57c855d30e6bfaf484317c758c2e60f5ab7d5215d2e9dfd8c466082c80eb797a

Analysis

max time kernel
150s
max time network
124s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
26/05/2024, 21:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

57c855d30e6bfaf484317c758c2e60f5ab7d5215d2e9dfd8c466082c80eb797a.exe
Size

184KB
MD5

17628355ffc13d747ec4af253399a28b
SHA1

c433367b698df2ae28ab81c5ade957efc08c24e8
SHA256

57c855d30e6bfaf484317c758c2e60f5ab7d5215d2e9dfd8c466082c80eb797a
SHA512

e15a67129f2743b62471267fda64bb24c4698771241b2942975d45a9cf1bf6f66c7827f79b080c89fc3beaa44f97437e39c17c97fc0b99f9a29423709e3fb99c
SSDEEP

1536:RBVL6j3l/2xotx1/JOAlswSl29ycZc8LmddsWLu2VzltuhlBhj5nizpvT:zkl2xoTRJO5jl4Ze2WLuKbuhlPViFL

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2452	Unicorn-26303.exe
1728	Unicorn-23179.exe
2112	Unicorn-25871.exe
2748	Unicorn-43838.exe
2464	Unicorn-54699.exe
2684	Unicorn-13111.exe
1648	Unicorn-59188.exe
3024	Unicorn-43406.exe
316	Unicorn-24378.exe
1748	Unicorn-57797.exe
1792	Unicorn-37699.exe
640	Unicorn-21699.exe
1044	Unicorn-2670.exe
1336	Unicorn-6754.exe
2800	Unicorn-1279.exe
3048	Unicorn-21145.exe
2324	Unicorn-32005.exe
2724	Unicorn-21145.exe
408	Unicorn-50563.exe
2336	Unicorn-615.exe
1544	Unicorn-64761.exe
1620	Unicorn-37564.exe
1864	Unicorn-64014.exe
2484	Unicorn-48233.exe
1280	Unicorn-33288.exe
1048	Unicorn-35980.exe
3020	Unicorn-59930.exe
1428	Unicorn-5254.exe
884	Unicorn-47678.exe
1724	Unicorn-63220.exe
3012	Unicorn-16158.exe
2828	Unicorn-27018.exe
2872	Unicorn-12073.exe
2652	Unicorn-37132.exe
2528	Unicorn-56998.exe
2668	Unicorn-50454.exe
2520	Unicorn-45623.exe
3016	Unicorn-52400.exe
2292	Unicorn-10812.exe
1908	Unicorn-2644.exe
1936	Unicorn-1253.exe
1040	Unicorn-1253.exe
1612	Unicorn-60013.exe
476	Unicorn-26511.exe
2428	Unicorn-45540.exe
1320	Unicorn-14258.exe
2372	Unicorn-1814.exe
2284	Unicorn-51570.exe
376	Unicorn-12675.exe
1468	Unicorn-59183.exe
296	Unicorn-51015.exe
1356	Unicorn-4507.exe
832	Unicorn-46931.exe
680	Unicorn-34487.exe
1720	Unicorn-26319.exe
3036	Unicorn-10537.exe
872	Unicorn-2369.exe
2936	Unicorn-22235.exe
2992	Unicorn-55654.exe
2068	Unicorn-9982.exe
2592	Unicorn-20865.exe
2776	Unicorn-5083.exe
2948	Unicorn-12696.exe
1676	Unicorn-43423.exe

Loads dropped DLL 64 IoCs

pid	Process
1252	57c855d30e6bfaf484317c758c2e60f5ab7d5215d2e9dfd8c466082c80eb797a.exe
1252	57c855d30e6bfaf484317c758c2e60f5ab7d5215d2e9dfd8c466082c80eb797a.exe
2452	Unicorn-26303.exe
2452	Unicorn-26303.exe
1252	57c855d30e6bfaf484317c758c2e60f5ab7d5215d2e9dfd8c466082c80eb797a.exe
1252	57c855d30e6bfaf484317c758c2e60f5ab7d5215d2e9dfd8c466082c80eb797a.exe
1728	Unicorn-23179.exe
1728	Unicorn-23179.exe
2452	Unicorn-26303.exe
2452	Unicorn-26303.exe
2112	Unicorn-25871.exe
2112	Unicorn-25871.exe
2508	WerFault.exe
2508	WerFault.exe
2508	WerFault.exe
2508	WerFault.exe
2508	WerFault.exe
2748	Unicorn-43838.exe
2748	Unicorn-43838.exe
1728	Unicorn-23179.exe
1728	Unicorn-23179.exe
2464	Unicorn-54699.exe
2464	Unicorn-54699.exe
2112	Unicorn-25871.exe
2112	Unicorn-25871.exe
2684	Unicorn-13111.exe
2684	Unicorn-13111.exe
2176	WerFault.exe
2176	WerFault.exe
2176	WerFault.exe
2176	WerFault.exe
604	WerFault.exe
604	WerFault.exe
604	WerFault.exe
604	WerFault.exe
2176	WerFault.exe
604	WerFault.exe
1648	Unicorn-59188.exe
2748	Unicorn-43838.exe
2748	Unicorn-43838.exe
1648	Unicorn-59188.exe
3024	Unicorn-43406.exe
3024	Unicorn-43406.exe
2464	Unicorn-54699.exe
2464	Unicorn-54699.exe
316	Unicorn-24378.exe
1792	Unicorn-37699.exe
1792	Unicorn-37699.exe
2684	Unicorn-13111.exe
316	Unicorn-24378.exe
2684	Unicorn-13111.exe
524	WerFault.exe
524	WerFault.exe
524	WerFault.exe
524	WerFault.exe
524	WerFault.exe
2564	WerFault.exe
2564	WerFault.exe
2564	WerFault.exe
2564	WerFault.exe
1084	WerFault.exe
1084	WerFault.exe
1084	WerFault.exe
1084	WerFault.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2660	1252	WerFault.exe	27
2508	2452	WerFault.exe	28
2176	1728	WerFault.exe	29
604	2112	WerFault.exe	30
524	2748	WerFault.exe	32
2564	2464	WerFault.exe	33
1084	2684	WerFault.exe	34
2996	1864	WerFault.exe	57
2000	1648	WerFault.exe	36
1704	3024	WerFault.exe	37
1848	1748	WerFault.exe	39
2476	316	WerFault.exe	38
1732	1792	WerFault.exe	40
2572	1044	WerFault.exe	43
1756	640	WerFault.exe	44
2728	2324	WerFault.exe	49
2704	3048	WerFault.exe	48
2852	1336	WerFault.exe	45
2892	2800	WerFault.exe	46
2204	1720	WerFault.exe	101
264	408	WerFault.exe	53
1096	2336	WerFault.exe	54
1400	1544	WerFault.exe	55
2960	1620	WerFault.exe	56
828	1280	WerFault.exe	60
1036	2484	WerFault.exe	59
1272	1048	WerFault.exe	61
3056	884	WerFault.exe	64
1640	3020	WerFault.exe	62
3000	1428	WerFault.exe	63
2956	2724	WerFault.exe	47
1752	1724	WerFault.exe	70
1384	2828	WerFault.exe	72
2740	3012	WerFault.exe	71
2136	2872	WerFault.exe	73
2820	2652	WerFault.exe	74
2640	2292	WerFault.exe	79
276	1936	WerFault.exe	81
2752	2668	WerFault.exe	76
3128	2528	WerFault.exe	75
3244	1040	WerFault.exe	82
3296	3016	WerFault.exe	78
3368	1908	WerFault.exe	80
3580	476	WerFault.exe	85
3592	2428	WerFault.exe	86
3804	1612	WerFault.exe	83
3292	1356	WerFault.exe	98
3344	3036	WerFault.exe	102
3408	2068	WerFault.exe	106
3424	2372	WerFault.exe	89
3492	2312	WerFault.exe	111
3516	2948	WerFault.exe	109
3632	2720	WerFault.exe	139
3648	832	WerFault.exe	99
3656	304	WerFault.exe	112
3676	2936	WerFault.exe	104
3708	2520	WerFault.exe	77
3332	1320	WerFault.exe	88
3896	680	WerFault.exe	100
3984	3500	WerFault.exe	183
4020	1468	WerFault.exe	96
4064	2592	WerFault.exe	107
4072	2436	WerFault.exe	127
3184	2140	WerFault.exe	128

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1252	57c855d30e6bfaf484317c758c2e60f5ab7d5215d2e9dfd8c466082c80eb797a.exe
2452	Unicorn-26303.exe
1728	Unicorn-23179.exe
2112	Unicorn-25871.exe
2748	Unicorn-43838.exe
2464	Unicorn-54699.exe
2684	Unicorn-13111.exe
1648	Unicorn-59188.exe
3024	Unicorn-43406.exe
1748	Unicorn-57797.exe
316	Unicorn-24378.exe
1792	Unicorn-37699.exe
640	Unicorn-21699.exe
1044	Unicorn-2670.exe
3048	Unicorn-21145.exe
2724	Unicorn-21145.exe
1336	Unicorn-6754.exe
2800	Unicorn-1279.exe
2324	Unicorn-32005.exe
408	Unicorn-50563.exe
2336	Unicorn-615.exe
1544	Unicorn-64761.exe
1620	Unicorn-37564.exe
1864	Unicorn-64014.exe
2484	Unicorn-48233.exe
1280	Unicorn-33288.exe
1048	Unicorn-35980.exe
3020	Unicorn-59930.exe
1428	Unicorn-5254.exe
884	Unicorn-47678.exe
1724	Unicorn-63220.exe
3012	Unicorn-16158.exe
2828	Unicorn-27018.exe
2872	Unicorn-12073.exe
2528	Unicorn-56998.exe
2652	Unicorn-37132.exe
2668	Unicorn-50454.exe
2520	Unicorn-45623.exe
3016	Unicorn-52400.exe
2292	Unicorn-10812.exe
1908	Unicorn-2644.exe
1936	Unicorn-1253.exe
1040	Unicorn-1253.exe
1612	Unicorn-60013.exe
476	Unicorn-26511.exe
2428	Unicorn-45540.exe
1320	Unicorn-14258.exe
2372	Unicorn-1814.exe
2284	Unicorn-51570.exe
376	Unicorn-12675.exe
296	Unicorn-51015.exe
1356	Unicorn-4507.exe
1468	Unicorn-59183.exe
680	Unicorn-34487.exe
832	Unicorn-46931.exe
3036	Unicorn-10537.exe
1720	Unicorn-26319.exe
2936	Unicorn-22235.exe
872	Unicorn-2369.exe
2068	Unicorn-9982.exe
2992	Unicorn-55654.exe
2592	Unicorn-20865.exe
2776	Unicorn-5083.exe
2948	Unicorn-12696.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1252 wrote to memory of 2452	1252	57c855d30e6bfaf484317c758c2e60f5ab7d5215d2e9dfd8c466082c80eb797a.exe	28
PID 1252 wrote to memory of 2452	1252	57c855d30e6bfaf484317c758c2e60f5ab7d5215d2e9dfd8c466082c80eb797a.exe	28
PID 1252 wrote to memory of 2452	1252	57c855d30e6bfaf484317c758c2e60f5ab7d5215d2e9dfd8c466082c80eb797a.exe	28
PID 1252 wrote to memory of 2452	1252	57c855d30e6bfaf484317c758c2e60f5ab7d5215d2e9dfd8c466082c80eb797a.exe	28
PID 2452 wrote to memory of 1728	2452	Unicorn-26303.exe	29
PID 2452 wrote to memory of 1728	2452	Unicorn-26303.exe	29
PID 2452 wrote to memory of 1728	2452	Unicorn-26303.exe	29
PID 2452 wrote to memory of 1728	2452	Unicorn-26303.exe	29
PID 1252 wrote to memory of 2112	1252	57c855d30e6bfaf484317c758c2e60f5ab7d5215d2e9dfd8c466082c80eb797a.exe	30
PID 1252 wrote to memory of 2112	1252	57c855d30e6bfaf484317c758c2e60f5ab7d5215d2e9dfd8c466082c80eb797a.exe	30
PID 1252 wrote to memory of 2112	1252	57c855d30e6bfaf484317c758c2e60f5ab7d5215d2e9dfd8c466082c80eb797a.exe	30
PID 1252 wrote to memory of 2112	1252	57c855d30e6bfaf484317c758c2e60f5ab7d5215d2e9dfd8c466082c80eb797a.exe	30
PID 1252 wrote to memory of 2660	1252	57c855d30e6bfaf484317c758c2e60f5ab7d5215d2e9dfd8c466082c80eb797a.exe	31
PID 1252 wrote to memory of 2660	1252	57c855d30e6bfaf484317c758c2e60f5ab7d5215d2e9dfd8c466082c80eb797a.exe	31
PID 1252 wrote to memory of 2660	1252	57c855d30e6bfaf484317c758c2e60f5ab7d5215d2e9dfd8c466082c80eb797a.exe	31
PID 1252 wrote to memory of 2660	1252	57c855d30e6bfaf484317c758c2e60f5ab7d5215d2e9dfd8c466082c80eb797a.exe	31
PID 1728 wrote to memory of 2748	1728	Unicorn-23179.exe	32
PID 1728 wrote to memory of 2748	1728	Unicorn-23179.exe	32
PID 1728 wrote to memory of 2748	1728	Unicorn-23179.exe	32
PID 1728 wrote to memory of 2748	1728	Unicorn-23179.exe	32
PID 2452 wrote to memory of 2464	2452	Unicorn-26303.exe	33
PID 2452 wrote to memory of 2464	2452	Unicorn-26303.exe	33
PID 2452 wrote to memory of 2464	2452	Unicorn-26303.exe	33
PID 2452 wrote to memory of 2464	2452	Unicorn-26303.exe	33
PID 2112 wrote to memory of 2684	2112	Unicorn-25871.exe	34
PID 2112 wrote to memory of 2684	2112	Unicorn-25871.exe	34
PID 2112 wrote to memory of 2684	2112	Unicorn-25871.exe	34
PID 2112 wrote to memory of 2684	2112	Unicorn-25871.exe	34
PID 2452 wrote to memory of 2508	2452	Unicorn-26303.exe	35
PID 2452 wrote to memory of 2508	2452	Unicorn-26303.exe	35
PID 2452 wrote to memory of 2508	2452	Unicorn-26303.exe	35
PID 2452 wrote to memory of 2508	2452	Unicorn-26303.exe	35
PID 2748 wrote to memory of 1648	2748	Unicorn-43838.exe	36
PID 2748 wrote to memory of 1648	2748	Unicorn-43838.exe	36
PID 2748 wrote to memory of 1648	2748	Unicorn-43838.exe	36
PID 2748 wrote to memory of 1648	2748	Unicorn-43838.exe	36
PID 1728 wrote to memory of 3024	1728	Unicorn-23179.exe	37
PID 1728 wrote to memory of 3024	1728	Unicorn-23179.exe	37
PID 1728 wrote to memory of 3024	1728	Unicorn-23179.exe	37
PID 1728 wrote to memory of 3024	1728	Unicorn-23179.exe	37
PID 2464 wrote to memory of 316	2464	Unicorn-54699.exe	38
PID 2464 wrote to memory of 316	2464	Unicorn-54699.exe	38
PID 2464 wrote to memory of 316	2464	Unicorn-54699.exe	38
PID 2464 wrote to memory of 316	2464	Unicorn-54699.exe	38
PID 2112 wrote to memory of 1748	2112	Unicorn-25871.exe	39
PID 2112 wrote to memory of 1748	2112	Unicorn-25871.exe	39
PID 2112 wrote to memory of 1748	2112	Unicorn-25871.exe	39
PID 2112 wrote to memory of 1748	2112	Unicorn-25871.exe	39
PID 2684 wrote to memory of 1792	2684	Unicorn-13111.exe	40
PID 2684 wrote to memory of 1792	2684	Unicorn-13111.exe	40
PID 2684 wrote to memory of 1792	2684	Unicorn-13111.exe	40
PID 2684 wrote to memory of 1792	2684	Unicorn-13111.exe	40
PID 1728 wrote to memory of 2176	1728	Unicorn-23179.exe	41
PID 1728 wrote to memory of 2176	1728	Unicorn-23179.exe	41
PID 1728 wrote to memory of 2176	1728	Unicorn-23179.exe	41
PID 1728 wrote to memory of 2176	1728	Unicorn-23179.exe	41
PID 2112 wrote to memory of 604	2112	Unicorn-25871.exe	42
PID 2112 wrote to memory of 604	2112	Unicorn-25871.exe	42
PID 2112 wrote to memory of 604	2112	Unicorn-25871.exe	42
PID 2112 wrote to memory of 604	2112	Unicorn-25871.exe	42
PID 2748 wrote to memory of 640	2748	Unicorn-43838.exe	44
PID 2748 wrote to memory of 640	2748	Unicorn-43838.exe	44
PID 2748 wrote to memory of 640	2748	Unicorn-43838.exe	44
PID 2748 wrote to memory of 640	2748	Unicorn-43838.exe	44

C:\Users\Admin\AppData\Local\Temp\57c855d30e6bfaf484317c758c2e60f5ab7d5215d2e9dfd8c466082c80eb797a.exe
"C:\Users\Admin\AppData\Local\Temp\57c855d30e6bfaf484317c758c2e60f5ab7d5215d2e9dfd8c466082c80eb797a.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1252
- C:\Users\Admin\AppData\Local\Temp\Unicorn-26303.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-26303.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2452
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23179.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23179.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43838.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43838.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59188.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2670.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-615.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16158.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1814.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54004.exe
        10⤵
        
        PID:1560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57377.exe
        11⤵
        
        PID:3564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53013.exe
        12⤵
        
        PID:4136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61176.exe
        13⤵
        
        PID:6884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30912.exe
        14⤵
        
        PID:8824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38180.exe
        15⤵
        
        PID:11100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8824 -s 236
        15⤵
        
        PID:11484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6884 -s 236
        14⤵
        
        PID:9936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4136 -s 216
        13⤵
        
        PID:7380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3564 -s 216
        12⤵
        
        PID:6368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1560 -s 216
        11⤵
        
        PID:4112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2372 -s 236
        10⤵
        Program crash
        
        PID:3424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60781.exe
        9⤵
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42219.exe
        10⤵
        
        PID:3500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3500 -s 200
        11⤵
        Program crash
        
        PID:3984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2416 -s 216
        10⤵
        
        PID:4324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3012 -s 240
        9⤵
        Program crash
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51570.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47974.exe
        9⤵
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44549.exe
        10⤵
        
        PID:4004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64497.exe
        11⤵
        
        PID:4416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54487.exe
        12⤵
        
        PID:5780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39936.exe
        13⤵
        
        PID:8016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37814.exe
        14⤵
        
        PID:10064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24854.exe
        15⤵
        
        PID:11764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10064 -s 216
        15⤵
        
        PID:11688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8016 -s 216
        14⤵
        
        PID:10556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5780 -s 216
        13⤵
        
        PID:9084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4416 -s 216
        12⤵
        
        PID:7336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4004 -s 216
        11⤵
        
        PID:5516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1572 -s 236
        10⤵
        
        PID:4444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47242.exe
        9⤵
        
        PID:4040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42131.exe
        10⤵
        
        PID:4376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27845.exe
        11⤵
        
        PID:6000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19947.exe
        12⤵
        
        PID:7820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52754.exe
        13⤵
        
        PID:9776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45544.exe
        14⤵
        
        PID:12164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9776 -s 236
        14⤵
        
        PID:12212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7820 -s 216
        13⤵
        
        PID:10280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6000 -s 216
        12⤵
        
        PID:8940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4376 -s 216
        11⤵
        
        PID:7344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4040 -s 216
        10⤵
        
        PID:5892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2284 -s 220
        9⤵
        
        PID:4420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2336 -s 240
        8⤵
        Program crash
        
        PID:1096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27018.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14258.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35146.exe
        9⤵
        
        PID:2436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29007.exe
        10⤵
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28644.exe
        11⤵
        
        PID:3340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19054.exe
        12⤵
        
        PID:6104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34892.exe
        13⤵
        
        PID:7696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32915.exe
        14⤵
        
        PID:8876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39799.exe
        15⤵
        
        PID:928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8876 -s 236
        15⤵
        
        PID:11984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7696 -s 216
        14⤵
        
        PID:10072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6104 -s 236
        13⤵
        
        PID:8652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3340 -s 236
        12⤵
        
        PID:6628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2472 -s 236
        11⤵
        
        PID:5524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2436 -s 236
        10⤵
        Program crash
        
        PID:4072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48036.exe
        9⤵
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18338.exe
        10⤵
        
        PID:3952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21192.exe
        11⤵
        
        PID:6020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63672.exe
        12⤵
        
        PID:7600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63148.exe
        13⤵
        
        PID:9668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41444.exe
        14⤵
        
        PID:11368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9668 -s 216
        14⤵
        
        PID:12156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7600 -s 216
        13⤵
        
        PID:10312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6020 -s 216
        12⤵
        
        PID:8584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3952 -s 216
        11⤵
        
        PID:6584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2604 -s 236
        10⤵
        
        PID:5508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1320 -s 240
        9⤵
        Program crash
        
        PID:3332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2836.exe
        8⤵
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55649.exe
        9⤵
        
        PID:1180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41472.exe
        10⤵
        
        PID:3884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3884 -s 240
        11⤵
        
        PID:5128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1180 -s 236
        10⤵
        
        PID:5584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2140 -s 236
        9⤵
        Program crash
        
        PID:3184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2828 -s 240
        8⤵
        Program crash
        
        PID:1384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1044 -s 240
        7⤵
        Program crash
        
        PID:2572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64761.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12073.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59183.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42389.exe
        9⤵
        
        PID:3308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60330.exe
        10⤵
        
        PID:4392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49095.exe
        11⤵
        
        PID:5744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43828.exe
        12⤵
        
        PID:8092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32962.exe
        13⤵
        
        PID:9640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54957.exe
        14⤵
        
        PID:11284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9640 -s 216
        14⤵
        
        PID:12124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8092 -s 216
        13⤵
        
        PID:10300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5744 -s 216
        12⤵
        
        PID:9160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4392 -s 216
        11⤵
        
        PID:6940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3308 -s 216
        10⤵
        
        PID:5728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1468 -s 216
        9⤵
        Program crash
        
        PID:4020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19748.exe
        8⤵
        
        PID:800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46495.exe
        9⤵
        
        PID:3460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41747.exe
        10⤵
        
        PID:4968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-854.exe
        11⤵
        
        PID:6128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-211.exe
        12⤵
        
        PID:7852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6978.exe
        13⤵
        
        PID:9456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25788.exe
        14⤵
        
        PID:12204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9456 -s 236
        14⤵
        
        PID:6912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7852 -s 216
        13⤵
        
        PID:10836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6128 -s 216
        12⤵
        
        PID:8624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4968 -s 216
        11⤵
        
        PID:6604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3460 -s 216
        10⤵
        
        PID:6140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 800 -s 236
        9⤵
        
        PID:4216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2872 -s 240
        8⤵
        Program crash
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12675.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63734.exe
        8⤵
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59131.exe
        9⤵
        
        PID:3836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6744.exe
        10⤵
        
        PID:5048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63677.exe
        11⤵
        
        PID:5664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63070.exe
        12⤵
        
        PID:7808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24083.exe
        13⤵
        
        PID:9520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38232.exe
        14⤵
        
        PID:11344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9520 -s 236
        14⤵
        
        PID:7392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7808 -s 216
        13⤵
        
        PID:10852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5664 -s 236
        12⤵
        
        PID:8600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5048 -s 236
        11⤵
        
        PID:6332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3836 -s 236
        10⤵
        
        PID:6072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2816 -s 236
        9⤵
        
        PID:4284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31097.exe
        8⤵
        
        PID:3868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61975.exe
        9⤵
        
        PID:5000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51041.exe
        10⤵
        
        PID:5184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43828.exe
        11⤵
        
        PID:8084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36252.exe
        12⤵
        
        PID:10212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47220.exe
        13⤵
        
        PID:11792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10212 -s 216
        13⤵
        
        PID:11664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8084 -s 216
        12⤵
        
        PID:10676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5184 -s 216
        11⤵
        
        PID:9176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5000 -s 236
        10⤵
        
        PID:7056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3868 -s 216
        9⤵
        
        PID:5848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 376 -s 240
        8⤵
        
        PID:4252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1544 -s 240
        7⤵
        Program crash
        
        PID:1400
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1648 -s 240
        6⤵
        Program crash
        
        PID:2000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21699.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37564.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56998.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51015.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56142.exe
        9⤵
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58939.exe
        10⤵
        
        PID:4080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54191.exe
        11⤵
        
        PID:4812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-662.exe
        12⤵
        
        PID:6064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9832.exe
        13⤵
        
        PID:7320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16491.exe
        14⤵
        
        PID:10112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6265.exe
        15⤵
        
        PID:2768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10112 -s 216
        15⤵
        
        PID:12000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7320 -s 216
        14⤵
        
        PID:10980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6064 -s 216
        13⤵
        
        PID:8792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4080 -s 216
        11⤵
        
        PID:5332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2532 -s 216
        10⤵
        
        PID:4696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22545.exe
        9⤵
        
        PID:3136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21903.exe
        10⤵
        
        PID:4520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23953.exe
        11⤵
        
        PID:6252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33159.exe
        12⤵
        
        PID:7328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36610.exe
        13⤵
        
        PID:10272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62840.exe
        14⤵
        
        PID:5576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10272 -s 216
        14⤵
        
        PID:6352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7328 -s 216
        13⤵
        
        PID:10484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6252 -s 236
        12⤵
        
        PID:9276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4520 -s 216
        11⤵
        
        PID:7744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3136 -s 216
        10⤵
        
        PID:6068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 296 -s 240
        9⤵
        
        PID:4896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5550.exe
        8⤵
        
        PID:2524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7600.exe
        9⤵
        
        PID:3096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33579.exe
        10⤵
        
        PID:5040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36013.exe
        11⤵
        
        PID:5216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34337.exe
        12⤵
        
        PID:7924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1415.exe
        13⤵
        
        PID:9820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35430.exe
        14⤵
        
        PID:11956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9820 -s 216
        14⤵
        
        PID:12200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7924 -s 216
        13⤵
        
        PID:10248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5216 -s 216
        12⤵
        
        PID:8920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5040 -s 216
        11⤵
        
        PID:7456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3096 -s 216
        10⤵
        
        PID:5456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2524 -s 236
        9⤵
        
        PID:4816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2528 -s 240
        8⤵
        Program crash
        
        PID:3128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4507.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63734.exe
        8⤵
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64969.exe
        9⤵
        
        PID:3196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9074.exe
        10⤵
        
        PID:4224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64253.exe
        11⤵
        
        PID:5800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2157.exe
        12⤵
        
        PID:7932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48971.exe
        13⤵
        
        PID:9752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48621.exe
        14⤵
        
        PID:11744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9752 -s 216
        14⤵
        
        PID:11920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7932 -s 216
        13⤵
        
        PID:10880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5800 -s 216
        12⤵
        
        PID:8704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4224 -s 216
        11⤵
        
        PID:7100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3196 -s 216
        10⤵
        
        PID:5260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2868 -s 216
        9⤵
        
        PID:4840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1356 -s 216
        8⤵
        Program crash
        
        PID:3292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1620 -s 240
        7⤵
        Program crash
        
        PID:2960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50454.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34487.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42581.exe
        8⤵
        
        PID:3188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55862.exe
        9⤵
        
        PID:4140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-579.exe
        10⤵
        
        PID:4048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39552.exe
        11⤵
        
        PID:7800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32531.exe
        12⤵
        
        PID:3004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41937.exe
        13⤵
        
        PID:11200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3004 -s 236
        13⤵
        
        PID:11960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7800 -s 236
        12⤵
        
        PID:9856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4048 -s 236
        11⤵
        
        PID:8896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4140 -s 216
        10⤵
        
        PID:6804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3188 -s 216
        9⤵
        
        PID:5600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 680 -s 216
        8⤵
        Program crash
        
        PID:3896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50667.exe
        7⤵
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52909.exe
        8⤵
        
        PID:3956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16859.exe
        9⤵
        
        PID:5088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11160.exe
        10⤵
        
        PID:5468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35899.exe
        11⤵
        
        PID:8056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3662.exe
        12⤵
        
        PID:9980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43935.exe
        13⤵
        
        PID:11928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9980 -s 236
        13⤵
        
        PID:8108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8056 -s 216
        12⤵
        
        PID:10904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5468 -s 216
        11⤵
        
        PID:8780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5088 -s 236
        10⤵
        
        PID:6900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3956 -s 236
        9⤵
        
        PID:5228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2004 -s 236
        8⤵
        
        PID:4340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2668 -s 240
        7⤵
        Program crash
        
        PID:2752
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 640 -s 240
        6⤵
        Program crash
        
        PID:1756
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2748 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43406.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43406.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:3024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6754.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59930.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2644.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20865.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15109.exe
        9⤵
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31913.exe
        10⤵
        
        PID:3688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21436.exe
        11⤵
        
        PID:4356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61347.exe
        12⤵
        
        PID:5692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37990.exe
        13⤵
        
        PID:7936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9225.exe
        14⤵
        
        PID:10036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50956.exe
        15⤵
        
        PID:11656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10036 -s 216
        15⤵
        
        PID:11520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7936 -s 216
        14⤵
        
        PID:10532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5692 -s 236
        13⤵
        
        PID:9024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4356 -s 216
        12⤵
        
        PID:6932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3688 -s 216
        11⤵
        
        PID:5684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2360 -s 236
        10⤵
        
        PID:4176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46858.exe
        9⤵
        
        PID:3716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43802.exe
        10⤵
        
        PID:4452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1840.exe
        11⤵
        
        PID:5920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39936.exe
        12⤵
        
        PID:8008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9033.exe
        13⤵
        
        PID:10128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43136.exe
        14⤵
        
        PID:11820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10128 -s 216
        14⤵
        
        PID:11668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8008 -s 216
        13⤵
        
        PID:10620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5920 -s 216
        12⤵
        
        PID:9104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4452 -s 216
        11⤵
        
        PID:6996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3716 -s 216
        10⤵
        
        PID:5772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2592 -s 240
        9⤵
        Program crash
        
        PID:4064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52613.exe
        8⤵
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42795.exe
        9⤵
        
        PID:4036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2812 -s 236
        9⤵
        
        PID:4640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1908 -s 240
        8⤵
        Program crash
        
        PID:3368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5083.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39614.exe
        8⤵
        
        PID:344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40081.exe
        9⤵
        
        PID:3612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37772.exe
        10⤵
        
        PID:4308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6116.exe
        11⤵
        
        PID:5436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39853.exe
        12⤵
        
        PID:7220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18717.exe
        13⤵
        
        PID:9360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6934.exe
        14⤵
        
        PID:692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9360 -s 236
        14⤵
        
        PID:11992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7220 -s 216
        13⤵
        
        PID:9496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5436 -s 216
        12⤵
        
        PID:8448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4308 -s 216
        11⤵
        
        PID:6892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3612 -s 216
        10⤵
        
        PID:5632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 344 -s 216
        9⤵
        
        PID:4164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55026.exe
        8⤵
        
        PID:3660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60138.exe
        9⤵
        
        PID:4624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32567.exe
        10⤵
        
        PID:6016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55504.exe
        11⤵
        
        PID:7636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22308.exe
        12⤵
        
        PID:9552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30453.exe
        13⤵
        
        PID:4824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9552 -s 216
        13⤵
        
        PID:12064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7636 -s 216
        12⤵
        
        PID:9816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6016 -s 216
        11⤵
        
        PID:8592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4624 -s 216
        10⤵
        
        PID:7008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3660 -s 216
        9⤵
        
        PID:5752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2776 -s 240
        8⤵
        
        PID:3112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3020 -s 220
        7⤵
        Program crash
        
        PID:1640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1253.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12696.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11025.exe
        8⤵
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53101.exe
        9⤵
        
        PID:3216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43584.exe
        10⤵
        
        PID:5236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24036.exe
        11⤵
        
        PID:7048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33631.exe
        12⤵
        
        PID:7312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3942.exe
        13⤵
        
        PID:9252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53997.exe
        14⤵
        
        PID:2864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9252 -s 216
        14⤵
        
        PID:12140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7312 -s 216
        13⤵
        
        PID:9232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7048 -s 216
        12⤵
        
        PID:8500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5236 -s 216
        11⤵
        
        PID:7272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3216 -s 216
        10⤵
        
        PID:6484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2676 -s 236
        9⤵
        
        PID:4692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2948 -s 236
        8⤵
        Program crash
        
        PID:3516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9634.exe
        7⤵
        
        PID:2952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8176.exe
        8⤵
        
        PID:3448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38815.exe
        9⤵
        
        PID:4516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2847.exe
        10⤵
        
        PID:6560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30829.exe
        11⤵
        
        PID:8284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57990.exe
        12⤵
        
        PID:10472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23837.exe
        13⤵
        
        PID:6044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8284 -s 216
        12⤵
        
        PID:11056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6560 -s 236
        11⤵
        
        PID:9400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4516 -s 216
        10⤵
        
        PID:8032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3448 -s 216
        9⤵
        
        PID:6196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2952 -s 236
        8⤵
        
        PID:5028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1040 -s 240
        7⤵
        Program crash
        
        PID:3244
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1336 -s 240
        6⤵
        Program crash
        
        PID:2852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5254.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60013.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47507.exe
        7⤵
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49920.exe
        8⤵
        
        PID:1992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36765.exe
        9⤵
        
        PID:3920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63127.exe
        10⤵
        
        PID:4544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63122.exe
        11⤵
        
        PID:6952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29542.exe
        12⤵
        
        PID:8864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58408.exe
        13⤵
        
        PID:11172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8864 -s 216
        13⤵
        
        PID:11532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6952 -s 216
        12⤵
        
        PID:9960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4544 -s 216
        11⤵
        
        PID:7520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3920 -s 216
        10⤵
        
        PID:6380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1992 -s 216
        9⤵
        
        PID:4328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2312 -s 236
        8⤵
        Program crash
        
        PID:3492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9634.exe
        7⤵
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19744.exe
        8⤵
        
        PID:3796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20040.exe
        9⤵
        
        PID:5460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35302.exe
        10⤵
        
        PID:6244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57746.exe
        11⤵
        
        PID:8604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40619.exe
        12⤵
        
        PID:10936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1470.exe
        13⤵
        
        PID:7544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8604 -s 216
        12⤵
        
        PID:11424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6244 -s 216
        11⤵
        
        PID:9848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5460 -s 216
        10⤵
        
        PID:8120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3796 -s 216
        9⤵
        
        PID:6728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2944 -s 236
        8⤵
        
        PID:4976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1612 -s 240
        7⤵
        Program crash
        
        PID:3804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50008.exe
        6⤵
        
        PID:304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21140.exe
        7⤵
        
        PID:1092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10506.exe
        8⤵
        
        PID:3636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54850.exe
        9⤵
        
        PID:5428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14689.exe
        10⤵
        
        PID:6296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37435.exe
        11⤵
        
        PID:8404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41737.exe
        12⤵
        
        PID:10796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35378.exe
        13⤵
        
        PID:7480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8404 -s 216
        12⤵
        
        PID:912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6296 -s 216
        11⤵
        
        PID:9540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5428 -s 216
        10⤵
        
        PID:7216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3636 -s 216
        9⤵
        
        PID:6720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1092 -s 216
        8⤵
        
        PID:4804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 304 -s 216
        7⤵
        Program crash
        
        PID:3656
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1428 -s 240
        6⤵
        Program crash
        
        PID:3000
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3024 -s 240
        5⤵
        Program crash
        
        PID:1704
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1728 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:2176
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54699.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54699.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24378.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24378.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21145.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64014.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1864 -s 188
        7⤵
        Program crash
        
        PID:2996
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2724 -s 236
        6⤵
        Program crash
        
        PID:2956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48233.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10812.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22235.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11663.exe
        8⤵
        
        PID:3272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47310.exe
        9⤵
        
        PID:3436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57756.exe
        10⤵
        
        PID:5784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31493.exe
        11⤵
        
        PID:7248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20663.exe
        12⤵
        
        PID:9388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32015.exe
        13⤵
        
        PID:11188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9388 -s 216
        13⤵
        
        PID:12020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7248 -s 216
        12⤵
        
        PID:10208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5784 -s 216
        11⤵
        
        PID:8472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3436 -s 216
        10⤵
        
        PID:6148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3272 -s 236
        9⤵
        
        PID:5316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2936 -s 216
        8⤵
        Program crash
        
        PID:3676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2292 -s 236
        7⤵
        Program crash
        
        PID:2640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55654.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13163.exe
        7⤵
        
        PID:2200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34051.exe
        8⤵
        
        PID:3528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-823.exe
        9⤵
        
        PID:4496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63293.exe
        10⤵
        
        PID:6100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9593.exe
        11⤵
        
        PID:7200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42282.exe
        12⤵
        
        PID:9240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29322.exe
        13⤵
        
        PID:11884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9240 -s 236
        13⤵
        
        PID:5308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7200 -s 236
        12⤵
        
        PID:10704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6100 -s 236
        11⤵
        
        PID:8252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4496 -s 216
        10⤵
        
        PID:7040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3528 -s 236
        9⤵
        
        PID:5824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2200 -s 236
        8⤵
        
        PID:3180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40827.exe
        7⤵
        
        PID:3556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19106.exe
        8⤵
        
        PID:4548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22177.exe
        9⤵
        
        PID:5232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59417.exe
        10⤵
        
        PID:7964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6075.exe
        11⤵
        
        PID:10124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15585.exe
        12⤵
        
        PID:7004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10124 -s 236
        12⤵
        
        PID:7968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7964 -s 216
        11⤵
        
        PID:10392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5232 -s 216
        10⤵
        
        PID:9064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4548 -s 216
        9⤵
        
        PID:7484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3556 -s 236
        8⤵
        
        PID:5668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2992 -s 240
        7⤵
        
        PID:3732
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2484 -s 240
        6⤵
        Program crash
        
        PID:1036
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 316 -s 240
        5⤵
        Program crash
        
        PID:2476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1279.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1279.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47678.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2369.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33584.exe
        7⤵
        
        PID:1796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26267.exe
        8⤵
        
        PID:3908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38047.exe
        9⤵
        
        PID:4292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54487.exe
        10⤵
        
        PID:5708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34337.exe
        11⤵
        
        PID:7864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18437.exe
        12⤵
        
        PID:10204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63779.exe
        13⤵
        
        PID:5452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10204 -s 216
        13⤵
        
        PID:8024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7864 -s 216
        12⤵
        
        PID:11044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5708 -s 216
        11⤵
        
        PID:8880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4292 -s 216
        10⤵
        
        PID:7352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3908 -s 216
        9⤵
        
        PID:5496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1796 -s 236
        8⤵
        
        PID:4432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33043.exe
        7⤵
        
        PID:3936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21519.exe
        8⤵
        
        PID:4488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50403.exe
        9⤵
        
        PID:6136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49666.exe
        10⤵
        
        PID:7840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14487.exe
        11⤵
        
        PID:9756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31138.exe
        12⤵
        
        PID:11324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9756 -s 216
        12⤵
        
        PID:12132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7840 -s 216
        11⤵
        
        PID:10384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6136 -s 236
        10⤵
        
        PID:8960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4488 -s 216
        9⤵
        
        PID:4812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3936 -s 216
        8⤵
        
        PID:6056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 872 -s 240
        7⤵
        
        PID:4608
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 884 -s 236
        6⤵
        Program crash
        
        PID:3056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1253.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43423.exe
        6⤵
        Executes dropped EXE
        
        PID:1676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60034.exe
        7⤵
        
        PID:2268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36189.exe
        8⤵
        
        PID:3396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18613.exe
        9⤵
        
        PID:4852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33143.exe
        10⤵
        
        PID:5716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23024.exe
        11⤵
        
        PID:7908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41514.exe
        12⤵
        
        PID:9896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34044.exe
        13⤵
        
        PID:11560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9896 -s 216
        13⤵
        
        PID:11364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7908 -s 236
        12⤵
        
        PID:10460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5716 -s 216
        11⤵
        
        PID:9016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4852 -s 236
        10⤵
        
        PID:7140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3396 -s 236
        9⤵
        
        PID:5992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2268 -s 236
        8⤵
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8155.exe
        7⤵
        
        PID:3428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10937.exe
        8⤵
        
        PID:4580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53179.exe
        9⤵
        
        PID:5804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48104.exe
        10⤵
        
        PID:7976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56096.exe
        11⤵
        
        PID:10100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42596.exe
        12⤵
        
        PID:11720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10100 -s 216
        12⤵
        
        PID:11580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7976 -s 216
        11⤵
        
        PID:10596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5804 -s 216
        10⤵
        
        PID:9072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4580 -s 216
        9⤵
        
        PID:6948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3428 -s 236
        8⤵
        
        PID:5676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1676 -s 240
        7⤵
        
        PID:3928
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1936 -s 236
        6⤵
        Program crash
        
        PID:276
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2800 -s 240
        5⤵
        Program crash
        
        PID:2892
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2464 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:2564
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2452 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2508
- C:\Users\Admin\AppData\Local\Temp\Unicorn-25871.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-25871.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2112
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13111.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13111.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37699.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37699.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21145.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33288.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45623.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26319.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1720 -s 200
        9⤵
        Program crash
        
        PID:2204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2520 -s 236
        8⤵
        Program crash
        
        PID:3708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10537.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49344.exe
        8⤵
        
        PID:3064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12670.exe
        9⤵
        
        PID:3100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-247.exe
        10⤵
        
        PID:3752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3752 -s 240
        11⤵
        
        PID:5836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3100 -s 236
        10⤵
        
        PID:5336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3064 -s 236
        9⤵
        
        PID:3288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20023.exe
        8⤵
        
        PID:3140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17990.exe
        9⤵
        
        PID:3124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43366.exe
        10⤵
        
        PID:5696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35769.exe
        11⤵
        
        PID:7192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50621.exe
        12⤵
        
        PID:9132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17433.exe
        13⤵
        
        PID:9636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9132 -s 216
        13⤵
        
        PID:11976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7192 -s 236
        12⤵
        
        PID:9908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5696 -s 216
        11⤵
        
        PID:8440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3124 -s 236
        10⤵
        
        PID:7148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3140 -s 236
        9⤵
        
        PID:5296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3036 -s 240
        8⤵
        Program crash
        
        PID:3344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1280 -s 240
        7⤵
        Program crash
        
        PID:828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52400.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9982.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31638.exe
        8⤵
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28597.exe
        9⤵
        
        PID:3968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16065.exe
        10⤵
        
        PID:5132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35904.exe
        11⤵
        
        PID:6788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10683.exe
        12⤵
        
        PID:8640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36234.exe
        13⤵
        
        PID:11020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8640 -s 216
        13⤵
        
        PID:11452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6788 -s 216
        12⤵
        
        PID:9824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5132 -s 216
        11⤵
        
        PID:7300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3968 -s 216
        10⤵
        
        PID:6336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2420 -s 236
        9⤵
        
        PID:4564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2068 -s 236
        8⤵
        Program crash
        
        PID:3408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34138.exe
        7⤵
        
        PID:2720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2720 -s 240
        8⤵
        Program crash
        
        PID:3632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3016 -s 240
        7⤵
        Program crash
        
        PID:3296
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3048 -s 240
        6⤵
        Program crash
        
        PID:2704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35980.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1048
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1048 -s 240
        6⤵
        Program crash
        
        PID:1272
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1792 -s 240
        5⤵
        Program crash
        
        PID:1732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32005.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32005.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37132.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46931.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29500.exe
        7⤵
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50470.exe
        8⤵
        
        PID:3348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54611.exe
        9⤵
        
        PID:6048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40237.exe
        10⤵
        
        PID:7504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43221.exe
        11⤵
        
        PID:9432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11402.exe
        12⤵
        
        PID:11096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9432 -s 216
        12⤵
        
        PID:12032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7504 -s 216
        11⤵
        
        PID:9340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6048 -s 236
        10⤵
        
        PID:8568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3348 -s 216
        9⤵
        
        PID:6576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2172 -s 216
        8⤵
        
        PID:4860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 832 -s 236
        7⤵
        Program crash
        
        PID:3648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58643.exe
        6⤵
        
        PID:1824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50148.exe
        7⤵
        
        PID:3456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3127.exe
        8⤵
        
        PID:5344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36480.exe
        9⤵
        
        PID:6920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26828.exe
        10⤵
        
        PID:8796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8796 -s 220
        11⤵
        
        PID:11160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6920 -s 216
        10⤵
        
        PID:9928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5344 -s 216
        9⤵
        
        PID:7400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3456 -s 236
        8⤵
        
        PID:6408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1824 -s 236
        7⤵
        
        PID:4440
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2652 -s 240
        6⤵
        Program crash
        
        PID:2820
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2324 -s 236
        5⤵
        Program crash
        
        PID:2728
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2684 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1084
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57797.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57797.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50563.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50563.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63220.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26511.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63542.exe
        7⤵
        
        PID:936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15301.exe
        8⤵
        
        PID:1940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22567.exe
        9⤵
        
        PID:3604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18203.exe
        10⤵
        
        PID:4740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8877.exe
        11⤵
        
        PID:6616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13724.exe
        12⤵
        
        PID:7868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56838.exe
        13⤵
        
        PID:9560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32716.exe
        14⤵
        
        PID:6832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9560 -s 216
        14⤵
        
        PID:8184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7868 -s 216
        13⤵
        
        PID:11256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6616 -s 216
        12⤵
        
        PID:8956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4740 -s 216
        11⤵
        
        PID:8040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3604 -s 216
        10⤵
        
        PID:6204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1940 -s 216
        9⤵
        
        PID:4104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43541.exe
        8⤵
        
        PID:3860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1674.exe
        9⤵
        
        PID:5020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11783.exe
        10⤵
        
        PID:7012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21374.exe
        11⤵
        
        PID:8912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33904.exe
        12⤵
        
        PID:11204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8912 -s 216
        12⤵
        
        PID:11548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7012 -s 216
        11⤵
        
        PID:9972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5020 -s 216
        10⤵
        
        PID:7612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3860 -s 216
        9⤵
        
        PID:6400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 936 -s 240
        8⤵
        
        PID:4364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26162.exe
        7⤵
        
        PID:1772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22375.exe
        8⤵
        
        PID:3148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60989.exe
        9⤵
        
        PID:5208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28120.exe
        10⤵
        
        PID:7076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47165.exe
        11⤵
        
        PID:8256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53138.exe
        12⤵
        
        PID:9572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58180.exe
        13⤵
        
        PID:6424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9572 -s 216
        13⤵
        
        PID:7072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8256 -s 216
        12⤵
        
        PID:10376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7076 -s 216
        11⤵
        
        PID:9320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5208 -s 236
        10⤵
        
        PID:920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3148 -s 216
        9⤵
        
        PID:6472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1772 -s 236
        8⤵
        
        PID:4664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 476 -s 240
        7⤵
        Program crash
        
        PID:3580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47761.exe
        6⤵
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54196.exe
        7⤵
        
        PID:1832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43781.exe
        8⤵
        
        PID:3172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33060.exe
        9⤵
        
        PID:5872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45883.exe
        10⤵
        
        PID:7284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22801.exe
        11⤵
        
        PID:9332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17817.exe
        12⤵
        
        PID:10416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9332 -s 216
        12⤵
        
        PID:12004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7284 -s 216
        11⤵
        
        PID:9480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5872 -s 216
        10⤵
        
        PID:8492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3172 -s 236
        9⤵
        
        PID:6180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1832 -s 216
        8⤵
        
        PID:5392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55794.exe
        7⤵
        
        PID:3744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36485.exe
        8⤵
        
        PID:5108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47964.exe
        9⤵
        
        PID:6588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41519.exe
        10⤵
        
        PID:8372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16657.exe
        11⤵
        
        PID:10732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53660.exe
        12⤵
        
        PID:8164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8372 -s 216
        11⤵
        
        PID:11140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6588 -s 216
        10⤵
        
        PID:9532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5108 -s 216
        9⤵
        
        PID:8048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3744 -s 216
        8⤵
        
        PID:6188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2084 -s 240
        7⤵
        
        PID:4236
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1724 -s 240
        6⤵
        Program crash
        
        PID:1752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45540.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32816.exe
        6⤵
        
        PID:864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9271.exe
        7⤵
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57377.exe
        8⤵
        
        PID:3568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14118.exe
        9⤵
        
        PID:4892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38618.exe
        10⤵
        
        PID:6856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41218.exe
        11⤵
        
        PID:8692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19706.exe
        12⤵
        
        PID:11068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11148.exe
        13⤵
        
        PID:7416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8692 -s 216
        12⤵
        
        PID:11468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6856 -s 236
        11⤵
        
        PID:9836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4892 -s 216
        10⤵
        
        PID:7372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3568 -s 216
        9⤵
        
        PID:6388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1980 -s 216
        8⤵
        
        PID:5112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12815.exe
        7⤵
        
        PID:3848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32401.exe
        8⤵
        
        PID:4576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50870.exe
        9⤵
        
        PID:6980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16714.exe
        10⤵
        
        PID:8756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19706.exe
        11⤵
        
        PID:11060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1527.exe
        12⤵
        
        PID:8172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8756 -s 216
        11⤵
        
        PID:11476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6980 -s 216
        10⤵
        
        PID:9876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4576 -s 216
        9⤵
        
        PID:7432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3848 -s 216
        8⤵
        
        PID:6360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 864 -s 240
        7⤵
        
        PID:4196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42690.exe
        6⤵
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30159.exe
        7⤵
        
        PID:3224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25987.exe
        8⤵
        
        PID:4600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54679.exe
        9⤵
        
        PID:6280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40751.exe
        10⤵
        
        PID:7208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20850.exe
        11⤵
        
        PID:10356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20246.exe
        12⤵
        
        PID:11648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10356 -s 236
        12⤵
        
        PID:8156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7208 -s 216
        11⤵
        
        PID:10804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6280 -s 236
        10⤵
        
        PID:8788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4600 -s 216
        9⤵
        
        PID:7756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3224 -s 216
        8⤵
        
        PID:6124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2648 -s 236
        7⤵
        
        PID:4904
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2428 -s 240
        6⤵
        Program crash
        
        PID:3592
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 408 -s 240
        5⤵
        Program crash
        
        PID:264
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1748 -s 236
      4⤵
      Program crash
      PID:1848
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2112 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:604
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1252 -s 240
  2⤵
  - Program crash
  PID:2660

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-14487.exe

Filesize
184KB

MD5
ce6aa0e34fe0459326b5bd2a636ac1a3

SHA1
3931f9b6cc8251c200f18c4566b52e3c6169472d

SHA256
040811fce2793ee27109da6960da6971c0e25a456c6d9680d267c988fd138f7a

SHA512
007820061cd0563ae87698bda4c0c2fd8f4dcf54d00fe1e92e066571c3a0509958909d0e1307047ccc255a891e6d4fd46760e7f14dad565384996ecedf35f984

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21699.exe

Filesize
184KB

MD5
0108f446cb6fcfbf25b0cfe2f4052a2f

SHA1
c9fa8a6ee0f085fe227064cd3d03b64d28ccde3b

SHA256
11b17d310cfa242a8afe70f3538a7676cfced53d2b99d001496c82f4ab796637

SHA512
20c05c41e3be46601918ebde565f8f3dc02c8da3caef5615a5ac4b0a5ecce3389b9dfbbe158144982ea2d7f85b7eb5c4a3e5ce3cb8951f5c4887fd3ef5d2eba6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32716.exe

Filesize
184KB

MD5
26ef53077bb05c75236cff4ca1c889a2

SHA1
3a81d88219f179f66064df8073752b209211bc7c

SHA256
d3bf4e8d54a7fcfa5c4b47ee141e0b7f92b54c3d24dd4f9ba58defed4d64905d

SHA512
d09803702f709b7b4b74ffb09fb3e409c6e6a738d6e3d1c24a5a3d022a9a147abdeb6f8d44540df8c4b407df85966ebf899dd40f48dce58468103d7a066a6230

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33060.exe

Filesize
184KB

MD5
b58285425997a8ec190b39033659876f

SHA1
2e6783b4f2ad07e41a4eabeea9026f8d6cb27c4e

SHA256
e718c4025f312db98d4c42a5b56fefad5c8a608360cc60670199e8b071c27d4b

SHA512
31c5d4e72ef4f43ed3abc2236e5272ec163d5f5b21378060574c93397d0a3f161e373c0bb15d999e2472fe449443e2cdbd0a07f7bf9e53d8190b16a6780d8c68

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33143.exe

Filesize
184KB

MD5
396e88e868be995222b310301913189d

SHA1
d549ed64dcc53adea04667e9dc0dc942b17b511d

SHA256
6af152f99ff474f38eed3614871d5efcfd7e6346a9a234c7191d70a615145551

SHA512
ed223426a6e5c273368d60e93868d00411f3e96fdff05d0ed58bf0616af60b9fc2ba060b38f319ce2d995c64d2f2ec8cc3a686abcfd1cd2d1370aa39fec44906

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33159.exe

Filesize
184KB

MD5
2ea0629d1e601332ba4d21d01cba4457

SHA1
a8d157f4337383537d0cf07f4108a92b571c41f3

SHA256
d670fef8153e88d39a6d9e155e67511cead8e7f2dd047e32299164a050aa2c33

SHA512
bed24c538ebabef730e22639a47ddf95f4cc4c9f5463298bf5b5277fbf121cbc393fb766815b43e725806514c6cc2e6a3840946a1eae46e51285305552d46f67

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37699.exe

Filesize
184KB

MD5
c98dd89cb48e725a9d3e1a7e9dcb1c1d

SHA1
8a780997fa0d8b472a0381eb43375c2fbb1b6233

SHA256
b4babf2623c455dc274d780218342f70702aa4f946c461c74544700430f4b2ba

SHA512
cb527f65b89af5884ba2019194bacf62ed6b9cbb6dcd845956ad770032cb25943c862460ae0c072f065609cf43e4dc06d551332cd1652a33b48f8a53cd45af7d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40827.exe

Filesize
184KB

MD5
06bfe5e88c31ff78f698d09b4bd7216f

SHA1
6f09d15b78826b9fb6143710447f3cac0353dbac

SHA256
1306c4bef07932ff0a88dd7a36584af55a81949b9590dad47b2e2cf248673f42

SHA512
b52eb3dc1438d77f1ff13d65c2973d59958d05fdd048287b1ce3f7b1d3432cd5dfc709df7ae72c813c376e2ecf51422e315fc118263e9da90e292ce78d2f4b8d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41218.exe

Filesize
184KB

MD5
c0c5133c1b44dd4a869a7e526b3da1e0

SHA1
9597172661385cd2adb88fbfac4f08d60db7dbac

SHA256
beb8a9b0d13638b8684a8dc693a52e87e16354303e801f1a19f8298131f069f8

SHA512
be24c2f969838c8131c62ca152ecb7a23c31661e7ed51d24036a86368c76109b22db4a73b12c74a14017eb3f392fcd0aaefafaf7791c570ffecd3752f9598775

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43406.exe

Filesize
184KB

MD5
8676ca9bff146686162fdb49756a3bec

SHA1
48862f693d047655bbeed5690593841a910348ca

SHA256
2f801442bf18ab48643a35b992325836b82c6c2c06ea7c26a5c727e39716685e

SHA512
fea5fa864e80fbac270c013b1a5c6675814bba88e7521599b928320cafe3dc6b718695e35136eac05b5b01213cda546ba8a108e2acda6febabfb67ba7d0db19e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48971.exe

Filesize
184KB

MD5
9ce8f6f05ce368c92efc2d46a64754c9

SHA1
c0f7b389c91bfdc1d1fa340d63fe7df4dbdaad00

SHA256
99989677d0db7aa0e2063d1f681f9cd309bad5a9ba8df6741cf2d95d68a8509f

SHA512
4d10ccf2ad097a51e5b77538b969f7ab61b48c666fbf9a59440184333791f22f4033b678474c8ca90bd2c398850641d3884c40682e985c946780e1783ee3f8ba

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52754.exe

Filesize
184KB

MD5
636db07d81aa207da0b65ddc4437e351

SHA1
c6d24a6fcb7d0806b83a67fb9d37c09b056dcdca

SHA256
ff9be83ab327f49246a0da828f2273ce74b6fa64ed5b089f4efd38700227d81c

SHA512
8e1edd40bac26300a78cec81061fb26faab452ca5225b61d5edbf060c7ad3facc86b768c64404b58953d0ecb7d15bbba68d050e3f5a896dd5fa39832562ffbb5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57797.exe

Filesize
184KB

MD5
29969490bbd7832467f8f1f1591f63cb

SHA1
50642f75cc5896ca5f79b92db90a815f278460ea

SHA256
b95fd4d09aac86aecc74f4d66132f9a2f56d718fdb79caa60767cab0c4820b2c

SHA512
b20f0e359465a7b76c2e2fad6918e86d8dc5aa103684471b8dd8010d47a375222b86edf6a895f14d35b67cb2a1d701db8d585e3b63cec1247ee5a4053b663585

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6744.exe

Filesize
184KB

MD5
a26d6d346df05f2931a31e2963550caf

SHA1
011a2e624e84a14a5cbc6c8342f24fe49ac20a28

SHA256
efc34197e9eb35ca6e9622d542bf04e4c11be66dd1bed63b3e7deccd5b7cf816

SHA512
8c9bedbd597702fe396d83dfc8a43e14a0729804cae9810166d989fa7dd6e995f02b52b21f1168d158de161297f25d5ee79ded7455743d5e552de1e3e10c2dbc

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-13111.exe

Filesize
184KB

MD5
83e73edd7c4db2f2893114659b319b75

SHA1
214044f2656b821a699d017019d5d430482ca210

SHA256
bb6e20c976d193e6e1bc7ad09fac93531f49f5b4f970895422238a6087b16821

SHA512
1982dd0053407cacb22d8401d1d89510eec58c99a211151c1d329471989605ba243bcc5789815ca98554fe6a41f42007b4e7a480e581e2b7a680d4ef50f72d59

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-23179.exe

Filesize
184KB

MD5
3c969ab273b17005265b3ada91bdcf9c

SHA1
10197eeb8030f6009a86a303e328d7778442551c

SHA256
1995963f7ae9ca247d693f5d071cb7469065c873dc976c2e6b5950c589552dfc

SHA512
7a2f1a2f55253c88cc6284927b353cb8fdfbbea19ef097753895283269bff660057d0682d190c520c75dd65821952eb85c558d329c859b70068efeca402c0dcd

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-24378.exe

Filesize
184KB

MD5
f0840b230046a2aaacc528624a4369c8

SHA1
7f6ecbe1b3c9461da9ab9d003f7372aecce25e47

SHA256
4a1da51eb7d6071b1f32cf45649a4ec6c813a9abd917f2999a91a5dd189ef259

SHA512
b167e49737264283e9f895bf625e048b7b43b667ab7a2d479391fda44d4e4c1e6f2c47c79b99418e0700d00fb8446ee409abdf53064d2ca14e6dfe389e1c10ef

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-25871.exe

Filesize
184KB

MD5
ad0f3ca931e087e7fc3df504a1890d4c

SHA1
d7d7d817d310a3aecd06e3ad935b82bbe6f313a0

SHA256
bfbd6a2e5b19eeb1e1e83e48641f5899446636099ccf0d30ed8f51d7464cc689

SHA512
166e0ea6670a1ba712c33ad4921491b45febba5bace14e4db95a965775a85c5c318f7c58927dc948f8a4243826099b3714a5ecc51e07fd2eb2437bd03deb3895

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26303.exe

Filesize
184KB

MD5
1e4e3596c2840bdfb0561715f09485b4

SHA1
0423a956f3059f379000358cd5793f190d226afa

SHA256
5b824f6e14e81c7bb43bb59882b44fd818e87f22af543b84e0de309c7b5f9188

SHA512
26822c22c2c68c85adba3cbeae040cdd5dfea65594a016c352b8d3872088b0d1d6f8874a9fb7d1da5ead89fdf4352e88b13dad080a11f082aa9e0a30de1dc69f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-2670.exe

Filesize
184KB

MD5
713d2d94db6a7a43614d4a2752b2e0f2

SHA1
ba7b91ad26412b8766d1d8a59e7907a358401f5f

SHA256
551ab78e97a1ff0bc5bbf2568727a67b85cfd2b39c8c9083f5971b1ff4e3aff2

SHA512
ed1ccafb756eea2070b7ec1eda1134d7056d87c8f60e026291ab19c8ecb8985532b93cbbdc8459972da0ede6ad825e5ab2dcc121b4558585bdbefa6408e2bd16

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-43838.exe

Filesize
184KB

MD5
d8670a954fde51090765ff4b200c370c

SHA1
b5f38233ef57816732b22438c78d200917aef555

SHA256
ce562f5286663af334710baf3ad9c47fa4ec3b9ab61403a429bc0eede5122e74

SHA512
8676859931d232c740d7f86aa3d2e4163f45cc6792428c7b657b1b2567db6db828171c782f542298d5e7822350e2d6e8d0d31914e0a8efe05a0509117374d5ca

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-54699.exe

Filesize
184KB

MD5
bb7813aead568ed9801bd4b5b07a967f

SHA1
0c31a9db49ba720e2de68dcb60a06def603fb729

SHA256
8421e2e86e0a8d86e83f10d5dd20185ce849ab2dd794c07e047496aa238c3985

SHA512
89de5469f20d63b7d6fb385efddbadf1398d599cfe62338e319c0c482234e5eb32452ecd53d74d6c6371910fa053af36f7710371a052da1c12484e8d4e49e530

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-59188.exe

Filesize
184KB

MD5
2014988ef81d2d3915bf7aaeec3009cf

SHA1
bb144b6b4798f231926f1ed06549dbce087ba75f

SHA256
a9ddd70942c9878b08cdba9c217cb6dee4c879b0896a8122d15f5db2ff461478

SHA512
88afe6a9fb095b5c9fb313fc52a6c0e9ec462da544fced4853c9d9d22a73e2431373f59667b77be3aa63efa9ed4e30544303949525b100cfc7d31ce0c670652d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-6754.exe

Filesize
184KB

MD5
f4c188eb14dd5c2fe3eca8e7e5f1c233

SHA1
45d51627efcb3777d409b1fc209a101671957cc3

SHA256
dae10d9bab9af277968d8726cc39c50f3b8d040bafb2a89888254fa245a8c2ab

SHA512
128fd21641344c3478d7b284f7581faa75d159a5ff2e1005cd254660d9ac47946d96540f4d55b2c59315299437965ac20b04cce7b1c1d316422edd4c7ba42111

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads