65229dc6e6ee39d7adec7e26101ab5c2063ebee3abfbba50cd4e3190279c4aee

Analysis

max time kernel
149s
max time network
122s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
26/05/2024, 22:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

65229dc6e6ee39d7adec7e26101ab5c2063ebee3abfbba50cd4e3190279c4aee.exe
Size

184KB
MD5

48a0f231423791825878fa2866c7346a
SHA1

e0cf4ca2c5f5e358682cd60cbd9ceff7941560b9
SHA256

65229dc6e6ee39d7adec7e26101ab5c2063ebee3abfbba50cd4e3190279c4aee
SHA512

dc14a51891c7aaefda81d2c24e8f92ccd26121999fca65a8e7f55a4cd843c07ec47ab28f8419c673d7263e22dc376a6fa39ef863324f680c7c9ec96e292c919a
SSDEEP

3072:BJ538xoTYNFcwH64eh3LRKs9+lnViFxn3:BJ4oAVH6pLYs9+lnViFx

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2936	Unicorn-5664.exe
2616	Unicorn-61725.exe
2620	Unicorn-16054.exe
2876	Unicorn-39572.exe
2412	Unicorn-33027.exe
2464	Unicorn-52893.exe
1388	Unicorn-41793.exe
1828	Unicorn-17843.exe
1620	Unicorn-33625.exe
2372	Unicorn-64351.exe
1576	Unicorn-9483.exe
2052	Unicorn-52182.exe
2508	Unicorn-32316.exe
580	Unicorn-13095.exe
524	Unicorn-54683.exe
1124	Unicorn-4927.exe
1972	Unicorn-31570.exe
1636	Unicorn-24518.exe
3068	Unicorn-16350.exe
1300	Unicorn-57937.exe
2160	Unicorn-25587.exe
940	Unicorn-53853.exe
2796	Unicorn-4673.exe
920	Unicorn-50345.exe
3016	Unicorn-35400.exe
2984	Unicorn-48721.exe
1432	Unicorn-28855.exe
2864	Unicorn-96.exe
2924	Unicorn-10957.exe
1892	Unicorn-22655.exe
2612	Unicorn-30007.exe
2692	Unicorn-10978.exe
2056	Unicorn-6894.exe
2436	Unicorn-29453.exe
2468	Unicorn-5503.exe
2408	Unicorn-56095.exe
1884	Unicorn-1227.exe
1572	Unicorn-17009.exe
1468	Unicorn-17009.exe
2332	Unicorn-58596.exe
1440	Unicorn-12924.exe
2176	Unicorn-43651.exe
1016	Unicorn-23785.exe
2008	Unicorn-56157.exe
2780	Unicorn-41212.exe
1320	Unicorn-48565.exe
2908	Unicorn-2893.exe
1144	Unicorn-60262.exe
3032	Unicorn-48010.exe
972	Unicorn-58871.exe
1496	Unicorn-13199.exe
320	Unicorn-24060.exe
1964	Unicorn-755.exe
1692	Unicorn-7532.exe
2384	Unicorn-27398.exe
996	Unicorn-21176.exe
2108	Unicorn-51902.exe
2960	Unicorn-51902.exe
2900	Unicorn-32036.exe
1616	Unicorn-17092.exe
2420	Unicorn-58679.exe
2756	Unicorn-13007.exe
2524	Unicorn-23868.exe
3024	Unicorn-8923.exe

Loads dropped DLL 64 IoCs

pid	Process
1888	65229dc6e6ee39d7adec7e26101ab5c2063ebee3abfbba50cd4e3190279c4aee.exe
1888	65229dc6e6ee39d7adec7e26101ab5c2063ebee3abfbba50cd4e3190279c4aee.exe
1888	65229dc6e6ee39d7adec7e26101ab5c2063ebee3abfbba50cd4e3190279c4aee.exe
2936	Unicorn-5664.exe
1888	65229dc6e6ee39d7adec7e26101ab5c2063ebee3abfbba50cd4e3190279c4aee.exe
2936	Unicorn-5664.exe
2620	Unicorn-16054.exe
2620	Unicorn-16054.exe
2936	Unicorn-5664.exe
2936	Unicorn-5664.exe
2616	Unicorn-61725.exe
2616	Unicorn-61725.exe
2296	WerFault.exe
2296	WerFault.exe
2296	WerFault.exe
2296	WerFault.exe
2296	WerFault.exe
2876	Unicorn-39572.exe
2876	Unicorn-39572.exe
2620	Unicorn-16054.exe
2620	Unicorn-16054.exe
2412	Unicorn-33027.exe
2412	Unicorn-33027.exe
2464	Unicorn-52893.exe
2464	Unicorn-52893.exe
2616	Unicorn-61725.exe
2616	Unicorn-61725.exe
1676	WerFault.exe
1676	WerFault.exe
1676	WerFault.exe
1676	WerFault.exe
1676	WerFault.exe
1360	WerFault.exe
1360	WerFault.exe
1360	WerFault.exe
1360	WerFault.exe
1708	WerFault.exe
1708	WerFault.exe
1708	WerFault.exe
1708	WerFault.exe
1360	WerFault.exe
1708	WerFault.exe
1388	Unicorn-41793.exe
2876	Unicorn-39572.exe
1388	Unicorn-41793.exe
2876	Unicorn-39572.exe
1620	Unicorn-33625.exe
1620	Unicorn-33625.exe
2412	Unicorn-33027.exe
2412	Unicorn-33027.exe
1828	Unicorn-17843.exe
1828	Unicorn-17843.exe
1576	Unicorn-9483.exe
1576	Unicorn-9483.exe
956	WerFault.exe
956	WerFault.exe
956	WerFault.exe
956	WerFault.exe
956	WerFault.exe
1988	WerFault.exe
1988	WerFault.exe
1988	WerFault.exe
1988	WerFault.exe
1988	WerFault.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2116	1888	WerFault.exe	27
2296	2936	WerFault.exe	28
1676	2372	WerFault.exe	39
1360	2620	WerFault.exe	30
1708	2616	WerFault.exe	29
956	2876	WerFault.exe	32
1988	2412	WerFault.exe	33
2044	1388	WerFault.exe	36
880	1620	WerFault.exe	38
2204	1828	WerFault.exe	37
2868	1576	WerFault.exe	40
1696	2464	WerFault.exe	34
1944	2508	WerFault.exe	45
844	580	WerFault.exe	46
1236	2052	WerFault.exe	44
2132	1124	WerFault.exe	48
268	524	WerFault.exe	47
2148	1972	WerFault.exe	49
1948	1636	WerFault.exe	52
2328	3068	WerFault.exe	53
2288	1300	WerFault.exe	54
2396	940	WerFault.exe	56
2784	2796	WerFault.exe	57
772	2160	WerFault.exe	55
1812	920	WerFault.exe	58
656	1432	WerFault.exe	61
2596	2984	WerFault.exe	60
2956	3016	WerFault.exe	59
1524	912	WerFault.exe	139
2668	2864	WerFault.exe	66
2552	2924	WerFault.exe	67
2564	1892	WerFault.exe	68
2844	2612	WerFault.exe	69
2840	2324	WerFault.exe	115
2712	2692	WerFault.exe	70
2684	2056	WerFault.exe	71
1556	2468	WerFault.exe	73
3188	2408	WerFault.exe	74
3196	2176	WerFault.exe	80
3220	1884	WerFault.exe	75
3212	2332	WerFault.exe	79
3204	1468	WerFault.exe	77
3244	1440	WerFault.exe	78
3284	1572	WerFault.exe	76
3292	1016	WerFault.exe	81
3432	2516	WerFault.exe	129
3260	2008	WerFault.exe	87
3484	2780	WerFault.exe	88
3712	1320	WerFault.exe	91
3680	1144	WerFault.exe	93
3836	1692	WerFault.exe	99
3176	972	WerFault.exe	96
3708	320	WerFault.exe	97
3360	2756	WerFault.exe	107
3696	2632	WerFault.exe	109
3800	2960	WerFault.exe	103
1560	2108	WerFault.exe	102
3136	2908	WerFault.exe	92
3228	1616	WerFault.exe	105
3536	2420	WerFault.exe	106
3156	1668	WerFault.exe	111
4124	1332	WerFault.exe	123
4180	2672	WerFault.exe	130
4196	996	WerFault.exe	101

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1888	65229dc6e6ee39d7adec7e26101ab5c2063ebee3abfbba50cd4e3190279c4aee.exe
2936	Unicorn-5664.exe
2616	Unicorn-61725.exe
2620	Unicorn-16054.exe
2876	Unicorn-39572.exe
2412	Unicorn-33027.exe
2464	Unicorn-52893.exe
1388	Unicorn-41793.exe
1828	Unicorn-17843.exe
1620	Unicorn-33625.exe
2372	Unicorn-64351.exe
1576	Unicorn-9483.exe
2508	Unicorn-32316.exe
2052	Unicorn-52182.exe
580	Unicorn-13095.exe
524	Unicorn-54683.exe
1972	Unicorn-31570.exe
1124	Unicorn-4927.exe
1636	Unicorn-24518.exe
3068	Unicorn-16350.exe
1300	Unicorn-57937.exe
940	Unicorn-53853.exe
2160	Unicorn-25587.exe
2796	Unicorn-4673.exe
920	Unicorn-50345.exe
2984	Unicorn-48721.exe
3016	Unicorn-35400.exe
1432	Unicorn-28855.exe
2864	Unicorn-96.exe
2924	Unicorn-10957.exe
1892	Unicorn-22655.exe
2612	Unicorn-30007.exe
2692	Unicorn-10978.exe
2056	Unicorn-6894.exe
2436	Unicorn-29453.exe
2468	Unicorn-5503.exe
1884	Unicorn-1227.exe
1572	Unicorn-17009.exe
2408	Unicorn-56095.exe
1468	Unicorn-17009.exe
2332	Unicorn-58596.exe
1440	Unicorn-12924.exe
1016	Unicorn-23785.exe
2176	Unicorn-43651.exe
2008	Unicorn-56157.exe
2780	Unicorn-41212.exe
1320	Unicorn-48565.exe
2908	Unicorn-2893.exe
1144	Unicorn-60262.exe
3032	Unicorn-48010.exe
1496	Unicorn-13199.exe
972	Unicorn-58871.exe
320	Unicorn-24060.exe
1964	Unicorn-755.exe
1692	Unicorn-7532.exe
2384	Unicorn-27398.exe
2756	Unicorn-13007.exe
1616	Unicorn-17092.exe
996	Unicorn-21176.exe
2960	Unicorn-51902.exe
2900	Unicorn-32036.exe
2108	Unicorn-51902.exe
2420	Unicorn-58679.exe
2524	Unicorn-23868.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1888 wrote to memory of 2936	1888	65229dc6e6ee39d7adec7e26101ab5c2063ebee3abfbba50cd4e3190279c4aee.exe	28
PID 1888 wrote to memory of 2936	1888	65229dc6e6ee39d7adec7e26101ab5c2063ebee3abfbba50cd4e3190279c4aee.exe	28
PID 1888 wrote to memory of 2936	1888	65229dc6e6ee39d7adec7e26101ab5c2063ebee3abfbba50cd4e3190279c4aee.exe	28
PID 1888 wrote to memory of 2936	1888	65229dc6e6ee39d7adec7e26101ab5c2063ebee3abfbba50cd4e3190279c4aee.exe	28
PID 1888 wrote to memory of 2616	1888	65229dc6e6ee39d7adec7e26101ab5c2063ebee3abfbba50cd4e3190279c4aee.exe	29
PID 1888 wrote to memory of 2616	1888	65229dc6e6ee39d7adec7e26101ab5c2063ebee3abfbba50cd4e3190279c4aee.exe	29
PID 1888 wrote to memory of 2616	1888	65229dc6e6ee39d7adec7e26101ab5c2063ebee3abfbba50cd4e3190279c4aee.exe	29
PID 1888 wrote to memory of 2616	1888	65229dc6e6ee39d7adec7e26101ab5c2063ebee3abfbba50cd4e3190279c4aee.exe	29
PID 2936 wrote to memory of 2620	2936	Unicorn-5664.exe	30
PID 2936 wrote to memory of 2620	2936	Unicorn-5664.exe	30
PID 2936 wrote to memory of 2620	2936	Unicorn-5664.exe	30
PID 2936 wrote to memory of 2620	2936	Unicorn-5664.exe	30
PID 1888 wrote to memory of 2116	1888	65229dc6e6ee39d7adec7e26101ab5c2063ebee3abfbba50cd4e3190279c4aee.exe	31
PID 1888 wrote to memory of 2116	1888	65229dc6e6ee39d7adec7e26101ab5c2063ebee3abfbba50cd4e3190279c4aee.exe	31
PID 1888 wrote to memory of 2116	1888	65229dc6e6ee39d7adec7e26101ab5c2063ebee3abfbba50cd4e3190279c4aee.exe	31
PID 1888 wrote to memory of 2116	1888	65229dc6e6ee39d7adec7e26101ab5c2063ebee3abfbba50cd4e3190279c4aee.exe	31
PID 2620 wrote to memory of 2876	2620	Unicorn-16054.exe	32
PID 2620 wrote to memory of 2876	2620	Unicorn-16054.exe	32
PID 2620 wrote to memory of 2876	2620	Unicorn-16054.exe	32
PID 2620 wrote to memory of 2876	2620	Unicorn-16054.exe	32
PID 2936 wrote to memory of 2412	2936	Unicorn-5664.exe	33
PID 2936 wrote to memory of 2412	2936	Unicorn-5664.exe	33
PID 2936 wrote to memory of 2412	2936	Unicorn-5664.exe	33
PID 2936 wrote to memory of 2412	2936	Unicorn-5664.exe	33
PID 2616 wrote to memory of 2464	2616	Unicorn-61725.exe	34
PID 2616 wrote to memory of 2464	2616	Unicorn-61725.exe	34
PID 2616 wrote to memory of 2464	2616	Unicorn-61725.exe	34
PID 2616 wrote to memory of 2464	2616	Unicorn-61725.exe	34
PID 2936 wrote to memory of 2296	2936	Unicorn-5664.exe	35
PID 2936 wrote to memory of 2296	2936	Unicorn-5664.exe	35
PID 2936 wrote to memory of 2296	2936	Unicorn-5664.exe	35
PID 2936 wrote to memory of 2296	2936	Unicorn-5664.exe	35
PID 2876 wrote to memory of 1388	2876	Unicorn-39572.exe	36
PID 2876 wrote to memory of 1388	2876	Unicorn-39572.exe	36
PID 2876 wrote to memory of 1388	2876	Unicorn-39572.exe	36
PID 2876 wrote to memory of 1388	2876	Unicorn-39572.exe	36
PID 2620 wrote to memory of 1828	2620	Unicorn-16054.exe	37
PID 2620 wrote to memory of 1828	2620	Unicorn-16054.exe	37
PID 2620 wrote to memory of 1828	2620	Unicorn-16054.exe	37
PID 2620 wrote to memory of 1828	2620	Unicorn-16054.exe	37
PID 2412 wrote to memory of 1620	2412	Unicorn-33027.exe	38
PID 2412 wrote to memory of 1620	2412	Unicorn-33027.exe	38
PID 2412 wrote to memory of 1620	2412	Unicorn-33027.exe	38
PID 2412 wrote to memory of 1620	2412	Unicorn-33027.exe	38
PID 2464 wrote to memory of 2372	2464	Unicorn-52893.exe	39
PID 2464 wrote to memory of 2372	2464	Unicorn-52893.exe	39
PID 2464 wrote to memory of 2372	2464	Unicorn-52893.exe	39
PID 2464 wrote to memory of 2372	2464	Unicorn-52893.exe	39
PID 2616 wrote to memory of 1576	2616	Unicorn-61725.exe	40
PID 2616 wrote to memory of 1576	2616	Unicorn-61725.exe	40
PID 2616 wrote to memory of 1576	2616	Unicorn-61725.exe	40
PID 2616 wrote to memory of 1576	2616	Unicorn-61725.exe	40
PID 2372 wrote to memory of 1676	2372	Unicorn-64351.exe	41
PID 2372 wrote to memory of 1676	2372	Unicorn-64351.exe	41
PID 2372 wrote to memory of 1676	2372	Unicorn-64351.exe	41
PID 2372 wrote to memory of 1676	2372	Unicorn-64351.exe	41
PID 2620 wrote to memory of 1360	2620	Unicorn-16054.exe	42
PID 2620 wrote to memory of 1360	2620	Unicorn-16054.exe	42
PID 2620 wrote to memory of 1360	2620	Unicorn-16054.exe	42
PID 2620 wrote to memory of 1360	2620	Unicorn-16054.exe	42
PID 2616 wrote to memory of 1708	2616	Unicorn-61725.exe	43
PID 2616 wrote to memory of 1708	2616	Unicorn-61725.exe	43
PID 2616 wrote to memory of 1708	2616	Unicorn-61725.exe	43
PID 2616 wrote to memory of 1708	2616	Unicorn-61725.exe	43

C:\Users\Admin\AppData\Local\Temp\65229dc6e6ee39d7adec7e26101ab5c2063ebee3abfbba50cd4e3190279c4aee.exe
"C:\Users\Admin\AppData\Local\Temp\65229dc6e6ee39d7adec7e26101ab5c2063ebee3abfbba50cd4e3190279c4aee.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1888
- C:\Users\Admin\AppData\Local\Temp\Unicorn-5664.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-5664.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2936
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16054.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16054.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39572.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39572.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41793.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52182.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25587.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56095.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51902.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11528.exe
        10⤵
        
        PID:1056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6842.exe
        11⤵
        
        PID:3996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26215.exe
        12⤵
        
        PID:5324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14258.exe
        13⤵
        
        PID:6888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1025.exe
        14⤵
        
        PID:9288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32635.exe
        15⤵
        
        PID:13168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9288 -s 216
        15⤵
        
        PID:7192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6888 -s 216
        14⤵
        
        PID:10996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5324 -s 216
        13⤵
        
        PID:7844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3996 -s 216
        12⤵
        
        PID:5404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1056 -s 236
        11⤵
        
        PID:4764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40261.exe
        10⤵
        
        PID:4040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5026.exe
        11⤵
        
        PID:4732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38763.exe
        12⤵
        
        PID:6700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37144.exe
        13⤵
        
        PID:10164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14440.exe
        14⤵
        
        PID:11540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10164 -s 220
        14⤵
        
        PID:12704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6700 -s 216
        13⤵
        
        PID:11076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4732 -s 216
        12⤵
        
        PID:7568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4040 -s 236
        11⤵
        
        PID:5264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2960 -s 240
        10⤵
        Program crash
        
        PID:3800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53116.exe
        9⤵
        
        PID:2336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2408 -s 240
        9⤵
        Program crash
        
        PID:3188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58679.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50423.exe
        9⤵
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49821.exe
        10⤵
        
        PID:3860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13194.exe
        11⤵
        
        PID:4660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38763.exe
        12⤵
        
        PID:6692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5073.exe
        13⤵
        
        PID:9496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16714.exe
        14⤵
        
        PID:11532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9496 -s 216
        14⤵
        
        PID:12464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6692 -s 236
        13⤵
        
        PID:10432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4660 -s 216
        12⤵
        
        PID:7732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3860 -s 216
        11⤵
        
        PID:5360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3052 -s 216
        10⤵
        
        PID:4648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56598.exe
        9⤵
        
        PID:3896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9686.exe
        10⤵
        
        PID:5044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55099.exe
        11⤵
        
        PID:7048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3786.exe
        12⤵
        
        PID:9280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52650.exe
        13⤵
        
        PID:12280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9280 -s 216
        13⤵
        
        PID:13140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7048 -s 216
        12⤵
        
        PID:11180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5044 -s 216
        11⤵
        
        PID:7268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3896 -s 236
        10⤵
        
        PID:6216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2420 -s 240
        9⤵
        Program crash
        
        PID:3536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2160 -s 240
        8⤵
        Program crash
        
        PID:772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1227.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17092.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1414.exe
        9⤵
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23179.exe
        10⤵
        
        PID:3700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20569.exe
        11⤵
        
        PID:5612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45836.exe
        12⤵
        
        PID:7476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7507.exe
        13⤵
        
        PID:10292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56986.exe
        14⤵
        
        PID:9208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7476 -s 216
        13⤵
        
        PID:11688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5612 -s 216
        12⤵
        
        PID:8920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3700 -s 216
        11⤵
        
        PID:7088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1752 -s 236
        10⤵
        
        PID:4844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64766.exe
        9⤵
        
        PID:3764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37699.exe
        10⤵
        
        PID:4916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49069.exe
        11⤵
        
        PID:6856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26838.exe
        12⤵
        
        PID:10216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62956.exe
        13⤵
        
        PID:12112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10216 -s 216
        13⤵
        
        PID:12984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6856 -s 220
        12⤵
        
        PID:11088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4916 -s 216
        11⤵
        
        PID:5716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3764 -s 236
        10⤵
        
        PID:5824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1616 -s 240
        9⤵
        Program crash
        
        PID:3228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8191.exe
        8⤵
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60127.exe
        9⤵
        
        PID:4080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56557.exe
        10⤵
        
        PID:4976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11627.exe
        11⤵
        
        PID:6380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38405.exe
        12⤵
        
        PID:9600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52842.exe
        13⤵
        
        PID:6136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9600 -s 204
        13⤵
        
        PID:12472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6380 -s 216
        12⤵
        
        PID:10248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4976 -s 216
        11⤵
        
        PID:7536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4080 -s 216
        10⤵
        
        PID:6560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2308 -s 236
        9⤵
        
        PID:4780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1884 -s 240
        8⤵
        Program crash
        
        PID:3220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2052 -s 240
        7⤵
        Program crash
        
        PID:1236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53853.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6894.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13199.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61222.exe
        9⤵
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51383.exe
        10⤵
        
        PID:3812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21555.exe
        11⤵
        
        PID:4616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47123.exe
        12⤵
        
        PID:6660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52520.exe
        13⤵
        
        PID:9680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15151.exe
        14⤵
        
        PID:12076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9680 -s 216
        14⤵
        
        PID:12640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6660 -s 236
        13⤵
        
        PID:10644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4616 -s 236
        12⤵
        
        PID:7584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3812 -s 236
        11⤵
        
        PID:5624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2912 -s 236
        10⤵
        
        PID:4296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54076.exe
        9⤵
        
        PID:3876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5794.exe
        10⤵
        
        PID:5144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38654.exe
        11⤵
        
        PID:7128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7128 -s 208
        12⤵
        
        PID:10008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5144 -s 220
        11⤵
        
        PID:8512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3876 -s 216
        10⤵
        
        PID:6832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1496 -s 240
        9⤵
        
        PID:4348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37272.exe
        8⤵
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4320.exe
        9⤵
        
        PID:3912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41783.exe
        10⤵
        
        PID:4880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5898.exe
        11⤵
        
        PID:6936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18670.exe
        12⤵
        
        PID:10132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37601.exe
        13⤵
        
        PID:11944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10132 -s 216
        13⤵
        
        PID:13112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6936 -s 216
        12⤵
        
        PID:11004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4880 -s 216
        11⤵
        
        PID:7904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3912 -s 216
        10⤵
        
        PID:5760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2576 -s 236
        9⤵
        
        PID:4356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2056 -s 240
        8⤵
        Program crash
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24060.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57138.exe
        8⤵
        
        PID:3020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22987.exe
        9⤵
        
        PID:3444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49868.exe
        10⤵
        
        PID:4048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35509.exe
        11⤵
        
        PID:5796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28016.exe
        12⤵
        
        PID:9736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12904.exe
        13⤵
        
        PID:12208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9736 -s 216
        13⤵
        
        PID:13004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5796 -s 216
        12⤵
        
        PID:10676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4048 -s 216
        11⤵
        
        PID:7956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3444 -s 236
        10⤵
        
        PID:5384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22410.exe
        9⤵
        
        PID:3652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21119.exe
        10⤵
        
        PID:5508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55872.exe
        11⤵
        
        PID:10032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18655.exe
        12⤵
        
        PID:12668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10032 -s 216
        12⤵
        
        PID:6436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5508 -s 216
        11⤵
        
        PID:10592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3652 -s 236
        10⤵
        
        PID:8004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3020 -s 220
        9⤵
        
        PID:5496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52322.exe
        8⤵
        
        PID:3548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48882.exe
        9⤵
        
        PID:4100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64097.exe
        10⤵
        
        PID:5456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32676.exe
        11⤵
        
        PID:9872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37793.exe
        12⤵
        
        PID:12260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9872 -s 216
        12⤵
        
        PID:13012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5456 -s 216
        11⤵
        
        PID:10796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4100 -s 236
        10⤵
        
        PID:7992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3548 -s 236
        9⤵
        
        PID:5480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 320 -s 240
        8⤵
        Program crash
        
        PID:3708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 940 -s 240
        7⤵
        Program crash
        
        PID:2396
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1388 -s 240
        6⤵
        Program crash
        
        PID:2044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32316.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24518.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-96.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-96.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2864 -s 240
        8⤵
        Program crash
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56157.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65498.exe
        8⤵
        
        PID:2324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2324 -s 240
        9⤵
        Program crash
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13043.exe
        8⤵
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45208.exe
        9⤵
        
        PID:3588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26023.exe
        10⤵
        
        PID:4364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9982.exe
        11⤵
        
        PID:6276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7439.exe
        12⤵
        
        PID:9800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26496.exe
        13⤵
        
        PID:12916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9800 -s 216
        13⤵
        
        PID:7196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6276 -s 220
        12⤵
        
        PID:11276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4364 -s 216
        11⤵
        
        PID:7780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3588 -s 236
        10⤵
        
        PID:6332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1664 -s 236
        9⤵
        
        PID:4236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2008 -s 240
        8⤵
        Program crash
        
        PID:3260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1636 -s 240
        7⤵
        Program crash
        
        PID:1948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10957.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41212.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63360.exe
        8⤵
        
        PID:1332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30771.exe
        9⤵
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47154.exe
        10⤵
        
        PID:3804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23885.exe
        11⤵
        
        PID:4788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50823.exe
        12⤵
        
        PID:6268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50766.exe
        13⤵
        
        PID:9544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16714.exe
        14⤵
        
        PID:1220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9544 -s 216
        14⤵
        
        PID:12456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6268 -s 236
        13⤵
        
        PID:10500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4788 -s 236
        12⤵
        
        PID:7316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3804 -s 236
        11⤵
        
        PID:5984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2432 -s 236
        10⤵
        
        PID:4728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49847.exe
        9⤵
        
        PID:3928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10070.exe
        10⤵
        
        PID:4120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60828.exe
        11⤵
        
        PID:6516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46765.exe
        12⤵
        
        PID:9340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10055.exe
        13⤵
        
        PID:12248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9340 -s 204
        13⤵
        
        PID:13216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6516 -s 216
        12⤵
        
        PID:10288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4120 -s 236
        11⤵
        
        PID:8220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3928 -s 236
        10⤵
        
        PID:6620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1332 -s 240
        9⤵
        Program crash
        
        PID:4124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41631.exe
        8⤵
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18374.exe
        9⤵
        
        PID:3076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26407.exe
        10⤵
        
        PID:5060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5213.exe
        11⤵
        
        PID:6916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61539.exe
        12⤵
        
        PID:9772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26932.exe
        13⤵
        
        PID:12304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9772 -s 216
        13⤵
        
        PID:7680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6916 -s 220
        12⤵
        
        PID:10360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5060 -s 216
        11⤵
        
        PID:8440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3076 -s 216
        10⤵
        
        PID:6776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2212 -s 236
        9⤵
        
        PID:4908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2780 -s 240
        8⤵
        Program crash
        
        PID:3484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39410.exe
        7⤵
        
        PID:1868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61497.exe
        8⤵
        
        PID:2304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26542.exe
        9⤵
        
        PID:3992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38659.exe
        10⤵
        
        PID:4388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3267.exe
        11⤵
        
        PID:6668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41119.exe
        12⤵
        
        PID:9832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37430.exe
        13⤵
        
        PID:932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9832 -s 216
        13⤵
        
        PID:7672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6668 -s 220
        12⤵
        
        PID:10404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4388 -s 216
        11⤵
        
        PID:8360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2304 -s 236
        9⤵
        
        PID:4900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55877.exe
        8⤵
        
        PID:3108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49349.exe
        9⤵
        
        PID:5352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16288.exe
        10⤵
        
        PID:7176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20891.exe
        11⤵
        
        PID:9368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42365.exe
        12⤵
        
        PID:12968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9368 -s 216
        12⤵
        
        PID:7264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7176 -s 216
        11⤵
        
        PID:11024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5352 -s 216
        10⤵
        
        PID:8736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3108 -s 216
        9⤵
        
        PID:7120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1868 -s 240
        8⤵
        
        PID:4536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2924 -s 240
        7⤵
        Program crash
        
        PID:2552
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2508 -s 240
        6⤵
        Program crash
        
        PID:1944
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2876 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17843.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17843.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4927.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4673.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29453.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-755.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8513.exe
        9⤵
        
        PID:1200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60127.exe
        10⤵
        
        PID:4088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34767.exe
        11⤵
        
        PID:5704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5704 -s 300
        12⤵
        
        PID:8068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4088 -s 216
        11⤵
        
        PID:7140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1200 -s 216
        10⤵
        
        PID:4212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57667.exe
        9⤵
        
        PID:1776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38851.exe
        10⤵
        
        PID:5676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39614.exe
        11⤵
        
        PID:7560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9453.exe
        12⤵
        
        PID:10372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5310.exe
        13⤵
        
        PID:2972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7560 -s 236
        12⤵
        
        PID:11748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5676 -s 220
        11⤵
        
        PID:8984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1776 -s 216
        10⤵
        
        PID:6376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1964 -s 240
        9⤵
        
        PID:4220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32695.exe
        8⤵
        
        PID:912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 912 -s 180
        9⤵
        Program crash
        
        PID:1524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2436 -s 240
        8⤵
        
        PID:4792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7532.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53054.exe
        8⤵
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49629.exe
        9⤵
        
        PID:3512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21664.exe
        10⤵
        
        PID:3152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31425.exe
        11⤵
        
        PID:5864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23932.exe
        12⤵
        
        PID:9776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15042.exe
        13⤵
        
        PID:11740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9776 -s 220
        13⤵
        
        PID:13072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5864 -s 216
        12⤵
        
        PID:10688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3152 -s 236
        11⤵
        
        PID:7968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3512 -s 216
        10⤵
        
        PID:5392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24356.exe
        9⤵
        
        PID:3760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58259.exe
        10⤵
        
        PID:5532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24124.exe
        11⤵
        
        PID:9648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48016.exe
        12⤵
        
        PID:11680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9648 -s 216
        12⤵
        
        PID:12580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5532 -s 236
        11⤵
        
        PID:10572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3760 -s 236
        10⤵
        
        PID:7896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1684 -s 240
        9⤵
        
        PID:5344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40069.exe
        8⤵
        
        PID:3612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37232.exe
        9⤵
        
        PID:4052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35810.exe
        10⤵
        
        PID:5544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29879.exe
        11⤵
        
        PID:9256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63584.exe
        12⤵
        
        PID:12060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9256 -s 236
        12⤵
        
        PID:12360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5544 -s 216
        11⤵
        
        PID:9712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4052 -s 216
        10⤵
        
        PID:7720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3612 -s 236
        9⤵
        
        PID:5988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1692 -s 240
        8⤵
        Program crash
        
        PID:3836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2796 -s 240
        7⤵
        Program crash
        
        PID:2784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5503.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27398.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48477.exe
        8⤵
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2950.exe
        9⤵
        
        PID:4068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7740.exe
        10⤵
        
        PID:5268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30294.exe
        11⤵
        
        PID:7024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57071.exe
        12⤵
        
        PID:9360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62764.exe
        13⤵
        
        PID:12100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9360 -s 204
        13⤵
        
        PID:13192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7024 -s 216
        12⤵
        
        PID:11196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5268 -s 220
        11⤵
        
        PID:8652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4068 -s 216
        10⤵
        
        PID:6980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2236 -s 236
        9⤵
        
        PID:4484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44538.exe
        8⤵
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34959.exe
        9⤵
        
        PID:5468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33200.exe
        10⤵
        
        PID:7296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7123.exe
        11⤵
        
        PID:2708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2708 -s 224
        12⤵
        
        PID:8548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7296 -s 216
        11⤵
        
        PID:11592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5468 -s 216
        10⤵
        
        PID:8820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2320 -s 216
        9⤵
        
        PID:6344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2384 -s 240
        8⤵
        
        PID:5076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24527.exe
        7⤵
        
        PID:1516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8980.exe
        8⤵
        
        PID:3456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40989.exe
        9⤵
        
        PID:5524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31638.exe
        10⤵
        
        PID:7408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29106.exe
        11⤵
        
        PID:9456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-847.exe
        12⤵
        
        PID:8100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9456 -s 236
        12⤵
        
        PID:9132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7408 -s 216
        11⤵
        
        PID:11584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5524 -s 216
        10⤵
        
        PID:8864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3456 -s 216
        9⤵
        
        PID:6172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1516 -s 236
        8⤵
        
        PID:4492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2468 -s 240
        7⤵
        Program crash
        
        PID:1556
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1124 -s 240
        6⤵
        Program crash
        
        PID:2132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50345.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17009.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43734.exe
        7⤵
        
        PID:2632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31709.exe
        8⤵
        
        PID:3660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26132.exe
        9⤵
        
        PID:4224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7652.exe
        10⤵
        
        PID:6300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52904.exe
        11⤵
        
        PID:10012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37601.exe
        12⤵
        
        PID:3308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10012 -s 216
        12⤵
        
        PID:13088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6300 -s 236
        11⤵
        
        PID:10892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4224 -s 216
        10⤵
        
        PID:7352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3660 -s 236
        9⤵
        
        PID:6140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2632 -s 236
        8⤵
        Program crash
        
        PID:3696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61284.exe
        7⤵
        
        PID:768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47875.exe
        8⤵
        
        PID:3256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35596.exe
        9⤵
        
        PID:5124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3256 -s 216
        9⤵
        
        PID:6064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 768 -s 216
        8⤵
        
        PID:4428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1572 -s 240
        7⤵
        Program crash
        
        PID:3284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54595.exe
        6⤵
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54507.exe
        7⤵
        
        PID:1268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29593.exe
        8⤵
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55379.exe
        9⤵
        
        PID:5596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43698.exe
        10⤵
        
        PID:7528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30066.exe
        11⤵
        
        PID:10324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40650.exe
        12⤵
        
        PID:8508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7528 -s 216
        11⤵
        
        PID:11716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2140 -s 216
        9⤵
        
        PID:6280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1268 -s 236
        8⤵
        
        PID:4756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5451.exe
        7⤵
        
        PID:3120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56557.exe
        8⤵
        
        PID:4992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60828.exe
        9⤵
        
        PID:6552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46765.exe
        10⤵
        
        PID:9564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54046.exe
        11⤵
        
        PID:2280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9564 -s 216
        11⤵
        
        PID:12620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6552 -s 216
        10⤵
        
        PID:11216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4992 -s 216
        9⤵
        
        PID:8228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3120 -s 216
        8⤵
        
        PID:6568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1668 -s 220
        7⤵
        Program crash
        
        PID:3156
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 920 -s 240
        6⤵
        Program crash
        
        PID:1812
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1828 -s 240
        5⤵
        Program crash
        
        PID:2204
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2620 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1360
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33027.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33027.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33625.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33625.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13095.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16350.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22655.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2893.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34580.exe
        9⤵
        
        PID:1956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45929.exe
        10⤵
        
        PID:4000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16485.exe
        11⤵
        
        PID:5440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59842.exe
        12⤵
        
        PID:7248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9733.exe
        13⤵
        
        PID:9592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15151.exe
        14⤵
        
        PID:12056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9592 -s 216
        14⤵
        
        PID:12632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7248 -s 236
        13⤵
        
        PID:10544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5440 -s 216
        12⤵
        
        PID:8772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4000 -s 216
        11⤵
        
        PID:6252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1956 -s 236
        10⤵
        
        PID:4828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21979.exe
        9⤵
        
        PID:4032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11056.exe
        10⤵
        
        PID:4852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22427.exe
        11⤵
        
        PID:6788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1181.exe
        12⤵
        
        PID:9384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33242.exe
        13⤵
        
        PID:12156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9384 -s 216
        13⤵
        
        PID:12408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4852 -s 216
        11⤵
        
        PID:7812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4032 -s 216
        10⤵
        
        PID:5248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2908 -s 240
        9⤵
        Program crash
        
        PID:3136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10630.exe
        8⤵
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31155.exe
        9⤵
        
        PID:3716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51705.exe
        10⤵
        
        PID:4408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34103.exe
        11⤵
        
        PID:6520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53480.exe
        12⤵
        
        PID:10120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14440.exe
        13⤵
        
        PID:12284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 220
        13⤵
        
        PID:12252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6520 -s 216
        12⤵
        
        PID:10944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4408 -s 236
        11⤵
        
        PID:7500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3716 -s 216
        10⤵
        
        PID:5276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2672 -s 236
        9⤵
        Program crash
        
        PID:4180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1892 -s 240
        8⤵
        Program crash
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48565.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12213.exe
        8⤵
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49053.exe
        9⤵
        
        PID:3096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33340.exe
        10⤵
        
        PID:3504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27258.exe
        11⤵
        
        PID:5280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63215.exe
        12⤵
        
        PID:7388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21706.exe
        13⤵
        
        PID:10472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42067.exe
        14⤵
        
        PID:8760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7388 -s 236
        13⤵
        
        PID:11792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5280 -s 216
        12⤵
        
        PID:9244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3504 -s 236
        11⤵
        
        PID:7340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3096 -s 236
        10⤵
        
        PID:5916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35840.exe
        9⤵
        
        PID:3620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6261.exe
        10⤵
        
        PID:5156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51046.exe
        11⤵
        
        PID:8564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54653.exe
        12⤵
        
        PID:11016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8564 -s 236
        12⤵
        
        PID:11972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5156 -s 216
        11⤵
        
        PID:9856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3620 -s 216
        10⤵
        
        PID:7320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2232 -s 240
        9⤵
        
        PID:5872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25103.exe
        8⤵
        
        PID:3128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35286.exe
        9⤵
        
        PID:3740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29396.exe
        10⤵
        
        PID:5216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17606.exe
        11⤵
        
        PID:8500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9728.exe
        12⤵
        
        PID:10980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8500 -s 216
        12⤵
        
        PID:11956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5216 -s 216
        11⤵
        
        PID:9704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3740 -s 216
        10⤵
        
        PID:7328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3128 -s 236
        9⤵
        
        PID:5880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1320 -s 240
        8⤵
        Program crash
        
        PID:3712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3068 -s 240
        7⤵
        Program crash
        
        PID:2328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30007.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60262.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42940.exe
        8⤵
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40885.exe
        9⤵
        
        PID:3164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14673.exe
        10⤵
        
        PID:3956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25504.exe
        11⤵
        
        PID:5780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41451.exe
        12⤵
        
        PID:7796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61394.exe
        13⤵
        
        PID:9272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64295.exe
        14⤵
        
        PID:7664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9272 -s 216
        14⤵
        
        PID:8964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7796 -s 236
        13⤵
        
        PID:11476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5780 -s 236
        12⤵
        
        PID:8476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3956 -s 216
        11⤵
        
        PID:7616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3164 -s 236
        10⤵
        
        PID:6032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5690.exe
        9⤵
        
        PID:3104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52146.exe
        10⤵
        
        PID:5812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21851.exe
        11⤵
        
        PID:6584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6584 -s 220
        12⤵
        
        PID:9588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5812 -s 236
        11⤵
        
        PID:7548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35425.exe
        10⤵
        
        PID:6632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53480.exe
        11⤵
        
        PID:10112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14440.exe
        12⤵
        
        PID:12276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10112 -s 220
        12⤵
        
        PID:12680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6632 -s 216
        11⤵
        
        PID:10956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3104 -s 220
        10⤵
        
        PID:7576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2792 -s 240
        9⤵
        
        PID:6040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27049.exe
        8⤵
        
        PID:3344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37232.exe
        9⤵
        
        PID:4060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23558.exe
        10⤵
        
        PID:5608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28073.exe
        11⤵
        
        PID:6408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32100.exe
        12⤵
        
        PID:9720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24498.exe
        13⤵
        
        PID:12120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9720 -s 216
        13⤵
        
        PID:2080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6408 -s 216
        12⤵
        
        PID:10664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5608 -s 236
        11⤵
        
        PID:7432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53132.exe
        10⤵
        
        PID:6480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25878.exe
        11⤵
        
        PID:9348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8545.exe
        12⤵
        
        PID:12264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9348 -s 216
        12⤵
        
        PID:12428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6480 -s 236
        11⤵
        
        PID:10252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4060 -s 220
        10⤵
        
        PID:7488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3344 -s 216
        9⤵
        
        PID:6008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1144 -s 240
        8⤵
        Program crash
        
        PID:3680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18798.exe
        7⤵
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54097.exe
        8⤵
        
        PID:3960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56173.exe
        9⤵
        
        PID:4980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5898.exe
        10⤵
        
        PID:6928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12063.exe
        11⤵
        
        PID:9972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37601.exe
        12⤵
        
        PID:12032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9972 -s 216
        12⤵
        
        PID:13104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6928 -s 216
        11⤵
        
        PID:10856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4980 -s 216
        10⤵
        
        PID:7888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3960 -s 236
        9⤵
        
        PID:5556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2696 -s 236
        8⤵
        
        PID:4432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2612 -s 240
        7⤵
        Program crash
        
        PID:2844
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 580 -s 240
        6⤵
        Program crash
        
        PID:844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57937.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10978.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48010.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26412.exe
        8⤵
        
        PID:2444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59743.exe
        9⤵
        
        PID:3752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3272.exe
        10⤵
        
        PID:4936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12696.exe
        11⤵
        
        PID:6404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26153.exe
        12⤵
        
        PID:9656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52842.exe
        13⤵
        
        PID:1484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9656 -s 204
        13⤵
        
        PID:12312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6404 -s 216
        12⤵
        
        PID:11252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4936 -s 216
        11⤵
        
        PID:8212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3752 -s 236
        10⤵
        
        PID:6536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2444 -s 236
        9⤵
        
        PID:4272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31517.exe
        8⤵
        
        PID:3784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40605.exe
        9⤵
        
        PID:4308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5213.exe
        10⤵
        
        PID:6948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36843.exe
        11⤵
        
        PID:9916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25562.exe
        12⤵
        
        PID:12344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9916 -s 204
        12⤵
        
        PID:7704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6948 -s 216
        11⤵
        
        PID:10520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4308 -s 216
        10⤵
        
        PID:8432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3784 -s 216
        9⤵
        
        PID:6824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3032 -s 240
        8⤵
        
        PID:4340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2462.exe
        7⤵
        
        PID:2144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47299.exe
        8⤵
        
        PID:3844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21747.exe
        9⤵
        
        PID:5032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40325.exe
        10⤵
        
        PID:6360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5032 -s 236
        10⤵
        
        PID:7464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3844 -s 216
        9⤵
        
        PID:5124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2144 -s 236
        8⤵
        
        PID:4316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2692 -s 240
        7⤵
        Program crash
        
        PID:2712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58871.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65306.exe
        7⤵
        
        PID:2516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2516 -s 220
        8⤵
        Program crash
        
        PID:3432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17511.exe
        7⤵
        
        PID:3576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23610.exe
        8⤵
        
        PID:4028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14896.exe
        9⤵
        
        PID:5980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30730.exe
        10⤵
        
        PID:9804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32666.exe
        11⤵
        
        PID:12092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9804 -s 236
        11⤵
        
        PID:11696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5980 -s 216
        10⤵
        
        PID:10728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4028 -s 236
        9⤵
        
        PID:7980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3576 -s 216
        8⤵
        
        PID:5460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 972 -s 240
        7⤵
        Program crash
        
        PID:3176
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1300 -s 240
        6⤵
        Program crash
        
        PID:2288
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1620 -s 240
        5⤵
        Program crash
        
        PID:880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54683.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54683.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35400.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43651.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21176.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5498.exe
        8⤵
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17149.exe
        9⤵
        
        PID:3184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50719.exe
        10⤵
        
        PID:4140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24373.exe
        11⤵
        
        PID:7004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18177.exe
        12⤵
        
        PID:9428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32422.exe
        13⤵
        
        PID:12240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9428 -s 216
        13⤵
        
        PID:6292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7004 -s 216
        12⤵
        
        PID:11204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4140 -s 216
        11⤵
        
        PID:8096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3184 -s 236
        10⤵
        
        PID:5564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2608 -s 236
        9⤵
        
        PID:4512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50568.exe
        8⤵
        
        PID:3480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51103.exe
        9⤵
        
        PID:5052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52276.exe
        10⤵
        
        PID:6804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54274.exe
        11⤵
        
        PID:9412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29158.exe
        12⤵
        
        PID:12188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9412 -s 216
        12⤵
        
        PID:12380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6804 -s 216
        11⤵
        
        PID:10364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5052 -s 216
        10⤵
        
        PID:8384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3480 -s 216
        9⤵
        
        PID:6708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 996 -s 240
        8⤵
        Program crash
        
        PID:4196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12275.exe
        7⤵
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10926.exe
        8⤵
        
        PID:3948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24653.exe
        9⤵
        
        PID:5576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27362.exe
        10⤵
        
        PID:7448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26921.exe
        11⤵
        
        PID:9484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40803.exe
        12⤵
        
        PID:13132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9484 -s 216
        12⤵
        
        PID:8144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7448 -s 216
        11⤵
        
        PID:11036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5576 -s 216
        10⤵
        
        PID:8892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3948 -s 216
        9⤵
        
        PID:6296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2832 -s 236
        8⤵
        
        PID:4544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2176 -s 240
        7⤵
        Program crash
        
        PID:3196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32036.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62867.exe
        7⤵
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62265.exe
        8⤵
        
        PID:3624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24653.exe
        9⤵
        
        PID:5568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27362.exe
        10⤵
        
        PID:7456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27305.exe
        11⤵
        
        PID:9840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13667.exe
        12⤵
        
        PID:12740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9840 -s 216
        12⤵
        
        PID:8692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7456 -s 220
        11⤵
        
        PID:11288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5568 -s 216
        10⤵
        
        PID:8884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3624 -s 216
        9⤵
        
        PID:6224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2136 -s 236
        8⤵
        
        PID:4612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3313.exe
        7⤵
        
        PID:3688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27175.exe
        8⤵
        
        PID:5800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48685.exe
        9⤵
        
        PID:6344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49323.exe
        9⤵
        
        PID:6784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33143.exe
        10⤵
        
        PID:9644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48286.exe
        11⤵
        
        PID:12492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9644 -s 216
        11⤵
        
        PID:8368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6784 -s 220
        10⤵
        
        PID:10264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5800 -s 240
        9⤵
        
        PID:8636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3688 -s 216
        8⤵
        
        PID:5464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2900 -s 240
        7⤵
        
        PID:5200
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3016 -s 240
        6⤵
        Program crash
        
        PID:2956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23785.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8923.exe
        6⤵
        Executes dropped EXE
        
        PID:3024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42255.exe
        7⤵
        
        PID:2192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53905.exe
        8⤵
        
        PID:3808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12208.exe
        9⤵
        
        PID:5640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52961.exe
        10⤵
        
        PID:7160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49204.exe
        11⤵
        
        PID:10232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36698.exe
        12⤵
        
        PID:11816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10232 -s 204
        12⤵
        
        PID:13196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7160 -s 220
        11⤵
        
        PID:11116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5640 -s 216
        10⤵
        
        PID:7496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3808 -s 216
        9⤵
        
        PID:6452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2192 -s 236
        8⤵
        
        PID:5000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56598.exe
        7⤵
        
        PID:3920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65301.exe
        8⤵
        
        PID:4932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31856.exe
        9⤵
        
        PID:7000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12063.exe
        10⤵
        
        PID:9948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37601.exe
        11⤵
        
        PID:11852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9948 -s 216
        11⤵
        
        PID:13096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7000 -s 216
        10⤵
        
        PID:10824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4932 -s 216
        9⤵
        
        PID:8448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3920 -s 216
        8⤵
        
        PID:6764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3024 -s 240
        7⤵
        
        PID:4252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18305.exe
        6⤵
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49821.exe
        7⤵
        
        PID:3864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34383.exe
        8⤵
        
        PID:5296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30870.exe
        9⤵
        
        PID:6908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59401.exe
        10⤵
        
        PID:9940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44721.exe
        11⤵
        
        PID:12548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9940 -s 216
        11⤵
        
        PID:6432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6908 -s 220
        10⤵
        
        PID:10468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5296 -s 216
        9⤵
        
        PID:8712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3864 -s 236
        8⤵
        
        PID:6988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2448 -s 236
        7⤵
        
        PID:4640
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1016 -s 240
        6⤵
        Program crash
        
        PID:3292
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 524 -s 240
        5⤵
        Program crash
        
        PID:268
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2412 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1988
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2936 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2296
- C:\Users\Admin\AppData\Local\Temp\Unicorn-61725.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-61725.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2616
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52893.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52893.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64351.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64351.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2372
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2372 -s 188
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:1676
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2464 -s 236
      4⤵
      Program crash
      PID:1696
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9483.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9483.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31570.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31570.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48721.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12924.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13007.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38171.exe
        8⤵
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6842.exe
        9⤵
        
        PID:4012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11056.exe
        10⤵
        
        PID:4860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49069.exe
        11⤵
        
        PID:6848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64580.exe
        12⤵
        
        PID:9440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63968.exe
        13⤵
        
        PID:12168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9440 -s 216
        13⤵
        
        PID:12400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6848 -s 216
        12⤵
        
        PID:10396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4860 -s 216
        11⤵
        
        PID:7836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4012 -s 216
        10⤵
        
        PID:5140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2568 -s 236
        9⤵
        
        PID:4772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2756 -s 236
        8⤵
        Program crash
        
        PID:3360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14221.exe
        7⤵
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43791.exe
        8⤵
        
        PID:3340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25447.exe
        9⤵
        
        PID:4952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36625.exe
        10⤵
        
        PID:6952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63402.exe
        11⤵
        
        PID:9896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25925.exe
        12⤵
        
        PID:12108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9896 -s 220
        12⤵
        
        PID:13144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6952 -s 216
        11⤵
        
        PID:10804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4952 -s 216
        10⤵
        
        PID:7936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3340 -s 216
        9⤵
        
        PID:6148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2400 -s 216
        8⤵
        
        PID:4520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1440 -s 240
        7⤵
        Program crash
        
        PID:3244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23868.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36225.exe
        7⤵
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8980.exe
        8⤵
        
        PID:3440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25098.exe
        9⤵
        
        PID:5960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64585.exe
        10⤵
        
        PID:6736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24228.exe
        11⤵
        
        PID:10604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5886.exe
        12⤵
        
        PID:9084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6736 -s 236
        11⤵
        
        PID:11856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5960 -s 216
        10⤵
        
        PID:9228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3440 -s 216
        9⤵
        
        PID:6716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2772 -s 216
        8⤵
        
        PID:4528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11673.exe
        7⤵
        
        PID:3560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55379.exe
        8⤵
        
        PID:5588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27362.exe
        9⤵
        
        PID:7436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-709.exe
        10⤵
        
        PID:9276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30536.exe
        11⤵
        
        PID:9160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7436 -s 216
        10⤵
        
        PID:11656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5588 -s 216
        9⤵
        
        PID:8876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3560 -s 216
        8⤵
        
        PID:7056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2524 -s 240
        7⤵
        
        PID:4712
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2984 -s 240
        6⤵
        Program crash
        
        PID:2596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58596.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51902.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11528.exe
        7⤵
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35623.exe
        8⤵
        
        PID:3524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42743.exe
        9⤵
        
        PID:5092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58835.exe
        10⤵
        
        PID:7372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62354.exe
        11⤵
        
        PID:9424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-219.exe
        12⤵
        
        PID:9072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7372 -s 216
        11⤵
        
        PID:11640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5092 -s 216
        10⤵
        
        PID:8852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3524 -s 216
        9⤵
        
        PID:6724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2976 -s 236
        8⤵
        
        PID:4560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42399.exe
        7⤵
        
        PID:3604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11056.exe
        8⤵
        
        PID:4868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30595.exe
        9⤵
        
        PID:6740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26838.exe
        10⤵
        
        PID:10208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51005.exe
        11⤵
        
        PID:12144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10208 -s 216
        11⤵
        
        PID:12832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6740 -s 220
        10⤵
        
        PID:11096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4868 -s 216
        9⤵
        
        PID:7788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3604 -s 216
        8⤵
        
        PID:5632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2108 -s 240
        7⤵
        Program crash
        
        PID:1560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53116.exe
        6⤵
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15010.exe
        7⤵
        
        PID:3888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19007.exe
        8⤵
        
        PID:5840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23169.exe
        9⤵
        
        PID:7768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33574.exe
        10⤵
        
        PID:9580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28808.exe
        11⤵
        
        PID:8644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7768 -s 216
        10⤵
        
        PID:11632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5840 -s 216
        9⤵
        
        PID:8400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3888 -s 216
        8⤵
        
        PID:6328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2544 -s 236
        7⤵
        
        PID:5208
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2332 -s 220
        6⤵
        Program crash
        
        PID:3212
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1972 -s 240
        5⤵
        Program crash
        
        PID:2148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28855.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28855.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17009.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42425.exe
        6⤵
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53713.exe
        7⤵
        
        PID:3472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27502.exe
        8⤵
        
        PID:3496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7029.exe
        9⤵
        
        PID:5904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-0.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-0.exe
        10⤵
        
        PID:7824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-0.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-0.exe
        11⤵
        
        PID:9376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1.exe
        12⤵
        
        PID:12196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9376 -s 216
        12⤵
        
        PID:12392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7824 -s 216
        11⤵
        
        PID:10348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5904 -s 216
        10⤵
        
        PID:8536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3496 -s 216
        9⤵
        
        PID:7748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3472 -s 236
        8⤵
        
        PID:6100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28056.exe
        7⤵
        
        PID:3640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35701.exe
        8⤵
        
        PID:5320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28208.exe
        9⤵
        
        PID:9620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34010.exe
        10⤵
        
        PID:12116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9620 -s 216
        10⤵
        
        PID:12872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5320 -s 216
        9⤵
        
        PID:10560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3640 -s 216
        8⤵
        
        PID:7880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1624 -s 220
        7⤵
        
        PID:5316
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1468 -s 216
        6⤵
        Program crash
        
        PID:3204
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1432 -s 216
        5⤵
        Program crash
        
        PID:656
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1576 -s 240
      4⤵
      Program crash
      PID:2868
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2616 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:1708
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1888 -s 240
  2⤵
  - Program crash
  PID:2116

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-15042.exe

Filesize
184KB

MD5
639d22d9421cb76d08a3211270487da0

SHA1
e42b2abd93736edc9db670059d3670f6f64d1bd4

SHA256
5808e08925b78a67c2cdff4b360b59ee8d8c50d19ef40a51e59b79c21068e3e4

SHA512
d894020ed1d7067cd68dd88ed2e1429672dae6ca5c716a9fa81c43520538bc29a8aeb50ce486328fe0e8f81bd28c37070e0f5c27bd52a62e2482741a70ac6c80

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21851.exe

Filesize
184KB

MD5
b44e33f1d064592c659a3d512e0c595b

SHA1
48bf348aa947b32f223869bcee63895bc420e86f

SHA256
0b6e563b5f133ddd867e927016581cedb63cb100f2b9cd9efce730a760583348

SHA512
d287941967ab12b9c9781af4ef636fc32865dac1dd646e12693926eaf751c31193bbb512923c6b2b32592ec8b96c61e763090d770a2a8374ef59c00bb76c124a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33625.exe

Filesize
184KB

MD5
cb26d426802a64ce1f30512ebc48f692

SHA1
479cc2cca744a13147c5d12c0b5af814ee01e981

SHA256
95410c1b17a54679d5fc3a3697fbcf821db80bef4d7ac52f88bd02ed9e70381b

SHA512
2ed990b6bb670e37cda4465cc7dbe5bc6396e7c2161997ce16284161d51126cbf70ec0eba510accac73a4e612043fa1436bde9beb84091901664189e9eacef05

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40069.exe

Filesize
184KB

MD5
c291aa01b330702d8d75555ef8d8b92e

SHA1
573845fdfeeb57a47a8b1a14dddae91e87567316

SHA256
2e0297fec8bf18871fc89d2f01f9384ebe3e0507e0e65107ac1899fefaa9f2e7

SHA512
87df179c6e7b310fc01261d1de3ae1750548bf93069d88805ac2a0107ff4c9c733cadd1e73142c866f38d910c20ea3021d98c21d63fc8fba9cc3c7568a451adb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49204.exe

Filesize
184KB

MD5
97990809bd4ff971de402b048e6b784d

SHA1
8dd8728ff735b888e99489ffefc6e2de1d82e28c

SHA256
06c3a10fa27a8fcd44ce04d45ae63fde6325768988625fd5959ba701fef2e9e2

SHA512
6178152d987efd18f1745e6be8a2f90512bf6416f3485df88ed93f717c2198d975089694f3c71871c1f6c5469c053d8e1a995d4e28a05185d585135a811bb9a0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52893.exe

Filesize
184KB

MD5
ac4fa665519b2e4226ec6412e6d91875

SHA1
0ec25319a71fbe7f74ebe577c0499c1799604d2b

SHA256
4b045a197fc6dd68b9e539123b7e2092c1247663bff1daa4566b7fccd84f52c0

SHA512
41f270b8460a2eb60f0583b139f00af416b498a027c968ed18dbb594a18214d6974a8af7cf4897707b5e4ee4aef0a17a98ec98d2c1afdf28df320d0f36dba9be

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5498.exe

Filesize
184KB

MD5
c4b85306225f85acfdb300cc927a1d00

SHA1
54ea0b795c0d55a898cb5037e5ba7f2d6c3f3063

SHA256
9f7fc023fe60c9c1a276f4725bbde5d03b61a1cf6f69edc51bc19496507556ae

SHA512
107dc7c74689ef84f3424748d5ddfbcb72a115922ff82b8669ee8e51c2d6921c470c3663ee675ab89f7aa073bb2c14b71d5ccbdc210d14a82971c09d56370385

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61725.exe

Filesize
184KB

MD5
dd1321567b95e545b7c2847e56484252

SHA1
7880d19ce27ff5d60bd922cbd8b88692a3d57ec9

SHA256
c4e73062d5001fd47eba51d6dd34a75aff4fc67e08a1952e627ad36580884b9d

SHA512
b5c66003b82ff05b49d7a7181a0fcb1c879bc6727a7cca960aba36ccc071ed437263d4e1b867e5871d4b97bc5d4d69d03a2a6c00dfbd85ceb68373018ed5cccc

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-16054.exe

Filesize
184KB

MD5
7e6a880cf5c079c8f5d7570abb984da5

SHA1
f4106080f11df7fa806e089908559c0db9d4655e

SHA256
2cc129cf11802d32a3310b96dc6a659a184736078177dce568ea180f037668c8

SHA512
fbb243e248c6a791e9bce2ff456832a820021d47a7f6e10463cf1a7707fc94361f278908980c2962bfb8558bca55cb257b972338cffba9df896381db1501693c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-17843.exe

Filesize
184KB

MD5
a1c1477cad5da40678fd8f10e636a01e

SHA1
1b1694b094b4d4e4c50f2ed483da1e048e66b74f

SHA256
2bb35cddfc789024087571c7063850a91fbd39e9ccb53f2ea33cff450a1ee8d7

SHA512
7e574fb3c144a02bb4ea34d8f48c826ac8ee9c18eb531cde0554aef61aa0d59a40c426f93144654fe0bfb3921b4a9beb62517823623e6c6881850536aa1f71f9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-32316.exe

Filesize
184KB

MD5
fb88c3b9dd6b2368f5aeda7219d7b352

SHA1
c844cdb5ed89801f5b5e9ed31de119c948208b67

SHA256
61c31ed7d18691adb9fd3b40f5c6ca05843566827d4b4dcee7380c6b2668a7cd

SHA512
92e4010c19f3b69bf80bf6adcddd66ce1287a6391d9b9b2233fac417375569b9d6bb22846b3a8d69c9d56c75310ee40fbbd309fa2280b0ba82fe45636acf7ba4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-33027.exe

Filesize
184KB

MD5
a9fd2b4574be928ba9537b7d2c42b9c0

SHA1
e99ec39a0eab9ef9e5cbd2a1141635705999c670

SHA256
ab10fced980e30847391e2eae4dbdcf140f1466e7e2a64f4263cc54711c9e7f5

SHA512
03d5e45add107c3e342b5638922aa8e515eefcd6967d73779e54b03fa160c8f30c721abf4a194b50b5d133c931b7127a65bc66321954f7af959e158ca94ebe82

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-39572.exe

Filesize
184KB

MD5
71c4e95a31e89b0f377cf1e421db23af

SHA1
ea11d8a64bbda8961fae441abaf15cbdb02a94a7

SHA256
17a877468b80458fc14a361387f0d68f81bda14c8780f4ec968fe41ed4149f30

SHA512
033ea6d15f6c6dbf224fa5cd388a8242daa84c2dc9c638a64a0fd1df5a95ee1968f2713f98287cfa845b5014179ee10b63d7abd283b753d9d7e5ad77bf9ab968

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-41793.exe

Filesize
184KB

MD5
8846e661444e8dd73d94631bee64f4ab

SHA1
9ab5d45a70c918a8ab05e74f8c9c78e993c6b599

SHA256
4c71779dce2ec92a156991c1aa205babee6129e1e55484dc714465e7e04ff1af

SHA512
9f710875e4cb89378911dd6d9109472ff1ef06302bdd6beb9fb8f4c960f1cb2fa5b0e0c8d707106207b3a9cccf3e9d507f22e0e8591023c45c1d2cfd8490db8a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-52182.exe

Filesize
184KB

MD5
9b0307df98b329cf65df8c7c0eb9c820

SHA1
4c0af343a847a0528f043d84a6252b54787ae992

SHA256
9daa230524b87a15462345cf7fc71141f07427767d82a6a229e2f033c782e793

SHA512
2f45fbee8cd8128c02974fa912a78ed770289dd7ae93fbc0d7acaf9a8242ea8bbd928308ff70f156bb5672c1e73b4269ab06bb0030ad4ba5b9781009c5b1e73c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-5664.exe

Filesize
184KB

MD5
c8885434c62e47d9156cbfbdb5e07942

SHA1
1b8c6bf08f9e4d14441766489a4163702d362a2b

SHA256
36f6c36e297cbedb1011b0890566236179898931b24c4236d092e3b95fc41e7e

SHA512
bd5822e8654980494489427443ed5ec093dada8aea35cc6c0268a9102c2065e501629ebbd8e3e21a4ea9c8eea211d4bdab22ec2dfd693071cbd5a9d6483de328

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-64351.exe

Filesize
184KB

MD5
1626c128a55717d2f540bc9881b85520

SHA1
99587636a229e1f713cae3d04055fcd2e090c349

SHA256
c477b28f45e934222155764d037a8d6dd02aa5e7892fd7b29cd6836f30c26e03

SHA512
b20a78e72bbd0f852304b34c6a19cb8d5756d824e78739b9a1480b50e8b392adb5444fccaf46deef918c6996fb508d40b1e56b5a8953ef12506584541537fdc9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9483.exe

Filesize
184KB

MD5
e05cbbfeef46bd0c5f83cdfc32f66d8e

SHA1
e7be89255f2f07a3ca09e7449088e61ae4edaef4

SHA256
cf32d0564dd20ed8c2f00ca73e15dd21054622e8e603d8780abd248b0c4580d3

SHA512
24088553e4080e5803542464055e584ae991aa2956b8c0f3b18b88fe94bcfeaefb89565ffbdc2d0aa99bb382431e906949a2734e4abd610002d05f731a1d4610

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads