        6⤵
        Program crash
        
        PID:3520
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 276 -s 240
        5⤵
        Program crash
        
        PID:1896
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1356 -s 240
      4⤵
      Program crash
      PID:2192
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2924 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2320
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1948 -s 240
  2⤵
  - Program crash
  PID:2776

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-22014.exe

Filesize
184KB

MD5
2ac1b100eea85720066fc44e1dffb279

SHA1
547e99a3f512aec158c9f42d25efd60007b8dc6d

SHA256
045c57661f4dc9aa0bb7657e698179b89294b23b8af978b8d9b01e2e510598f7

SHA512
688bfcfaebcf4da4b032d05dc13c3bfaf306bf225f33b44c370ef9455d6f8f79466e01bdaa153837c4f64efb8e160c1dd338ce89b1e059bc25fd1bc4d7542098

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2356.exe

Filesize
184KB

MD5
09e636929e0f98d5a721964bdfb91218

SHA1
902a4204ba885d7ce4675b862769aa777f8f3f48

SHA256
5d97bdd6b268628a9221acb500aeb5dfd13f2bf1ed199755ce6bc26e62079bed

SHA512
fbc5c05b5ee6de20471a4c42869794accff815cc7b9d0c520dcb72b904869bffe5c1da02a131674ded2e91be7ed20344d5bef053aa2b778c13cd0a8aaca4f85a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33767.exe

Filesize
184KB

MD5
927b0b984e243a774ffeee0a81ee1cf2

SHA1
85fc1eb099e9f32f53b11527927f058456d1a8e3

SHA256
92fc8e391709f883c0ad81c30a574fe90f776e55b3373f8c6ac7f5bda4276ab8

SHA512
7d6680fbcd946b070bad920e468218a0343b8ecbabc0d6d1f492dff0e4fedc71de90de2a905c9000466c6c2ed1a3575305e17a1887cb5770c2e323c30c46578a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35413.exe

Filesize
184KB

MD5
b47bf4a675b90fa0c71961948554dbe9

SHA1
b56b5a814301286bb76aeecc0a2a81815694c137

SHA256
4210814995f97d2c232dfd8c3ac826b7a458aca0a79c724b29365e0ff1165512

SHA512
a2d55eaa50272010aafb3b4c5cd79678e5ed2e8f0d964b0a7c0f9ca7f3c5ca7b3f03d0d4ca288000eb707bebadff3cdb03020672ed65afbca5ec793326e4315d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37685.exe

Filesize
184KB

MD5
6675eb25e69680158e2147035057fdea

SHA1
9be76aa11dac1412112955ef57ec799802d4da95

SHA256
7fae226e6e1452c5b2b1077d946bef82edb74a0a2d16f3a8b7c72332d7f2ebcf

SHA512
d2aac33cbae805bda58b75d524fa2e5556682640ee63d79bbc591431b56f60b6923a155112b08a840faeaae8f718ad03ecb7866259c326453dd32d0443fdc7e9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40144.exe

Filesize
184KB

MD5
9d9be01459c698c30cef82d2816cc73f

SHA1
786c74f30752ca44f96e24a3c856c84186c77644

SHA256
ad64bbc5b59fc757358b30e2b644fbf54cbce0549bf933b93f44af0e96e70d70

SHA512
cddd14be139761a688eced70358bada7fa1db74d1eea23db6b8e7d54990483efbfd5cff6427a0b8443da5ca2aec210de9f14c7f3a66eeafd26a547357658d6b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55608.exe

Filesize
184KB

MD5
b09fc4740088e91bdf9cd619fa0be821

SHA1
8af532eb0aec1ce79618f78bd74318e84bdaad6e

SHA256
75b2403a7b0f835fd19b0b42f208a589b50720a4fbfd5510839c58d324e83eea

SHA512
fbc2fde55f8d1a0aab6dc7123328c25c64ca6c09a6b75ddc81b10ba5b5cfe69e3f54f8ac2995d958b76944e7a40da4cc1fd31bae7b865e3911f766ff2588212e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56083.exe

Filesize
184KB

MD5
62cb1b271a56b9a230fc0fc661ff1c3d

SHA1
d3145c870a129694a39123347eaaa9dfcbf89710

SHA256
f0d7d380a45ce633a6ce283f0a82901b6d5c406b9eb77f38710a04ed51e76e7a

SHA512
a14c92c67b004b907753c79fd36f48e9ae71a4e22ca3a60da411829a7dcf439dfdaac96ae1a0cb799d0e0d6881a4c5b5569e0f816ee1e14a9254933d4f735f4f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56928.exe

Filesize
184KB

MD5
9485837b9b7f572d2a1a46fb592eb7ff

SHA1
c4f9be9e1271bec658043c880064d9a790637c6b

SHA256
e3c0c87432e6d3317e9197a5225f87d94af360d87ef5dedbf4e4975fecf7b9ef

SHA512
a5fd6f1b0fd404430b62d36906f997d7f0c53b15cdf8d254059c4c1327791928245124e9a21babc9c175215700a45b928f7d2802bfcf48164f116ed8f125ad44

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5714.exe

Filesize
184KB

MD5
d4bc9b320746e46c8524e925f5c6676a

SHA1
b6cdb4326e84f6ef6f9218e53989f8223250348c

SHA256
61f8f46a1d9fe3f09a61878ff8bf4fae21da7f7ed1ab5ec2cf95b7acb42c5441

SHA512
3bb894651b14526ed0c738d19474d9bc532a37dc8f4a748cfa0e6d597a5cf88130dbabe4ea172e934979544f87ddeea60227fc633aa791fa7c0e6591f8333c88

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5979.exe

Filesize
184KB

MD5
f55e410b8b9328a3aa3d5b0b072f0a83

SHA1
7bd75a3e978eb36e35dc95dbb66c0a08575a2701

SHA256
3381554c9c1273eaefb6bc2a5db1373f7dbed415e1d8fe4bc39dab86a1c20d97

SHA512
1f6af5c07348dc27dd10b3b913ccd8f9bb8d503bfcafdfe8cf8ecf14319b6280e969afb251c8ea534a0f17f3fb8b4b53aaee2882fbf61ec4e65ccccd4fdc2930

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6019.exe

Filesize
184KB

MD5
508fcab96cc9020eef5f6892c98dfa3f

SHA1
718061c930c99483669203ac42a97d65a29f3062

SHA256
98a4e51237c26f7b6c90e138c36651eea1a43eee32d2115f29c7d5e283b3c71e

SHA512
70e8e3245e53f5a7648c19dd4d4e02f1c48a078a8a268e904b0279bf96f0c150aa7da51ff94e75186dbed1292b805dfa58770aa632c142b34917467f0213dfac

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6491.exe

Filesize
184KB

MD5
70d717b843ce07da78c55350bbaa6a67

SHA1
7f85945c5f4755cad2adc0fb8cfebbaf5723bdf9

SHA256
e76fe04b9fde5eb4bb82c09e08505510b9e835ced8c94d4aac3529b389851326

SHA512
0ad06e4f157e18203e8ae99ceef37e64b4e81b2278ba68bce2f633c5106831823f8dd4b9d7cb49088041b6463e4fa2184cbec13d6449a1de20375d29f434d614

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6610.exe

Filesize
184KB

MD5
3221c30ed26778a5ab72db2dc0d5263d

SHA1
f0cc10c0c143bf91fa5d6cb5ce43276124b96229

SHA256
72f96d32139a020e6937a49605415a464b9c24bf5718491f5b5a120cb69f5a1e

SHA512
c0374c88c19411800924fc607138ac857067c5386e10d85c453f20ba7f9ac6145e61da238f67e47b73db5df9db4dc4fdb8fb789910ffad9181ceeb024f70891c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-13103.exe

Filesize
184KB

MD5
dd70a4c2c259b19d14d818cb1249d68f

SHA1
03a586583bf6a78cf7dcd322efab02bff81d2a77

SHA256
a8f9f6e25ae3fe237796f8373870fd3ea6b03619ac59061cb8eaa08e45465c24

SHA512
dd4c9071ea893ae9240d2316a9626f5c75dd45fac3443f637185cee1448d71c5e125e60c8b943fa350910b34866528508d92b5061c82b4f3b112299a8d3253c7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-15547.exe

Filesize
184KB

MD5
97c0dc13dc163cb2cd317cbfe63152d5

SHA1
e34fa0fea15a685e8770faa0f607942f0ff2ad84

SHA256
0a9eb1fb85e9e831135f20d9dfc9200a61022f481b606e15a9b2bb28a845c767

SHA512
a51a8d8eb9863cbd81a3ce3f563181665dc876ac4a3155de1696efc6677a4f6e481a60a7bd68973c98c75b6fe3780f68015534af8fbd9a86ac59e7d8ae7cd4d8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-28695.exe

Filesize
184KB

MD5
1b04503cd09b5017cce818f314f60382

SHA1
a56aa0818d110682d2053528da27382902e7f8a8

SHA256
1cc2b02cb69b951652ef7ff72303f8d371a3c8e674d5f967ce126a6ed4fccd05

SHA512
bd419751faf2893da86c955e50f60998d476958d376e0b5288ad5fbea825d96e7306f57e9286f52c43adaa4ae4df6d64ac4f2f07776545a787bffc7c5c110c48

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-317.exe

Filesize
184KB

MD5
528c4290fb90f07939d88230ea7c1de5

SHA1
b9e920ff6f4be5ce5b95b185e4a029b69bd299c8

SHA256
dee15398f005c09197b460f3a8012a06c33f1dcaf757197dbc28e8404d60dac6

SHA512
dd9318bc21a4879a703a16dc5e9b4948aa2226c1be1cfde2eed2b5e8b193decceace720fffbda46536bfe33514a3733e17b533c4a784485039936e8a939db97b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-42246.exe

Filesize
184KB

MD5
546f052324ca9282f4844f5c9de49601

SHA1
b5714160bc54c83460af10b02b4369b8636506c4

SHA256
64733890148ee1cfe346b89955fbaaa5e3718f792f8fde2911b6ef906a6c1762

SHA512
1e7ee73ba4d9f6b094abe6c4f09ba5345b7d1cb9e11eefeb0d2c5fbb49eb647facb50215b54de39df2e126f85afcf176497e21159ee94e0e223ba48eb31746d6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-45776.exe

Filesize
184KB

MD5
6f993fe491511362423c2819af92f972

SHA1
46e92281daab1223677dff4d039b2f6244454294

SHA256
ebdb8f5243875503153ec1d33a999c3d15eab0d2229ce2b0d16a18310c3e3e14

SHA512
79a4a2c7e35903d05f6a6d5a654ff8445230097599e08f0bfa50b98249d73c742c8517126bff3b553198d6d203179d21f4b71179df5478dc2fe7e243a3b48734

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-45797.exe

Filesize
184KB

MD5
98e63353e6c303c53bcd2fdeab56b25e

SHA1
101bc61cee396f74c24140da8bbd6078989a4b7b

SHA256
84a3792cf05bede79fa8a7f0d96bd6aa411fe7fd1c23ac2afbccf8cfd9363da4

SHA512
3cafa1282cd33d26a82e84a13c388750ef759fd58bbd84b2790a759cd6568c6b5a449703981d0ec47148885ab8e0a282a4f06982eb38cd45f3f1dbec24c8d068

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55586.exe

Filesize
184KB

MD5
637c0bb0b67784909691362cbe5677d5

SHA1
176670c6f90ba743065db96ce26886cb0b320769

SHA256
59da87e3b6ad89f2cb84d0a5672ee8c312ede7971962f46aab1ef156621967b1

SHA512
825a6d0a930b70658f03291d343c17922e366e3d765442818b33f3c80893f880530c8e7649aac8055a7b2a8fcc40ebe92cd2f4aa94f12b0531b10e161d8e146d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-62325.exe

Filesize
184KB

MD5
8f0c9d6a914b9ea391e772312b690476

SHA1
3ffb79a7d497c3d65b1591a40aa0a9c220f46a76

SHA256
38ec48b364ad8bded3b7f761da3f4a5e4774661f73f7904b384b69f1eb402f44

SHA512
e9c85e73a1b772cdf79856fca26c2f1dadbf80f1aab072725359a531c0641302b047f720ec39135f3bf4d346628b99b367e806fae188217d2c4fd19f17570bb0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-64364.exe

Filesize
184KB

MD5
26685811c746cc6f94d5676f6eb7dd80

SHA1
2eb68b65a0be9fe0ba6c12dcb41427f8294602cd

SHA256
88917238018a5424b2daf5e25e007bfc4408dbacdd62c5cc0fc21c26c759b390

SHA512
8fe9528c5293a104720004cda512337f1c06b5d843063946f67d8a972aa8324e7cfb1018c364c420df34796946ad5004b41727d771dbce97d839357efd86e6ec

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-65470.exe

Filesize
184KB

MD5
0e06e9b04482e51a3bafb54aee4bfb39

SHA1
dbc74b6d3e5311e77b3c5dca0bd5679c10a0c092

SHA256
0ba08d419a580f5194eb09ab0422e5a9da02ea6ffa2dc4816ac617c0ca25a921

SHA512
925aa49e6d15899742cd9ad84f35b9efe58c9caf1520c3090aa8279c73934fee19483ac10bdbe77b567f7927c7c75aa65f37f1255a0ee4aff6a93322ed8b2454

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-8829.exe

Filesize
184KB

MD5
8abe92f31f40d411f0e6c9501ad9acb8

SHA1
528a071a834d641a31c81a651e1a783c5e4e9abe

SHA256
dde9fce1b6094d79b2a4479d7618b2ff731ae517323ce4cac7ba2a0279f9ae3f

SHA512
39a0ae042e37bbe084064d598215fdf96742a8b3f981b1f89aaef51bbccb8bfe8a76df82501e9fd59b61ca3681b37444bba5b7b2a7c52c37ea8a1633d6376512

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads