5a03cefd19320c04275503dbc035e1febc9ad0a82985b8ca6697831aff94bad3

Analysis

max time kernel
149s
max time network
121s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
31-05-2024 22:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5a03cefd19320c04275503dbc035e1febc9ad0a82985b8ca6697831aff94bad3.exe
Size

184KB
MD5

9bf8cdc896ddabdc2c73705220fc2c00
SHA1

019bde35c572d165100b8d925229904e0b748050
SHA256

5a03cefd19320c04275503dbc035e1febc9ad0a82985b8ca6697831aff94bad3
SHA512

30dd405210f1489082ce85cae2a6b846eeb4da57a2f04bec87160d5bcade23ed605b0c53c86b8a5c009f6d87ab83420deacf2bc5218522bcfa669f200361b4ac
SSDEEP

3072:Xa2o7xoqVaOTde4WelwnRKsLhlnViFln3:XaboCJe4YnYsLhlnViFl

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2228	Unicorn-23320.exe
1744	Unicorn-21265.exe
2584	Unicorn-1399.exe
2684	Unicorn-35738.exe
2520	Unicorn-3620.exe
2536	Unicorn-23486.exe
2796	Unicorn-61358.exe
2888	Unicorn-45577.exe
2028	Unicorn-65442.exe
816	Unicorn-30632.exe
2208	Unicorn-33324.exe
1444	Unicorn-32853.exe
1964	Unicorn-63579.exe
1272	Unicorn-58680.exe
2352	Unicorn-47819.exe
692	Unicorn-50512.exe
2856	Unicorn-27953.exe
872	Unicorn-4840.exe
2288	Unicorn-8431.exe
1544	Unicorn-42426.exe
1056	Unicorn-23398.exe
988	Unicorn-27482.exe
2976	Unicorn-38342.exe
1184	Unicorn-41872.exe
1696	Unicorn-44373.exe
576	Unicorn-64238.exe
1416	Unicorn-29428.exe
2968	Unicorn-9562.exe
1516	Unicorn-29428.exe
1760	Unicorn-4684.exe
1632	Unicorn-24550.exe
1956	Unicorn-55276.exe
2748	Unicorn-16382.exe
2932	Unicorn-600.exe
2628	Unicorn-8213.exe
2172	Unicorn-38940.exe
2644	Unicorn-57969.exe
2544	Unicorn-57222.exe
2676	Unicorn-41440.exe
2876	Unicorn-14243.exe
2840	Unicorn-40886.exe
2920	Unicorn-6075.exe
1928	Unicorn-44970.exe
2868	Unicorn-25104.exe
2196	Unicorn-55831.exe
2788	Unicorn-10159.exe
3044	Unicorn-12660.exe
656	Unicorn-32801.exe
2292	Unicorn-47746.exe
1800	Unicorn-28717.exe
1304	Unicorn-53776.exe
960	Unicorn-34747.exe
2448	Unicorn-57305.exe
1684	Unicorn-22495.exe
1940	Unicorn-14134.exe
1804	Unicorn-18219.exe
1948	Unicorn-63890.exe
2704	Unicorn-51638.exe
1212	Unicorn-5966.exe
2944	Unicorn-55722.exe
2760	Unicorn-32609.exe
2488	Unicorn-36693.exe
2608	Unicorn-16827.exe
2564	Unicorn-4575.exe

Loads dropped DLL 64 IoCs

pid	Process
1728	5a03cefd19320c04275503dbc035e1febc9ad0a82985b8ca6697831aff94bad3.exe
1728	5a03cefd19320c04275503dbc035e1febc9ad0a82985b8ca6697831aff94bad3.exe
1728	5a03cefd19320c04275503dbc035e1febc9ad0a82985b8ca6697831aff94bad3.exe
2228	Unicorn-23320.exe
2228	Unicorn-23320.exe
1728	5a03cefd19320c04275503dbc035e1febc9ad0a82985b8ca6697831aff94bad3.exe
1744	Unicorn-21265.exe
1744	Unicorn-21265.exe
2228	Unicorn-23320.exe
2228	Unicorn-23320.exe
2584	Unicorn-1399.exe
2584	Unicorn-1399.exe
2540	WerFault.exe
2540	WerFault.exe
2540	WerFault.exe
2540	WerFault.exe
2540	WerFault.exe
2520	Unicorn-3620.exe
2520	Unicorn-3620.exe
1744	Unicorn-21265.exe
1744	Unicorn-21265.exe
2536	Unicorn-23486.exe
2536	Unicorn-23486.exe
2684	Unicorn-35738.exe
2684	Unicorn-35738.exe
2584	Unicorn-1399.exe
2584	Unicorn-1399.exe
1448	WerFault.exe
1448	WerFault.exe
1448	WerFault.exe
1448	WerFault.exe
2580	WerFault.exe
2580	WerFault.exe
2580	WerFault.exe
2580	WerFault.exe
1448	WerFault.exe
2580	WerFault.exe
2888	Unicorn-45577.exe
2888	Unicorn-45577.exe
2796	Unicorn-61358.exe
2796	Unicorn-61358.exe
2520	Unicorn-3620.exe
2520	Unicorn-3620.exe
2956	WerFault.exe
2956	WerFault.exe
2956	WerFault.exe
2956	WerFault.exe
2956	WerFault.exe
2956	WerFault.exe
2208	Unicorn-33324.exe
2684	Unicorn-35738.exe
2684	Unicorn-35738.exe
2208	Unicorn-33324.exe
2536	Unicorn-23486.exe
816	Unicorn-30632.exe
2536	Unicorn-23486.exe
816	Unicorn-30632.exe
2956	WerFault.exe
352	WerFault.exe
352	WerFault.exe
352	WerFault.exe
352	WerFault.exe
352	WerFault.exe
1868	WerFault.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2648	1728	WerFault.exe	27
2540	2228	WerFault.exe	28
1448	1744	WerFault.exe	29
2580	2584	WerFault.exe	30
2956	2028	WerFault.exe	39
352	2520	WerFault.exe	33
1868	2684	WerFault.exe	32
788	2536	WerFault.exe	34
2384	2888	WerFault.exe	37
2064	2796	WerFault.exe	36
1716	2208	WerFault.exe	40
2224	816	WerFault.exe	38
3048	1444	WerFault.exe	43
2156	1272	WerFault.exe	45
2060	1964	WerFault.exe	44
308	2352	WerFault.exe	47
676	2856	WerFault.exe	48
1504	872	WerFault.exe	50
452	692	WerFault.exe	49
680	2288	WerFault.exe	54
1328	1544	WerFault.exe	55
2324	1056	WerFault.exe	56
2036	2976	WerFault.exe	58
1656	988	WerFault.exe	57
616	1184	WerFault.exe	59
1608	1696	WerFault.exe	60
1816	2968	WerFault.exe	62
1876	576	WerFault.exe	61
2636	1416	WerFault.exe	63
2652	1516	WerFault.exe	64
1852	1632	WerFault.exe	70
2016	1956	WerFault.exe	71
1764	1760	WerFault.exe	69
2780	2644	WerFault.exe	76
1932	2932	WerFault.exe	73
2656	2748	WerFault.exe	72
3076	2628	WerFault.exe	74
3120	2544	WerFault.exe	77
3176	2172	WerFault.exe	75
3208	2876	WerFault.exe	79
3216	2840	WerFault.exe	80
3292	2788	WerFault.exe	85
3328	2920	WerFault.exe	81
3404	1928	WerFault.exe	82
3424	3044	WerFault.exe	86
3468	2868	WerFault.exe	83
3476	2676	WerFault.exe	78
3508	2196	WerFault.exe	84
3888	656	WerFault.exe	94
4072	1340	WerFault.exe	119
3092	2488	WerFault.exe	109
3276	2292	WerFault.exe	95
3324	2448	WerFault.exe	99
3464	1940	WerFault.exe	101
3612	1800	WerFault.exe	96
3664	1804	WerFault.exe	103
3756	1304	WerFault.exe	97
3816	960	WerFault.exe	98
3876	2760	WerFault.exe	107
4048	1684	WerFault.exe	100
3644	2704	WerFault.exe	105
4104	2416	WerFault.exe	129
4120	2864	WerFault.exe	135
4136	772	WerFault.exe	136

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1728	5a03cefd19320c04275503dbc035e1febc9ad0a82985b8ca6697831aff94bad3.exe
2228	Unicorn-23320.exe
1744	Unicorn-21265.exe
2584	Unicorn-1399.exe
2684	Unicorn-35738.exe
2520	Unicorn-3620.exe
2536	Unicorn-23486.exe
2796	Unicorn-61358.exe
2888	Unicorn-45577.exe
2028	Unicorn-65442.exe
2208	Unicorn-33324.exe
816	Unicorn-30632.exe
1444	Unicorn-32853.exe
1964	Unicorn-63579.exe
1272	Unicorn-58680.exe
2352	Unicorn-47819.exe
872	Unicorn-4840.exe
2856	Unicorn-27953.exe
692	Unicorn-50512.exe
2288	Unicorn-8431.exe
1544	Unicorn-42426.exe
1056	Unicorn-23398.exe
2976	Unicorn-38342.exe
988	Unicorn-27482.exe
1184	Unicorn-41872.exe
1696	Unicorn-44373.exe
2968	Unicorn-9562.exe
576	Unicorn-64238.exe
1416	Unicorn-29428.exe
1516	Unicorn-29428.exe
1760	Unicorn-4684.exe
1956	Unicorn-55276.exe
1632	Unicorn-24550.exe
2748	Unicorn-16382.exe
2932	Unicorn-600.exe
2628	Unicorn-8213.exe
2172	Unicorn-38940.exe
2644	Unicorn-57969.exe
2544	Unicorn-57222.exe
2676	Unicorn-41440.exe
2876	Unicorn-14243.exe
2840	Unicorn-40886.exe
2920	Unicorn-6075.exe
1928	Unicorn-44970.exe
2788	Unicorn-10159.exe
2868	Unicorn-25104.exe
2196	Unicorn-55831.exe
3044	Unicorn-12660.exe
656	Unicorn-32801.exe
2292	Unicorn-47746.exe
1800	Unicorn-28717.exe
1304	Unicorn-53776.exe
960	Unicorn-34747.exe
2448	Unicorn-57305.exe
1684	Unicorn-22495.exe
1940	Unicorn-14134.exe
1804	Unicorn-18219.exe
1948	Unicorn-63890.exe
2704	Unicorn-51638.exe
1212	Unicorn-5966.exe
2944	Unicorn-55722.exe
2760	Unicorn-32609.exe
2488	Unicorn-36693.exe
2608	Unicorn-16827.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1728 wrote to memory of 2228	1728	5a03cefd19320c04275503dbc035e1febc9ad0a82985b8ca6697831aff94bad3.exe	28
PID 1728 wrote to memory of 2228	1728	5a03cefd19320c04275503dbc035e1febc9ad0a82985b8ca6697831aff94bad3.exe	28
PID 1728 wrote to memory of 2228	1728	5a03cefd19320c04275503dbc035e1febc9ad0a82985b8ca6697831aff94bad3.exe	28
PID 1728 wrote to memory of 2228	1728	5a03cefd19320c04275503dbc035e1febc9ad0a82985b8ca6697831aff94bad3.exe	28
PID 2228 wrote to memory of 1744	2228	Unicorn-23320.exe	29
PID 2228 wrote to memory of 1744	2228	Unicorn-23320.exe	29
PID 2228 wrote to memory of 1744	2228	Unicorn-23320.exe	29
PID 2228 wrote to memory of 1744	2228	Unicorn-23320.exe	29
PID 1728 wrote to memory of 2584	1728	5a03cefd19320c04275503dbc035e1febc9ad0a82985b8ca6697831aff94bad3.exe	30
PID 1728 wrote to memory of 2584	1728	5a03cefd19320c04275503dbc035e1febc9ad0a82985b8ca6697831aff94bad3.exe	30
PID 1728 wrote to memory of 2584	1728	5a03cefd19320c04275503dbc035e1febc9ad0a82985b8ca6697831aff94bad3.exe	30
PID 1728 wrote to memory of 2584	1728	5a03cefd19320c04275503dbc035e1febc9ad0a82985b8ca6697831aff94bad3.exe	30
PID 1728 wrote to memory of 2648	1728	5a03cefd19320c04275503dbc035e1febc9ad0a82985b8ca6697831aff94bad3.exe	31
PID 1728 wrote to memory of 2648	1728	5a03cefd19320c04275503dbc035e1febc9ad0a82985b8ca6697831aff94bad3.exe	31
PID 1728 wrote to memory of 2648	1728	5a03cefd19320c04275503dbc035e1febc9ad0a82985b8ca6697831aff94bad3.exe	31
PID 1728 wrote to memory of 2648	1728	5a03cefd19320c04275503dbc035e1febc9ad0a82985b8ca6697831aff94bad3.exe	31
PID 1744 wrote to memory of 2684	1744	Unicorn-21265.exe	32
PID 1744 wrote to memory of 2684	1744	Unicorn-21265.exe	32
PID 1744 wrote to memory of 2684	1744	Unicorn-21265.exe	32
PID 1744 wrote to memory of 2684	1744	Unicorn-21265.exe	32
PID 2228 wrote to memory of 2520	2228	Unicorn-23320.exe	33
PID 2228 wrote to memory of 2520	2228	Unicorn-23320.exe	33
PID 2228 wrote to memory of 2520	2228	Unicorn-23320.exe	33
PID 2228 wrote to memory of 2520	2228	Unicorn-23320.exe	33
PID 2584 wrote to memory of 2536	2584	Unicorn-1399.exe	34
PID 2584 wrote to memory of 2536	2584	Unicorn-1399.exe	34
PID 2584 wrote to memory of 2536	2584	Unicorn-1399.exe	34
PID 2584 wrote to memory of 2536	2584	Unicorn-1399.exe	34
PID 2228 wrote to memory of 2540	2228	Unicorn-23320.exe	35
PID 2228 wrote to memory of 2540	2228	Unicorn-23320.exe	35
PID 2228 wrote to memory of 2540	2228	Unicorn-23320.exe	35
PID 2228 wrote to memory of 2540	2228	Unicorn-23320.exe	35
PID 2520 wrote to memory of 2796	2520	Unicorn-3620.exe	36
PID 2520 wrote to memory of 2796	2520	Unicorn-3620.exe	36
PID 2520 wrote to memory of 2796	2520	Unicorn-3620.exe	36
PID 2520 wrote to memory of 2796	2520	Unicorn-3620.exe	36
PID 1744 wrote to memory of 2888	1744	Unicorn-21265.exe	37
PID 1744 wrote to memory of 2888	1744	Unicorn-21265.exe	37
PID 1744 wrote to memory of 2888	1744	Unicorn-21265.exe	37
PID 1744 wrote to memory of 2888	1744	Unicorn-21265.exe	37
PID 2536 wrote to memory of 816	2536	Unicorn-23486.exe	38
PID 2536 wrote to memory of 816	2536	Unicorn-23486.exe	38
PID 2536 wrote to memory of 816	2536	Unicorn-23486.exe	38
PID 2536 wrote to memory of 816	2536	Unicorn-23486.exe	38
PID 2684 wrote to memory of 2028	2684	Unicorn-35738.exe	39
PID 2684 wrote to memory of 2028	2684	Unicorn-35738.exe	39
PID 2684 wrote to memory of 2028	2684	Unicorn-35738.exe	39
PID 2684 wrote to memory of 2028	2684	Unicorn-35738.exe	39
PID 2584 wrote to memory of 2208	2584	Unicorn-1399.exe	40
PID 2584 wrote to memory of 2208	2584	Unicorn-1399.exe	40
PID 2584 wrote to memory of 2208	2584	Unicorn-1399.exe	40
PID 2584 wrote to memory of 2208	2584	Unicorn-1399.exe	40
PID 1744 wrote to memory of 1448	1744	Unicorn-21265.exe	41
PID 1744 wrote to memory of 1448	1744	Unicorn-21265.exe	41
PID 1744 wrote to memory of 1448	1744	Unicorn-21265.exe	41
PID 1744 wrote to memory of 1448	1744	Unicorn-21265.exe	41
PID 2584 wrote to memory of 2580	2584	Unicorn-1399.exe	42
PID 2584 wrote to memory of 2580	2584	Unicorn-1399.exe	42
PID 2584 wrote to memory of 2580	2584	Unicorn-1399.exe	42
PID 2584 wrote to memory of 2580	2584	Unicorn-1399.exe	42
PID 2888 wrote to memory of 1444	2888	Unicorn-45577.exe	43
PID 2888 wrote to memory of 1444	2888	Unicorn-45577.exe	43
PID 2888 wrote to memory of 1444	2888	Unicorn-45577.exe	43
PID 2888 wrote to memory of 1444	2888	Unicorn-45577.exe	43

C:\Users\Admin\AppData\Local\Temp\5a03cefd19320c04275503dbc035e1febc9ad0a82985b8ca6697831aff94bad3.exe
"C:\Users\Admin\AppData\Local\Temp\5a03cefd19320c04275503dbc035e1febc9ad0a82985b8ca6697831aff94bad3.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1728
- C:\Users\Admin\AppData\Local\Temp\Unicorn-23320.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-23320.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2228
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21265.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21265.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35738.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35738.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65442.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2028
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2028 -s 240
        6⤵
        Loads dropped DLL
        Program crash
        
        PID:2956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27953.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64238.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6075.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59251.exe
        8⤵
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22830.exe
        9⤵
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28642.exe
        10⤵
        
        PID:3260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6441.exe
        11⤵
        
        PID:4940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20032.exe
        12⤵
        
        PID:8136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33811.exe
        13⤵
        
        PID:11176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60246.exe
        14⤵
        
        PID:13412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11176 -s 236
        14⤵
        
        PID:13764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8136 -s 216
        13⤵
        
        PID:11944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4940 -s 216
        12⤵
        
        PID:9544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3260 -s 216
        11⤵
        
        PID:6160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2984 -s 236
        10⤵
        
        PID:4816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-608.exe
        9⤵
        
        PID:3360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7209.exe
        10⤵
        
        PID:5288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25103.exe
        11⤵
        
        PID:6564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28662.exe
        12⤵
        
        PID:10040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60718.exe
        13⤵
        
        PID:12864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10040 -s 216
        13⤵
        
        PID:13720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6564 -s 216
        12⤵
        
        PID:11100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5288 -s 216
        11⤵
        
        PID:7560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3360 -s 216
        10⤵
        
        PID:6532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2912 -s 240
        9⤵
        
        PID:5060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33690.exe
        8⤵
        
        PID:1920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50131.exe
        9⤵
        
        PID:3316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32315.exe
        10⤵
        
        PID:5496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22685.exe
        11⤵
        
        PID:7820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56836.exe
        12⤵
        
        PID:11208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38129.exe
        13⤵
        
        PID:13620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11208 -s 236
        13⤵
        
        PID:8896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7820 -s 216
        12⤵
        
        PID:11748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5496 -s 216
        11⤵
        
        PID:9632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3316 -s 216
        10⤵
        
        PID:7468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1920 -s 236
        9⤵
        
        PID:4624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2920 -s 240
        8⤵
        Program crash
        
        PID:3328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62520.exe
        7⤵
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39358.exe
        8⤵
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17459.exe
        9⤵
        
        PID:3696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64578.exe
        10⤵
        
        PID:4676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56488.exe
        11⤵
        
        PID:8068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42197.exe
        12⤵
        
        PID:10616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22976.exe
        13⤵
        
        PID:13256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10616 -s 216
        13⤵
        
        PID:14108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8068 -s 216
        12⤵
        
        PID:11668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4676 -s 216
        11⤵
        
        PID:8280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3696 -s 216
        10⤵
        
        PID:6800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1528 -s 216
        9⤵
        
        PID:4904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11791.exe
        8⤵
        
        PID:3780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42020.exe
        9⤵
        
        PID:5220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40775.exe
        10⤵
        
        PID:7316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22628.exe
        11⤵
        
        PID:10780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30864.exe
        12⤵
        
        PID:13888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10780 -s 236
        12⤵
        
        PID:7216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7316 -s 216
        11⤵
        
        PID:12208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5220 -s 216
        10⤵
        
        PID:9572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3780 -s 216
        9⤵
        
        PID:6952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2552 -s 220
        8⤵
        
        PID:4648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 576 -s 240
        7⤵
        Program crash
        
        PID:1876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25104.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27852.exe
        7⤵
        
        PID:2132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22865.exe
        8⤵
        
        PID:4004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5346.exe
        9⤵
        
        PID:6904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64241.exe
        10⤵
        
        PID:9720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5103.exe
        11⤵
        
        PID:12584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9720 -s 216
        11⤵
        
        PID:13604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6904 -s 236
        10⤵
        
        PID:11140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4004 -s 236
        9⤵
        
        PID:7276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2132 -s 216
        8⤵
        
        PID:5596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2868 -s 236
        7⤵
        Program crash
        
        PID:3468
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2856 -s 240
        6⤵
        Program crash
        
        PID:676
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2684 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:1868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45577.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45577.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32853.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8431.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24550.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32801.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46265.exe
        9⤵
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15429.exe
        10⤵
        
        PID:3096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20256.exe
        11⤵
        
        PID:4460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62736.exe
        12⤵
        
        PID:7068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21611.exe
        13⤵
        
        PID:9984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52659.exe
        14⤵
        
        PID:12944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9984 -s 216
        14⤵
        
        PID:7368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7068 -s 216
        13⤵
        
        PID:10432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4460 -s 216
        12⤵
        
        PID:7420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3096 -s 216
        11⤵
        
        PID:6136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2416 -s 236
        10⤵
        Program crash
        
        PID:4104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65185.exe
        9⤵
        
        PID:3148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11210.exe
        10⤵
        
        PID:4196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63587.exe
        11⤵
        
        PID:7744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15856.exe
        12⤵
        
        PID:10076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45778.exe
        13⤵
        
        PID:12532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2067.exe
        13⤵
        
        PID:12916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10076 -s 240
        13⤵
        
        PID:4512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7744 -s 216
        12⤵
        
        PID:11196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4196 -s 216
        11⤵
        
        PID:8848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3148 -s 236
        10⤵
        
        PID:6000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 656 -s 240
        9⤵
        Program crash
        
        PID:3888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8994.exe
        8⤵
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22228.exe
        9⤵
        
        PID:3440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49228.exe
        10⤵
        
        PID:4444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63805.exe
        11⤵
        
        PID:6916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8818.exe
        12⤵
        
        PID:9840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1429.exe
        13⤵
        
        PID:12596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9840 -s 216
        13⤵
        
        PID:13108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6916 -s 216
        12⤵
        
        PID:10268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4444 -s 216
        11⤵
        
        PID:8236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3440 -s 236
        10⤵
        
        PID:6316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2708 -s 236
        9⤵
        
        PID:4144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1632 -s 220
        8⤵
        Program crash
        
        PID:1852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47746.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32944.exe
        8⤵
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48870.exe
        9⤵
        
        PID:3500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14609.exe
        10⤵
        
        PID:4876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48346.exe
        11⤵
        
        PID:6972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7412.exe
        12⤵
        
        PID:9884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30184.exe
        13⤵
        
        PID:12704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9884 -s 216
        13⤵
        
        PID:13624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6972 -s 216
        12⤵
        
        PID:10292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4876 -s 236
        11⤵
        
        PID:7356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3500 -s 236
        10⤵
        
        PID:5248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2528 -s 216
        9⤵
        
        PID:4176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63815.exe
        8⤵
        
        PID:3540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32508.exe
        9⤵
        
        PID:4656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55227.exe
        10⤵
        
        PID:7836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56587.exe
        11⤵
        
        PID:10588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17548.exe
        12⤵
        
        PID:4888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10588 -s 216
        12⤵
        
        PID:13492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7836 -s 216
        11⤵
        
        PID:11448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4656 -s 216
        10⤵
        
        PID:8972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3540 -s 216
        9⤵
        
        PID:5348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2292 -s 240
        8⤵
        Program crash
        
        PID:3276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2288 -s 240
        7⤵
        Program crash
        
        PID:680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4684.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34747.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57256.exe
        8⤵
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48870.exe
        9⤵
        
        PID:3492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55066.exe
        10⤵
        
        PID:4408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1729.exe
        11⤵
        
        PID:7564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46774.exe
        12⤵
        
        PID:10128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31746.exe
        13⤵
        
        PID:12412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10128 -s 216
        13⤵
        
        PID:13512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7564 -s 216
        12⤵
        
        PID:7236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4408 -s 216
        11⤵
        
        PID:8644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3492 -s 216
        10⤵
        
        PID:5140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1652 -s 236
        9⤵
        
        PID:4168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63815.exe
        8⤵
        
        PID:3548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43774.exe
        9⤵
        
        PID:4800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50292.exe
        10⤵
        
        PID:7096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4926.exe
        11⤵
        
        PID:9756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36515.exe
        12⤵
        
        PID:13184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9756 -s 216
        12⤵
        
        PID:13332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7096 -s 216
        11⤵
        
        PID:11164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4800 -s 216
        10⤵
        
        PID:7428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3548 -s 216
        9⤵
        
        PID:5420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 960 -s 240
        8⤵
        Program crash
        
        PID:3816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29222.exe
        7⤵
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52954.exe
        8⤵
        
        PID:3524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59726.exe
        9⤵
        
        PID:4692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44345.exe
        10⤵
        
        PID:7412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27916.exe
        11⤵
        
        PID:10156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28622.exe
        12⤵
        
        PID:12904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10156 -s 220
        12⤵
        
        PID:13788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7412 -s 216
        11⤵
        
        PID:11240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4692 -s 216
        10⤵
        
        PID:8544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3524 -s 216
        9⤵
        
        PID:5648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2072 -s 236
        8⤵
        
        PID:4184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1760 -s 220
        7⤵
        Program crash
        
        PID:1764
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1444 -s 240
        6⤵
        Program crash
        
        PID:3048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42426.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55276.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28717.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59394.exe
        8⤵
        
        PID:1756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11345.exe
        9⤵
        
        PID:3236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44158.exe
        10⤵
        
        PID:4992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54184.exe
        11⤵
        
        PID:6584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1190.exe
        12⤵
        
        PID:10044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46520.exe
        13⤵
        
        PID:12812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10044 -s 216
        13⤵
        
        PID:13700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6584 -s 216
        12⤵
        
        PID:10484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4992 -s 236
        11⤵
        
        PID:7696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3236 -s 216
        10⤵
        
        PID:6028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1756 -s 236
        9⤵
        
        PID:4912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9954.exe
        8⤵
        
        PID:3304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51366.exe
        9⤵
        
        PID:5024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62819.exe
        10⤵
        
        PID:7344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37838.exe
        11⤵
        
        PID:9728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26920.exe
        12⤵
        
        PID:12464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9728 -s 236
        12⤵
        
        PID:12504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7344 -s 216
        11⤵
        
        PID:11004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5024 -s 216
        10⤵
        
        PID:8472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3304 -s 236
        9⤵
        
        PID:6208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1800 -s 240
        8⤵
        Program crash
        
        PID:3612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52850.exe
        7⤵
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42072.exe
        8⤵
        
        PID:3244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17132.exe
        9⤵
        
        PID:4680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11397.exe
        10⤵
        
        PID:6200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54475.exe
        11⤵
        
        PID:9868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40599.exe
        12⤵
        
        PID:13172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9868 -s 216
        12⤵
        
        PID:13324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6200 -s 216
        11⤵
        
        PID:10272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4680 -s 236
        10⤵
        
        PID:7528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3244 -s 216
        9⤵
        
        PID:5524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2864 -s 236
        8⤵
        Program crash
        
        PID:4120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1956 -s 240
        7⤵
        Program crash
        
        PID:2016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53776.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21569.exe
        7⤵
        
        PID:772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3177.exe
        8⤵
        
        PID:3348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16748.exe
        9⤵
        
        PID:4720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21512.exe
        10⤵
        
        PID:6504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18356.exe
        11⤵
        
        PID:9908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19795.exe
        12⤵
        
        PID:12972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9908 -s 216
        12⤵
        
        PID:7396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6504 -s 216
        11⤵
        
        PID:11084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4720 -s 216
        10⤵
        
        PID:7668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3348 -s 216
        9⤵
        
        PID:5564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 772 -s 236
        8⤵
        Program crash
        
        PID:4136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14038.exe
        7⤵
        
        PID:3380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6249.exe
        8⤵
        
        PID:4628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47298.exe
        9⤵
        
        PID:7208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32659.exe
        10⤵
        
        PID:10696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12944.exe
        11⤵
        
        PID:5584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10696 -s 216
        11⤵
        
        PID:14328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7208 -s 220
        10⤵
        
        PID:11532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4628 -s 216
        9⤵
        
        PID:8736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3380 -s 216
        8⤵
        
        PID:6364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1304 -s 240
        7⤵
        Program crash
        
        PID:3756
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1544 -s 240
        6⤵
        Program crash
        
        PID:1328
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2888 -s 240
        5⤵
        Program crash
        
        PID:2384
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1744 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1448
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3620.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3620.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61358.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61358.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63579.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27482.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38940.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32609.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51371.exe
        9⤵
        
        PID:3996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8963.exe
        10⤵
        
        PID:4900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44428.exe
        11⤵
        
        PID:7956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2041.exe
        12⤵
        
        PID:10228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6146.exe
        13⤵
        
        PID:12828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10228 -s 216
        13⤵
        
        PID:14148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7956 -s 216
        12⤵
        
        PID:11424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4900 -s 216
        11⤵
        
        PID:9116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3996 -s 236
        10⤵
        
        PID:6432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2760 -s 216
        9⤵
        Program crash
        
        PID:3876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54303.exe
        8⤵
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60245.exe
        9⤵
        
        PID:3652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14609.exe
        10⤵
        
        PID:4868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59337.exe
        11⤵
        
        PID:6684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38139.exe
        12⤵
        
        PID:9932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36842.exe
        13⤵
        
        PID:12404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9932 -s 236
        13⤵
        
        PID:13304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6684 -s 216
        12⤵
        
        PID:10308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4868 -s 216
        11⤵
        
        PID:7716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3652 -s 216
        10⤵
        
        PID:5244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31500.exe
        9⤵
        
        PID:4996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5725.exe
        10⤵
        
        PID:8176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24600.exe
        11⤵
        
        PID:10252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23687.exe
        12⤵
        
        PID:12784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10252 -s 220
        12⤵
        
        PID:6936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8176 -s 216
        11⤵
        
        PID:11356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4996 -s 216
        10⤵
        
        PID:8668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2128 -s 240
        9⤵
        
        PID:6192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2172 -s 240
        8⤵
        Program crash
        
        PID:3176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16827.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6685.exe
        8⤵
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28642.exe
        9⤵
        
        PID:3272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47666.exe
        10⤵
        
        PID:4756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41906.exe
        11⤵
        
        PID:7808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59410.exe
        12⤵
        
        PID:9780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43396.exe
        13⤵
        
        PID:13180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9780 -s 216
        13⤵
        
        PID:13976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7808 -s 216
        12⤵
        
        PID:11316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4756 -s 216
        11⤵
        
        PID:8956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3272 -s 236
        10⤵
        
        PID:6616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2880 -s 236
        9⤵
        
        PID:4824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44656.exe
        8⤵
        
        PID:3300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15377.exe
        9⤵
        
        PID:5260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41906.exe
        10⤵
        
        PID:7796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57848.exe
        11⤵
        
        PID:10468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50438.exe
        12⤵
        
        PID:12632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10468 -s 236
        12⤵
        
        PID:6876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7796 -s 220
        11⤵
        
        PID:11416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5260 -s 216
        10⤵
        
        PID:8948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3300 -s 216
        9⤵
        
        PID:6964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2608 -s 240
        8⤵
        
        PID:4532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 988 -s 240
        7⤵
        Program crash
        
        PID:1656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57969.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57305.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36836.exe
        8⤵
        
        PID:3032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63260.exe
        9⤵
        
        PID:3628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37168.exe
        10⤵
        
        PID:4968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63011.exe
        11⤵
        
        PID:7700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1465.exe
        12⤵
        
        PID:9680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59348.exe
        13⤵
        
        PID:12924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9680 -s 220
        13⤵
        
        PID:13796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7700 -s 220
        12⤵
        
        PID:10668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4968 -s 216
        11⤵
        
        PID:8768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3628 -s 236
        10⤵
        
        PID:6168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3032 -s 236
        9⤵
        
        PID:4252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47479.exe
        8⤵
        
        PID:3656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20832.exe
        9⤵
        
        PID:4776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25020.exe
        10⤵
        
        PID:6284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10764.exe
        11⤵
        
        PID:9608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46821.exe
        12⤵
        
        PID:13088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9608 -s 216
        12⤵
        
        PID:7972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6284 -s 236
        11⤵
        
        PID:10992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4776 -s 236
        10⤵
        
        PID:7708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3656 -s 216
        9⤵
        
        PID:5708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2448 -s 240
        8⤵
        Program crash
        
        PID:3324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31936.exe
        7⤵
        
        PID:956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22865.exe
        8⤵
        
        PID:4024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7723.exe
        9⤵
        
        PID:5888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61636.exe
        10⤵
        
        PID:9332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47148.exe
        11⤵
        
        PID:12364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9332 -s 236
        11⤵
        
        PID:13292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5888 -s 216
        10⤵
        
        PID:10560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4024 -s 216
        9⤵
        
        PID:8116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 956 -s 236
        8⤵
        
        PID:5588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2644 -s 240
        7⤵
        Program crash
        
        PID:2780
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1964 -s 240
        6⤵
        Program crash
        
        PID:2060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38342.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8213.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18219.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18938.exe
        8⤵
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60930.exe
        9⤵
        
        PID:3864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56026.exe
        10⤵
        
        PID:4744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54376.exe
        11⤵
        
        PID:7144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38139.exe
        12⤵
        
        PID:9924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52275.exe
        13⤵
        
        PID:12840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9924 -s 216
        13⤵
        
        PID:13232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7144 -s 216
        12⤵
        
        PID:10300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4744 -s 216
        11⤵
        
        PID:7496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3864 -s 216
        10⤵
        
        PID:5492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2712 -s 236
        9⤵
        
        PID:4356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59539.exe
        8⤵
        
        PID:3940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-219.exe
        9⤵
        
        PID:4192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14433.exe
        10⤵
        
        PID:7304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9908.exe
        11⤵
        
        PID:10768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39447.exe
        12⤵
        
        PID:12696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10768 -s 216
        12⤵
        
        PID:12604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7304 -s 220
        11⤵
        
        PID:11608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4192 -s 220
        10⤵
        
        PID:8396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3940 -s 236
        9⤵
        
        PID:6248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1804 -s 240
        8⤵
        Program crash
        
        PID:3664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52357.exe
        7⤵
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32342.exe
        8⤵
        
        PID:4032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61480.exe
        9⤵
        
        PID:4076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7012.exe
        10⤵
        
        PID:6356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24133.exe
        11⤵
        
        PID:10168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28622.exe
        12⤵
        
        PID:932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10168 -s 220
        12⤵
        
        PID:13780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6356 -s 216
        11⤵
        
        PID:10744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4076 -s 216
        10⤵
        
        PID:8312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4032 -s 216
        9⤵
        
        PID:6272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2556 -s 236
        8⤵
        
        PID:4472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2628 -s 240
        7⤵
        Program crash
        
        PID:3076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51638.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45580.exe
        7⤵
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11921.exe
        8⤵
        
        PID:3768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65372.exe
        9⤵
        
        PID:4556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31517.exe
        10⤵
        
        PID:7196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54859.exe
        11⤵
        
        PID:10196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38160.exe
        12⤵
        
        PID:13284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10196 -s 220
        12⤵
        
        PID:13472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4556 -s 216
        10⤵
        
        PID:8380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3768 -s 236
        9⤵
        
        PID:5200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2680 -s 236
        8⤵
        
        PID:4324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10530.exe
        7⤵
        
        PID:3808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45720.exe
        8⤵
        
        PID:4244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38938.exe
        9⤵
        
        PID:7436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22737.exe
        10⤵
        
        PID:10852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53977.exe
        11⤵
        
        PID:4516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10852 -s 216
        11⤵
        
        PID:13344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7436 -s 216
        10⤵
        
        PID:11708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4244 -s 220
        9⤵
        
        PID:9276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3808 -s 216
        8⤵
        
        PID:6548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 220
        7⤵
        Program crash
        
        PID:3644
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2976 -s 240
        6⤵
        Program crash
        
        PID:2036
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2796 -s 240
        5⤵
        Program crash
        
        PID:2064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58680.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58680.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23398.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16382.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14134.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41064.exe
        8⤵
        
        PID:3892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53265.exe
        9⤵
        
        PID:5924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59358.exe
        10⤵
        
        PID:7628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45487.exe
        11⤵
        
        PID:11076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25628.exe
        12⤵
        
        PID:8004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11076 -s 216
        12⤵
        
        PID:7924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7628 -s 220
        11⤵
        
        PID:11864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5924 -s 216
        10⤵
        
        PID:9364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3892 -s 236
        9⤵
        
        PID:6812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1940 -s 216
        8⤵
        Program crash
        
        PID:3464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27660.exe
        7⤵
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33603.exe
        8⤵
        
        PID:3536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41828.exe
        9⤵
        
        PID:5656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22602.exe
        10⤵
        
        PID:7572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50941.exe
        11⤵
        
        PID:10732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6722.exe
        12⤵
        
        PID:7380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10732 -s 236
        12⤵
        
        PID:13432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7572 -s 220
        11⤵
        
        PID:11552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5656 -s 216
        10⤵
        
        PID:9268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3536 -s 216
        9⤵
        
        PID:7084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2916 -s 216
        8⤵
        
        PID:5164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2748 -s 240
        7⤵
        Program crash
        
        PID:2656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63890.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41496.exe
        7⤵
        
        PID:2560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32918.exe
        8⤵
        
        PID:3128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63810.exe
        9⤵
        
        PID:4704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39130.exe
        10⤵
        
        PID:7252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55409.exe
        11⤵
        
        PID:10928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23251.exe
        12⤵
        
        PID:13020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10928 -s 216
        12⤵
        
        PID:13364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7252 -s 236
        11⤵
        
        PID:11756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4704 -s 216
        10⤵
        
        PID:2264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3128 -s 236
        9⤵
        
        PID:5684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6996.exe
        8⤵
        
        PID:4804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29488.exe
        9⤵
        
        PID:6676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-650.exe
        10⤵
        
        PID:9788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29909.exe
        11⤵
        
        PID:13008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9788 -s 216
        11⤵
        
        PID:13200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6676 -s 216
        10⤵
        
        PID:11248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4804 -s 236
        9⤵
        
        PID:8132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2560 -s 240
        8⤵
        
        PID:6072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17136.exe
        7⤵
        
        PID:3188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40074.exe
        8⤵
        
        PID:4852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20417.exe
        9⤵
        
        PID:7788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12347.exe
        10⤵
        
        PID:10284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51616.exe
        11⤵
        
        PID:12436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10284 -s 216
        11⤵
        
        PID:12456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7788 -s 216
        10⤵
        
        PID:11348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4852 -s 216
        9⤵
        
        PID:8940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3188 -s 216
        8⤵
        
        PID:6892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1948 -s 240
        7⤵
        
        PID:4932
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1056 -s 240
        6⤵
        Program crash
        
        PID:2324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-600.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22495.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31190.exe
        7⤵
        
        PID:848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32233.exe
        8⤵
        
        PID:4052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25876.exe
        9⤵
        
        PID:5988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43769.exe
        10⤵
        
        PID:7284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60396.exe
        11⤵
        
        PID:9772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19878.exe
        12⤵
        
        PID:5652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9772 -s 216
        12⤵
        
        PID:13680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7284 -s 216
        11⤵
        
        PID:2372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5988 -s 216
        10⤵
        
        PID:8420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4052 -s 220
        9⤵
        
        PID:6824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 848 -s 236
        8⤵
        
        PID:5436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8283.exe
        7⤵
        
        PID:3232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31330.exe
        8⤵
        
        PID:5056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16141.exe
        9⤵
        
        PID:7604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38606.exe
        10⤵
        
        PID:9736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59540.exe
        11⤵
        
        PID:5952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9736 -s 236
        11⤵
        
        PID:14040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7604 -s 216
        10⤵
        
        PID:10860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5056 -s 216
        9⤵
        
        PID:8712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3232 -s 236
        8⤵
        
        PID:6464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1684 -s 240
        7⤵
        Program crash
        
        PID:4048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42050.exe
        6⤵
        
        PID:1960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52269.exe
        7⤵
        
        PID:3624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49996.exe
        8⤵
        
        PID:5552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27542.exe
        9⤵
        
        PID:6568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43437.exe
        10⤵
        
        PID:9648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48959.exe
        11⤵
        
        PID:13128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9648 -s 216
        11⤵
        
        PID:7392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6568 -s 236
        10⤵
        
        PID:11032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5552 -s 236
        9⤵
        
        PID:8012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3624 -s 216
        8⤵
        
        PID:5996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1960 -s 216
        7⤵
        
        PID:4508
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2932 -s 240
        6⤵
        Program crash
        
        PID:1932
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1272 -s 240
        5⤵
        Program crash
        
        PID:2156
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2520 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:352
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2228 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2540
- C:\Users\Admin\AppData\Local\Temp\Unicorn-1399.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-1399.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2584
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23486.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23486.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30632.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30632.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4840.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29428.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10159.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55167.exe
        8⤵
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29244.exe
        9⤵
        
        PID:1268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38948.exe
        10⤵
        
        PID:3400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64578.exe
        11⤵
        
        PID:4736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48704.exe
        12⤵
        
        PID:8148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56587.exe
        13⤵
        
        PID:10580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53702.exe
        14⤵
        
        PID:12568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10580 -s 220
        14⤵
        
        PID:14116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8148 -s 216
        13⤵
        
        PID:11464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4736 -s 220
        12⤵
        
        PID:8680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3400 -s 216
        11⤵
        
        PID:6792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1268 -s 236
        10⤵
        
        PID:4844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28319.exe
        9⤵
        
        PID:3572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2549.exe
        10⤵
        
        PID:4952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36369.exe
        11⤵
        
        PID:7648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10209.exe
        12⤵
        
        PID:9804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5871.exe
        13⤵
        
        PID:13136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9804 -s 216
        13⤵
        
        PID:13932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7648 -s 216
        12⤵
        
        PID:11300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4952 -s 216
        11⤵
        
        PID:8748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3572 -s 216
        10⤵
        
        PID:6752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1636 -s 240
        9⤵
        
        PID:4364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13462.exe
        8⤵
        
        PID:2300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58299.exe
        9⤵
        
        PID:4084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36399.exe
        10⤵
        
        PID:5472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42503.exe
        11⤵
        
        PID:8564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17361.exe
        12⤵
        
        PID:836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64107.exe
        13⤵
        
        PID:14216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8564 -s 216
        12⤵
        
        PID:12760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5472 -s 236
        11⤵
        
        PID:9684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4084 -s 216
        10⤵
        
        PID:7448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2300 -s 216
        9⤵
        
        PID:4688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2788 -s 240
        8⤵
        Program crash
        
        PID:3292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8659.exe
        7⤵
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61916.exe
        8⤵
        
        PID:3068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58299.exe
        9⤵
        
        PID:4092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11101.exe
        10⤵
        
        PID:5620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47661.exe
        11⤵
        
        PID:6664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22248.exe
        12⤵
        
        PID:10236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19878.exe
        13⤵
        
        PID:12780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10236 -s 216
        13⤵
        
        PID:13672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6664 -s 216
        12⤵
        
        PID:10248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5620 -s 216
        11⤵
        
        PID:7816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3068 -s 216
        9⤵
        
        PID:5032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17821.exe
        8⤵
        
        PID:3820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56410.exe
        9⤵
        
        PID:5084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33764.exe
        10⤵
        
        PID:6832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25887.exe
        11⤵
        
        PID:9948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40599.exe
        12⤵
        
        PID:13156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9948 -s 216
        12⤵
        
        PID:7888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6832 -s 216
        11⤵
        
        PID:10408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5084 -s 216
        10⤵
        
        PID:7760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3820 -s 216
        9⤵
        
        PID:6332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2852 -s 240
        8⤵
        
        PID:4636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1516 -s 240
        7⤵
        Program crash
        
        PID:2652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12660.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47575.exe
        7⤵
        
        PID:1592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55694.exe
        8⤵
        
        PID:1224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53146.exe
        9⤵
        
        PID:3948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36399.exe
        10⤵
        
        PID:5452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43873.exe
        11⤵
        
        PID:8500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10479.exe
        12⤵
        
        PID:12124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50895.exe
        13⤵
        
        PID:13988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8500 -s 216
        12⤵
        
        PID:12624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5452 -s 236
        11⤵
        
        PID:10208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3948 -s 220
        10⤵
        
        PID:7440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34349.exe
        8⤵
        
        PID:4008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15377.exe
        9⤵
        
        PID:5268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9897.exe
        10⤵
        
        PID:7484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63110.exe
        11⤵
        
        PID:10060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52934.exe
        12⤵
        
        PID:13064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10060 -s 216
        12⤵
        
        PID:13964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7484 -s 216
        11⤵
        
        PID:7196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5268 -s 216
        10⤵
        
        PID:8620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4008 -s 216
        9⤵
        
        PID:5156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1592 -s 220
        8⤵
        
        PID:4552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3044 -s 236
        7⤵
        Program crash
        
        PID:3424
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 872 -s 240
        6⤵
        Program crash
        
        PID:1504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9562.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40886.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36693.exe
        7⤵
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26914.exe
        8⤵
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52077.exe
        9⤵
        
        PID:3828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8003.exe
        10⤵
        
        PID:4500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34314.exe
        11⤵
        
        PID:7916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32576.exe
        12⤵
        
        PID:10380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40765.exe
        13⤵
        
        PID:13016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10380 -s 216
        13⤵
        
        PID:14196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7916 -s 220
        12⤵
        
        PID:11388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4500 -s 216
        11⤵
        
        PID:9084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3828 -s 236
        10⤵
        
        PID:5228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28978.exe
        9⤵
        
        PID:4608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34314.exe
        10⤵
        
        PID:7936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56587.exe
        11⤵
        
        PID:10572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49317.exe
        12⤵
        
        PID:12312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10572 -s 220
        12⤵
        
        PID:14276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7936 -s 216
        11⤵
        
        PID:11456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4608 -s 216
        10⤵
        
        PID:9092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2576 -s 240
        9⤵
        
        PID:5324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12367.exe
        8⤵
        
        PID:3984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60302.exe
        9⤵
        
        PID:5308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5308 -s 208
        10⤵
        
        PID:8108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3984 -s 216
        9⤵
        
        PID:7048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2512 -s 240
        8⤵
        
        PID:4544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7048.exe
        7⤵
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19405.exe
        8⤵
        
        PID:3168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-987.exe
        9⤵
        
        PID:5484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38938.exe
        10⤵
        
        PID:7480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18653.exe
        11⤵
        
        PID:10880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20921.exe
        12⤵
        
        PID:13144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10880 -s 216
        12⤵
        
        PID:14240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7480 -s 216
        11⤵
        
        PID:11724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5484 -s 220
        10⤵
        
        PID:9108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3168 -s 220
        9⤵
        
        PID:6856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2600 -s 216
        8⤵
        
        PID:4716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2840 -s 240
        7⤵
        Program crash
        
        PID:3216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4575.exe
        6⤵
        Executes dropped EXE
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20884.exe
        7⤵
        
        PID:500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26504.exe
        8⤵
        
        PID:3712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35798.exe
        9⤵
        
        PID:5464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45523.exe
        10⤵
        
        PID:6264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1190.exe
        11⤵
        
        PID:10052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48492.exe
        12⤵
        
        PID:12560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10052 -s 216
        12⤵
        
        PID:5936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6264 -s 216
        11⤵
        
        PID:10160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5464 -s 216
        10⤵
        
        PID:8208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3712 -s 220
        9⤵
        
        PID:6724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 500 -s 236
        8⤵
        
        PID:4528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33280.exe
        7⤵
        
        PID:3872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46488.exe
        8⤵
        
        PID:5876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27049.exe
        9⤵
        
        PID:6920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50199.exe
        10⤵
        
        PID:10096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21741.exe
        11⤵
        
        PID:13044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10096 -s 216
        11⤵
        
        PID:12572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6920 -s 216
        10⤵
        
        PID:10612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5876 -s 236
        9⤵
        
        PID:7516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3872 -s 220
        8⤵
        
        PID:6656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2564 -s 240
        7⤵
        
        PID:5352
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2968 -s 240
        6⤵
        Program crash
        
        PID:1816
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 816 -s 240
        5⤵
        Program crash
        
        PID:2224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50512.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50512.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29428.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44970.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5294.exe
        7⤵
        
        PID:324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54900.exe
        8⤵
        
        PID:3700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4879.exe
        9⤵
        
        PID:4984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56488.exe
        10⤵
        
        PID:8076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32659.exe
        11⤵
        
        PID:10704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26759.exe
        12⤵
        
        PID:12736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10704 -s 216
        12⤵
        
        PID:14156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8076 -s 220
        11⤵
        
        PID:11540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4984 -s 216
        10⤵
        
        PID:8244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3700 -s 216
        9⤵
        
        PID:6448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 324 -s 236
        8⤵
        
        PID:4264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1928 -s 236
        7⤵
        Program crash
        
        PID:3404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1067.exe
        6⤵
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8631.exe
        7⤵
        
        PID:1968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46047.exe
        8⤵
        
        PID:3172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58356.exe
        9⤵
        
        PID:5124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49244.exe
        10⤵
        
        PID:7520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27205.exe
        11⤵
        
        PID:11008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43531.exe
        12⤵
        
        PID:12724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11008 -s 216
        12⤵
        
        PID:12708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7520 -s 220
        11⤵
        
        PID:11816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5124 -s 216
        10⤵
        
        PID:9296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3172 -s 236
        9⤵
        
        PID:6884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1968 -s 216
        8⤵
        
        PID:5100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17821.exe
        7⤵
        
        PID:3412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33359.exe
        8⤵
        
        PID:5360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41735.exe
        9⤵
        
        PID:8168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48476.exe
        10⤵
        
        PID:10640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51834.exe
        11⤵
        
        PID:7908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10640 -s 216
        11⤵
        
        PID:7912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8168 -s 236
        10⤵
        
        PID:11856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5360 -s 216
        9⤵
        
        PID:9688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3412 -s 216
        8⤵
        
        PID:7220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2740 -s 240
        7⤵
        
        PID:6056
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1416 -s 240
        6⤵
        Program crash
        
        PID:2636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55831.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39407.exe
        6⤵
        
        PID:1340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39358.exe
        7⤵
        
        PID:1276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17459.exe
        8⤵
        
        PID:3672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14801.exe
        9⤵
        
        PID:4652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58159.exe
        10⤵
        
        PID:6992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8481.exe
        11⤵
        
        PID:9624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9624 -s 220
        12⤵
        
        PID:12376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6992 -s 216
        11⤵
        
        PID:10940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4652 -s 216
        10⤵
        
        PID:8368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3672 -s 216
        9⤵
        
        PID:6732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1340 -s 236
        7⤵
        Program crash
        
        PID:4072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54303.exe
        6⤵
        
        PID:1292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33603.exe
        7⤵
        
        PID:3560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25383.exe
        8⤵
        
        PID:5316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53883.exe
        9⤵
        
        PID:7132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62643.exe
        10⤵
        
        PID:10068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31580.exe
        11⤵
        
        PID:12496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10068 -s 236
        11⤵
        
        PID:13080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7132 -s 216
        10⤵
        
        PID:10556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5316 -s 216
        9⤵
        
        PID:4092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3560 -s 220
        8⤵
        
        PID:6456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1292 -s 216
        7⤵
        
        PID:5832
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2196 -s 240
        6⤵
        Program crash
        
        PID:3508
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 692 -s 240
        5⤵
        Program crash
        
        PID:452
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2536 -s 240
      4⤵
      Program crash
      PID:788
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33324.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33324.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47819.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47819.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41872.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57222.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5966.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16800.exe
        8⤵
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56161.exe
        9⤵
        
        PID:3584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25684.exe
        10⤵
        
        PID:4572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50458.exe
        11⤵
        
        PID:8016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25861.exe
        12⤵
        
        PID:10536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39203.exe
        13⤵
        
        PID:13224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10536 -s 216
        13⤵
        
        PID:14264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8016 -s 220
        12⤵
        
        PID:11568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4572 -s 216
        11⤵
        
        PID:9140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3584 -s 216
        10⤵
        
        PID:6776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2904 -s 236
        9⤵
        
        PID:4452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55346.exe
        8⤵
        
        PID:3960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19654.exe
        9⤵
        
        PID:5188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31237.exe
        10⤵
        
        PID:8248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19743.exe
        11⤵
        
        PID:11244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5731.exe
        12⤵
        
        PID:8100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8248 -s 236
        11⤵
        
        PID:12148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5188 -s 216
        10⤵
        
        PID:9744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3960 -s 216
        9⤵
        
        PID:7112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1212 -s 220
        8⤵
        
        PID:5632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2544 -s 236
        7⤵
        Program crash
        
        PID:3120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55722.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20884.exe
        7⤵
        
        PID:2304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31657.exe
        8⤵
        
        PID:3832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36182.exe
        9⤵
        
        PID:6104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29763.exe
        10⤵
        
        PID:7504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9441.exe
        11⤵
        
        PID:10088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46136.exe
        12⤵
        
        PID:12472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10088 -s 216
        12⤵
        
        PID:13596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7504 -s 216
        11⤵
        
        PID:11188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6104 -s 216
        10⤵
        
        PID:8628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3832 -s 216
        9⤵
        
        PID:7156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2304 -s 236
        8⤵
        
        PID:5600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3623.exe
        7⤵
        
        PID:3988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3988 -s 220
        8⤵
        
        PID:6076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2944 -s 220
        7⤵
        
        PID:5696
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1184 -s 240
        6⤵
        Program crash
        
        PID:616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41440.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51659.exe
        6⤵
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47526.exe
        7⤵
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33603.exe
        8⤵
        
        PID:3484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17324.exe
        9⤵
        
        PID:5396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37547.exe
        10⤵
        
        PID:7236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47760.exe
        11⤵
        
        PID:9392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28622.exe
        12⤵
        
        PID:1732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9392 -s 220
        12⤵
        
        PID:13772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5396 -s 216
        10⤵
        
        PID:8404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3484 -s 216
        9⤵
        
        PID:6232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3000 -s 216
        8⤵
        
        PID:4400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32211.exe
        7⤵
        
        PID:3792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10717.exe
        8⤵
        
        PID:5112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4511.exe
        9⤵
        
        PID:7780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52093.exe
        10⤵
        
        PID:11224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65098.exe
        11⤵
        
        PID:13732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11224 -s 216
        11⤵
        
        PID:6596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7780 -s 216
        10⤵
        
        PID:11988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5112 -s 216
        9⤵
        
        PID:9480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3792 -s 216
        8⤵
        
        PID:6704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1532 -s 240
        7⤵
        
        PID:4280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31744.exe
        6⤵
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58299.exe
        7⤵
        
        PID:4056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31906.exe
        8⤵
        
        PID:5144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64490.exe
        9⤵
        
        PID:6984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36001.exe
        10⤵
        
        PID:10012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65103.exe
        11⤵
        
        PID:13212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10012 -s 220
        11⤵
        
        PID:13380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6984 -s 216
        10⤵
        
        PID:10440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5144 -s 236
        9⤵
        
        PID:8028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4056 -s 216
        8⤵
        
        PID:6416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2032 -s 216
        7⤵
        
        PID:5608
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2676 -s 240
        6⤵
        Program crash
        
        PID:3476
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2352 -s 240
        5⤵
        Program crash
        
        PID:308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44373.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44373.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14243.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36693.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35274.exe
        7⤵
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53146.exe
        8⤵
        
        PID:3956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45528.exe
        9⤵
        
        PID:4740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27625.exe
        10⤵
        
        PID:6692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11880.exe
        11⤵
        
        PID:10220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15409.exe
        12⤵
        
        PID:12448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10220 -s 216
        12⤵
        
        PID:13588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6692 -s 216
        11⤵
        
        PID:10816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4740 -s 216
        10⤵
        
        PID:8284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3956 -s 216
        9⤵
        
        PID:6740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2660 -s 236
        8⤵
        
        PID:5068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2488 -s 236
        7⤵
        Program crash
        
        PID:3092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46135.exe
        6⤵
        
        PID:1552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53.exe
        7⤵
        
        PID:3532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3532 -s 220
        8⤵
        
        PID:5536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1552 -s 236
        7⤵
        
        PID:4384
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2876 -s 220
        6⤵
        Program crash
        
        PID:3208
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1696 -s 236
        5⤵
        Program crash
        
        PID:1608
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2208 -s 240
      4⤵
      Program crash
      PID:1716
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2584 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2580
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1728 -s 240
  2⤵
  - Program crash
  PID:2648

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-17548.exe

Filesize
184KB

MD5
63a77933b9e4a835d1e90715753177e1

SHA1
f58bb7d8205019c990aeaec013ab1d7bad83b462

SHA256
e78a57ad14f017c9a6c6cd223a06808a25a1b54957ecc929f196b0a3de8c1c02

SHA512
5c78da4321300bc140f5e2b42b7753910ddf27a3ff43979efa5b0551de03157aeea44f5acaa9ec00ba0de387c0623ab0ab6c99c6a2abf197a9ee6f2e0f7a139b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18653.exe

Filesize
184KB

MD5
9d39fa434250cd39e95c88c6fd55fec2

SHA1
2a9e0db0171a0f39410e166a3c9a9454cdcfe9db

SHA256
1128c085df9334378083d98cd1cf45648de135ffd56b824553c891dccda04e22

SHA512
9259d0154583a104c9764279e2b6981175e91d6770e4a354042e03491a02f9a3ef616476ba43d9901cf94ef484c756eaade6f609acf4a29cb18973d6c400309b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22248.exe

Filesize
184KB

MD5
7c3fd39630f8bd279e6d456bec097af9

SHA1
534ee0d08f52c9ca8e8f3583b9f1b02cb59a061f

SHA256
d25053ec369b0fe04e45390a63742e329d86826dd76f300aa2fabc10cf92762b

SHA512
2bc9a7d1e3cf11792780a24e1f16c31d2d021dcbced8a90749328081cd652bd2d98ad915199ac93f4273d991478ec54b398e744c8db0ed15a302cf22e446b1d2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30632.exe

Filesize
184KB

MD5
08456ecb04d16d991048b8040ffd8c49

SHA1
f02ccc066c4dcf9caa4693e9df70141d3588a408

SHA256
c89bbe3f391c3a664aff3aae186af57744f3e2d9609f67fd8b83b0022d045c42

SHA512
8cf92c52383e915a712af18752be64ce4dffafa3c0ccfcd09835f2a54dca9978f708487f795ae449659400476bae16437f1974627813f971d30bb4df76787790

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33359.exe

Filesize
184KB

MD5
c1f22fca3d4f7d4f67e63b0f5e01e980

SHA1
78e6926166755530f7521ef3f558f65c77b380b3

SHA256
ab4ef3728468b146286e9475254d7dabaa57737259b0c645a717478f02593342

SHA512
b23313085520d8b09047c5e9152d4d7311447becb3bc94cc6246b2e8128d3a309749dc641d8942b55ac48c1138128fa69e5c84099655a08d4a251f67313013a8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3620.exe

Filesize
184KB

MD5
b3f53cffd4b839c86af783495915ed8b

SHA1
c553450d0d5e61bf7e11527550961a97cdc9e3ab

SHA256
5667101b63685ed076931f27c539b94ba50dd5be6f26f7ab431b093b24dc452c

SHA512
5f9bbec4cc7d50f16641a49ea6b08b5331bbe82236a1a26e8684f2c6c7caa8d142552d2c3866340678b92afe5f63c83940f7b27d9a99280a9da3cc52e164ca66

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5966.exe

Filesize
184KB

MD5
08dc6eeefacbeb612252ce8bfe562ca1

SHA1
917ff9e436048e49984fea17c5312d56651c4ee1

SHA256
c24f9d550cda904c802f32e7553d9d2b61bfe6de33b3ad04ea95a3ece3e8aba3

SHA512
52a78fa98bdae3a9adba446467c47249d18876d0766c0f38590cdb5102b4ea7e84dcd08e9824b2205dbe8c8f75c66dc2b74b497f63b8c89c723b84858ac0c08f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6075.exe

Filesize
184KB

MD5
d02dce1ab1286af1742bcb2fecfa0602

SHA1
8d8724bbb6a1a10ffe6505407aa64ed8dc4decde

SHA256
b840bfdfa91f7a7453648d519ac0439d179309a6fa1e0a6786d3f59a52aa5019

SHA512
f2c0a3f7ea6286b7407e1cc6d62a4fd719e375c76a493bd303ef0cb935a173f390c018fc8f11752343ed59801baeb88525e61a27ecb764e32a3727bdd693e9ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6685.exe

Filesize
184KB

MD5
f12677a5d7ba0ac5e27c1b513d33b9f1

SHA1
4040ef05864aff250185ccd9f8003930f5388745

SHA256
b76fffbdcd0e8eae5df0c769ffb3179fa7d051a17d7078d44452f2ab58b4f22e

SHA512
40b9ae1f5ac6ae5ebec23e6367941c5feccdf10da5581432656f2da1c6330b64c41c906c22dd46178b0bb4777ab9d014ab7ec4a2687a79e6cd0cc1bade143d55

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-1399.exe

Filesize
184KB

MD5
4a968745b21eb3a945f1a599f6043286

SHA1
afe1c1f70d33c381f7e2cf21695d16000528d6d5

SHA256
b7e99f7f782ab5ed13515d339ca4bbd8e84ada844f09053230e7abb75355995e

SHA512
31bd6f594854b7b18803f58e5d7022dccf242c9b741f8277a8832b4b5c03a431b1be6c24b85da33ed198a299b49292f8f33337ff8e1d2115ade27ae9e99f749d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-21265.exe

Filesize
184KB

MD5
7c512994d0ce9d711b508f50b42188de

SHA1
73b2d669d0471151108371fce563c2de5692f239

SHA256
964cba66b0359cac64b936efa53bd5ae799edce90ef70aaf9feccd977519f61b

SHA512
851f261f872f58ca11485de084002fd2535916b6441b75ef2bbb57f4643ef741397fadd60720b4f985b5416736fad12d8936e341b90ad3fe22671d97baadde32

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-23320.exe

Filesize
184KB

MD5
21873fc749e2c3d3f23c6a5bb678c72d

SHA1
2740781f94313d49eb5b3ced50d403bb1306610f

SHA256
12f535dba69ff48e20274591fa9d4bae803322585105098784cf3fb954c9c9cd

SHA512
f8ba295600afb5e9e95678b7f836fdd161c7774b98ae811c866ba9d076de590f38d9a2c90e202d639cff9eda139410466b11e221e6647d4891134e651ac62f31

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-23486.exe

Filesize
184KB

MD5
23ebfee2a65562855612016e7299e23e

SHA1
27f577299a02eb701edb186f8bccd8c3434e4222

SHA256
411021f9eabaa6f504d5adfdf50e22f899c952bc716df9b8ef4b17e2e694b176

SHA512
448d7a38a749cec0687dc04ce34fdae656eecf7197671ee9b9fbf5472cce98e5f66e031d806b82e98aa71719853a2eba3d4fc4400ceb228fc9bfcca767badc88

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-32853.exe

Filesize
184KB

MD5
ec2fd95064267ad7c67e4efd94e2d7e7

SHA1
1a021bfbd506ce4a0597f5e75b8e5b5ecc0d0a94

SHA256
f7c7c2f31346f4455908a359677865511f909ee8a0f55db89f7c8fb38fcee44f

SHA512
e932a4ece66c62d9ab4018ace945866d32f35eefe4c28afaf2fb25db25d6849dd43be5a7ca279b40abec48cb8af743fbaa7aca40a97c49537ecf7516f86b2870

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-33324.exe

Filesize
184KB

MD5
b237817d420773cd9ee2d9ad918a4c02

SHA1
a9fcb665af333614d52f60aa715397e86a65ba5b

SHA256
4754ae448fc28386c6f5e518500921c6a65192fb1d6bfc0abff8a69bbaadcb42

SHA512
4be2399f228e27e611ea694b5cbe9c41f6a843c162f32f5d5c6dbc4574e22a30cad66ad7b32b173d3d0b612115f7a1d6419cf52c51354b281089ac3719542d3c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-35738.exe

Filesize
184KB

MD5
daeecd46b6702d01be7cc6d7de278978

SHA1
20ba6672fa9c19b558b2575cc02cbf86c30c39f0

SHA256
f2582b9811e510f91468d744e87bc4b228a421e10bbad2b6f7cffc98ed8c1c8c

SHA512
e75d2b4f654c9b7dc218b5a6b0fe3f5d41b5009072247edd972d0c767b5ca7b5629adcc8f4f1a1380cc9878203ed1d28b392dd9bccac9c208436e781462669da

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-45577.exe

Filesize
184KB

MD5
9db8ba83fc5a63f71a352dc4e36083a1

SHA1
f7d81fcb76fadbd6453de1e474ad86d10b623913

SHA256
5d85670dd8edd1dceffbb75bc26e9b6efa3dbc2d625593f1c34cecd488f01115

SHA512
7789317bddae64144d7f3b26228685041a0968d05fa548d44005335e97e77b8c6472553e734c23cac799f62bcd536a67b7f7abe456616ed14c253aff8ec160ad

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-58680.exe

Filesize
184KB

MD5
b4402b477bf1e1a92d51b0eae8da2a16

SHA1
7f1ded2790761e8fd6450421175a9d49b52fb625

SHA256
3afa8550281eda8c3a9ba21295599cb57cfb1f1445409e63235501ed6a34733f

SHA512
a94298f5e5561345a928efa0edacbe10988215c307def31941978b36f0c83401148ad809c82369698488985a6b1615c3c300636c159ed7d9e0641ce74e7208de

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-61358.exe

Filesize
184KB

MD5
58e7eade0e54d5ec9730e64ae663b80f

SHA1
9d45318f718c2d54688186bf8368c3a7fcf7ef73

SHA256
cbef6c2be69a9db912ae4364487b9dd184205ca74f19d330dd49e9e9474456fc

SHA512
22f69b7ec729b62e925a6ce6b09abde398f4d65a3f140ca5ea1adb87be36d20263ec3192b743fb672a5a6448038ec90fe5e3b28a661b627d64f12043d82df4f2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-63579.exe

Filesize
184KB

MD5
e4a01ec78c5c326a9474c25962a3f7a4

SHA1
d3dcc08bb4936d46d423fd2484c650cade6d3181

SHA256
1fb990db41292fef4da0b8ba110999be6b73e26916a32b8d06e0b41ebb64a0ac

SHA512
a0d9acc919ba01827e679aea40bb48c5cd10d31e1c7f907fbabdf56827167a2bb9055499f6714afd25fe823bf8caa9d2537972ea21e0d530f952daaf248c08e4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-65442.exe

Filesize
184KB

MD5
061b9872ff8273c8e3e912a2695bd2d6

SHA1
eea94f84608382fd1cc0b7c3fe5489eca8472277

SHA256
757f10b865cd4922885d3858022f4964e4f5ae4bc5f5c7f7d19003ca85ae1370

SHA512
23547664d3d2d7413a76e530d2c7e0d5a6c0ca39895d16679238bbc85c1be68003d2fa2e4bad2ae7ecbcba5bfb265a3adb1b1a1202aa5f829ae562228d69f2ea

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads