313ca8aa1f12ba191d9c82976a1c0ee6b99850520097466448e1fd5a8dca5319

Analysis

max time kernel
150s
max time network
117s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
25-05-2024 20:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

313ca8aa1f12ba191d9c82976a1c0ee6b99850520097466448e1fd5a8dca5319.exe
Size

184KB
MD5

2b37dcf7596ef013e4c887dc73d12d73
SHA1

5fd4892334009ceb2531919488d1cd334cc18123
SHA256

313ca8aa1f12ba191d9c82976a1c0ee6b99850520097466448e1fd5a8dca5319
SHA512

28baa35ab036a98a8afe78ca5c0d955bc7a13f7583ce33daa56a4d373d64e4108d8655dbd243a2ab12d183741d9c1ecd57c59ae41ee1f53641dfba584ec14972
SSDEEP

3072:BCU40QouxPiGmGtWW5BmKsEqhlnViFJn3:BCnor5GtBmnEqhlnViFJ

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
948	Unicorn-59058.exe
1720	Unicorn-39754.exe
1696	Unicorn-50615.exe
2648	Unicorn-58866.exe
2708	Unicorn-13194.exe
2704	Unicorn-43921.exe
1820	Unicorn-57325.exe
2140	Unicorn-9193.exe
2904	Unicorn-54865.exe
1528	Unicorn-35836.exe
1204	Unicorn-50781.exe
1656	Unicorn-22598.exe
1768	Unicorn-32088.exe
2252	Unicorn-8975.exe
1188	Unicorn-4891.exe
500	Unicorn-13614.exe
488	Unicorn-33480.exe
1648	Unicorn-9530.exe
112	Unicorn-64206.exe
1868	Unicorn-23449.exe
1552	Unicorn-32171.exe
2028	Unicorn-52037.exe
1880	Unicorn-43869.exe
2040	Unicorn-54730.exe
3008	Unicorn-33563.exe
2860	Unicorn-64289.exe
2848	Unicorn-40339.exe
1480	Unicorn-25395.exe
2324	Unicorn-1445.exe
2980	Unicorn-19173.exe
2308	Unicorn-30033.exe
2164	Unicorn-49899.exe
2684	Unicorn-36817.exe
2764	Unicorn-16951.exe
2468	Unicorn-59375.exe
2448	Unicorn-53153.exe
2476	Unicorn-64014.exe
2508	Unicorn-44985.exe
2964	Unicorn-17274.exe
2932	Unicorn-31149.exe
1940	Unicorn-12120.exe
1916	Unicorn-9660.exe
2768	Unicorn-23304.exe
1468	Unicorn-1814.exe
1072	Unicorn-49946.exe
1200	Unicorn-64891.exe
2056	Unicorn-8913.exe
2256	Unicorn-8913.exe
2108	Unicorn-19774.exe
2088	Unicorn-39640.exe
544	Unicorn-63822.exe
1088	Unicorn-6173.exe
2120	Unicorn-22510.exe
896	Unicorn-33370.exe
2372	Unicorn-49152.exe
1608	Unicorn-14341.exe
1896	Unicorn-23064.exe
2212	Unicorn-23064.exe
1572	Unicorn-8119.exe
1616	Unicorn-38846.exe
2656	Unicorn-49707.exe
2676	Unicorn-61404.exe
2444	Unicorn-39400.exe
2748	Unicorn-20372.exe

Loads dropped DLL 64 IoCs

pid	Process
2340	313ca8aa1f12ba191d9c82976a1c0ee6b99850520097466448e1fd5a8dca5319.exe
2340	313ca8aa1f12ba191d9c82976a1c0ee6b99850520097466448e1fd5a8dca5319.exe
948	Unicorn-59058.exe
948	Unicorn-59058.exe
2340	313ca8aa1f12ba191d9c82976a1c0ee6b99850520097466448e1fd5a8dca5319.exe
2340	313ca8aa1f12ba191d9c82976a1c0ee6b99850520097466448e1fd5a8dca5319.exe
948	Unicorn-59058.exe
948	Unicorn-59058.exe
1720	Unicorn-39754.exe
1720	Unicorn-39754.exe
1696	Unicorn-50615.exe
1696	Unicorn-50615.exe
2544	WerFault.exe
2544	WerFault.exe
2544	WerFault.exe
2544	WerFault.exe
2544	WerFault.exe
2704	Unicorn-43921.exe
2704	Unicorn-43921.exe
2648	Unicorn-58866.exe
2648	Unicorn-58866.exe
1696	Unicorn-50615.exe
1696	Unicorn-50615.exe
1720	Unicorn-39754.exe
2708	Unicorn-13194.exe
1720	Unicorn-39754.exe
2708	Unicorn-13194.exe
1612	WerFault.exe
1612	WerFault.exe
1612	WerFault.exe
1612	WerFault.exe
2692	WerFault.exe
2692	WerFault.exe
2692	WerFault.exe
2692	WerFault.exe
1612	WerFault.exe
2692	WerFault.exe
1820	Unicorn-57325.exe
1820	Unicorn-57325.exe
2704	Unicorn-43921.exe
2704	Unicorn-43921.exe
1204	Unicorn-50781.exe
1204	Unicorn-50781.exe
2904	Unicorn-54865.exe
2904	Unicorn-54865.exe
2708	Unicorn-13194.exe
2708	Unicorn-13194.exe
1528	Unicorn-35836.exe
1528	Unicorn-35836.exe
2648	Unicorn-58866.exe
2140	Unicorn-9193.exe
2648	Unicorn-58866.exe
2140	Unicorn-9193.exe
1532	WerFault.exe
1532	WerFault.exe
1532	WerFault.exe
1532	WerFault.exe
1532	WerFault.exe
1016	WerFault.exe
1016	WerFault.exe
1016	WerFault.exe
1016	WerFault.exe
1016	WerFault.exe
1508	WerFault.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2540	2340	WerFault.exe	27
2544	948	WerFault.exe	28
1612	1720	WerFault.exe	29
2692	1696	WerFault.exe	30
1532	2704	WerFault.exe	34
1016	2648	WerFault.exe	32
1508	2708	WerFault.exe	33
2288	2860	WerFault.exe	60
2620	1820	WerFault.exe	36
2716	1204	WerFault.exe	39
2180	2904	WerFault.exe	38
2576	1528	WerFault.exe	40
2812	2140	WerFault.exe	37
600	1656	WerFault.exe	43
2376	1768	WerFault.exe	44
1812	2252	WerFault.exe	45
1128	1188	WerFault.exe	46
1096	488	WerFault.exe	48
1036	1648	WerFault.exe	50
2864	112	WerFault.exe	49
1604	1868	WerFault.exe	54
1724	1552	WerFault.exe	56
1692	2028	WerFault.exe	55
2628	2040	WerFault.exe	58
2552	1480	WerFault.exe	62
1996	3008	WerFault.exe	59
1944	2308	WerFault.exe	67
2872	1880	WerFault.exe	57
2036	2848	WerFault.exe	61
1640	2324	WerFault.exe	63
956	2980	WerFault.exe	65
2084	2164	WerFault.exe	66
3140	500	WerFault.exe	47
3276	2764	WerFault.exe	74
3292	2468	WerFault.exe	75
3316	2684	WerFault.exe	73
3340	2448	WerFault.exe	76
3424	2476	WerFault.exe	77
3432	2508	WerFault.exe	78
3560	2932	WerFault.exe	80
3596	1916	WerFault.exe	82
3656	2088	WerFault.exe	90
3672	1940	WerFault.exe	81
3704	2056	WerFault.exe	87
3720	544	WerFault.exe	91
3712	1468	WerFault.exe	84
3736	2108	WerFault.exe	89
3728	1200	WerFault.exe	85
3764	2768	WerFault.exe	83
3756	1072	WerFault.exe	86
3812	2256	WerFault.exe	88
4028	2216	WerFault.exe	157
3448	2656	WerFault.exe	108
3460	848	WerFault.exe	127
3700	1896	WerFault.exe	104
3200	2748	WerFault.exe	111
3520	896	WerFault.exe	101
4228	1608	WerFault.exe	103
4256	2564	WerFault.exe	132
4272	1572	WerFault.exe	106
4304	2156	WerFault.exe	112
4320	1752	WerFault.exe	135
4332	2728	WerFault.exe	136
4368	2120	WerFault.exe	100

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2340	313ca8aa1f12ba191d9c82976a1c0ee6b99850520097466448e1fd5a8dca5319.exe
948	Unicorn-59058.exe
1720	Unicorn-39754.exe
1696	Unicorn-50615.exe
2648	Unicorn-58866.exe
2708	Unicorn-13194.exe
2704	Unicorn-43921.exe
1820	Unicorn-57325.exe
2140	Unicorn-9193.exe
2904	Unicorn-54865.exe
1528	Unicorn-35836.exe
1204	Unicorn-50781.exe
1656	Unicorn-22598.exe
1768	Unicorn-32088.exe
2252	Unicorn-8975.exe
1188	Unicorn-4891.exe
500	Unicorn-13614.exe
488	Unicorn-33480.exe
1648	Unicorn-9530.exe
112	Unicorn-64206.exe
1868	Unicorn-23449.exe
2028	Unicorn-52037.exe
1552	Unicorn-32171.exe
1880	Unicorn-43869.exe
2040	Unicorn-54730.exe
3008	Unicorn-33563.exe
2860	Unicorn-64289.exe
2848	Unicorn-40339.exe
1480	Unicorn-25395.exe
2324	Unicorn-1445.exe
2980	Unicorn-19173.exe
2308	Unicorn-30033.exe
2164	Unicorn-49899.exe
2684	Unicorn-36817.exe
2764	Unicorn-16951.exe
2468	Unicorn-59375.exe
2448	Unicorn-53153.exe
2476	Unicorn-64014.exe
2508	Unicorn-44985.exe
2964	Unicorn-17274.exe
2932	Unicorn-31149.exe
1916	Unicorn-9660.exe
1940	Unicorn-12120.exe
1468	Unicorn-1814.exe
2768	Unicorn-23304.exe
1072	Unicorn-49946.exe
1200	Unicorn-64891.exe
2056	Unicorn-8913.exe
2256	Unicorn-8913.exe
2088	Unicorn-39640.exe
2108	Unicorn-19774.exe
544	Unicorn-63822.exe
1088	Unicorn-6173.exe
2120	Unicorn-22510.exe
896	Unicorn-33370.exe
2372	Unicorn-49152.exe
1608	Unicorn-14341.exe
2212	Unicorn-23064.exe
1896	Unicorn-23064.exe
1572	Unicorn-8119.exe
1616	Unicorn-38846.exe
2656	Unicorn-49707.exe
2676	Unicorn-61404.exe
2444	Unicorn-39400.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2340 wrote to memory of 948	2340	313ca8aa1f12ba191d9c82976a1c0ee6b99850520097466448e1fd5a8dca5319.exe	28
PID 2340 wrote to memory of 948	2340	313ca8aa1f12ba191d9c82976a1c0ee6b99850520097466448e1fd5a8dca5319.exe	28
PID 2340 wrote to memory of 948	2340	313ca8aa1f12ba191d9c82976a1c0ee6b99850520097466448e1fd5a8dca5319.exe	28
PID 2340 wrote to memory of 948	2340	313ca8aa1f12ba191d9c82976a1c0ee6b99850520097466448e1fd5a8dca5319.exe	28
PID 948 wrote to memory of 1720	948	Unicorn-59058.exe	29
PID 948 wrote to memory of 1720	948	Unicorn-59058.exe	29
PID 948 wrote to memory of 1720	948	Unicorn-59058.exe	29
PID 948 wrote to memory of 1720	948	Unicorn-59058.exe	29
PID 2340 wrote to memory of 1696	2340	313ca8aa1f12ba191d9c82976a1c0ee6b99850520097466448e1fd5a8dca5319.exe	30
PID 2340 wrote to memory of 1696	2340	313ca8aa1f12ba191d9c82976a1c0ee6b99850520097466448e1fd5a8dca5319.exe	30
PID 2340 wrote to memory of 1696	2340	313ca8aa1f12ba191d9c82976a1c0ee6b99850520097466448e1fd5a8dca5319.exe	30
PID 2340 wrote to memory of 1696	2340	313ca8aa1f12ba191d9c82976a1c0ee6b99850520097466448e1fd5a8dca5319.exe	30
PID 2340 wrote to memory of 2540	2340	313ca8aa1f12ba191d9c82976a1c0ee6b99850520097466448e1fd5a8dca5319.exe	31
PID 2340 wrote to memory of 2540	2340	313ca8aa1f12ba191d9c82976a1c0ee6b99850520097466448e1fd5a8dca5319.exe	31
PID 2340 wrote to memory of 2540	2340	313ca8aa1f12ba191d9c82976a1c0ee6b99850520097466448e1fd5a8dca5319.exe	31
PID 2340 wrote to memory of 2540	2340	313ca8aa1f12ba191d9c82976a1c0ee6b99850520097466448e1fd5a8dca5319.exe	31
PID 948 wrote to memory of 2648	948	Unicorn-59058.exe	32
PID 948 wrote to memory of 2648	948	Unicorn-59058.exe	32
PID 948 wrote to memory of 2648	948	Unicorn-59058.exe	32
PID 948 wrote to memory of 2648	948	Unicorn-59058.exe	32
PID 1720 wrote to memory of 2708	1720	Unicorn-39754.exe	33
PID 1720 wrote to memory of 2708	1720	Unicorn-39754.exe	33
PID 1720 wrote to memory of 2708	1720	Unicorn-39754.exe	33
PID 1720 wrote to memory of 2708	1720	Unicorn-39754.exe	33
PID 1696 wrote to memory of 2704	1696	Unicorn-50615.exe	34
PID 1696 wrote to memory of 2704	1696	Unicorn-50615.exe	34
PID 1696 wrote to memory of 2704	1696	Unicorn-50615.exe	34
PID 1696 wrote to memory of 2704	1696	Unicorn-50615.exe	34
PID 948 wrote to memory of 2544	948	Unicorn-59058.exe	35
PID 948 wrote to memory of 2544	948	Unicorn-59058.exe	35
PID 948 wrote to memory of 2544	948	Unicorn-59058.exe	35
PID 948 wrote to memory of 2544	948	Unicorn-59058.exe	35
PID 2704 wrote to memory of 1820	2704	Unicorn-43921.exe	36
PID 2704 wrote to memory of 1820	2704	Unicorn-43921.exe	36
PID 2704 wrote to memory of 1820	2704	Unicorn-43921.exe	36
PID 2704 wrote to memory of 1820	2704	Unicorn-43921.exe	36
PID 2648 wrote to memory of 2140	2648	Unicorn-58866.exe	37
PID 2648 wrote to memory of 2140	2648	Unicorn-58866.exe	37
PID 2648 wrote to memory of 2140	2648	Unicorn-58866.exe	37
PID 2648 wrote to memory of 2140	2648	Unicorn-58866.exe	37
PID 1696 wrote to memory of 2904	1696	Unicorn-50615.exe	38
PID 1696 wrote to memory of 2904	1696	Unicorn-50615.exe	38
PID 1696 wrote to memory of 2904	1696	Unicorn-50615.exe	38
PID 1696 wrote to memory of 2904	1696	Unicorn-50615.exe	38
PID 1720 wrote to memory of 1204	1720	Unicorn-39754.exe	39
PID 1720 wrote to memory of 1204	1720	Unicorn-39754.exe	39
PID 1720 wrote to memory of 1204	1720	Unicorn-39754.exe	39
PID 1720 wrote to memory of 1204	1720	Unicorn-39754.exe	39
PID 2708 wrote to memory of 1528	2708	Unicorn-13194.exe	40
PID 2708 wrote to memory of 1528	2708	Unicorn-13194.exe	40
PID 2708 wrote to memory of 1528	2708	Unicorn-13194.exe	40
PID 2708 wrote to memory of 1528	2708	Unicorn-13194.exe	40
PID 1720 wrote to memory of 1612	1720	Unicorn-39754.exe	41
PID 1720 wrote to memory of 1612	1720	Unicorn-39754.exe	41
PID 1720 wrote to memory of 1612	1720	Unicorn-39754.exe	41
PID 1720 wrote to memory of 1612	1720	Unicorn-39754.exe	41
PID 1696 wrote to memory of 2692	1696	Unicorn-50615.exe	42
PID 1696 wrote to memory of 2692	1696	Unicorn-50615.exe	42
PID 1696 wrote to memory of 2692	1696	Unicorn-50615.exe	42
PID 1696 wrote to memory of 2692	1696	Unicorn-50615.exe	42
PID 1820 wrote to memory of 1656	1820	Unicorn-57325.exe	43
PID 1820 wrote to memory of 1656	1820	Unicorn-57325.exe	43
PID 1820 wrote to memory of 1656	1820	Unicorn-57325.exe	43
PID 1820 wrote to memory of 1656	1820	Unicorn-57325.exe	43

C:\Users\Admin\AppData\Local\Temp\313ca8aa1f12ba191d9c82976a1c0ee6b99850520097466448e1fd5a8dca5319.exe
"C:\Users\Admin\AppData\Local\Temp\313ca8aa1f12ba191d9c82976a1c0ee6b99850520097466448e1fd5a8dca5319.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2340
- C:\Users\Admin\AppData\Local\Temp\Unicorn-59058.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-59058.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:948
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39754.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39754.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13194.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13194.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35836.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33480.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25395.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17274.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61404.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32707.exe
        10⤵
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23060.exe
        11⤵
        
        PID:3084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47476.exe
        12⤵
        
        PID:5292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50294.exe
        13⤵
        
        PID:7280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35567.exe
        14⤵
        
        PID:11080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22602.exe
        15⤵
        
        PID:7992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11080 -s 216
        15⤵
        
        PID:9544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7280 -s 216
        14⤵
        
        PID:11960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5292 -s 216
        13⤵
        
        PID:8800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3084 -s 216
        12⤵
        
        PID:6388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2892 -s 236
        11⤵
        
        PID:4548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42664.exe
        10⤵
        
        PID:3416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11212.exe
        11⤵
        
        PID:4236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60875.exe
        12⤵
        
        PID:8024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23891.exe
        13⤵
        
        PID:10468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29779.exe
        14⤵
        
        PID:9772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8024 -s 220
        13⤵
        
        PID:12100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4236 -s 216
        12⤵
        
        PID:8812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3416 -s 236
        11⤵
        
        PID:7016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2676 -s 220
        10⤵
        
        PID:4732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38113.exe
        9⤵
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38410.exe
        10⤵
        
        PID:3664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13625.exe
        11⤵
        
        PID:5552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49775.exe
        12⤵
        
        PID:8176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38556.exe
        13⤵
        
        PID:10904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8176 -s 236
        13⤵
        
        PID:12400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5552 -s 216
        12⤵
        
        PID:9376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3664 -s 216
        11⤵
        
        PID:7560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2044 -s 216
        10⤵
        
        PID:5628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39400.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27253.exe
        9⤵
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31612.exe
        10⤵
        
        PID:3224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47777.exe
        11⤵
        
        PID:4992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11098.exe
        12⤵
        
        PID:7828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28167.exe
        13⤵
        
        PID:10972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53359.exe
        14⤵
        
        PID:9720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7828 -s 216
        13⤵
        
        PID:11740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4992 -s 216
        12⤵
        
        PID:8560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3224 -s 216
        11⤵
        
        PID:6572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2740 -s 236
        10⤵
        
        PID:4212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36250.exe
        9⤵
        
        PID:3308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38706.exe
        10⤵
        
        PID:5836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35899.exe
        11⤵
        
        PID:8580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57256.exe
        12⤵
        
        PID:11596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8580 -s 236
        12⤵
        
        PID:13296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5836 -s 216
        11⤵
        
        PID:9384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3308 -s 216
        10⤵
        
        PID:7708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2444 -s 240
        9⤵
        
        PID:5712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1480 -s 240
        8⤵
        Program crash
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31149.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20372.exe
        8⤵
        Executes dropped EXE
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23169.exe
        9⤵
        
        PID:1320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56116.exe
        10⤵
        
        PID:3400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6552.exe
        11⤵
        
        PID:4772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63122.exe
        12⤵
        
        PID:7356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49573.exe
        13⤵
        
        PID:11184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55357.exe
        14⤵
        
        PID:6080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11184 -s 220
        14⤵
        
        PID:9808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7356 -s 216
        13⤵
        
        PID:12164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4772 -s 216
        12⤵
        
        PID:8920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3400 -s 216
        11⤵
        
        PID:6184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62338.exe
        10⤵
        
        PID:4880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35411.exe
        11⤵
        
        PID:7476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13392.exe
        12⤵
        
        PID:10296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56400.exe
        13⤵
        
        PID:9112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7476 -s 216
        12⤵
        
        PID:12196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4880 -s 216
        11⤵
        
        PID:9020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1320 -s 220
        10⤵
        
        PID:6236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28082.exe
        9⤵
        
        PID:3964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20751.exe
        10⤵
        
        PID:5004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1176.exe
        11⤵
        
        PID:7600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31675.exe
        12⤵
        
        PID:10552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46478.exe
        13⤵
        
        PID:9432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7600 -s 220
        12⤵
        
        PID:11536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5004 -s 216
        11⤵
        
        PID:8204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3964 -s 236
        10⤵
        
        PID:6292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2748 -s 240
        9⤵
        Program crash
        
        PID:3200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34029.exe
        8⤵
        
        PID:2216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2216 -s 220
        9⤵
        Program crash
        
        PID:4028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2932 -s 240
        8⤵
        Program crash
        
        PID:3560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 488 -s 240
        7⤵
        Program crash
        
        PID:1096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1445.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8913.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47590.exe
        8⤵
        
        PID:1316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43397.exe
        9⤵
        
        PID:1216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21882.exe
        10⤵
        
        PID:3488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42982.exe
        11⤵
        
        PID:5760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41581.exe
        12⤵
        
        PID:9192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44319.exe
        13⤵
        
        PID:12216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9192 -s 216
        13⤵
        
        PID:13124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5760 -s 216
        12⤵
        
        PID:10160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3488 -s 216
        11⤵
        
        PID:7648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1216 -s 236
        10⤵
        
        PID:5668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3962.exe
        9⤵
        
        PID:3880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1316 -s 240
        9⤵
        
        PID:5580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19447.exe
        8⤵
        
        PID:1112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19936.exe
        9⤵
        
        PID:3208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58358.exe
        10⤵
        
        PID:6008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10387.exe
        11⤵
        
        PID:8196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48561.exe
        12⤵
        
        PID:11324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8196 -s 236
        12⤵
        
        PID:12700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6008 -s 216
        11⤵
        
        PID:9604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3208 -s 236
        10⤵
        
        PID:7188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1112 -s 216
        9⤵
        
        PID:5356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2256 -s 240
        8⤵
        Program crash
        
        PID:3812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58451.exe
        7⤵
        
        PID:848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55649.exe
        8⤵
        
        PID:1788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31912.exe
        9⤵
        
        PID:4156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63724.exe
        10⤵
        
        PID:6988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45598.exe
        11⤵
        
        PID:10636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53691.exe
        12⤵
        
        PID:5228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10636 -s 236
        12⤵
        
        PID:8288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6988 -s 216
        11⤵
        
        PID:10960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4156 -s 216
        10⤵
        
        PID:7696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1788 -s 216
        9⤵
        
        PID:3844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 848 -s 236
        8⤵
        Program crash
        
        PID:3460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2324 -s 240
        7⤵
        Program crash
        
        PID:1640
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1528 -s 240
        6⤵
        Program crash
        
        PID:2576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13614.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64289.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2860 -s 188
        7⤵
        Program crash
        
        PID:2288
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 500 -s 236
        6⤵
        Program crash
        
        PID:3140
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2708 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:1508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50781.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50781.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8975.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43869.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1814.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55758.exe
        8⤵
        
        PID:684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47481.exe
        9⤵
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57076.exe
        10⤵
        
        PID:3252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65291.exe
        11⤵
        
        PID:4576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48348.exe
        12⤵
        
        PID:7200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28769.exe
        13⤵
        
        PID:10996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20308.exe
        14⤵
        
        PID:6972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10996 -s 216
        14⤵
        
        PID:9096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7200 -s 216
        13⤵
        
        PID:11848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4576 -s 216
        12⤵
        
        PID:8748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3252 -s 236
        11⤵
        
        PID:5608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6531.exe
        10⤵
        
        PID:4604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46210.exe
        11⤵
        
        PID:7228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35567.exe
        12⤵
        
        PID:11088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31045.exe
        13⤵
        
        PID:8492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11088 -s 216
        13⤵
        
        PID:9436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7228 -s 216
        12⤵
        
        PID:11968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4604 -s 236
        11⤵
        
        PID:8764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1716 -s 240
        10⤵
        
        PID:5964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61715.exe
        9⤵
        
        PID:4004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62717.exe
        10⤵
        
        PID:6124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17378.exe
        11⤵
        
        PID:8544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49521.exe
        12⤵
        
        PID:11744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8544 -s 236
        12⤵
        
        PID:12904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6124 -s 236
        11⤵
        
        PID:9848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4004 -s 216
        10⤵
        
        PID:8092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 684 -s 240
        9⤵
        
        PID:5132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58342.exe
        8⤵
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19936.exe
        9⤵
        
        PID:3240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6552.exe
        10⤵
        
        PID:4788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5753.exe
        11⤵
        
        PID:7432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55795.exe
        12⤵
        
        PID:11156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35321.exe
        13⤵
        
        PID:7400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11156 -s 216
        13⤵
        
        PID:1636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7432 -s 216
        12⤵
        
        PID:12156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4788 -s 216
        11⤵
        
        PID:8972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3240 -s 216
        10⤵
        
        PID:6176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62338.exe
        9⤵
        
        PID:4872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18006.exe
        10⤵
        
        PID:7488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38726.exe
        11⤵
        
        PID:10588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7488 -s 216
        11⤵
        
        PID:12308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4872 -s 216
        10⤵
        
        PID:9028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1468 -s 240
        8⤵
        Program crash
        
        PID:3712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62535.exe
        7⤵
        
        PID:356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31145.exe
        8⤵
        
        PID:764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9629.exe
        9⤵
        
        PID:3352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6360.exe
        10⤵
        
        PID:5048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35411.exe
        11⤵
        
        PID:7468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13392.exe
        12⤵
        
        PID:11260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62814.exe
        13⤵
        
        PID:9476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7468 -s 216
        12⤵
        
        PID:11452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5048 -s 216
        11⤵
        
        PID:9012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3352 -s 236
        10⤵
        
        PID:6340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6915.exe
        9⤵
        
        PID:5104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43963.exe
        10⤵
        
        PID:7736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21369.exe
        11⤵
        
        PID:10456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60868.exe
        12⤵
        
        PID:9400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7736 -s 216
        11⤵
        
        PID:11480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5104 -s 216
        10⤵
        
        PID:8320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 764 -s 220
        9⤵
        
        PID:6372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40910.exe
        8⤵
        
        PID:4080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6635.exe
        9⤵
        
        PID:5208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29163.exe
        10⤵
        
        PID:7252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56646.exe
        11⤵
        
        PID:11208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7252 -s 216
        11⤵
        
        PID:12496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5208 -s 216
        10⤵
        
        PID:9392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4080 -s 216
        9⤵
        
        PID:2168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 356 -s 220
        8⤵
        
        PID:4696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1880 -s 240
        7⤵
        Program crash
        
        PID:2872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64891.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59842.exe
        7⤵
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12670.exe
        8⤵
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1461.exe
        9⤵
        
        PID:3272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47476.exe
        10⤵
        
        PID:5284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52624.exe
        11⤵
        
        PID:6628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49189.exe
        12⤵
        
        PID:11024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59742.exe
        13⤵
        
        PID:2616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11024 -s 216
        13⤵
        
        PID:9984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6628 -s 236
        12⤵
        
        PID:11864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5284 -s 216
        11⤵
        
        PID:8620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3272 -s 216
        10⤵
        
        PID:6332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2820 -s 216
        9⤵
        
        PID:5092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63469.exe
        8⤵
        
        PID:3584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10392.exe
        9⤵
        
        PID:5992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37518.exe
        10⤵
        
        PID:9784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61973.exe
        11⤵
        
        PID:12928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9784 -s 216
        11⤵
        
        PID:2384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5992 -s 216
        10⤵
        
        PID:10800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3584 -s 216
        9⤵
        
        PID:7816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2244 -s 240
        8⤵
        
        PID:6104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1200 -s 236
        7⤵
        Program crash
        
        PID:3728
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2252 -s 240
        6⤵
        Program crash
        
        PID:1812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54730.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44985.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38846.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16371.exe
        8⤵
        
        PID:1092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2639.exe
        9⤵
        
        PID:4048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6552.exe
        10⤵
        
        PID:4796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15930.exe
        11⤵
        
        PID:6836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18380.exe
        12⤵
        
        PID:10528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52238.exe
        13⤵
        
        PID:13148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10528 -s 216
        13⤵
        
        PID:320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6836 -s 216
        12⤵
        
        PID:11200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4796 -s 216
        11⤵
        
        PID:3452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4048 -s 236
        10⤵
        
        PID:5936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1092 -s 216
        9⤵
        
        PID:4492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60563.exe
        8⤵
        
        PID:3180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9266.exe
        9⤵
        
        PID:4392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53091.exe
        10⤵
        
        PID:7592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33512.exe
        11⤵
        
        PID:10848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7592 -s 216
        11⤵
        
        PID:11936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4392 -s 216
        10⤵
        
        PID:9140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3180 -s 236
        9⤵
        
        PID:6868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1616 -s 240
        8⤵
        
        PID:4632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57958.exe
        7⤵
        
        PID:1576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23444.exe
        8⤵
        
        PID:4044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16667.exe
        9⤵
        
        PID:4892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46594.exe
        10⤵
        
        PID:7516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60455.exe
        11⤵
        
        PID:10492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3883.exe
        12⤵
        
        PID:9404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7516 -s 216
        11⤵
        
        PID:11380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4892 -s 216
        10⤵
        
        PID:9044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4044 -s 236
        9⤵
        
        PID:6224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9053.exe
        8⤵
        
        PID:4960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35987.exe
        9⤵
        
        PID:7572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37693.exe
        9⤵
        
        PID:7948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1223.exe
        10⤵
        
        PID:11192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7948 -s 216
        10⤵
        
        PID:12296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4960 -s 220
        9⤵
        
        PID:9244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1576 -s 240
        8⤵
        
        PID:6272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2508 -s 240
        7⤵
        Program crash
        
        PID:3432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49707.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2656 -s 220
        7⤵
        Program crash
        
        PID:3448
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2040 -s 240
        6⤵
        Program crash
        
        PID:2628
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1204 -s 240
        5⤵
        Program crash
        
        PID:2716
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1720 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1612
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58866.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58866.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9193.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9193.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64206.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49899.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39640.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8695.exe
        8⤵
        
        PID:1160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49619.exe
        9⤵
        
        PID:2480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60776.exe
        10⤵
        
        PID:3132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6552.exe
        11⤵
        
        PID:4780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16060.exe
        12⤵
        
        PID:7404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58509.exe
        13⤵
        
        PID:11216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14106.exe
        14⤵
        
        PID:8708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7404 -s 216
        13⤵
        
        PID:12180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4780 -s 216
        12⤵
        
        PID:8956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3132 -s 216
        11⤵
        
        PID:6168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62338.exe
        10⤵
        
        PID:4864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53610.exe
        11⤵
        
        PID:6876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47435.exe
        12⤵
        
        PID:10872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1449.exe
        13⤵
        
        PID:7344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10872 -s 216
        13⤵
        
        PID:8740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6876 -s 216
        12⤵
        
        PID:11568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4864 -s 236
        11⤵
        
        PID:8372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2480 -s 220
        10⤵
        
        PID:6216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49079.exe
        9⤵
        
        PID:3452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27632.exe
        10⤵
        
        PID:5980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49365.exe
        11⤵
        
        PID:8864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17041.exe
        12⤵
        
        PID:12112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8864 -s 216
        12⤵
        
        PID:13100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5980 -s 216
        11⤵
        
        PID:10052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1160 -s 240
        9⤵
        
        PID:5340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60480.exe
        8⤵
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32188.exe
        9⤵
        
        PID:4060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27824.exe
        10⤵
        
        PID:5740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45966.exe
        11⤵
        
        PID:8592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53605.exe
        12⤵
        
        PID:11692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8592 -s 216
        12⤵
        
        PID:12896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5740 -s 216
        11⤵
        
        PID:9892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4060 -s 216
        10⤵
        
        PID:6892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2672 -s 236
        9⤵
        
        PID:5176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2088 -s 240
        8⤵
        Program crash
        
        PID:3656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50283.exe
        7⤵
        
        PID:1324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24923.exe
        8⤵
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65052.exe
        9⤵
        
        PID:4056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45722.exe
        10⤵
        
        PID:5592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6687.exe
        11⤵
        
        PID:8388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24441.exe
        12⤵
        
        PID:11540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8388 -s 216
        12⤵
        
        PID:12784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5592 -s 236
        11⤵
        
        PID:9864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4056 -s 216
        10⤵
        
        PID:7124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3028 -s 236
        9⤵
        
        PID:5024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34880.exe
        8⤵
        
        PID:3148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44819.exe
        9⤵
        
        PID:5912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55587.exe
        10⤵
        
        PID:8836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23263.exe
        11⤵
        
        PID:12044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8836 -s 216
        11⤵
        
        PID:13092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5912 -s 216
        10⤵
        
        PID:10060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3148 -s 216
        9⤵
        
        PID:7512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1324 -s 220
        8⤵
        
        PID:5940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2164 -s 240
        7⤵
        Program crash
        
        PID:2084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63822.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55758.exe
        7⤵
        
        PID:668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41259.exe
        8⤵
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32188.exe
        9⤵
        
        PID:4000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46189.exe
        10⤵
        
        PID:5748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64632.exe
        11⤵
        
        PID:8460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14134.exe
        12⤵
        
        PID:11580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8460 -s 236
        12⤵
        
        PID:12792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5748 -s 236
        11⤵
        
        PID:9828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4000 -s 216
        10⤵
        
        PID:7352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2724 -s 216
        9⤵
        
        PID:6056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57247.exe
        8⤵
        
        PID:4092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7704.exe
        9⤵
        
        PID:5140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50652.exe
        10⤵
        
        PID:7656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32526.exe
        11⤵
        
        PID:10816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7656 -s 236
        11⤵
        
        PID:12540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5140 -s 216
        10⤵
        
        PID:9448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4092 -s 236
        9⤵
        
        PID:7148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 668 -s 240
        8⤵
        
        PID:4312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17309.exe
        7⤵
        
        PID:3104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3599.exe
        8⤵
        
        PID:3772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62442.exe
        9⤵
        
        PID:5948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41197.exe
        10⤵
        
        PID:8892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21125.exe
        11⤵
        
        PID:12060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8892 -s 236
        11⤵
        
        PID:13204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5948 -s 216
        10⤵
        
        PID:10068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3772 -s 216
        9⤵
        
        PID:7180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3104 -s 216
        8⤵
        
        PID:5300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 544 -s 220
        7⤵
        Program crash
        
        PID:3720
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 112 -s 240
        6⤵
        Program crash
        
        PID:2864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30033.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23304.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16864.exe
        7⤵
        
        PID:1428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12670.exe
        8⤵
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40356.exe
        9⤵
        
        PID:3504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29111.exe
        10⤵
        
        PID:4136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25633.exe
        11⤵
        
        PID:7528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26496.exe
        12⤵
        
        PID:10520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7528 -s 216
        12⤵
        
        PID:12532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4136 -s 216
        11⤵
        
        PID:9440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3504 -s 216
        10⤵
        
        PID:6728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2320 -s 216
        9⤵
        
        PID:4916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40910.exe
        8⤵
        
        PID:4088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3594.exe
        9⤵
        
        PID:6036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51057.exe
        10⤵
        
        PID:8940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56270.exe
        11⤵
        
        PID:11416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8940 -s 216
        11⤵
        
        PID:12424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6036 -s 216
        10⤵
        
        PID:10272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4088 -s 216
        9⤵
        
        PID:7668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1428 -s 220
        8⤵
        
        PID:6072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21393.exe
        7⤵
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34326.exe
        8⤵
        
        PID:3860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54357.exe
        9⤵
        
        PID:5568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37933.exe
        10⤵
        
        PID:7680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56179.exe
        11⤵
        
        PID:10616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29971.exe
        12⤵
        
        PID:9576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7680 -s 216
        11⤵
        
        PID:11892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5568 -s 216
        10⤵
        
        PID:8264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3860 -s 216
        9⤵
        
        PID:6776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2636 -s 216
        8⤵
        
        PID:5916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 240
        7⤵
        Program crash
        
        PID:3764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62535.exe
        6⤵
        
        PID:1444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41259.exe
        7⤵
        
        PID:3088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5545.exe
        8⤵
        
        PID:3580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23247.exe
        9⤵
        
        PID:5968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5364.exe
        10⤵
        
        PID:8212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27791.exe
        11⤵
        
        PID:11420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8212 -s 236
        11⤵
        
        PID:13212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5968 -s 216
        10⤵
        
        PID:10192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3580 -s 216
        9⤵
        
        PID:7860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3088 -s 236
        8⤵
        
        PID:5804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36826.exe
        7⤵
        
        PID:3284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17793.exe
        8⤵
        
        PID:6016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22038.exe
        9⤵
        
        PID:8720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35707.exe
        10⤵
        
        PID:11904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8720 -s 236
        10⤵
        
        PID:13048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6016 -s 216
        9⤵
        
        PID:9968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3284 -s 216
        8⤵
        
        PID:7868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1444 -s 220
        7⤵
        
        PID:5852
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2308 -s 240
        6⤵
        Program crash
        
        PID:1944
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2140 -s 240
        5⤵
        Program crash
        
        PID:2812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9530.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9530.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19173.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8913.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4611.exe
        7⤵
        
        PID:2408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-418.exe
        8⤵
        
        PID:1484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1484 -s 220
        9⤵
        
        PID:5068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44995.exe
        8⤵
        
        PID:3548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47149.exe
        9⤵
        
        PID:5824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-76.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-76.exe
        10⤵
        
        PID:9880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61973.exe
        11⤵
        
        PID:12916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9880 -s 216
        11⤵
        
        PID:5376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5824 -s 216
        10⤵
        
        PID:10976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3548 -s 216
        9⤵
        
        PID:7840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2408 -s 220
        8⤵
        
        PID:5136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35783.exe
        7⤵
        
        PID:632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55841.exe
        8⤵
        
        PID:4108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59640.exe
        9⤵
        
        PID:6880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33346.exe
        10⤵
        
        PID:10592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14988.exe
        11⤵
        
        PID:4944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10592 -s 216
        11⤵
        
        PID:9164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6880 -s 216
        10⤵
        
        PID:10540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4108 -s 216
        9⤵
        
        PID:7288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 632 -s 216
        8⤵
        
        PID:5256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2056 -s 240
        7⤵
        Program crash
        
        PID:3704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15472.exe
        6⤵
        
        PID:1780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35229.exe
        7⤵
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7491.exe
        8⤵
        
        PID:3336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45203.exe
        9⤵
        
        PID:5848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-761.exe
        10⤵
        
        PID:9752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47775.exe
        11⤵
        
        PID:12820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9752 -s 216
        11⤵
        
        PID:12976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5848 -s 216
        10⤵
        
        PID:10792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3336 -s 216
        9⤵
        
        PID:7804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2968 -s 236
        8⤵
        
        PID:6132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40718.exe
        7⤵
        
        PID:3204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22645.exe
        8⤵
        
        PID:5736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2899.exe
        9⤵
        
        PID:9680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45637.exe
        10⤵
        
        PID:12844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9680 -s 216
        10⤵
        
        PID:12912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5736 -s 216
        9⤵
        
        PID:10760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3204 -s 216
        8⤵
        
        PID:7760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1780 -s 220
        7⤵
        
        PID:5516
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2980 -s 240
        6⤵
        Program crash
        
        PID:956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19774.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59842.exe
        6⤵
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61871.exe
        7⤵
        
        PID:788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32981.exe
        8⤵
        
        PID:4200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51280.exe
        9⤵
        
        PID:7104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51628.exe
        10⤵
        
        PID:10716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13981.exe
        11⤵
        
        PID:7076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10716 -s 216
        11⤵
        
        PID:8588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7104 -s 216
        10⤵
        
        PID:11272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4200 -s 216
        9⤵
        
        PID:7496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 788 -s 216
        8⤵
        
        PID:5656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59385.exe
        7⤵
        
        PID:3260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52328.exe
        8⤵
        
        PID:5768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62494.exe
        9⤵
        
        PID:8516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63911.exe
        10⤵
        
        PID:11656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8516 -s 216
        10⤵
        
        PID:12832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5768 -s 216
        9⤵
        
        PID:9840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3260 -s 216
        8⤵
        
        PID:6744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2264 -s 240
        7⤵
        
        PID:5184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31699.exe
        6⤵
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56692.exe
        7⤵
        
        PID:3348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62141.exe
        8⤵
        
        PID:5620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58841.exe
        9⤵
        
        PID:8536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45388.exe
        10⤵
        
        PID:12276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8536 -s 216
        10⤵
        
        PID:12332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5620 -s 216
        9⤵
        
        PID:10264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3348 -s 216
        8⤵
        
        PID:7784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2500 -s 216
        7⤵
        
        PID:5792
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2108 -s 240
        6⤵
        Program crash
        
        PID:3736
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1648 -s 240
        5⤵
        Program crash
        
        PID:1036
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2648 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1016
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 948 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2544
- C:\Users\Admin\AppData\Local\Temp\Unicorn-50615.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-50615.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1696
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43921.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43921.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57325.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57325.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22598.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23449.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36817.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49152.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51181.exe
        9⤵
        
        PID:808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21498.exe
        10⤵
        
        PID:3536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33854.exe
        11⤵
        
        PID:5864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39744.exe
        12⤵
        
        PID:8680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41161.exe
        13⤵
        
        PID:11876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8680 -s 216
        13⤵
        
        PID:13024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5864 -s 216
        12⤵
        
        PID:9952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3536 -s 216
        11⤵
        
        PID:7084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 808 -s 216
        10⤵
        
        PID:5240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56863.exe
        9⤵
        
        PID:3620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-906.exe
        10⤵
        
        PID:4176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18665.exe
        11⤵
        
        PID:7984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59962.exe
        12⤵
        
        PID:11076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7984 -s 216
        12⤵
        
        PID:12068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4176 -s 216
        11⤵
        
        PID:9284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3620 -s 236
        10⤵
        
        PID:7044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2372 -s 220
        9⤵
        
        PID:4760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27231.exe
        8⤵
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9053.exe
        9⤵
        
        PID:3172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4087.exe
        10⤵
        
        PID:5616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10854.exe
        11⤵
        
        PID:9152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64739.exe
        12⤵
        
        PID:12280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9152 -s 236
        12⤵
        
        PID:13152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5616 -s 216
        11⤵
        
        PID:10144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3172 -s 216
        10⤵
        
        PID:7624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1984 -s 236
        9⤵
        
        PID:5636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2684 -s 240
        8⤵
        Program crash
        
        PID:3316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23064.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32707.exe
        8⤵
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6723.exe
        9⤵
        
        PID:4008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45831.exe
        10⤵
        
        PID:4684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48047.exe
        11⤵
        
        PID:7796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5670.exe
        12⤵
        
        PID:10728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7796 -s 216
        12⤵
        
        PID:12392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4684 -s 216
        11⤵
        
        PID:8552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4008 -s 236
        10⤵
        
        PID:6460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2756 -s 216
        9⤵
        
        PID:4500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3194.exe
        8⤵
        
        PID:3076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7320.exe
        9⤵
        
        PID:4828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18992.exe
        10⤵
        
        PID:6740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9910.exe
        11⤵
        
        PID:10840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33847.exe
        12⤵
        
        PID:13056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10840 -s 216
        12⤵
        
        PID:9260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6740 -s 216
        11⤵
        
        PID:11484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4828 -s 236
        10⤵
        
        PID:8308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3076 -s 236
        9⤵
        
        PID:6532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2212 -s 220
        8⤵
        
        PID:4468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1868 -s 240
        7⤵
        Program crash
        
        PID:1604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16951.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6173.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12478.exe
        8⤵
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34051.exe
        9⤵
        
        PID:3328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33195.exe
        10⤵
        
        PID:5044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7398.exe
        11⤵
        
        PID:7448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39158.exe
        12⤵
        
        PID:10688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7448 -s 220
        12⤵
        
        PID:12244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5044 -s 220
        11⤵
        
        PID:2332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3328 -s 216
        10⤵
        
        PID:6720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2456 -s 236
        9⤵
        
        PID:4432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44912.exe
        8⤵
        
        PID:3364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47585.exe
        9⤵
        
        PID:4740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19843.exe
        10⤵
        
        PID:7196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16600.exe
        11⤵
        
        PID:10544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7196 -s 220
        11⤵
        
        PID:12172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4740 -s 216
        10⤵
        
        PID:8860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3364 -s 216
        9⤵
        
        PID:6696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1088 -s 240
        8⤵
        
        PID:4416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58150.exe
        7⤵
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29967.exe
        8⤵
        
        PID:3380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16475.exe
        9⤵
        
        PID:4144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43963.exe
        10⤵
        
        PID:7728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15146.exe
        11⤵
        
        PID:10736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50775.exe
        12⤵
        
        PID:9916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7728 -s 216
        11⤵
        
        PID:11560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4144 -s 216
        10⤵
        
        PID:8336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3380 -s 216
        9⤵
        
        PID:6412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2564 -s 236
        8⤵
        Program crash
        
        PID:4256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2764 -s 240
        7⤵
        Program crash
        
        PID:3276
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1656 -s 240
        6⤵
        Program crash
        
        PID:600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32171.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59375.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22510.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57403.exe
        8⤵
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46303.exe
        9⤵
        
        PID:3480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45831.exe
        10⤵
        
        PID:4600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9152.exe
        11⤵
        
        PID:7748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11062.exe
        12⤵
        
        PID:10700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-458.exe
        13⤵
        
        PID:9692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7748 -s 216
        12⤵
        
        PID:11616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4600 -s 216
        11⤵
        
        PID:8344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3480 -s 216
        10⤵
        
        PID:6492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1752 -s 236
        9⤵
        Program crash
        
        PID:4320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24299.exe
        8⤵
        
        PID:3508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49723.exe
        9⤵
        
        PID:5116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48156.exe
        10⤵
        
        PID:7004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35183.exe
        11⤵
        
        PID:10908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5642.exe
        12⤵
        
        PID:8000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10908 -s 216
        12⤵
        
        PID:8500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7004 -s 216
        11⤵
        
        PID:11608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5116 -s 216
        10⤵
        
        PID:8428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3508 -s 216
        9⤵
        
        PID:6640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2120 -s 240
        8⤵
        Program crash
        
        PID:4368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33453.exe
        7⤵
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40081.exe
        8⤵
        
        PID:3552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31441.exe
        9⤵
        
        PID:4752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44539.exe
        10⤵
        
        PID:7940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32059.exe
        11⤵
        
        PID:11232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7940 -s 220
        11⤵
        
        PID:12040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4752 -s 216
        10⤵
        
        PID:8496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3552 -s 216
        9⤵
        
        PID:6516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2728 -s 236
        8⤵
        Program crash
        
        PID:4332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2468 -s 240
        7⤵
        Program crash
        
        PID:3292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33370.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47097.exe
        7⤵
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60392.exe
        8⤵
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40076.exe
        9⤵
        
        PID:5816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54134.exe
        10⤵
        
        PID:8640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26963.exe
        11⤵
        
        PID:11784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8640 -s 236
        11⤵
        
        PID:12952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5816 -s 216
        10⤵
        
        PID:9928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2964 -s 216
        9⤵
        
        PID:6984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3012 -s 236
        8⤵
        
        PID:5232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1632.exe
        7⤵
        
        PID:3496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16475.exe
        8⤵
        
        PID:4164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9152.exe
        9⤵
        
        PID:7772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41789.exe
        10⤵
        
        PID:10864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1574.exe
        11⤵
        
        PID:10040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7772 -s 216
        10⤵
        
        PID:11736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4164 -s 216
        9⤵
        
        PID:8396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3496 -s 216
        8⤵
        
        PID:6404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 896 -s 240
        7⤵
        Program crash
        
        PID:3520
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1552 -s 240
        6⤵
        Program crash
        
        PID:1724
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1820 -s 240
        5⤵
        Program crash
        
        PID:2620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32088.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32088.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52037.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53153.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14341.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4455.exe
        8⤵
        
        PID:3680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20559.exe
        9⤵
        
        PID:4524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64383.exe
        10⤵
        
        PID:7880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11062.exe
        11⤵
        
        PID:10784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12757.exe
        12⤵
        
        PID:10156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7880 -s 216
        11⤵
        
        PID:11636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4524 -s 216
        10⤵
        
        PID:8696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3680 -s 216
        9⤵
        
        PID:6484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1608 -s 216
        8⤵
        Program crash
        
        PID:4228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38113.exe
        7⤵
        
        PID:1080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2448 -s 220
        7⤵
        Program crash
        
        PID:3340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23064.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1980.exe
        7⤵
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2639.exe
        8⤵
        
        PID:4040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45379.exe
        8⤵
        
        PID:4068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12006.exe
        9⤵
        
        PID:4676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50740.exe
        10⤵
        
        PID:6792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30632.exe
        11⤵
        
        PID:10472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52238.exe
        12⤵
        
        PID:13260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10472 -s 216
        12⤵
        
        PID:7920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6792 -s 216
        11⤵
        
        PID:11176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4676 -s 236
        10⤵
        
        PID:3468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4068 -s 236
        9⤵
        
        PID:6100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2596 -s 240
        8⤵
        
        PID:4508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19530.exe
        7⤵
        
        PID:3244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61783.exe
        8⤵
        
        PID:4812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47725.exe
        9⤵
        
        PID:6756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26548.exe
        10⤵
        
        PID:10500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12274.exe
        11⤵
        
        PID:5512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10500 -s 216
        11⤵
        
        PID:9036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6756 -s 216
        10⤵
        
        PID:11224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4812 -s 236
        9⤵
        
        PID:8152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3244 -s 216
        8⤵
        
        PID:5564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1896 -s 220
        7⤵
        Program crash
        
        PID:3700
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2028 -s 240
        6⤵
        Program crash
        
        PID:1692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64014.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8119.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63433.exe
        7⤵
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6723.exe
        8⤵
        
        PID:4016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12774.exe
        9⤵
        
        PID:4836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19843.exe
        10⤵
        
        PID:7212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14222.exe
        11⤵
        
        PID:11164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7212 -s 220
        11⤵
        
        PID:12464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4836 -s 216
        10⤵
        
        PID:8876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4016 -s 216
        9⤵
        
        PID:6704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2760 -s 216
        8⤵
        
        PID:4476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33920.exe
        7⤵
        
        PID:3152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58083.exe
        8⤵
        
        PID:4844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27435.exe
        9⤵
        
        PID:7912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48587.exe
        10⤵
        
        PID:11032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38139.exe
        11⤵
        
        PID:9672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7912 -s 216
        10⤵
        
        PID:11780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4844 -s 216
        9⤵
        
        PID:8736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3152 -s 236
        8⤵
        
        PID:6540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1572 -s 240
        7⤵
        Program crash
        
        PID:4272
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2476 -s 236
        6⤵
        Program crash
        
        PID:3424
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1768 -s 240
        5⤵
        Program crash
        
        PID:2376
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1532
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54865.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54865.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4891.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4891.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33563.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12120.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64756.exe
        7⤵
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21114.exe
        8⤵
        
        PID:3980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43392.exe
        9⤵
        
        PID:5312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23927.exe
        10⤵
        
        PID:8180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43242.exe
        11⤵
        
        PID:10612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51029.exe
        12⤵
        
        PID:9560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8180 -s 220
        11⤵
        
        PID:12132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5312 -s 216
        10⤵
        
        PID:8848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3980 -s 236
        9⤵
        
        PID:6436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2568 -s 216
        8⤵
        
        PID:4572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1940 -s 236
        7⤵
        Program crash
        
        PID:3672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46199.exe
        6⤵
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23614.exe
        7⤵
        
        PID:3212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16558.exe
        8⤵
        
        PID:5444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22640.exe
        9⤵
        
        PID:8240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61581.exe
        10⤵
        
        PID:11360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8240 -s 236
        10⤵
        
        PID:12716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5444 -s 216
        9⤵
        
        PID:9620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3212 -s 216
        8⤵
        
        PID:6844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2004 -s 216
        7⤵
        
        PID:4516
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3008 -s 240
        6⤵
        Program crash
        
        PID:1996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9660.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47014.exe
        6⤵
        
        PID:2156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45727.exe
        7⤵
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27528.exe
        8⤵
        
        PID:3972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45914.exe
        9⤵
        
        PID:5544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15047.exe
        10⤵
        
        PID:8324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14326.exe
        11⤵
        
        PID:11456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8324 -s 236
        11⤵
        
        PID:12708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5544 -s 216
        10⤵
        
        PID:9660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3972 -s 216
        9⤵
        
        PID:6940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2880 -s 236
        8⤵
        
        PID:4856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30220.exe
        7⤵
        
        PID:3112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2660.exe
        8⤵
        
        PID:5056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40455.exe
        9⤵
        
        PID:7960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56755.exe
        10⤵
        
        PID:11128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17890.exe
        11⤵
        
        PID:9352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7960 -s 216
        10⤵
        
        PID:11836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5056 -s 216
        9⤵
        
        PID:8772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3112 -s 236
        8⤵
        
        PID:6604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2156 -s 240
        7⤵
        Program crash
        
        PID:4304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50366.exe
        6⤵
        
        PID:1148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21114.exe
        7⤵
        
        PID:3988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53807.exe
        8⤵
        
        PID:4616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13620.exe
        9⤵
        
        PID:7240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11062.exe
        10⤵
        
        PID:10772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65419.exe
        11⤵
        
        PID:9596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7240 -s 216
        10⤵
        
        PID:11424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4616 -s 216
        9⤵
        
        PID:8884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3988 -s 216
        8⤵
        
        PID:6680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1148 -s 236
        7⤵
        
        PID:4440
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1916 -s 240
        6⤵
        Program crash
        
        PID:3596
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1188 -s 240
        5⤵
        Program crash
        
        PID:1128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40339.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40339.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49946.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11471.exe
        6⤵
        
        PID:1448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3023.exe
        7⤵
        
        PID:3776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47201.exe
        8⤵
        
        PID:4180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51472.exe
        9⤵
        
        PID:6928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8841.exe
        10⤵
        
        PID:10556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12274.exe
        11⤵
        
        PID:2012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10556 -s 216
        11⤵
        
        PID:9056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6928 -s 216
        10⤵
        
        PID:10344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4180 -s 236
        9⤵
        
        PID:7644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3776 -s 236
        8⤵
        
        PID:6096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1448 -s 236
        7⤵
        
        PID:5036
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1072 -s 216
        6⤵
        Program crash
        
        PID:3756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62535.exe
        5⤵
        
        PID:1456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-418.exe
        6⤵
        
        PID:2428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2428 -s 240
        7⤵
        
        PID:4280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26712.exe
        6⤵
        
        PID:3524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37746.exe
        7⤵
        
        PID:5504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12333.exe
        8⤵
        
        PID:8272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22687.exe
        9⤵
        
        PID:11400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8272 -s 216
        9⤵
        
        PID:12692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5504 -s 216
        8⤵
        
        PID:9644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3524 -s 216
        7⤵
        
        PID:6936
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1456 -s 220
        6⤵
        
        PID:5100
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2848 -s 240
        5⤵
        Program crash
        
        PID:2036
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2904 -s 240
      4⤵
      Program crash
      PID:2180
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1696 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2692
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2340 -s 240
  2⤵
  - Program crash
  PID:2540

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-12774.exe

Filesize
184KB

MD5
e933ca0afbe5a993fce1e8b11a4ef50d

SHA1
11bf56cf6b758b6a5ac2c2746ca77596971002c2

SHA256
67cdf00b790473d4133bb5e040c1c7f7aa5d58269db5107178d7e5eace5a46d4

SHA512
7f14748e590f8bd4e190f4cb330994f7821790ed51e3f9f5b1d7a0abcdc78c9601b4c79143f2ed690f53e0291b5fd0467b2c2204949ae28e642eeea3288c68c3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-13620.exe

Filesize
184KB

MD5
53bbdc0b341aa9eaa8ca4d1b4df7f652

SHA1
d438a84f2ea8cc397429b0518daaf973ccd8a0de

SHA256
3ab2b52165e117766a5fe70d7b52f546deec633c48c6284ce8b87993381861b7

SHA512
475fd8e05edce5b4db457deca2ee2d9551431369c7d09549ef34a7cd19a15279aa49fe8f6cd1f0499837f38221d6fb8e46716ca5946bc9a8308ade9ddf876475

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27824.exe

Filesize
184KB

MD5
2fc0959dd3298f41e30faef58ba5e1be

SHA1
a3f49c94333bf11ddf6e04e5ced13ff1348d5971

SHA256
003bfec5669e59d774ccea66dd8a3a76091a52c987cb410e9b3f8e25ae87f741

SHA512
7fac7ade3fbf26e297fe78b4069aea2bd9c44893a5a777fe96856195a6284113856a2494ab0cebb0e39d4d7c14e0e40d683cc35b48e2ddd6e8e3bee14721d7a4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35836.exe

Filesize
184KB

MD5
bd4f5fbf12f9b5ce30e017c59f6b118f

SHA1
2e715aede125eb56d835cf0a69d84a95461fc9d6

SHA256
c39d2c6c9ae2fba76090fe5fb3c41b07fd7dec67d0bb84d1b4ce12fca0dc01c5

SHA512
acd75d67c2fb1963a251b2ce0ea3540d9c39bd9de7cd00db1efc2938c30851e1db8cfc88223b19b845a1dd8108681ec00e2a177191408d7ce61457f7c3ee13d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40339.exe

Filesize
184KB

MD5
0eefed91c15601201e0b1c89a639de02

SHA1
563ff2f58ea65577559e0d15ed004fec21f34311

SHA256
4ae581525f115dfff38b181de7582bbaa0754e85fa2cb9db57fb02f6ac6e8a99

SHA512
143fd402adf1b6557f33cca761206cd583586b8684fa4da3e87c87222f6f855f877bb2b956b11e8decac4d697ab1b0f6f1c501da3927d78c624a896b8cc7dc0e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40910.exe

Filesize
184KB

MD5
1e5255ba5df4471244949665ce89e21f

SHA1
0bd7d13356c69afad57474c1ca32de4eb1fff320

SHA256
310839db2cf8c86c41cd36d74faa40e0c741f9704d9cf02668b466839fbcb893

SHA512
dcb6ed57c7fee95c6ce89b74b8eb8d2f2f333c5cec2be69e8d7e284df9ed6cdfc85f7e836f820d51a406deafaf580c7498983a34eb24973fb910a3b87d949bda

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41197.exe

Filesize
184KB

MD5
99c460544e64bbec7ccbc688979fbf88

SHA1
453c7b626d0766ac4b3b932270465ddd2c349fc9

SHA256
7b82e18181bb2da22a393b30bd0a136647c26b7a209fed715fcbb724a4fa6cd8

SHA512
efc56fae65ad9ae6a9bf2be7f4ec6003beeeb7e5d9bfe8f3fb43c5c4b7bc22bdfbea02017e3db83cbe24518790fc46fc7542e92c882d398e0100525afbacbebc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42982.exe

Filesize
184KB

MD5
f4db27468c7e313d59652799113f372d

SHA1
19db14432c5416d1c70106b69735e606cfe9c821

SHA256
9c52ff30da0c00f480dd6a2273b7d47550224a81106b3ddb2c7c75879d74975e

SHA512
ee9a67d0ab7a0b5656651ac446d2c294a9dacb0291be2316a14c73f16d8c3b42e160f960397429598d2dceb7d8e6ad607f3c4732da6f048abd721cac38230426

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43921.exe

Filesize
184KB

MD5
6eb51b2201775dd0103b18d66ab0a851

SHA1
36a6d7594803a9ecc8daa4b2ec0eb133850ad8b7

SHA256
95ffac71fae2bc159953972b97f74f9568b8b8fcd275cec765a592a54b4a5bee

SHA512
310b74bbba015c4e2f8aab18ee69c17c3ee28cabbaa7b075d815fac165009f0b9d8cc417bb71d60aad15588e4d1aa7a91084db94e8871052241d595a71cec340

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45637.exe

Filesize
184KB

MD5
ff91de1577ffd5165c76138a0a78835b

SHA1
e6ea803277e4e1b24467b3a8b5ac86d12a028921

SHA256
db07ba26a30669dae381cc890edbd4fbba15588adde37369b33045e407a28832

SHA512
d65345c6d99a23579a72ea1c9eb7b9cce1f613e372728f07c293755187def6080c21b40b81bce34231f70015ce97304682038d2bdb693264cb54b6acaa46d270

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5545.exe

Filesize
184KB

MD5
db3d645a8de9b3d518cdd04488851ae8

SHA1
6b8d42d9a4fe4239ea6cd33ad1c7fdec2325b2ba

SHA256
a933608aa6508d52626c226834a50eebe7e3a0165e0b7f963dcc67e111109310

SHA512
0cb5b71dec87ed19549f2c8928fa40a55598a6e38e92bc93e46e5e2e8ef039a63caa280fd23249ab7890ff61411228af5be5492a2c7ba58aae14b5576bc9a5ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6173.exe

Filesize
184KB

MD5
505c8ff7ac53bb220872030893a287cf

SHA1
b5c1a5229261c4d3ee7ac8348a06b3d630c9769f

SHA256
41235e7d784d9591f87e25808ef42a630f84eecd192b3588bbf33558301360ae

SHA512
22e3cc87e3e5299c601b81e4cbdcfbfcbc8e64675b465ae49c5b097abc2ae6929eae6feb92fd76d36bb94a217bbce46d9f17edcd239a7db27361a6b004f1093e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-13194.exe

Filesize
184KB

MD5
9ca8b189d40f0e088cf2128310328d6b

SHA1
0347879149a0329fb37331fa22fd07f0594a3441

SHA256
b6f3e15564b3f43c588fc7beba4968240f95e2604eba3c6e167e47c620a5de05

SHA512
886ae7aef009cdb45fb6af14937d9bce572f296d8c2399a6909f14df73eaecaf38a05f8ed77abb990247460ad312e537231b4a204ef83d00646cf93336b9fec4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-22598.exe

Filesize
184KB

MD5
49785a3c9b1ee9d4e0aa550cf64c56c2

SHA1
81288dddff600d2ecd210b10b5d3fa1cf3142334

SHA256
becf84f565424603aea744bca9a89dde8e579e532e4604aeaa97688b2c78c8bf

SHA512
aae147b4426bdb2c2256e97f064ea4feaf0054481b2414be1e806d159617d62ed574d85fecf7c504509582e2d8c18fd44d26b0e4829494fd294530e9016a1450

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-32088.exe

Filesize
184KB

MD5
219091fc3ca5d9cbad42c6f5b8788948

SHA1
9df63132cc52eb7fbfda3a1259879c2683c2c181

SHA256
58ebca011fc8de9810279c287091592a51debd6e41cd8bcb3a90a62643887fb8

SHA512
9d4eb468f5599fdd49cad9351d9ecdd7e5c04068fce5a46c707a1931818baa5b39b1031a890d58666fad87354693c6d0e3dbf5d902a563bb98eb819a72503150

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-39754.exe

Filesize
184KB

MD5
79ace3fc1351b025bf6fc41989c3934e

SHA1
bcdb40feda9893f2b6778d005b953a16bffc802d

SHA256
0252da88c2853ff2a6ea8ae6fbf467f661303cf3eda1913f2d198f7429164591

SHA512
c2add412a988ae6554beb46b69ef2e4cfa040c566d358ff2864b15e62b588d474defc0b6535b92debc826ab7b5e181aaeb09b09a544c8bbdf57baa4a4f5a47ed

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-50615.exe

Filesize
184KB

MD5
b9500a3ac1bf8cafbf98159e7edf69be

SHA1
6b5dac4a7f5b0c27c98d6c8b22a15dde6f1e4cbe

SHA256
f38c70437dc66c54f11a07d5f72fa3503d7a819ecf7084fb9381cb0e85702b4d

SHA512
816de8266e7fc5ed2a77c8992c5da01dc77138922df992ab3c9770384295560dec916a9f99b07a77bdcbbda30335e946351bbb9904e8b9fe0d0014b40bb018d5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-50781.exe

Filesize
184KB

MD5
9ab8ad5c03dacf31e227b701241a6517

SHA1
187a1aea07043e86be62304462c70227d841957a

SHA256
d6fe1c8ece9db6255c031e409e24c15f7eb46c46deb08547ded03b1a665bdbca

SHA512
c33494e04e47e28ac0913cdf6d1b4af447f7b9ec768b11444b227949dc0913ca2b1233186aa5cd4f1ffeb14632204dc755d221457275ba1fe622c9ff3790933a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-54865.exe

Filesize
184KB

MD5
84b60205fdaf78a2f8b5ab4e257d8a4d

SHA1
16084975e26c2dd08a78736d2513a1d99ce2eb90

SHA256
5a043aa3326d71cb889875a760b382986f12920309c6d343a289b9d67507235e

SHA512
143585b6814957740bd636159e16851645283a0308bfa89065077bd8230ec5b45ac25ac468f50525bed3cf336b90cd971c6e16454f9157e9601081c2b93643ac

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-57325.exe

Filesize
184KB

MD5
450c765e0053e141113bfe5629d8de26

SHA1
6664c33e481e20b09d97187c4638eb13b95452bf

SHA256
13303058820dd65dcd0d6ec6e9a099647a1e3413d551c7a27e4dd20bd6c1a1cd

SHA512
aff3b52a1f5d01f71e358c6a42ea5b26f910bc7d4092fa64bea1c094edceb59199a8a73d4b0bae407de63a472d1a9a5f933049f92da6638aad5e121feec1046b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-58866.exe

Filesize
184KB

MD5
d5053592b04e9ff95f9bf56e46450f1d

SHA1
f94e135cb236f628ff21db18951a3d686b448d2c

SHA256
16662fe73121663e695e2062008017029005848c64108f9e72fd023d735c9f5f

SHA512
8228f9592f504a2b96a5f0cb90bc7d79862d0f660a099ee0cea799e96a5d9752d673e1405844d29855498179417dd6ab75150c7cd6ff76c2fcc8f8f902773c3e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-59058.exe

Filesize
184KB

MD5
f1bc2c95f782d32206eaf07922887144

SHA1
c900ae5e69946a1ffcd6f159f08a86483bc09c4c

SHA256
25007c2b28b2c9df5421583738929e780f97d52fbac0bdfdf44760e9c3d757e4

SHA512
33a556112441219caadc89a3319547be2ed96d980c406c12575af06911781f77f3bee59e63d9398cc1d235cfdaf6e19fcec3fca56fe150e90d04bdabd38c3583

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-8975.exe

Filesize
184KB

MD5
fd690309780131c1d172611b8112e9d8

SHA1
fccf8cbe090873d7411038b02d489456dcf7f7ca

SHA256
0919ad9b34a36fb74aa6234159ef361f17a15910435f8240c6ce4a488c30b365

SHA512
eb7775b6da2ebba9a3c86bf0c2dc3cd4fdc5a0eb87d3e3f5182065bb2de9239ce96a0c40cc35b57f59304b2a06df14dad2c227fddf5928c7e55001d336b5e6e2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9193.exe

Filesize
184KB

MD5
6033046475814b57901207c81cb6f374

SHA1
fbee7122af297d94493249c982a0a86cb368d3f2

SHA256
9afc8abc9ac5b1414dffec955b4156dba9dff3197b328bdd7e9dc1737ca988de

SHA512
f7034a7025d6689526c63748a10ea34e8210a9ab85092ce1074b0ef4c5e24a251a9684f1bc90866be370776ebaa750032cd56d1a8ce5698a6ebade7f97c3457f

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads