9e4986cafe4866d044dfefa0ccda91ea29c5efd6321fc96461170313e194e068

Analysis

max time kernel
150s
max time network
120s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
25/05/2024, 01:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9e4986cafe4866d044dfefa0ccda91ea29c5efd6321fc96461170313e194e068.exe
Size

184KB
MD5

43c8b6a9713a67b7a928a9c996e0f2a2
SHA1

0a02fda60bd9f4ef316f3309ba2f70491db770c6
SHA256

9e4986cafe4866d044dfefa0ccda91ea29c5efd6321fc96461170313e194e068
SHA512

3671dca4a252a683c8f6a7d2a52433e8344831c07c953d63900f97d3078c0d6f57d4fec1683ae10239a05c019bbe4cd313bd7ffaeb194c830818b9be18f0f862
SSDEEP

3072:hifnYkoliStUdRjYe8qlagjICyYxPBKH+yKO5q3UNlhlnVOFW:hi7ofQRjbogjIhe74hlnVOF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
1956	Unicorn-65093.exe
2996	Unicorn-4463.exe
1424	Unicorn-50135.exe
2688	Unicorn-49321.exe
2632	Unicorn-34054.exe
2724	Unicorn-29455.exe
2940	Unicorn-46885.exe
2960	Unicorn-38970.exe
1804	Unicorn-58836.exe
2768	Unicorn-47461.exe
1092	Unicorn-27595.exe
1076	Unicorn-466.exe
1640	Unicorn-19818.exe
1892	Unicorn-33715.exe
2316	Unicorn-13849.exe
540	Unicorn-46714.exe
1724	Unicorn-1042.exe
1500	Unicorn-13657.exe
1048	Unicorn-33523.exe
792	Unicorn-62153.exe
1548	Unicorn-10191.exe
1620	Unicorn-5957.exe
2020	Unicorn-39398.exe
1324	Unicorn-19532.exe
896	Unicorn-54665.exe
2968	Unicorn-19340.exe
1236	Unicorn-54473.exe
3052	Unicorn-34607.exe
900	Unicorn-53103.exe
2912	Unicorn-52589.exe
1716	Unicorn-6917.exe
2648	Unicorn-36910.exe
2460	Unicorn-23863.exe
2696	Unicorn-43729.exe
2568	Unicorn-57688.exe
2436	Unicorn-59790.exe
2468	Unicorn-41870.exe
2148	Unicorn-42961.exe
1676	Unicorn-62312.exe
1516	Unicorn-22903.exe
2736	Unicorn-22903.exe
2756	Unicorn-30024.exe
1632	Unicorn-10480.exe
2504	Unicorn-10480.exe
1928	Unicorn-62504.exe
2836	Unicorn-26935.exe
1088	Unicorn-46801.exe
1952	Unicorn-46287.exe
1972	Unicorn-1176.exe
2388	Unicorn-3122.exe
1564	Unicorn-33334.exe
888	Unicorn-53200.exe
820	Unicorn-48602.exe
2984	Unicorn-3698.exe
2208	Unicorn-2162.exe
1612	Unicorn-19193.exe
1268	Unicorn-41773.exe
2712	Unicorn-6796.exe
2044	Unicorn-4144.exe
2472	Unicorn-39277.exe
2552	Unicorn-6666.exe
1904	Unicorn-6988.exe
2944	Unicorn-57066.exe
2828	Unicorn-7564.exe

Loads dropped DLL 64 IoCs

pid	Process
1368	9e4986cafe4866d044dfefa0ccda91ea29c5efd6321fc96461170313e194e068.exe
1368	9e4986cafe4866d044dfefa0ccda91ea29c5efd6321fc96461170313e194e068.exe
1956	Unicorn-65093.exe
1956	Unicorn-65093.exe
1368	9e4986cafe4866d044dfefa0ccda91ea29c5efd6321fc96461170313e194e068.exe
1368	9e4986cafe4866d044dfefa0ccda91ea29c5efd6321fc96461170313e194e068.exe
2996	Unicorn-4463.exe
1424	Unicorn-50135.exe
1424	Unicorn-50135.exe
1956	Unicorn-65093.exe
2996	Unicorn-4463.exe
1956	Unicorn-65093.exe
2452	WerFault.exe
2452	WerFault.exe
2452	WerFault.exe
2452	WerFault.exe
2452	WerFault.exe
2688	Unicorn-49321.exe
2688	Unicorn-49321.exe
1424	Unicorn-50135.exe
2724	Unicorn-29455.exe
2724	Unicorn-29455.exe
1424	Unicorn-50135.exe
2996	Unicorn-4463.exe
2996	Unicorn-4463.exe
2632	Unicorn-34054.exe
2632	Unicorn-34054.exe
2796	WerFault.exe
2796	WerFault.exe
2796	WerFault.exe
2796	WerFault.exe
2952	WerFault.exe
2952	WerFault.exe
2952	WerFault.exe
2952	WerFault.exe
2796	WerFault.exe
2952	WerFault.exe
2940	Unicorn-46885.exe
2940	Unicorn-46885.exe
2960	Unicorn-38970.exe
2960	Unicorn-38970.exe
2632	Unicorn-34054.exe
2632	Unicorn-34054.exe
2768	Unicorn-47461.exe
1092	Unicorn-27595.exe
2768	Unicorn-47461.exe
1092	Unicorn-27595.exe
2688	Unicorn-49321.exe
2688	Unicorn-49321.exe
1804	Unicorn-58836.exe
2724	Unicorn-29455.exe
1804	Unicorn-58836.exe
2724	Unicorn-29455.exe
2324	WerFault.exe
2324	WerFault.exe
2324	WerFault.exe
2324	WerFault.exe
2324	WerFault.exe
452	WerFault.exe
452	WerFault.exe
452	WerFault.exe
452	WerFault.exe
452	WerFault.exe
2876	WerFault.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2584	1368	WerFault.exe	27
2452	1956	WerFault.exe	28
2796	2996	WerFault.exe	29
2952	1424	WerFault.exe	30
2324	2688	WerFault.exe	33
452	2724	WerFault.exe	34
2876	2632	WerFault.exe	32
3004	2940	WerFault.exe	36
2168	2960	WerFault.exe	37
1212	2768	WerFault.exe	40
2156	1092	WerFault.exe	39
3020	1804	WerFault.exe	38
2780	3052	WerFault.exe	61
1876	1076	WerFault.exe	43
1996	2316	WerFault.exe	45
1536	1724	WerFault.exe	46
1828	1640	WerFault.exe	44
1252	1048	WerFault.exe	49
1164	540	WerFault.exe	48
108	1892	WerFault.exe	47
960	1500	WerFault.exe	50
2036	792	WerFault.exe	54
2896	1548	WerFault.exe	55
2580	1620	WerFault.exe	56
1184	896	WerFault.exe	59
2860	2020	WerFault.exe	58
2604	2968	WerFault.exe	60
2700	2912	WerFault.exe	64
2108	1324	WerFault.exe	57
2744	1236	WerFault.exe	62
1476	1716	WerFault.exe	65
1948	900	WerFault.exe	63
1744	2460	WerFault.exe	72
1152	2648	WerFault.exe	71
2368	2696	WerFault.exe	73
3128	2568	WerFault.exe	74
3236	2436	WerFault.exe	75
3260	2468	WerFault.exe	76
3284	2148	WerFault.exe	77
3308	1516	WerFault.exe	80
3340	1952	WerFault.exe	88
3332	1632	WerFault.exe	82
3388	2504	WerFault.exe	83
3380	2836	WerFault.exe	86
3396	2756	WerFault.exe	81
3404	2736	WerFault.exe	79
3432	1088	WerFault.exe	87
3452	1928	WerFault.exe	85
3648	1972	WerFault.exe	90
3744	2388	WerFault.exe	91
3820	4052	WerFault.exe	232
3112	1080	WerFault.exe	113
4092	2984	WerFault.exe	102
3316	2712	WerFault.exe	106
3740	820	WerFault.exe	96
3736	2208	WerFault.exe	103
4072	888	WerFault.exe	95
3080	2808	WerFault.exe	116
3552	1904	WerFault.exe	110
3876	1100	WerFault.exe	120
3108	2832	WerFault.exe	114
4108	1564	WerFault.exe	93
4124	2944	WerFault.exe	111
4196	1612	WerFault.exe	104

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1368	9e4986cafe4866d044dfefa0ccda91ea29c5efd6321fc96461170313e194e068.exe
1956	Unicorn-65093.exe
2996	Unicorn-4463.exe
1424	Unicorn-50135.exe
2632	Unicorn-34054.exe
2688	Unicorn-49321.exe
2724	Unicorn-29455.exe
2940	Unicorn-46885.exe
2960	Unicorn-38970.exe
1804	Unicorn-58836.exe
2768	Unicorn-47461.exe
1092	Unicorn-27595.exe
1076	Unicorn-466.exe
2316	Unicorn-13849.exe
1640	Unicorn-19818.exe
1724	Unicorn-1042.exe
540	Unicorn-46714.exe
1500	Unicorn-13657.exe
1892	Unicorn-33715.exe
1048	Unicorn-33523.exe
792	Unicorn-62153.exe
1548	Unicorn-10191.exe
1620	Unicorn-5957.exe
1324	Unicorn-19532.exe
2020	Unicorn-39398.exe
896	Unicorn-54665.exe
2968	Unicorn-19340.exe
1236	Unicorn-54473.exe
3052	Unicorn-34607.exe
900	Unicorn-53103.exe
2912	Unicorn-52589.exe
1716	Unicorn-6917.exe
2648	Unicorn-36910.exe
2460	Unicorn-23863.exe
2696	Unicorn-43729.exe
2568	Unicorn-57688.exe
2436	Unicorn-59790.exe
2468	Unicorn-41870.exe
2148	Unicorn-42961.exe
1676	Unicorn-62312.exe
1516	Unicorn-22903.exe
2736	Unicorn-22903.exe
2756	Unicorn-30024.exe
1632	Unicorn-10480.exe
2504	Unicorn-10480.exe
1952	Unicorn-46287.exe
1928	Unicorn-62504.exe
1088	Unicorn-46801.exe
2836	Unicorn-26935.exe
1972	Unicorn-1176.exe
2388	Unicorn-3122.exe
1564	Unicorn-33334.exe
888	Unicorn-53200.exe
820	Unicorn-48602.exe
2984	Unicorn-3698.exe
2208	Unicorn-2162.exe
1612	Unicorn-19193.exe
1268	Unicorn-41773.exe
2712	Unicorn-6796.exe
2044	Unicorn-4144.exe
2472	Unicorn-39277.exe
2552	Unicorn-6666.exe
1904	Unicorn-6988.exe
2944	Unicorn-57066.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1368 wrote to memory of 1956	1368	9e4986cafe4866d044dfefa0ccda91ea29c5efd6321fc96461170313e194e068.exe	28
PID 1368 wrote to memory of 1956	1368	9e4986cafe4866d044dfefa0ccda91ea29c5efd6321fc96461170313e194e068.exe	28
PID 1368 wrote to memory of 1956	1368	9e4986cafe4866d044dfefa0ccda91ea29c5efd6321fc96461170313e194e068.exe	28
PID 1368 wrote to memory of 1956	1368	9e4986cafe4866d044dfefa0ccda91ea29c5efd6321fc96461170313e194e068.exe	28
PID 1956 wrote to memory of 2996	1956	Unicorn-65093.exe	29
PID 1956 wrote to memory of 2996	1956	Unicorn-65093.exe	29
PID 1956 wrote to memory of 2996	1956	Unicorn-65093.exe	29
PID 1956 wrote to memory of 2996	1956	Unicorn-65093.exe	29
PID 1368 wrote to memory of 1424	1368	9e4986cafe4866d044dfefa0ccda91ea29c5efd6321fc96461170313e194e068.exe	30
PID 1368 wrote to memory of 1424	1368	9e4986cafe4866d044dfefa0ccda91ea29c5efd6321fc96461170313e194e068.exe	30
PID 1368 wrote to memory of 1424	1368	9e4986cafe4866d044dfefa0ccda91ea29c5efd6321fc96461170313e194e068.exe	30
PID 1368 wrote to memory of 1424	1368	9e4986cafe4866d044dfefa0ccda91ea29c5efd6321fc96461170313e194e068.exe	30
PID 1368 wrote to memory of 2584	1368	9e4986cafe4866d044dfefa0ccda91ea29c5efd6321fc96461170313e194e068.exe	31
PID 1368 wrote to memory of 2584	1368	9e4986cafe4866d044dfefa0ccda91ea29c5efd6321fc96461170313e194e068.exe	31
PID 1368 wrote to memory of 2584	1368	9e4986cafe4866d044dfefa0ccda91ea29c5efd6321fc96461170313e194e068.exe	31
PID 1368 wrote to memory of 2584	1368	9e4986cafe4866d044dfefa0ccda91ea29c5efd6321fc96461170313e194e068.exe	31
PID 1424 wrote to memory of 2688	1424	Unicorn-50135.exe	33
PID 1424 wrote to memory of 2688	1424	Unicorn-50135.exe	33
PID 1424 wrote to memory of 2688	1424	Unicorn-50135.exe	33
PID 1424 wrote to memory of 2688	1424	Unicorn-50135.exe	33
PID 2996 wrote to memory of 2632	2996	Unicorn-4463.exe	32
PID 2996 wrote to memory of 2632	2996	Unicorn-4463.exe	32
PID 2996 wrote to memory of 2632	2996	Unicorn-4463.exe	32
PID 2996 wrote to memory of 2632	2996	Unicorn-4463.exe	32
PID 1956 wrote to memory of 2724	1956	Unicorn-65093.exe	34
PID 1956 wrote to memory of 2724	1956	Unicorn-65093.exe	34
PID 1956 wrote to memory of 2724	1956	Unicorn-65093.exe	34
PID 1956 wrote to memory of 2724	1956	Unicorn-65093.exe	34
PID 1956 wrote to memory of 2452	1956	Unicorn-65093.exe	35
PID 1956 wrote to memory of 2452	1956	Unicorn-65093.exe	35
PID 1956 wrote to memory of 2452	1956	Unicorn-65093.exe	35
PID 1956 wrote to memory of 2452	1956	Unicorn-65093.exe	35
PID 2688 wrote to memory of 2940	2688	Unicorn-49321.exe	36
PID 2688 wrote to memory of 2940	2688	Unicorn-49321.exe	36
PID 2688 wrote to memory of 2940	2688	Unicorn-49321.exe	36
PID 2688 wrote to memory of 2940	2688	Unicorn-49321.exe	36
PID 2724 wrote to memory of 1804	2724	Unicorn-29455.exe	38
PID 2724 wrote to memory of 1804	2724	Unicorn-29455.exe	38
PID 2724 wrote to memory of 1804	2724	Unicorn-29455.exe	38
PID 2724 wrote to memory of 1804	2724	Unicorn-29455.exe	38
PID 1424 wrote to memory of 2960	1424	Unicorn-50135.exe	37
PID 1424 wrote to memory of 2960	1424	Unicorn-50135.exe	37
PID 1424 wrote to memory of 2960	1424	Unicorn-50135.exe	37
PID 1424 wrote to memory of 2960	1424	Unicorn-50135.exe	37
PID 2996 wrote to memory of 1092	2996	Unicorn-4463.exe	39
PID 2996 wrote to memory of 1092	2996	Unicorn-4463.exe	39
PID 2996 wrote to memory of 1092	2996	Unicorn-4463.exe	39
PID 2996 wrote to memory of 1092	2996	Unicorn-4463.exe	39
PID 2632 wrote to memory of 2768	2632	Unicorn-34054.exe	40
PID 2632 wrote to memory of 2768	2632	Unicorn-34054.exe	40
PID 2632 wrote to memory of 2768	2632	Unicorn-34054.exe	40
PID 2632 wrote to memory of 2768	2632	Unicorn-34054.exe	40
PID 2996 wrote to memory of 2796	2996	Unicorn-4463.exe	41
PID 2996 wrote to memory of 2796	2996	Unicorn-4463.exe	41
PID 2996 wrote to memory of 2796	2996	Unicorn-4463.exe	41
PID 2996 wrote to memory of 2796	2996	Unicorn-4463.exe	41
PID 1424 wrote to memory of 2952	1424	Unicorn-50135.exe	42
PID 1424 wrote to memory of 2952	1424	Unicorn-50135.exe	42
PID 1424 wrote to memory of 2952	1424	Unicorn-50135.exe	42
PID 1424 wrote to memory of 2952	1424	Unicorn-50135.exe	42
PID 2940 wrote to memory of 1076	2940	Unicorn-46885.exe	43
PID 2940 wrote to memory of 1076	2940	Unicorn-46885.exe	43
PID 2940 wrote to memory of 1076	2940	Unicorn-46885.exe	43
PID 2940 wrote to memory of 1076	2940	Unicorn-46885.exe	43

C:\Users\Admin\AppData\Local\Temp\9e4986cafe4866d044dfefa0ccda91ea29c5efd6321fc96461170313e194e068.exe
"C:\Users\Admin\AppData\Local\Temp\9e4986cafe4866d044dfefa0ccda91ea29c5efd6321fc96461170313e194e068.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1368
- C:\Users\Admin\AppData\Local\Temp\Unicorn-65093.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-65093.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1956
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4463.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4463.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34054.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34054.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47461.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1042.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5957.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59790.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2162.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33551.exe
        10⤵
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1159.exe
        11⤵
        
        PID:3784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33353.exe
        12⤵
        
        PID:4476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51048.exe
        13⤵
        
        PID:6580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46610.exe
        14⤵
        
        PID:9728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2447.exe
        15⤵
        
        PID:13196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9728 -s 236
        15⤵
        
        PID:13440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6580 -s 220
        14⤵
        
        PID:10452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4476 -s 216
        13⤵
        
        PID:8564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3784 -s 236
        12⤵
        
        PID:6484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2004 -s 236
        11⤵
        
        PID:4704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-785.exe
        10⤵
        
        PID:3944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33809.exe
        11⤵
        
        PID:5932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21877.exe
        12⤵
        
        PID:7260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36463.exe
        13⤵
        
        PID:11344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34313.exe
        14⤵
        
        PID:13932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11344 -s 216
        14⤵
        
        PID:13864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7260 -s 216
        13⤵
        
        PID:12480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5932 -s 216
        12⤵
        
        PID:2064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3944 -s 236
        11⤵
        
        PID:6348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2208 -s 240
        10⤵
        Program crash
        
        PID:3736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43862.exe
        9⤵
        
        PID:2216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30786.exe
        10⤵
        
        PID:3176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11609.exe
        11⤵
        
        PID:5360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45576.exe
        12⤵
        
        PID:6560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29589.exe
        13⤵
        
        PID:9892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19422.exe
        14⤵
        
        PID:13204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9892 -s 236
        14⤵
        
        PID:13212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6560 -s 220
        13⤵
        
        PID:10476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5360 -s 216
        12⤵
        
        PID:8668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3176 -s 216
        11⤵
        
        PID:6500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2216 -s 236
        10⤵
        
        PID:5088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2436 -s 240
        9⤵
        Program crash
        
        PID:3236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19193.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63727.exe
        9⤵
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12996.exe
        10⤵
        
        PID:3084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65475.exe
        11⤵
        
        PID:4808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30501.exe
        12⤵
        
        PID:6768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49205.exe
        13⤵
        
        PID:10444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2513.exe
        14⤵
        
        PID:7548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6768 -s 220
        13⤵
        
        PID:11812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4808 -s 236
        12⤵
        
        PID:8708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3084 -s 236
        11⤵
        
        PID:6920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2904 -s 216
        10⤵
        
        PID:5032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25611.exe
        9⤵
        
        PID:3116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23587.exe
        10⤵
        
        PID:5168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25701.exe
        11⤵
        
        PID:6904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8535.exe
        12⤵
        
        PID:10140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60786.exe
        13⤵
        
        PID:12940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10140 -s 236
        13⤵
        
        PID:7640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6904 -s 204
        12⤵
        
        PID:10332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5168 -s 216
        11⤵
        
        PID:8652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3116 -s 216
        10⤵
        
        PID:6912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1612 -s 240
        9⤵
        Program crash
        
        PID:4196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1620 -s 240
        8⤵
        Program crash
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41870.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41773.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63535.exe
        9⤵
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63266.exe
        10⤵
        
        PID:3208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49492.exe
        11⤵
        
        PID:5524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53459.exe
        12⤵
        
        PID:7572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59984.exe
        13⤵
        
        PID:10840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43878.exe
        14⤵
        
        PID:12532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10840 -s 216
        14⤵
        
        PID:14136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7572 -s 204
        13⤵
        
        PID:12160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5524 -s 216
        12⤵
        
        PID:9152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3208 -s 216
        11⤵
        
        PID:6248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2180 -s 236
        10⤵
        
        PID:4152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46115.exe
        9⤵
        
        PID:3460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17381.exe
        10⤵
        
        PID:6124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62982.exe
        11⤵
        
        PID:7692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45195.exe
        12⤵
        
        PID:12388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7150.exe
        13⤵
        
        PID:8812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7692 -s 216
        12⤵
        
        PID:12716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6124 -s 216
        11⤵
        
        PID:9476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3460 -s 216
        10⤵
        
        PID:7520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1268 -s 240
        9⤵
        
        PID:5916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28210.exe
        8⤵
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15274.exe
        9⤵
        
        PID:3592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32751.exe
        10⤵
        
        PID:4656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54644.exe
        11⤵
        
        PID:6960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60935.exe
        12⤵
        
        PID:9748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50029.exe
        13⤵
        
        PID:12688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9748 -s 216
        13⤵
        
        PID:13376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6960 -s 204
        12⤵
        
        PID:10900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4656 -s 216
        11⤵
        
        PID:7396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3592 -s 236
        10⤵
        
        PID:5904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 236
        9⤵
        
        PID:4520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2468 -s 240
        8⤵
        Program crash
        
        PID:3260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1724 -s 240
        7⤵
        Program crash
        
        PID:1536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19532.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10480.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59588.exe
        8⤵
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50671.exe
        9⤵
        
        PID:3904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44666.exe
        10⤵
        
        PID:4164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41160.exe
        11⤵
        
        PID:6784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6641.exe
        12⤵
        
        PID:10136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54464.exe
        13⤵
        
        PID:13140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10136 -s 220
        13⤵
        
        PID:14068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6784 -s 216
        12⤵
        
        PID:11460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4164 -s 216
        11⤵
        
        PID:8596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3904 -s 216
        10⤵
        
        PID:6972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2832 -s 216
        9⤵
        Program crash
        
        PID:3108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9295.exe
        8⤵
        
        PID:2988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63484.exe
        9⤵
        
        PID:3832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25533.exe
        10⤵
        
        PID:5204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6434.exe
        11⤵
        
        PID:6504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34521.exe
        12⤵
        
        PID:9968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49308.exe
        13⤵
        
        PID:12568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9968 -s 216
        13⤵
        
        PID:13680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6504 -s 216
        12⤵
        
        PID:11064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5204 -s 236
        11⤵
        
        PID:7360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3832 -s 216
        10⤵
        
        PID:5152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2988 -s 236
        9⤵
        
        PID:4388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2504 -s 240
        8⤵
        Program crash
        
        PID:3388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63755.exe
        7⤵
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12933.exe
        8⤵
        
        PID:3064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2555.exe
        9⤵
        
        PID:3748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14124.exe
        10⤵
        
        PID:5760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32389.exe
        11⤵
        
        PID:8408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55604.exe
        12⤵
        
        PID:12728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8408 -s 216
        12⤵
        
        PID:12768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5760 -s 216
        11⤵
        
        PID:9952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3748 -s 216
        10⤵
        
        PID:8148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3064 -s 236
        9⤵
        
        PID:5196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31397.exe
        8⤵
        
        PID:3860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50260.exe
        9⤵
        
        PID:5424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57517.exe
        10⤵
        
        PID:7748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49676.exe
        11⤵
        
        PID:10304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20600.exe
        12⤵
        
        PID:13068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10304 -s 236
        12⤵
        
        PID:13292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7748 -s 204
        11⤵
        
        PID:12180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5424 -s 216
        10⤵
        
        PID:9184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3860 -s 216
        9⤵
        
        PID:6748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1740 -s 240
        8⤵
        
        PID:4332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1324 -s 220
        7⤵
        Program crash
        
        PID:2108
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 240
        6⤵
        Program crash
        
        PID:1212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13849.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39398.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42961.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6796.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31055.exe
        9⤵
        
        PID:2484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33640.exe
        10⤵
        
        PID:3696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53088.exe
        11⤵
        
        PID:4168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20104.exe
        12⤵
        
        PID:6352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45860.exe
        13⤵
        
        PID:9828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38478.exe
        14⤵
        
        PID:12436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9828 -s 216
        14⤵
        
        PID:13876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6352 -s 216
        13⤵
        
        PID:10816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4168 -s 216
        12⤵
        
        PID:8452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3696 -s 216
        11⤵
        
        PID:6312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2484 -s 236
        10⤵
        
        PID:4592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46831.exe
        9⤵
        
        PID:3764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21708.exe
        10⤵
        
        PID:4868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19808.exe
        11⤵
        
        PID:6424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51542.exe
        12⤵
        
        PID:9936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44236.exe
        13⤵
        
        PID:6040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9936 -s 220
        13⤵
        
        PID:14176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6424 -s 216
        12⤵
        
        PID:11080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4868 -s 216
        11⤵
        
        PID:8088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3764 -s 236
        10⤵
        
        PID:5992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2712 -s 240
        9⤵
        Program crash
        
        PID:3316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44630.exe
        8⤵
        
        PID:2344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32872.exe
        9⤵
        
        PID:3564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7156.exe
        10⤵
        
        PID:4308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4308 -s 240
        11⤵
        
        PID:6944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3564 -s 216
        10⤵
        
        PID:5900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28920.exe
        9⤵
        
        PID:4392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61987.exe
        10⤵
        
        PID:6716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6716 -s 200
        11⤵
        
        PID:9596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4392 -s 216
        10⤵
        
        PID:7740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2344 -s 240
        9⤵
        
        PID:5316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2148 -s 240
        8⤵
        Program crash
        
        PID:3284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4144.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56047.exe
        8⤵
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38466.exe
        9⤵
        
        PID:4016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52076.exe
        10⤵
        
        PID:4448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64509.exe
        11⤵
        
        PID:6752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21584.exe
        12⤵
        
        PID:10088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24871.exe
        13⤵
        
        PID:12504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10088 -s 236
        13⤵
        
        PID:8296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6752 -s 216
        12⤵
        
        PID:11180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4448 -s 216
        11⤵
        
        PID:7860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4016 -s 236
        10⤵
        
        PID:5416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62195.exe
        9⤵
        
        PID:4504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12397.exe
        10⤵
        
        PID:7120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13187.exe
        11⤵
        
        PID:9808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45437.exe
        12⤵
        
        PID:12744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9808 -s 216
        12⤵
        
        PID:13960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7120 -s 216
        11⤵
        
        PID:10804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4504 -s 216
        10⤵
        
        PID:8372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2852 -s 240
        9⤵
        
        PID:6180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65362.exe
        8⤵
        
        PID:4060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64183.exe
        9⤵
        
        PID:5500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61987.exe
        10⤵
        
        PID:6740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6740 -s 200
        11⤵
        
        PID:9544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5500 -s 216
        10⤵
        
        PID:7804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4060 -s 216
        9⤵
        
        PID:5348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2044 -s 240
        8⤵
        
        PID:4484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2020 -s 240
        7⤵
        Program crash
        
        PID:2860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22903.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16138.exe
        7⤵
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42150.exe
        8⤵
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44709.exe
        9⤵
        
        PID:4052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4052 -s 188
        10⤵
        Program crash
        
        PID:3820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2656 -s 236
        9⤵
        
        PID:5444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44387.exe
        8⤵
        
        PID:4056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7795.exe
        9⤵
        
        PID:5572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59525.exe
        10⤵
        
        PID:6468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5681.exe
        11⤵
        
        PID:9992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61709.exe
        12⤵
        
        PID:8264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6468 -s 216
        11⤵
        
        PID:11448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5572 -s 216
        10⤵
        
        PID:8716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4056 -s 216
        9⤵
        
        PID:7060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2916 -s 220
        8⤵
        
        PID:4740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8335.exe
        7⤵
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16069.exe
        8⤵
        
        PID:3576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13145.exe
        9⤵
        
        PID:4612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64945.exe
        10⤵
        
        PID:6200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46610.exe
        11⤵
        
        PID:9796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61477.exe
        12⤵
        
        PID:12664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9796 -s 216
        12⤵
        
        PID:13708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6200 -s 220
        11⤵
        
        PID:10480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4612 -s 216
        10⤵
        
        PID:8540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3576 -s 236
        9⤵
        
        PID:6324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2528 -s 236
        8⤵
        
        PID:4668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2736 -s 240
        7⤵
        Program crash
        
        PID:3404
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2316 -s 240
        6⤵
        Program crash
        
        PID:1996
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2632 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:2876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27595.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27595.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33715.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53103.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46801.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18084.exe
        8⤵
        
        PID:588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29161.exe
        9⤵
        
        PID:1940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44517.exe
        10⤵
        
        PID:3880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64759.exe
        11⤵
        
        PID:5552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43682.exe
        12⤵
        
        PID:7128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62645.exe
        13⤵
        
        PID:9924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61709.exe
        14⤵
        
        PID:13304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9924 -s 236
        14⤵
        
        PID:13504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7128 -s 220
        13⤵
        
        PID:10848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5552 -s 216
        12⤵
        
        PID:8700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3880 -s 216
        11⤵
        
        PID:6704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1940 -s 236
        10⤵
        
        PID:4416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11906.exe
        9⤵
        
        PID:3952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59165.exe
        10⤵
        
        PID:5280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33513.exe
        11⤵
        
        PID:6252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59196.exe
        12⤵
        
        PID:9852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58716.exe
        13⤵
        
        PID:12464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9852 -s 216
        13⤵
        
        PID:13580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6252 -s 216
        12⤵
        
        PID:10976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5280 -s 236
        11⤵
        
        PID:7904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3952 -s 216
        10⤵
        
        PID:5940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 588 -s 220
        9⤵
        
        PID:4276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9103.exe
        8⤵
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31554.exe
        9⤵
        
        PID:3544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54687.exe
        10⤵
        
        PID:5408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53511.exe
        11⤵
        
        PID:8100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6796.exe
        12⤵
        
        PID:11416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50029.exe
        13⤵
        
        PID:12624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8100 -s 216
        12⤵
        
        PID:12368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5408 -s 236
        11⤵
        
        PID:8848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3544 -s 216
        10⤵
        
        PID:7716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2052 -s 236
        9⤵
        
        PID:6004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1088 -s 240
        8⤵
        Program crash
        
        PID:3432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63563.exe
        7⤵
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28201.exe
        8⤵
        
        PID:2444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31964.exe
        9⤵
        
        PID:3356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57795.exe
        10⤵
        
        PID:4940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61881.exe
        11⤵
        
        PID:7264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1037.exe
        12⤵
        
        PID:10512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34252.exe
        13⤵
        
        PID:13216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10512 -s 220
        13⤵
        
        PID:14252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7264 -s 216
        12⤵
        
        PID:11928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4940 -s 216
        11⤵
        
        PID:9044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3356 -s 216
        10⤵
        
        PID:7108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2444 -s 236
        9⤵
        
        PID:4688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61740.exe
        8⤵
        
        PID:3536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55455.exe
        9⤵
        
        PID:5272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46293.exe
        10⤵
        
        PID:7356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47122.exe
        11⤵
        
        PID:12028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37074.exe
        12⤵
        
        PID:14080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 12028 -s 216
        12⤵
        
        PID:13944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7356 -s 216
        11⤵
        
        PID:12496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5272 -s 216
        10⤵
        
        PID:9224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3536 -s 216
        9⤵
        
        PID:7560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2272 -s 220
        8⤵
        
        PID:5972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 900 -s 240
        7⤵
        Program crash
        
        PID:1948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46287.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57066.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12741.exe
        8⤵
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33500.exe
        9⤵
        
        PID:3616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61905.exe
        10⤵
        
        PID:5784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64014.exe
        11⤵
        
        PID:7984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24757.exe
        12⤵
        
        PID:11036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34544.exe
        13⤵
        
        PID:13144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11036 -s 216
        13⤵
        
        PID:13404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7984 -s 216
        12⤵
        
        PID:1108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5784 -s 216
        11⤵
        
        PID:8760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3616 -s 216
        10⤵
        
        PID:6868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2532 -s 236
        9⤵
        
        PID:4644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43811.exe
        8⤵
        
        PID:3664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12185.exe
        9⤵
        
        PID:4536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41160.exe
        10⤵
        
        PID:6796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62645.exe
        11⤵
        
        PID:9928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45437.exe
        12⤵
        
        PID:6384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9928 -s 216
        12⤵
        
        PID:13972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6796 -s 220
        11⤵
        
        PID:10856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4536 -s 216
        10⤵
        
        PID:8676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3664 -s 216
        9⤵
        
        PID:7020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2944 -s 220
        8⤵
        Program crash
        
        PID:4124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1952 -s 216
        7⤵
        Program crash
        
        PID:3340
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1892 -s 240
        6⤵
        Program crash
        
        PID:108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52589.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10480.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7564.exe
        7⤵
        Executes dropped EXE
        
        PID:2828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29161.exe
        8⤵
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33500.exe
        9⤵
        
        PID:3584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57795.exe
        10⤵
        
        PID:4600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28197.exe
        11⤵
        
        PID:6708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29589.exe
        12⤵
        
        PID:9904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9556.exe
        13⤵
        
        PID:12912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9904 -s 216
        13⤵
        
        PID:7900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6708 -s 220
        12⤵
        
        PID:10484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4600 -s 216
        11⤵
        
        PID:8628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3584 -s 216
        10⤵
        
        PID:6844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1660 -s 236
        9⤵
        
        PID:4260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13634.exe
        8⤵
        
        PID:3608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51039.exe
        9⤵
        
        PID:5212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23866.exe
        10⤵
        
        PID:6628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54422.exe
        11⤵
        
        PID:10064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55166.exe
        12⤵
        
        PID:13176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10064 -s 216
        12⤵
        
        PID:7276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6628 -s 216
        11⤵
        
        PID:11152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5212 -s 216
        10⤵
        
        PID:7444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3608 -s 216
        9⤵
        
        PID:6280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2828 -s 240
        8⤵
        
        PID:5964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1632 -s 236
        7⤵
        Program crash
        
        PID:3332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20371.exe
        6⤵
        
        PID:1080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33073.exe
        7⤵
        
        PID:3824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30037.exe
        8⤵
        
        PID:4620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61681.exe
        9⤵
        
        PID:7148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53130.exe
        10⤵
        
        PID:10220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44082.exe
        11⤵
        
        PID:5816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10220 -s 216
        11⤵
        
        PID:13720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7148 -s 216
        10⤵
        
        PID:10348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4620 -s 216
        9⤵
        
        PID:8524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3824 -s 216
        8⤵
        
        PID:6192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1080 -s 236
        7⤵
        Program crash
        
        PID:3112
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2912 -s 240
        6⤵
        Program crash
        
        PID:2700
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1092 -s 240
        5⤵
        Program crash
        
        PID:2156
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2996 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:2796
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29455.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29455.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58836.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58836.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33523.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54473.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62504.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64077.exe
        8⤵
        
        PID:1100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15455.exe
        9⤵
        
        PID:584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13764.exe
        10⤵
        
        PID:3216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15912.exe
        11⤵
        
        PID:5828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59577.exe
        12⤵
        
        PID:7328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42091.exe
        13⤵
        
        PID:10584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51155.exe
        14⤵
        
        PID:12836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10584 -s 216
        14⤵
        
        PID:13360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7328 -s 216
        13⤵
        
        PID:12076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 216
        12⤵
        
        PID:9052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3216 -s 236
        11⤵
        
        PID:6556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 584 -s 236
        10⤵
        
        PID:5080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46115.exe
        9⤵
        
        PID:3428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51360.exe
        10⤵
        
        PID:4672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28197.exe
        11⤵
        
        PID:6736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46610.exe
        12⤵
        
        PID:9660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3168.exe
        13⤵
        
        PID:13252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9660 -s 216
        13⤵
        
        PID:6460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6736 -s 220
        12⤵
        
        PID:10508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4672 -s 216
        11⤵
        
        PID:8612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3428 -s 216
        10⤵
        
        PID:6788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1100 -s 240
        9⤵
        Program crash
        
        PID:3876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1928 -s 236
        8⤵
        Program crash
        
        PID:3452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63563.exe
        7⤵
        
        PID:1552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28969.exe
        8⤵
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43941.exe
        9⤵
        
        PID:3804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26301.exe
        10⤵
        
        PID:5304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59821.exe
        11⤵
        
        PID:7664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42883.exe
        12⤵
        
        PID:11096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34673.exe
        13⤵
        
        PID:932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11096 -s 216
        13⤵
        
        PID:13808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7664 -s 216
        12⤵
        
        PID:11644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5304 -s 216
        11⤵
        
        PID:9160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3804 -s 216
        10⤵
        
        PID:6332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1528 -s 236
        9⤵
        
        PID:4408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11330.exe
        8⤵
        
        PID:3916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57212.exe
        9⤵
        
        PID:5640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43659.exe
        10⤵
        
        PID:9708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13874.exe
        11⤵
        
        PID:12756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9708 -s 216
        11⤵
        
        PID:8324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5640 -s 216
        10⤵
        
        PID:11216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3916 -s 216
        9⤵
        
        PID:7660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1552 -s 240
        8⤵
        
        PID:5140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1236 -s 240
        7⤵
        Program crash
        
        PID:2744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26935.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40045.exe
        7⤵
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42150.exe
        8⤵
        
        PID:332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63676.exe
        9⤵
        
        PID:3708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65065.exe
        10⤵
        
        PID:4780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25701.exe
        11⤵
        
        PID:6896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20074.exe
        12⤵
        
        PID:10236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31924.exe
        13⤵
        
        PID:7892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10236 -s 216
        13⤵
        
        PID:13980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6896 -s 216
        12⤵
        
        PID:10336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4780 -s 216
        11⤵
        
        PID:8640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3708 -s 236
        10⤵
        
        PID:6824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 332 -s 236
        9⤵
        
        PID:4372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24075.exe
        8⤵
        
        PID:3692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30909.exe
        9⤵
        
        PID:5468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9447.exe
        10⤵
        
        PID:7160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46610.exe
        11⤵
        
        PID:9516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17760.exe
        12⤵
        
        PID:7944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9516 -s 220
        12⤵
        
        PID:14028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7160 -s 220
        11⤵
        
        PID:10616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5468 -s 216
        10⤵
        
        PID:8688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3692 -s 216
        9⤵
        
        PID:6992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2820 -s 220
        8⤵
        
        PID:4356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8335.exe
        7⤵
        
        PID:1992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2836 -s 240
        7⤵
        Program crash
        
        PID:3380
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1048 -s 240
        6⤵
        Program crash
        
        PID:1252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34607.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3052
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3052 -s 240
        6⤵
        Program crash
        
        PID:2780
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1804 -s 240
        5⤵
        Program crash
        
        PID:3020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13657.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13657.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6917.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1716
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1716 -s 240
        6⤵
        Program crash
        
        PID:1476
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1500 -s 236
        5⤵
        Program crash
        
        PID:960
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2724 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:452
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1956 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2452
- C:\Users\Admin\AppData\Local\Temp\Unicorn-50135.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-50135.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1424
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49321.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49321.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46885.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46885.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-466.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62153.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36910.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3122.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10385.exe
        9⤵
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17911.exe
        10⤵
        
        PID:3168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27382.exe
        11⤵
        
        PID:3556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30909.exe
        12⤵
        
        PID:5460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42826.exe
        13⤵
        
        PID:7832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41010.exe
        14⤵
        
        PID:10908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35991.exe
        15⤵
        
        PID:13260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10908 -s 216
        15⤵
        
        PID:13856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7832 -s 204
        14⤵
        
        PID:11336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5460 -s 236
        13⤵
        
        PID:8424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3556 -s 216
        12⤵
        
        PID:6980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3168 -s 236
        11⤵
        
        PID:5296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23551.exe
        10⤵
        
        PID:3652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64759.exe
        11⤵
        
        PID:5560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9769.exe
        12⤵
        
        PID:7796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13500.exe
        13⤵
        
        PID:11040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29084.exe
        14⤵
        
        PID:13472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11040 -s 236
        14⤵
        
        PID:13716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7796 -s 216
        13⤵
        
        PID:1420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5560 -s 216
        12⤵
        
        PID:8172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3652 -s 216
        11⤵
        
        PID:6152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2520 -s 240
        10⤵
        
        PID:4564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48123.exe
        9⤵
        
        PID:3196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10552.exe
        10⤵
        
        PID:3808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45434.exe
        11⤵
        
        PID:4640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4149.exe
        12⤵
        
        PID:7448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60508.exe
        13⤵
        
        PID:10796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33776.exe
        14⤵
        
        PID:12840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10796 -s 216
        14⤵
        
        PID:13368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7448 -s 204
        13⤵
        
        PID:12120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4640 -s 220
        12⤵
        
        PID:9108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3808 -s 216
        11⤵
        
        PID:6820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3196 -s 236
        10⤵
        
        PID:5352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2388 -s 240
        9⤵
        Program crash
        
        PID:3744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38843.exe
        8⤵
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34600.exe
        9⤵
        
        PID:3528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19160.exe
        10⤵
        
        PID:4144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39683.exe
        11⤵
        
        PID:6532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38579.exe
        12⤵
        
        PID:10028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58119.exe
        13⤵
        
        PID:13284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10028 -s 236
        13⤵
        
        PID:12724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6532 -s 216
        12⤵
        
        PID:11144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4144 -s 236
        11⤵
        
        PID:7352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3528 -s 236
        10⤵
        
        PID:5996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6616.exe
        9⤵
        
        PID:4224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57690.exe
        10⤵
        
        PID:6680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54422.exe
        11⤵
        
        PID:10056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49308.exe
        12⤵
        
        PID:12604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10056 -s 216
        12⤵
        
        PID:13688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6680 -s 216
        11⤵
        
        PID:11160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4224 -s 236
        10⤵
        
        PID:7704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2856 -s 240
        9⤵
        
        PID:5288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2648 -s 240
        8⤵
        Program crash
        
        PID:1152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33334.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18284.exe
        8⤵
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12996.exe
        9⤵
        
        PID:3096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39970.exe
        10⤵
        
        PID:6028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64850.exe
        11⤵
        
        PID:7456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35934.exe
        12⤵
        
        PID:12088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59637.exe
        13⤵
        
        PID:14044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7456 -s 216
        12⤵
        
        PID:12608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3096 -s 216
        10⤵
        
        PID:7504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1980 -s 236
        9⤵
        
        PID:4240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25611.exe
        8⤵
        
        PID:3136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57795.exe
        9⤵
        
        PID:5048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28197.exe
        10⤵
        
        PID:6724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60935.exe
        11⤵
        
        PID:9720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10205.exe
        12⤵
        
        PID:12416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9720 -s 236
        12⤵
        
        PID:8212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6724 -s 216
        11⤵
        
        PID:10780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5048 -s 216
        10⤵
        
        PID:8620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3136 -s 216
        9⤵
        
        PID:6776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1564 -s 240
        8⤵
        Program crash
        
        PID:4108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 792 -s 240
        7⤵
        Program crash
        
        PID:2036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23863.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1176.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25435.exe
        8⤵
        
        PID:892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20215.exe
        9⤵
        
        PID:3100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59862.exe
        10⤵
        
        PID:3204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30909.exe
        11⤵
        
        PID:5452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59525.exe
        12⤵
        
        PID:6448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46610.exe
        13⤵
        
        PID:9580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11907.exe
        14⤵
        
        PID:12560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9580 -s 216
        14⤵
        
        PID:7628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6448 -s 220
        13⤵
        
        PID:10472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5452 -s 216
        12⤵
        
        PID:8724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3204 -s 216
        11⤵
        
        PID:6936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3100 -s 236
        10⤵
        
        PID:5256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39996.exe
        9⤵
        
        PID:3348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13148.exe
        10⤵
        
        PID:5532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59936.exe
        11⤵
        
        PID:7812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-634.exe
        12⤵
        
        PID:12508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7150.exe
        13⤵
        
        PID:13840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7812 -s 216
        12⤵
        
        PID:12784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5532 -s 216
        11⤵
        
        PID:9556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3348 -s 216
        10⤵
        
        PID:7844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 892 -s 240
        9⤵
        
        PID:4836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-349.exe
        8⤵
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42649.exe
        9⤵
        
        PID:4040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64183.exe
        10⤵
        
        PID:5508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21152.exe
        11⤵
        
        PID:6336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9144.exe
        12⤵
        
        PID:9896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11284.exe
        13⤵
        
        PID:12848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9896 -s 236
        13⤵
        
        PID:7636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6336 -s 236
        12⤵
        
        PID:11000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5508 -s 216
        11⤵
        
        PID:8016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4040 -s 236
        10⤵
        
        PID:6060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2612 -s 216
        9⤵
        
        PID:5228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1972 -s 240
        8⤵
        Program crash
        
        PID:3648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8283.exe
        7⤵
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42300.exe
        8⤵
        
        PID:3792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10841.exe
        9⤵
        
        PID:5244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35075.exe
        10⤵
        
        PID:6440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51542.exe
        11⤵
        
        PID:9944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5156.exe
        12⤵
        
        PID:6408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9944 -s 216
        12⤵
        
        PID:13672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6440 -s 216
        11⤵
        
        PID:11072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5244 -s 236
        10⤵
        
        PID:8108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3792 -s 216
        9⤵
        
        PID:6020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1608 -s 236
        8⤵
        
        PID:4212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2460 -s 240
        7⤵
        Program crash
        
        PID:1744
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1076 -s 240
        6⤵
        Program crash
        
        PID:1876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10191.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43729.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53200.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-494.exe
        8⤵
        
        PID:1736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1736 -s 220
        9⤵
        
        PID:4544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46831.exe
        8⤵
        
        PID:3756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15205.exe
        9⤵
        
        PID:4304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40783.exe
        10⤵
        
        PID:5628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23234.exe
        11⤵
        
        PID:9800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35504.exe
        12⤵
        
        PID:12800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9800 -s 216
        12⤵
        
        PID:13352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5628 -s 216
        11⤵
        
        PID:10940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4304 -s 236
        10⤵
        
        PID:7760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3756 -s 216
        9⤵
        
        PID:5864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 888 -s 240
        8⤵
        Program crash
        
        PID:4072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11163.exe
        7⤵
        
        PID:944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52939.exe
        8⤵
        
        PID:3836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35631.exe
        9⤵
        
        PID:5020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2838.exe
        10⤵
        
        PID:7072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23122.exe
        11⤵
        
        PID:10100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43660.exe
        12⤵
        
        PID:7920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10100 -s 216
        12⤵
        
        PID:14164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7072 -s 216
        11⤵
        
        PID:10380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5020 -s 216
        10⤵
        
        PID:8244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3836 -s 236
        9⤵
        
        PID:5588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 944 -s 236
        8⤵
        
        PID:4724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2696 -s 240
        7⤵
        Program crash
        
        PID:2368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48602.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-494.exe
        7⤵
        
        PID:2296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2296 -s 220
        8⤵
        
        PID:4552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46831.exe
        7⤵
        
        PID:3772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3150.exe
        8⤵
        
        PID:5060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2838.exe
        9⤵
        
        PID:7064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1516.exe
        10⤵
        
        PID:10192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37352.exe
        11⤵
        
        PID:6168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10192 -s 220
        11⤵
        
        PID:13796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7064 -s 216
        10⤵
        
        PID:11240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5060 -s 216
        9⤵
        
        PID:8236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3772 -s 216
        8⤵
        
        PID:5344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 820 -s 240
        7⤵
        Program crash
        
        PID:3740
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1548 -s 240
        6⤵
        Program crash
        
        PID:2896
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2940 -s 240
        5⤵
        Program crash
        
        PID:3004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46714.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46714.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57688.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3698.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50380.exe
        7⤵
        
        PID:784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-583.exe
        8⤵
        
        PID:3624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2818.exe
        9⤵
        
        PID:4340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43464.exe
        10⤵
        
        PID:6656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8535.exe
        11⤵
        
        PID:10156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16266.exe
        12⤵
        
        PID:7580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10156 -s 216
        12⤵
        
        PID:14316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6656 -s 204
        11⤵
        
        PID:10864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4340 -s 216
        10⤵
        
        PID:8532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3624 -s 216
        9⤵
        
        PID:6572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 784 -s 236
        8⤵
        
        PID:4512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61714.exe
        7⤵
        
        PID:3724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36591.exe
        8⤵
        
        PID:4752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14457.exe
        9⤵
        
        PID:6800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19832.exe
        10⤵
        
        PID:10132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31954.exe
        11⤵
        
        PID:12996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10132 -s 236
        11⤵
        
        PID:12928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6800 -s 216
        10⤵
        
        PID:11052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4752 -s 236
        9⤵
        
        PID:8116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3724 -s 236
        8⤵
        
        PID:5600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2984 -s 240
        7⤵
        Program crash
        
        PID:4092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63955.exe
        6⤵
        
        PID:532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23795.exe
        7⤵
        
        PID:3468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36943.exe
        8⤵
        
        PID:5220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53410.exe
        9⤵
        
        PID:9752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32842.exe
        10⤵
        
        PID:12736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9752 -s 216
        10⤵
        
        PID:8308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5220 -s 216
        9⤵
        
        PID:10928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3468 -s 236
        8⤵
        
        PID:7756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 532 -s 216
        7⤵
        
        PID:5840
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2568 -s 240
        6⤵
        Program crash
        
        PID:3128
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 540 -s 236
        5⤵
        Program crash
        
        PID:1164
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2688 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:2324
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38970.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38970.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19818.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19818.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54665.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62312.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39277.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8133.exe
        8⤵
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64252.exe
        9⤵
        
        PID:3120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13145.exe
        10⤵
        
        PID:5128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60153.exe
        11⤵
        
        PID:7376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4211.exe
        12⤵
        
        PID:10892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8901.exe
        13⤵
        
        PID:12696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10892 -s 216
        13⤵
        
        PID:14148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7376 -s 204
        12⤵
        
        PID:12244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5128 -s 216
        11⤵
        
        PID:9092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3120 -s 216
        10⤵
        
        PID:6160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2104 -s 236
        9⤵
        
        PID:4652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27557.exe
        8⤵
        
        PID:3224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11417.exe
        9⤵
        
        PID:5376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18960.exe
        9⤵
        
        PID:5652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57780.exe
        10⤵
        
        PID:7536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10523.exe
        11⤵
        
        PID:12680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7536 -s 216
        11⤵
        
        PID:13108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5652 -s 216
        10⤵
        
        PID:9688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3224 -s 220
        9⤵
        
        PID:8052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2472 -s 240
        8⤵
        
        PID:4296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36975.exe
        7⤵
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18015.exe
        8⤵
        
        PID:3684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15993.exe
        9⤵
        
        PID:5580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38455.exe
        10⤵
        
        PID:8184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5458.exe
        11⤵
        
        PID:12640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8184 -s 216
        11⤵
        
        PID:6172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5580 -s 216
        10⤵
        
        PID:9652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3684 -s 216
        9⤵
        
        PID:7868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2128 -s 236
        8⤵
        
        PID:6052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6666.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42342.exe
        7⤵
        
        PID:1756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35804.exe
        8⤵
        
        PID:3992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-706.exe
        9⤵
        
        PID:4456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7579.exe
        10⤵
        
        PID:7216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49553.exe
        11⤵
        
        PID:10536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29639.exe
        12⤵
        
        PID:6400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10536 -s 216
        12⤵
        
        PID:13384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7216 -s 216
        11⤵
        
        PID:11920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4456 -s 216
        10⤵
        
        PID:9116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3992 -s 216
        9⤵
        
        PID:7000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1756 -s 236
        8⤵
        
        PID:4892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15938.exe
        7⤵
        
        PID:3996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24023.exe
        8⤵
        
        PID:5644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13941.exe
        9⤵
        
        PID:7300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7934.exe
        10⤵
        
        PID:10728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27382.exe
        11⤵
        
        PID:13328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10728 -s 216
        11⤵
        
        PID:13548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7300 -s 216
        10⤵
        
        PID:12104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5644 -s 216
        9⤵
        
        PID:9060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3996 -s 216
        8⤵
        
        PID:7140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2552 -s 240
        7⤵
        
        PID:4828
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 896 -s 240
        6⤵
        Program crash
        
        PID:1184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22903.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6988.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57609.exe
        7⤵
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31772.exe
        8⤵
        
        PID:3980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19859.exe
        9⤵
        
        PID:5696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43325.exe
        10⤵
        
        PID:7968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40798.exe
        11⤵
        
        PID:12544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19259.exe
        12⤵
        
        PID:14192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 12544 -s 216
        12⤵
        
        PID:8432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7968 -s 216
        11⤵
        
        PID:952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5696 -s 216
        10⤵
        
        PID:9588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3980 -s 216
        9⤵
        
        PID:8064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2056 -s 236
        8⤵
        
        PID:5156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24843.exe
        7⤵
        
        PID:4008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35299.exe
        8⤵
        
        PID:5012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30929.exe
        9⤵
        
        PID:6472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58779.exe
        10⤵
        
        PID:10052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56536.exe
        11⤵
        
        PID:13148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10052 -s 216
        11⤵
        
        PID:7936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6472 -s 216
        10⤵
        
        PID:2660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5012 -s 216
        9⤵
        
        PID:8492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4008 -s 236
        8⤵
        
        PID:6412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1904 -s 220
        7⤵
        Program crash
        
        PID:3552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58605.exe
        6⤵
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49125.exe
        7⤵
        
        PID:3848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50279.exe
        8⤵
        
        PID:5892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61465.exe
        9⤵
        
        PID:8744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56995.exe
        10⤵
        
        PID:12808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8744 -s 236
        10⤵
        
        PID:13092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5892 -s 236
        9⤵
        
        PID:10176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3848 -s 216
        8⤵
        
        PID:7224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1628 -s 236
        7⤵
        
        PID:5384
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1516 -s 240
        6⤵
        Program crash
        
        PID:3308
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1640 -s 240
        5⤵
        Program crash
        
        PID:1828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19340.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19340.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30024.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11957.exe
        6⤵
        
        PID:1416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49099.exe
        7⤵
        
        PID:3668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52538.exe
        8⤵
        
        PID:5096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32683.exe
        9⤵
        
        PID:6540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12611.exe
        10⤵
        
        PID:9772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58829.exe
        11⤵
        
        PID:12712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9772 -s 220
        11⤵
        
        PID:13416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6540 -s 216
        10⤵
        
        PID:10784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5096 -s 216
        9⤵
        
        PID:8580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3668 -s 216
        8⤵
        
        PID:6476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1416 -s 216
        7⤵
        
        PID:4572
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2756 -s 236
        6⤵
        Program crash
        
        PID:3396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61809.exe
        5⤵
        
        PID:2808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28201.exe
        6⤵
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51263.exe
        7⤵
        
        PID:3932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4878.exe
        8⤵
        
        PID:4932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2838.exe
        9⤵
        
        PID:7052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11843.exe
        10⤵
        
        PID:9664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5255.exe
        11⤵
        
        PID:13164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9664 -s 220
        11⤵
        
        PID:13824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7052 -s 216
        10⤵
        
        PID:10564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4932 -s 216
        9⤵
        
        PID:8228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3932 -s 236
        8⤵
        
        PID:6036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15765.exe
        7⤵
        
        PID:4988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52584.exe
        8⤵
        
        PID:6268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11843.exe
        9⤵
        
        PID:9604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48851.exe
        10⤵
        
        PID:12704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9604 -s 216
        10⤵
        
        PID:8084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6268 -s 216
        9⤵
        
        PID:10552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4988 -s 216
        8⤵
        
        PID:8444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2684 -s 240
        7⤵
        
        PID:6296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31205.exe
        6⤵
        
        PID:3088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32777.exe
        7⤵
        
        PID:4912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52584.exe
        8⤵
        
        PID:6276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61127.exe
        9⤵
        
        PID:9868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58477.exe
        10⤵
        
        PID:12616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9868 -s 216
        10⤵
        
        PID:13340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6276 -s 216
        9⤵
        
        PID:10876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4912 -s 216
        8⤵
        
        PID:8436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3088 -s 236
        7⤵
        
        PID:6288
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2808 -s 220
        6⤵
        Program crash
        
        PID:3080
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2968 -s 240
        5⤵
        Program crash
        
        PID:2604
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2960 -s 240
      4⤵
      Program crash
      PID:2168
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1424 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2952
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1368 -s 240
  2⤵
  - Program crash
  PID:2584

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-23122.exe

Filesize
184KB

MD5
e3cab7b74ebcbf4b0ace00aafe86c798

SHA1
c8bdfed4b7069b524cf8c07896abc269e0c50f4c

SHA256
ac40d93c82f039b5893b4f7640d70f7b5b3c0cf1c0b23b529aaddb1cad50b813

SHA512
f1b50d8707b9a166a9aef744ec307bca135dfc7a5516428d401ef688a219a705fe51895506fd0f1799055cb9619bece8e92060191ae3e1f7b56ca7b4f8f23f45

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29455.exe

Filesize
184KB

MD5
caf620116c4956c739dc6be3e74c40a7

SHA1
a012a0f7235ce7a66c606af0e8163db8148cfda6

SHA256
08d5e6252e55226e341ed54d309b76b939461b9fb1f40bb144a69886914a3489

SHA512
7cc6e49217135f97f17075cf5aac72e1e3a2b56d20f1b78bfa23dbe68a7a212634f2e8ed42893c76f0cfc30198bd27b2008702f95708efd99d7960eb91f77916

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3168.exe

Filesize
184KB

MD5
7fe321dca7c72bca78a3e1b57e19af65

SHA1
e4ea4f47802ab611f1de0d9d301f3d97bf2570ff

SHA256
bc7edd9bd75e319e3b6407cb28aad97487e63eea8dd4abaa1763898a7f9b4988

SHA512
27986e6598df86cad627c93699ba4f502d13f13cc39746f70da2b0d2f29de00e8ef02e9d66b313f77248f822f5372e09f9a9de0afecdfdcf7dab5b93a3323e84

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39996.exe

Filesize
184KB

MD5
6b0479581fa0ff88582c407b3713e11f

SHA1
ac4f3a2f0b267fb207c17ccc7d52c0f863f65071

SHA256
4cc283b7925ba65a67be2158e44c8c0bf34b6e83366fd7888214f4b21758b2c8

SHA512
de8ca680aaefd17da779b187020617380d5990c3b0984710068e5d6a938c1e22f897e0ab36191419c50deb1d5d2b9cd212574a2c8ef293d22b54406a224a4a10

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58836.exe

Filesize
184KB

MD5
56cc268fd3ffbef254140d3709c77ea3

SHA1
ae9409fad80b64807a6522dfb9930cfa91f26061

SHA256
a33dcab6a8c1403e4d41b73f1c373905356c13d0d343ede95842bec4d0808596

SHA512
fb9e08f9fd28b36815f92851cac3541a8d63097cdd06dacd9681d95f5eb831d306c9ae78df23f9fa3c5ada3482b9f9eee7412628054ee75243a351c51b91d1e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5957.exe

Filesize
184KB

MD5
27b1fbd0f7cd4c952f5a6c97f521d69b

SHA1
3e34f1852099a3dd1deb7f04c9d1656e3a1c6807

SHA256
0d895be3cac8f31978c108b5e2992d877a240e77b2226f55dc2696af3b2c4d00

SHA512
cbe42ee6a9b627fb4c7846587c91b7fb3cf8e781a351d4e203203b180846a25b6e7d392a0fb158035b59d7645e353f115661ad153ce29691c781a750142b2d88

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6796.exe

Filesize
184KB

MD5
d1c4683b1b52a8e3dbb4469281ad9d27

SHA1
0fd468931648e8aa596ef87f1957b5e210ed6732

SHA256
e6ab665ba672aa35f80bd4e75e7797a43a13b460a31f8b8c28672ba4abeba463

SHA512
63bcb793efffc15e1cdad5938161404476afd40029b7c9fb0d9f325cecb5db7964c62d7bbf2c01fe51a232dde3d02befb8d5220e0f9a5f701e12e2524facd565

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-19818.exe

Filesize
184KB

MD5
e91f4740cba1246aa5b7f0a7a3f49509

SHA1
5df5e89562799f001d1e7b67a8a16262ff702c31

SHA256
1eb70366920b924c74555fb1c8fb9d19da9d47d86f614dd6778897946a80b30a

SHA512
8ec8e3e4004bcded33f35f581f3f6055787e1f09a64b02c940067900869f6b1eb8fcace50c3f6c3c5fb62d8d6db78e19b1d69ce940d56b96a7d441dfe3d4d139

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-27595.exe

Filesize
184KB

MD5
8355ed752bc4a913cb4c334c9f033644

SHA1
db19456dcbfbef3e1a8c9efbb847953a0731d53c

SHA256
669a8efb493dcff05c1a7e3d59ee0d9c4b6814503aad3ab76d0e210763d84e19

SHA512
af50c3212c00df806d085a46699e3c350161ba5ec8a5e38d6622ef71b20a6808364571a59c813888cfd5320bb3bf180adeb820da932679e8669b54833823deb9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-34054.exe

Filesize
184KB

MD5
c445a0b090ce3380b3ede51e39a6f131

SHA1
23b751141c501875aad99cd4cbc96c672ef14f7c

SHA256
653a581635ba0ecd6e1e945f60c8b7d1bda93b3e9b1641b32956cb0e7de3df4f

SHA512
dbe0a851b3f5336a96a18f444afa0c8dcea3c541468dc55dd8bab58051fbd150126b142b264c40d350a4719ff906c853d081556d0664c282d2284e1eada508f7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-38970.exe

Filesize
184KB

MD5
3dc0918712d16ae33fde330bccc6501f

SHA1
0774076c1bc9c1fc929234bff78836aca83fb011

SHA256
f897e08731afa275f2991f0265f253284822b0b18582e8a11853872f819ae904

SHA512
069288f10b3ce9a29807758b3118ab7ac18fcc0053ea8ab75a7986eda9c6ed21a41543962bbeec64617cff8e4754ebaee0e45e746665d0a4c5d35225e4ddf5fd

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-4463.exe

Filesize
184KB

MD5
f46fc9971306f3fb1ef821a012285501

SHA1
06e06a1482046f7527aa2b2b9711e8085a70f35f

SHA256
bee014f730351b72a049e2db8c9cdbd6d8bea94f0d2e5c8c02c5f2f4e0bb6695

SHA512
36a284201db89b209585e6dd1507a3c8009500cf8c51fcc32f885fef18fe41ab535ca663e3830159f262e16561382aed0604d764c633ba40685ae5791b115d93

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-466.exe

Filesize
184KB

MD5
1cce9956c3ea89ab119e7817282f0340

SHA1
a7d56bf2699c4ba196080685bcd0044638c4319b

SHA256
0d4eb19cae4b790eca192570f41347af475699bb1b82bc8f5047afe8182b3024

SHA512
86ac0c263f2b672b5a4dbbb703becc09011ca28f1ab77dd11cf5c7a33ee5fcc977eb10d355526e936e22d7798a829cf6299eb89ac9944dde81d9706ca91142b5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-46885.exe

Filesize
184KB

MD5
67f6dd2460639316e2068de2dcd622be

SHA1
28dd23da0af414253d16469214ffc71900c16079

SHA256
b80d9a1b04c91219e0952d4a60a4a566fc3b53c332fac188f2d9988ab4326317

SHA512
792a542ae9f821639714ddcd3b208b69f77c810dba94589e575c7be24984113a63070aeb68a209aaabd109c4ca3dd66f329ecb567ee17398439a68d903b35640

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-47461.exe

Filesize
184KB

MD5
1e06cc00c3748010576b1931a5eaba5a

SHA1
11130094927d002375a32f122c14d1f9660a985c

SHA256
6bf6d95bffb04b843f0cb5b88f868cff40469bd8b4e347d2128f919d075e6475

SHA512
5dfc5713017ade50f4a9879437a68cfcef688a6ccae332a71f793c37c150a8d77d263838f05f48b3c95fc39f1fba94252f4930fa52f9ee5d0fd66e8af7ed62f6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49321.exe

Filesize
184KB

MD5
e6a1f63658ecaf6bf7d41502634fb744

SHA1
ae3ee69641111baaf9e8095c99a9dc580e7c88e1

SHA256
6dedeb16726acd168435107e7b59b0e00ff3ca79a8265090bdb3a40ee0058dfc

SHA512
a924603f0da7e027d1e7948a0493dd523c178cd25c2b42bdac437b81806e182113446e4003c6ffdbd1ebf8f016be092272b9cb1364461a2cd7dec18234d032cd

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-50135.exe

Filesize
184KB

MD5
d8a17c38b03a54efb712bf4b8f9ade1d

SHA1
8f6253ae5d9c32665d97db829414e30cf7ccb7f2

SHA256
6f00e381c22dec701ca499d064b84ca46422cb61971e5f3c4f38e963beb9ee5f

SHA512
704f87740fb019baa29f9333159eafa1ab84c69be1043e528ee7ce5f244f2ab61deb257e5961f93ee62ad6a866f0d419884b6117501a8ad145b2b199596df3cb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-65093.exe

Filesize
184KB

MD5
86785b846caf1763c2a14e40c7afff1f

SHA1
d729c95ac4fe2f02c0a736a3a47bb12fc26631d6

SHA256
846b66e559bf39fef4d192df90de9c833c613dc0a85be02c3b8a17209d8c2b4b

SHA512
561e616fefac3476efce7116d4fad18e2a88c3e988f4565b5ed29fc6dbf35748dd4a1c18f451117dbb0251de4a36b3387ebb1c4fa70117c515900251fc32bf00

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads