eeb4d0fe653c94af139ad7855e797307f4c4d8e2f75b6fa0e72b759dd65f2dc3

Analysis

max time kernel
150s
max time network
121s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
01/06/2024, 04:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

eeb4d0fe653c94af139ad7855e797307f4c4d8e2f75b6fa0e72b759dd65f2dc3.exe
Size

184KB
MD5

40170c49a54e78bb3d41749fae10e792
SHA1

f592123e8e49a8840b43b825818f615bfc48bd07
SHA256

eeb4d0fe653c94af139ad7855e797307f4c4d8e2f75b6fa0e72b759dd65f2dc3
SHA512

eab520b19682227c67027c545921fde6678728361a37e03708c972cf1baab880a51cb0778b4bf6da5c7ce35e75922b94c8d98101db03a66c4cb603198dfb1293
SSDEEP

3072:ByF3oxoTlxOAdHFWeRiLRasehlnSYFnn3:ByYom8HFqLAsehlnSYFn

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2992	Unicorn-16138.exe
2108	Unicorn-18572.exe
1916	Unicorn-23210.exe
2792	Unicorn-57497.exe
2520	Unicorn-128.exe
2728	Unicorn-37631.exe
2812	Unicorn-13649.exe
2244	Unicorn-23441.exe
2500	Unicorn-59321.exe
2852	Unicorn-18803.exe
320	Unicorn-26364.exe
1552	Unicorn-64443.exe
1060	Unicorn-18772.exe
2608	Unicorn-26940.exe
2360	Unicorn-26940.exe
896	Unicorn-31578.exe
2848	Unicorn-24967.exe
1488	Unicorn-44833.exe
1836	Unicorn-28305.exe
448	Unicorn-43681.exe
1232	Unicorn-35513.exe
988	Unicorn-40151.exe
1364	Unicorn-40151.exe
1656	Unicorn-51849.exe
764	Unicorn-56488.exe
1320	Unicorn-10816.exe
992	Unicorn-30931.exe
1256	Unicorn-47267.exe
1756	Unicorn-27401.exe
1280	Unicorn-2705.exe
1588	Unicorn-22571.exe
1920	Unicorn-37947.exe
1720	Unicorn-9913.exe
2656	Unicorn-54859.exe
2716	Unicorn-26825.exe
2840	Unicorn-8673.exe
2624	Unicorn-505.exe
2568	Unicorn-18465.exe
2524	Unicorn-16842.exe
2516	Unicorn-16842.exe
2096	Unicorn-33178.exe
2976	Unicorn-37816.exe
1860	Unicorn-32332.exe
2692	Unicorn-28034.exe
532	Unicorn-47708.exe
768	Unicorn-64044.exe
1452	Unicorn-14843.exe
2136	Unicorn-11314.exe
1036	Unicorn-56452.exe
1504	Unicorn-52923.exe
2724	Unicorn-64620.exe
2964	Unicorn-23588.exe
1568	Unicorn-20058.exe
1772	Unicorn-29556.exe
1044	Unicorn-26026.exe
2460	Unicorn-45892.exe
2436	Unicorn-21196.exe
2088	Unicorn-25533.exe
2284	Unicorn-45399.exe
3004	Unicorn-59275.exe
2012	Unicorn-13603.exe
1700	Unicorn-53567.exe
2408	Unicorn-53567.exe
2800	Unicorn-29940.exe

Loads dropped DLL 64 IoCs

pid	Process
2916	eeb4d0fe653c94af139ad7855e797307f4c4d8e2f75b6fa0e72b759dd65f2dc3.exe
2916	eeb4d0fe653c94af139ad7855e797307f4c4d8e2f75b6fa0e72b759dd65f2dc3.exe
2992	Unicorn-16138.exe
2992	Unicorn-16138.exe
2916	eeb4d0fe653c94af139ad7855e797307f4c4d8e2f75b6fa0e72b759dd65f2dc3.exe
2916	eeb4d0fe653c94af139ad7855e797307f4c4d8e2f75b6fa0e72b759dd65f2dc3.exe
2108	Unicorn-18572.exe
1916	Unicorn-23210.exe
1916	Unicorn-23210.exe
2108	Unicorn-18572.exe
2992	Unicorn-16138.exe
2992	Unicorn-16138.exe
2420	WerFault.exe
2420	WerFault.exe
2420	WerFault.exe
2420	WerFault.exe
2420	WerFault.exe
376	WerFault.exe
376	WerFault.exe
376	WerFault.exe
376	WerFault.exe
2108	Unicorn-18572.exe
2108	Unicorn-18572.exe
2728	Unicorn-37631.exe
2728	Unicorn-37631.exe
2792	Unicorn-57497.exe
1916	Unicorn-23210.exe
2792	Unicorn-57497.exe
1916	Unicorn-23210.exe
376	WerFault.exe
1616	WerFault.exe
1616	WerFault.exe
1616	WerFault.exe
1616	WerFault.exe
1936	WerFault.exe
1936	WerFault.exe
1936	WerFault.exe
1936	WerFault.exe
1936	WerFault.exe
1616	WerFault.exe
2244	Unicorn-23441.exe
2244	Unicorn-23441.exe
2728	Unicorn-37631.exe
2728	Unicorn-37631.exe
2812	Unicorn-13649.exe
2812	Unicorn-13649.exe
2500	Unicorn-59321.exe
2852	Unicorn-18803.exe
2500	Unicorn-59321.exe
2852	Unicorn-18803.exe
2792	Unicorn-57497.exe
2792	Unicorn-57497.exe
572	WerFault.exe
572	WerFault.exe
572	WerFault.exe
572	WerFault.exe
572	WerFault.exe
2892	WerFault.exe
2892	WerFault.exe
2892	WerFault.exe
2892	WerFault.exe
2892	WerFault.exe
2244	Unicorn-23441.exe
2244	Unicorn-23441.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2736	2916	WerFault.exe	27
2420	2992	WerFault.exe	28
376	2520	WerFault.exe	32
1616	2108	WerFault.exe	29
1936	1916	WerFault.exe	30
572	2728	WerFault.exe	34
2892	2792	WerFault.exe	33
2904	2244	WerFault.exe	40
2092	2812	WerFault.exe	38
2064	2500	WerFault.exe	37
2004	2852	WerFault.exe	39
2844	320	WerFault.exe	43
2924	1552	WerFault.exe	44
2240	2608	WerFault.exe	46
1952	2360	WerFault.exe	47
2228	896	WerFault.exe	48
2324	2624	WerFault.exe	75
2764	1488	WerFault.exe	52
2532	2848	WerFault.exe	51
2528	1836	WerFault.exe	53
1972	448	WerFault.exe	54
556	1232	WerFault.exe	55
1520	1320	WerFault.exe	59
1512	764	WerFault.exe	60
2304	988	WerFault.exe	56
2316	1364	WerFault.exe	57
2084	1656	WerFault.exe	58
1304	992	WerFault.exe	65
1640	1756	WerFault.exe	66
876	1256	WerFault.exe	67
776	1280	WerFault.exe	69
2748	1588	WerFault.exe	68
2796	1720	WerFault.exe	71
1584	2656	WerFault.exe	72
2540	2716	WerFault.exe	73
1804	2840	WerFault.exe	74
2536	2096	WerFault.exe	79
2236	2568	WerFault.exe	76
1344	2976	WerFault.exe	80
552	2524	WerFault.exe	78
1288	2516	WerFault.exe	77
3972	1608	WerFault.exe	154
4064	2600	WerFault.exe	153
3544	1860	WerFault.exe	83
3716	1452	WerFault.exe	90
3744	2692	WerFault.exe	84
3776	2136	WerFault.exe	91
3932	1700	WerFault.exe	106
3980	768	WerFault.exe	89
1592	2284	WerFault.exe	103
3232	532	WerFault.exe	88
3304	1044	WerFault.exe	98
3400	1568	WerFault.exe	96
3480	1504	WerFault.exe	93
3520	2964	WerFault.exe	95
3664	1036	WerFault.exe	92
3844	2460	WerFault.exe	99
3996	1816	WerFault.exe	124
4036	2724	WerFault.exe	94
3284	912	WerFault.exe	125
3320	1132	WerFault.exe	126
3460	832	WerFault.exe	127
3596	2480	WerFault.exe	128
3628	836	WerFault.exe	129

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2916	eeb4d0fe653c94af139ad7855e797307f4c4d8e2f75b6fa0e72b759dd65f2dc3.exe
2992	Unicorn-16138.exe
1916	Unicorn-23210.exe
2108	Unicorn-18572.exe
2520	Unicorn-128.exe
2792	Unicorn-57497.exe
2728	Unicorn-37631.exe
2244	Unicorn-23441.exe
2812	Unicorn-13649.exe
2500	Unicorn-59321.exe
2852	Unicorn-18803.exe
320	Unicorn-26364.exe
1552	Unicorn-64443.exe
1060	Unicorn-18772.exe
2360	Unicorn-26940.exe
2608	Unicorn-26940.exe
896	Unicorn-31578.exe
1488	Unicorn-44833.exe
2848	Unicorn-24967.exe
1836	Unicorn-28305.exe
448	Unicorn-43681.exe
1232	Unicorn-35513.exe
988	Unicorn-40151.exe
1364	Unicorn-40151.exe
764	Unicorn-56488.exe
1656	Unicorn-51849.exe
1320	Unicorn-10816.exe
992	Unicorn-30931.exe
1756	Unicorn-27401.exe
1256	Unicorn-47267.exe
1280	Unicorn-2705.exe
1588	Unicorn-22571.exe
1920	Unicorn-37947.exe
1720	Unicorn-9913.exe
2656	Unicorn-54859.exe
2716	Unicorn-26825.exe
2624	Unicorn-505.exe
2840	Unicorn-8673.exe
2568	Unicorn-18465.exe
2096	Unicorn-33178.exe
2976	Unicorn-37816.exe
2524	Unicorn-16842.exe
2516	Unicorn-16842.exe
1860	Unicorn-32332.exe
2692	Unicorn-28034.exe
532	Unicorn-47708.exe
768	Unicorn-64044.exe
1452	Unicorn-14843.exe
2136	Unicorn-11314.exe
1036	Unicorn-56452.exe
1504	Unicorn-52923.exe
2724	Unicorn-64620.exe
2964	Unicorn-23588.exe
1568	Unicorn-20058.exe
1772	Unicorn-29556.exe
1044	Unicorn-26026.exe
2460	Unicorn-45892.exe
2436	Unicorn-21196.exe
2088	Unicorn-25533.exe
2284	Unicorn-45399.exe
3004	Unicorn-59275.exe
2012	Unicorn-13603.exe
2408	Unicorn-53567.exe
1700	Unicorn-53567.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2916 wrote to memory of 2992	2916	eeb4d0fe653c94af139ad7855e797307f4c4d8e2f75b6fa0e72b759dd65f2dc3.exe	28
PID 2916 wrote to memory of 2992	2916	eeb4d0fe653c94af139ad7855e797307f4c4d8e2f75b6fa0e72b759dd65f2dc3.exe	28
PID 2916 wrote to memory of 2992	2916	eeb4d0fe653c94af139ad7855e797307f4c4d8e2f75b6fa0e72b759dd65f2dc3.exe	28
PID 2916 wrote to memory of 2992	2916	eeb4d0fe653c94af139ad7855e797307f4c4d8e2f75b6fa0e72b759dd65f2dc3.exe	28
PID 2992 wrote to memory of 2108	2992	Unicorn-16138.exe	29
PID 2992 wrote to memory of 2108	2992	Unicorn-16138.exe	29
PID 2992 wrote to memory of 2108	2992	Unicorn-16138.exe	29
PID 2992 wrote to memory of 2108	2992	Unicorn-16138.exe	29
PID 2916 wrote to memory of 1916	2916	eeb4d0fe653c94af139ad7855e797307f4c4d8e2f75b6fa0e72b759dd65f2dc3.exe	30
PID 2916 wrote to memory of 1916	2916	eeb4d0fe653c94af139ad7855e797307f4c4d8e2f75b6fa0e72b759dd65f2dc3.exe	30
PID 2916 wrote to memory of 1916	2916	eeb4d0fe653c94af139ad7855e797307f4c4d8e2f75b6fa0e72b759dd65f2dc3.exe	30
PID 2916 wrote to memory of 1916	2916	eeb4d0fe653c94af139ad7855e797307f4c4d8e2f75b6fa0e72b759dd65f2dc3.exe	30
PID 2916 wrote to memory of 2736	2916	eeb4d0fe653c94af139ad7855e797307f4c4d8e2f75b6fa0e72b759dd65f2dc3.exe	31
PID 2916 wrote to memory of 2736	2916	eeb4d0fe653c94af139ad7855e797307f4c4d8e2f75b6fa0e72b759dd65f2dc3.exe	31
PID 2916 wrote to memory of 2736	2916	eeb4d0fe653c94af139ad7855e797307f4c4d8e2f75b6fa0e72b759dd65f2dc3.exe	31
PID 2916 wrote to memory of 2736	2916	eeb4d0fe653c94af139ad7855e797307f4c4d8e2f75b6fa0e72b759dd65f2dc3.exe	31
PID 1916 wrote to memory of 2792	1916	Unicorn-23210.exe	33
PID 1916 wrote to memory of 2792	1916	Unicorn-23210.exe	33
PID 1916 wrote to memory of 2792	1916	Unicorn-23210.exe	33
PID 1916 wrote to memory of 2792	1916	Unicorn-23210.exe	33
PID 2108 wrote to memory of 2520	2108	Unicorn-18572.exe	32
PID 2108 wrote to memory of 2520	2108	Unicorn-18572.exe	32
PID 2108 wrote to memory of 2520	2108	Unicorn-18572.exe	32
PID 2108 wrote to memory of 2520	2108	Unicorn-18572.exe	32
PID 2992 wrote to memory of 2728	2992	Unicorn-16138.exe	34
PID 2992 wrote to memory of 2728	2992	Unicorn-16138.exe	34
PID 2992 wrote to memory of 2728	2992	Unicorn-16138.exe	34
PID 2992 wrote to memory of 2728	2992	Unicorn-16138.exe	34
PID 2992 wrote to memory of 2420	2992	Unicorn-16138.exe	35
PID 2992 wrote to memory of 2420	2992	Unicorn-16138.exe	35
PID 2992 wrote to memory of 2420	2992	Unicorn-16138.exe	35
PID 2992 wrote to memory of 2420	2992	Unicorn-16138.exe	35
PID 2520 wrote to memory of 376	2520	Unicorn-128.exe	36
PID 2520 wrote to memory of 376	2520	Unicorn-128.exe	36
PID 2520 wrote to memory of 376	2520	Unicorn-128.exe	36
PID 2520 wrote to memory of 376	2520	Unicorn-128.exe	36
PID 2108 wrote to memory of 2500	2108	Unicorn-18572.exe	37
PID 2108 wrote to memory of 2500	2108	Unicorn-18572.exe	37
PID 2108 wrote to memory of 2500	2108	Unicorn-18572.exe	37
PID 2108 wrote to memory of 2500	2108	Unicorn-18572.exe	37
PID 2728 wrote to memory of 2812	2728	Unicorn-37631.exe	38
PID 2728 wrote to memory of 2812	2728	Unicorn-37631.exe	38
PID 2728 wrote to memory of 2812	2728	Unicorn-37631.exe	38
PID 2728 wrote to memory of 2812	2728	Unicorn-37631.exe	38
PID 2792 wrote to memory of 2852	2792	Unicorn-57497.exe	39
PID 2792 wrote to memory of 2852	2792	Unicorn-57497.exe	39
PID 2792 wrote to memory of 2852	2792	Unicorn-57497.exe	39
PID 2792 wrote to memory of 2852	2792	Unicorn-57497.exe	39
PID 1916 wrote to memory of 2244	1916	Unicorn-23210.exe	40
PID 1916 wrote to memory of 2244	1916	Unicorn-23210.exe	40
PID 1916 wrote to memory of 2244	1916	Unicorn-23210.exe	40
PID 1916 wrote to memory of 2244	1916	Unicorn-23210.exe	40
PID 2108 wrote to memory of 1616	2108	Unicorn-18572.exe	41
PID 2108 wrote to memory of 1616	2108	Unicorn-18572.exe	41
PID 2108 wrote to memory of 1616	2108	Unicorn-18572.exe	41
PID 2108 wrote to memory of 1616	2108	Unicorn-18572.exe	41
PID 1916 wrote to memory of 1936	1916	Unicorn-23210.exe	42
PID 1916 wrote to memory of 1936	1916	Unicorn-23210.exe	42
PID 1916 wrote to memory of 1936	1916	Unicorn-23210.exe	42
PID 1916 wrote to memory of 1936	1916	Unicorn-23210.exe	42
PID 2244 wrote to memory of 320	2244	Unicorn-23441.exe	43
PID 2244 wrote to memory of 320	2244	Unicorn-23441.exe	43
PID 2244 wrote to memory of 320	2244	Unicorn-23441.exe	43
PID 2244 wrote to memory of 320	2244	Unicorn-23441.exe	43

C:\Users\Admin\AppData\Local\Temp\eeb4d0fe653c94af139ad7855e797307f4c4d8e2f75b6fa0e72b759dd65f2dc3.exe
"C:\Users\Admin\AppData\Local\Temp\eeb4d0fe653c94af139ad7855e797307f4c4d8e2f75b6fa0e72b759dd65f2dc3.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2916
- C:\Users\Admin\AppData\Local\Temp\Unicorn-16138.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-16138.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2992
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18572.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18572.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-128.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-128.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2520
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2520 -s 244
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59321.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59321.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26940.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43681.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37947.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23588.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26105.exe
        9⤵
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64994.exe
        10⤵
        
        PID:3444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2135.exe
        11⤵
        
        PID:5040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37764.exe
        12⤵
        
        PID:6908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55699.exe
        13⤵
        
        PID:8676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62563.exe
        14⤵
        
        PID:10920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57147.exe
        15⤵
        
        PID:6940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10920 -s 216
        15⤵
        
        PID:8484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8676 -s 216
        14⤵
        
        PID:11768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6908 -s 216
        13⤵
        
        PID:9492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5040 -s 216
        12⤵
        
        PID:7912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3444 -s 216
        11⤵
        
        PID:5464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2616 -s 236
        10⤵
        
        PID:3388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53297.exe
        9⤵
        
        PID:3472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61969.exe
        10⤵
        
        PID:4576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1889.exe
        11⤵
        
        PID:5564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47147.exe
        12⤵
        
        PID:8716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55355.exe
        13⤵
        
        PID:11128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8405.exe
        14⤵
        
        PID:6924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11128 -s 220
        14⤵
        
        PID:3576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8716 -s 216
        13⤵
        
        PID:11988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5564 -s 216
        12⤵
        
        PID:9508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4576 -s 216
        11⤵
        
        PID:7288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3472 -s 236
        10⤵
        
        PID:6000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2964 -s 240
        9⤵
        Program crash
        
        PID:3520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47848.exe
        8⤵
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64802.exe
        9⤵
        
        PID:3580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12960.exe
        10⤵
        
        PID:4492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17925.exe
        11⤵
        
        PID:6416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51122.exe
        12⤵
        
        PID:9108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42885.exe
        13⤵
        
        PID:10712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18528.exe
        14⤵
        
        PID:12972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9108 -s 220
        13⤵
        
        PID:12164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6416 -s 216
        12⤵
        
        PID:9968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4492 -s 216
        11⤵
        
        PID:7584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3580 -s 216
        10⤵
        
        PID:6032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2672 -s 236
        9⤵
        
        PID:3648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20058.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34273.exe
        8⤵
        
        PID:748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23962.exe
        9⤵
        
        PID:3504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27024.exe
        10⤵
        
        PID:4920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43773.exe
        11⤵
        
        PID:6364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42762.exe
        12⤵
        
        PID:9000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43954.exe
        13⤵
        
        PID:10532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10532 -s 212
        14⤵
        
        PID:12296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9000 -s 216
        13⤵
        
        PID:12144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6364 -s 216
        12⤵
        
        PID:9844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4920 -s 236
        11⤵
        
        PID:7516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3504 -s 236
        10⤵
        
        PID:5196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 748 -s 236
        9⤵
        
        PID:3752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20432.exe
        8⤵
        
        PID:3536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12960.exe
        9⤵
        
        PID:4500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49995.exe
        10⤵
        
        PID:6840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45725.exe
        11⤵
        
        PID:8640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4779.exe
        12⤵
        
        PID:10824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57199.exe
        13⤵
        
        PID:8320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8640 -s 216
        12⤵
        
        PID:4240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6840 -s 216
        11⤵
        
        PID:10080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4500 -s 216
        10⤵
        
        PID:7896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3536 -s 216
        9⤵
        
        PID:5908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1568 -s 240
        8⤵
        Program crash
        
        PID:3400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 448 -s 240
        7⤵
        Program crash
        
        PID:1972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9913.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64620.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51185.exe
        8⤵
        
        PID:1048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9545.exe
        9⤵
        
        PID:3672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18664.exe
        10⤵
        
        PID:4988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11339.exe
        11⤵
        
        PID:6720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1389.exe
        12⤵
        
        PID:9188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58230.exe
        13⤵
        
        PID:11160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20033.exe
        14⤵
        
        PID:13044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9188 -s 236
        13⤵
        
        PID:12428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6720 -s 216
        12⤵
        
        PID:6760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4988 -s 216
        11⤵
        
        PID:7780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3672 -s 216
        10⤵
        
        PID:5240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1048 -s 236
        9⤵
        
        PID:4212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54641.exe
        8⤵
        
        PID:3732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44512.exe
        9⤵
        
        PID:4304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1313.exe
        10⤵
        
        PID:6192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59160.exe
        11⤵
        
        PID:8276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14623.exe
        12⤵
        
        PID:10736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42723.exe
        13⤵
        
        PID:7076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10736 -s 216
        13⤵
        
        PID:12520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8276 -s 220
        12⤵
        
        PID:11696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6192 -s 216
        11⤵
        
        PID:9284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4304 -s 216
        10⤵
        
        PID:7440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3732 -s 216
        9⤵
        
        PID:5416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2724 -s 240
        8⤵
        Program crash
        
        PID:4036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9830.exe
        7⤵
        
        PID:1820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-609.exe
        8⤵
        
        PID:3764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42483.exe
        9⤵
        
        PID:5048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21127.exe
        10⤵
        
        PID:6520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31068.exe
        11⤵
        
        PID:9088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31287.exe
        12⤵
        
        PID:10724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37983.exe
        13⤵
        
        PID:7464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9088 -s 216
        12⤵
        
        PID:12388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6520 -s 216
        11⤵
        
        PID:9984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5048 -s 216
        10⤵
        
        PID:7248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3764 -s 216
        9⤵
        
        PID:5680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1820 -s 236
        8⤵
        
        PID:4512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1720 -s 240
        7⤵
        Program crash
        
        PID:2796
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2608 -s 220
        6⤵
        Program crash
        
        PID:2240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40151.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16842.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53567.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22544.exe
        8⤵
        
        PID:3640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1943.exe
        9⤵
        
        PID:4812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13866.exe
        10⤵
        
        PID:5700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33888.exe
        11⤵
        
        PID:8516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30960.exe
        12⤵
        
        PID:10708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40502.exe
        13⤵
        
        PID:6800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10708 -s 216
        13⤵
        
        PID:7592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8516 -s 220
        12⤵
        
        PID:11672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5700 -s 216
        11⤵
        
        PID:9356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4812 -s 236
        10⤵
        
        PID:6656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3640 -s 216
        9⤵
        
        PID:5620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15798.exe
        7⤵
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39141.exe
        8⤵
        
        PID:3436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42867.exe
        9⤵
        
        PID:4388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62673.exe
        10⤵
        
        PID:6856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45344.exe
        11⤵
        
        PID:8292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39842.exe
        12⤵
        
        PID:12120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8292 -s 236
        12⤵
        
        PID:12640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6856 -s 216
        11⤵
        
        PID:10264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4388 -s 216
        10⤵
        
        PID:8504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3436 -s 216
        9⤵
        
        PID:4024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3028 -s 236
        8⤵
        
        PID:4944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2516 -s 240
        7⤵
        Program crash
        
        PID:1288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50038.exe
        6⤵
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10967.exe
        7⤵
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49125.exe
        8⤵
        
        PID:3908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53064.exe
        9⤵
        
        PID:4616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41189.exe
        10⤵
        
        PID:6676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17168.exe
        11⤵
        
        PID:8408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53160.exe
        12⤵
        
        PID:10308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26932.exe
        13⤵
        
        PID:5644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10308 -s 216
        13⤵
        
        PID:13204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8408 -s 216
        12⤵
        
        PID:11508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6676 -s 216
        11⤵
        
        PID:9264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4616 -s 216
        10⤵
        
        PID:7752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3908 -s 236
        9⤵
        
        PID:5316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2740 -s 236
        8⤵
        
        PID:4684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53764.exe
        7⤵
        
        PID:3956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19323.exe
        8⤵
        
        PID:3888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44588.exe
        9⤵
        
        PID:7096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55699.exe
        10⤵
        
        PID:8668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56699.exe
        11⤵
        
        PID:10980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21893.exe
        12⤵
        
        PID:12848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10980 -s 236
        12⤵
        
        PID:12372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8668 -s 216
        11⤵
        
        PID:11872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7096 -s 216
        10⤵
        
        PID:9500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3888 -s 216
        9⤵
        
        PID:8000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3956 -s 216
        8⤵
        
        PID:5976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2336 -s 220
        7⤵
        
        PID:3236
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 988 -s 240
        6⤵
        Program crash
        
        PID:2304
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2500 -s 240
        5⤵
        Program crash
        
        PID:2064
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2108 -s 220
      4⤵
      Loads dropped DLL
      Program crash
      PID:1616
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37631.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37631.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13649.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13649.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18772.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35513.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54859.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29556.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11159.exe
        9⤵
        
        PID:944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49125.exe
        10⤵
        
        PID:3916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2169.exe
        11⤵
        
        PID:5020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13674.exe
        12⤵
        
        PID:5500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13000.exe
        13⤵
        
        PID:8156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58183.exe
        14⤵
        
        PID:10728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18359.exe
        15⤵
        
        PID:13004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10728 -s 216
        15⤵
        
        PID:12784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8156 -s 236
        14⤵
        
        PID:10940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5500 -s 216
        13⤵
        
        PID:8968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5020 -s 236
        12⤵
        
        PID:6736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3916 -s 236
        11⤵
        
        PID:5544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 944 -s 216
        10⤵
        
        PID:4996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53764.exe
        9⤵
        
        PID:3948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34467.exe
        10⤵
        
        PID:5148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5148 -s 220
        11⤵
        
        PID:6692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3948 -s 216
        10⤵
        
        PID:7052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1772 -s 220
        9⤵
        
        PID:4284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29119.exe
        8⤵
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64558.exe
        9⤵
        
        PID:3492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13160.exe
        10⤵
        
        PID:5772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4749.exe
        11⤵
        
        PID:7352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11696.exe
        12⤵
        
        PID:11104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28213.exe
        13⤵
        
        PID:12556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11104 -s 216
        13⤵
        
        PID:13120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7352 -s 216
        12⤵
        
        PID:11380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5772 -s 216
        11⤵
        
        PID:8372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3492 -s 236
        10⤵
        
        PID:6268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2452 -s 216
        9⤵
        
        PID:5376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2656 -s 240
        8⤵
        Program crash
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26026.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44937.exe
        8⤵
        
        PID:3564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30449.exe
        9⤵
        
        PID:4368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28506.exe
        10⤵
        
        PID:6328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19026.exe
        11⤵
        
        PID:8960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42885.exe
        12⤵
        
        PID:10740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11236.exe
        13⤵
        
        PID:13052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8960 -s 220
        12⤵
        
        PID:12172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6328 -s 216
        11⤵
        
        PID:9792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4368 -s 216
        10⤵
        
        PID:7484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3564 -s 236
        9⤵
        
        PID:5980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1044 -s 236
        8⤵
        Program crash
        
        PID:3304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1232 -s 240
        7⤵
        Program crash
        
        PID:556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26825.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45892.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42825.exe
        8⤵
        
        PID:492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41450.exe
        9⤵
        
        PID:3808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51611.exe
        10⤵
        
        PID:4364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19892.exe
        11⤵
        
        PID:7124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16539.exe
        12⤵
        
        PID:8736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44478.exe
        13⤵
        
        PID:10880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29708.exe
        14⤵
        
        PID:13192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10880 -s 216
        14⤵
        
        PID:12864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8736 -s 216
        13⤵
        
        PID:10808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7124 -s 216
        12⤵
        
        PID:10132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4364 -s 216
        11⤵
        
        PID:8020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3808 -s 236
        10⤵
        
        PID:5164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 492 -s 236
        9⤵
        
        PID:4608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20515.exe
        8⤵
        
        PID:3836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17320.exe
        9⤵
        
        PID:5076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43005.exe
        10⤵
        
        PID:6540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36706.exe
        11⤵
        
        PID:9172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40109.exe
        12⤵
        
        PID:11032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55725.exe
        13⤵
        
        PID:13236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9172 -s 216
        12⤵
        
        PID:12272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6540 -s 216
        11⤵
        
        PID:9892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5076 -s 236
        10⤵
        
        PID:7632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3836 -s 236
        9⤵
        
        PID:5812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2460 -s 240
        8⤵
        Program crash
        
        PID:3844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45648.exe
        7⤵
        
        PID:632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22229.exe
        8⤵
        
        PID:3248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51419.exe
        9⤵
        
        PID:4444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2211.exe
        10⤵
        
        PID:6760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37749.exe
        11⤵
        
        PID:8512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49045.exe
        12⤵
        
        PID:10848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5180.exe
        13⤵
        
        PID:13168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8512 -s 216
        12⤵
        
        PID:12184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4444 -s 216
        10⤵
        
        PID:7828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3248 -s 236
        9⤵
        
        PID:5192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 632 -s 236
        8⤵
        
        PID:4860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2716 -s 240
        7⤵
        Program crash
        
        PID:2540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40151.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16842.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53567.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19328.exe
        8⤵
        
        PID:804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55669.exe
        9⤵
        
        PID:3332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34424.exe
        10⤵
        
        PID:5104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10903.exe
        11⤵
        
        PID:6812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53512.exe
        12⤵
        
        PID:9152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63085.exe
        13⤵
        
        PID:11936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9152 -s 216
        13⤵
        
        PID:12584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6812 -s 216
        12⤵
        
        PID:10256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5104 -s 216
        11⤵
        
        PID:8476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3332 -s 236
        10⤵
        
        PID:5832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 804 -s 236
        9⤵
        
        PID:4888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1700 -s 236
        8⤵
        Program crash
        
        PID:3932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2524 -s 216
        7⤵
        Program crash
        
        PID:552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50038.exe
        6⤵
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50993.exe
        7⤵
        
        PID:796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40765.exe
        8⤵
        
        PID:4020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51803.exe
        9⤵
        
        PID:4856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18501.exe
        10⤵
        
        PID:6496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34786.exe
        11⤵
        
        PID:9092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56253.exe
        12⤵
        
        PID:11184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31138.exe
        13⤵
        
        PID:8204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9092 -s 216
        12⤵
        
        PID:11204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6496 -s 216
        11⤵
        
        PID:9872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4856 -s 216
        10⤵
        
        PID:7620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 796 -s 216
        8⤵
        
        PID:4744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43587.exe
        7⤵
        
        PID:4048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46357.exe
        8⤵
        
        PID:4760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45299.exe
        9⤵
        
        PID:6556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54877.exe
        10⤵
        
        PID:9836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30081.exe
        11⤵
        
        PID:12356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9836 -s 216
        11⤵
        
        PID:12768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6556 -s 236
        10⤵
        
        PID:10508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4760 -s 216
        9⤵
        
        PID:9160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4048 -s 216
        8⤵
        
        PID:7148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2708 -s 220
        7⤵
        
        PID:4728
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1364 -s 240
        6⤵
        Program crash
        
        PID:2316
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2812 -s 240
        5⤵
        Program crash
        
        PID:2092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64443.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64443.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28305.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22571.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56452.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9960.exe
        8⤵
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56442.exe
        9⤵
        
        PID:3312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54569.exe
        10⤵
        
        PID:4232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28122.exe
        11⤵
        
        PID:6260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58968.exe
        12⤵
        
        PID:8344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53160.exe
        13⤵
        
        PID:1388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39926.exe
        14⤵
        
        PID:7072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1388 -s 216
        14⤵
        
        PID:12476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8344 -s 216
        13⤵
        
        PID:11616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6260 -s 216
        12⤵
        
        PID:9384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4232 -s 216
        11⤵
        
        PID:7456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3312 -s 236
        10⤵
        
        PID:5940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1744 -s 236
        9⤵
        
        PID:2408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8865.exe
        8⤵
        
        PID:3344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16360.exe
        9⤵
        
        PID:4704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53280.exe
        10⤵
        
        PID:5144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31065.exe
        11⤵
        
        PID:8212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2096.exe
        12⤵
        
        PID:11244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34970.exe
        13⤵
        
        PID:12948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11244 -s 216
        13⤵
        
        PID:6776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8212 -s 216
        12⤵
        
        PID:11568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5144 -s 216
        11⤵
        
        PID:9236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4704 -s 216
        10⤵
        
        PID:6708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3344 -s 236
        9⤵
        
        PID:5468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1036 -s 240
        8⤵
        Program crash
        
        PID:3664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39103.exe
        7⤵
        
        PID:1444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48082.exe
        8⤵
        
        PID:3376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30257.exe
        9⤵
        
        PID:4428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28506.exe
        10⤵
        
        PID:6340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33504.exe
        11⤵
        
        PID:8436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53160.exe
        12⤵
        
        PID:10316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8052.exe
        13⤵
        
        PID:12876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10316 -s 216
        13⤵
        
        PID:7796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8436 -s 216
        12⤵
        
        PID:11556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6340 -s 216
        11⤵
        
        PID:9276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4428 -s 216
        10⤵
        
        PID:7476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3376 -s 236
        9⤵
        
        PID:6008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1444 -s 236
        8⤵
        
        PID:3224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1588 -s 240
        7⤵
        Program crash
        
        PID:2748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52923.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43785.exe
        7⤵
        
        PID:908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22866.exe
        8⤵
        
        PID:3880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63207.exe
        9⤵
        
        PID:5300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39757.exe
        10⤵
        
        PID:7552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65199.exe
        11⤵
        
        PID:10668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1721.exe
        12⤵
        
        PID:12916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10668 -s 236
        12⤵
        
        PID:6864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7552 -s 236
        11⤵
        
        PID:10156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5300 -s 216
        10⤵
        
        PID:9052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3880 -s 216
        9⤵
        
        PID:6640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 908 -s 236
        8⤵
        
        PID:4596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17225.exe
        7⤵
        
        PID:3288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21129.exe
        8⤵
        
        PID:4528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41962.exe
        9⤵
        
        PID:5476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54739.exe
        10⤵
        
        PID:8816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33538.exe
        11⤵
        
        PID:11116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38045.exe
        12⤵
        
        PID:13132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8816 -s 216
        11⤵
        
        PID:11976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5476 -s 216
        10⤵
        
        PID:9540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4528 -s 216
        9⤵
        
        PID:7392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3288 -s 236
        8⤵
        
        PID:6056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1504 -s 240
        7⤵
        Program crash
        
        PID:3480
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1836 -s 240
        6⤵
        Program crash
        
        PID:2528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2705.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14843.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34329.exe
        7⤵
        
        PID:1092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1092 -s 240
        8⤵
        
        PID:4548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1452 -s 236
        7⤵
        Program crash
        
        PID:3716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65445.exe
        6⤵
        
        PID:1132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21907.exe
        7⤵
        
        PID:2144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53334.exe
        8⤵
        
        PID:3904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17898.exe
        9⤵
        
        PID:6884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54085.exe
        10⤵
        
        PID:8556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53404.exe
        11⤵
        
        PID:11220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57007.exe
        12⤵
        
        PID:8464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8556 -s 216
        11⤵
        
        PID:12028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6884 -s 220
        10⤵
        
        PID:10056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3904 -s 216
        9⤵
        
        PID:7904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2144 -s 236
        8⤵
        
        PID:5804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1132 -s 236
        7⤵
        Program crash
        
        PID:3320
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1280 -s 240
        6⤵
        Program crash
        
        PID:776
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1552 -s 240
        5⤵
        Program crash
        
        PID:2924
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2728 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:572
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2992 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2420
- C:\Users\Admin\AppData\Local\Temp\Unicorn-23210.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-23210.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1916
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57497.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57497.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18803.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18803.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26940.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10816.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-505.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2624 -s 240
        8⤵
        Program crash
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25533.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36240.exe
        8⤵
        
        PID:1608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1608 -s 240
        9⤵
        Program crash
        
        PID:3972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29067.exe
        8⤵
        
        PID:3984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51803.exe
        9⤵
        
        PID:4832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13150.exe
        10⤵
        
        PID:6276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31636.exe
        11⤵
        
        PID:8812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22460.exe
        12⤵
        
        PID:10480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32098.exe
        13⤵
        
        PID:8188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8812 -s 220
        12⤵
        
        PID:5248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6276 -s 216
        11⤵
        
        PID:10188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4832 -s 216
        10⤵
        
        PID:8100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3984 -s 216
        9⤵
        
        PID:6120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2088 -s 240
        8⤵
        
        PID:4256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1320 -s 240
        7⤵
        Program crash
        
        PID:1520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18465.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13603.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40817.exe
        8⤵
        
        PID:1088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32789.exe
        9⤵
        
        PID:3872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10721.exe
        10⤵
        
        PID:5096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48646.exe
        11⤵
        
        PID:6596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1306.exe
        12⤵
        
        PID:8908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62724.exe
        13⤵
        
        PID:11096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29623.exe
        14⤵
        
        PID:8184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8908 -s 220
        13⤵
        
        PID:12132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6596 -s 216
        12⤵
        
        PID:10196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5096 -s 216
        11⤵
        
        PID:7500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3872 -s 236
        10⤵
        
        PID:6404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1088 -s 236
        9⤵
        
        PID:4200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53764.exe
        8⤵
        
        PID:3964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18171.exe
        9⤵
        
        PID:4876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51282.exe
        10⤵
        
        PID:5528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37827.exe
        11⤵
        
        PID:8768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37078.exe
        12⤵
        
        PID:10788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25842.exe
        13⤵
        
        PID:12976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10788 -s 216
        13⤵
        
        PID:12700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8768 -s 236
        12⤵
        
        PID:11060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5528 -s 216
        11⤵
        
        PID:9564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4876 -s 216
        10⤵
        
        PID:7328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3964 -s 216
        9⤵
        
        PID:6128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2012 -s 240
        8⤵
        
        PID:4392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2568 -s 236
        7⤵
        Program crash
        
        PID:2236
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2360 -s 240
        6⤵
        Program crash
        
        PID:1952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56488.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8673.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21196.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10967.exe
        8⤵
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47501.exe
        9⤵
        
        PID:3364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59203.exe
        10⤵
        
        PID:4536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21044.exe
        11⤵
        
        PID:6976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61869.exe
        12⤵
        
        PID:8456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21064.exe
        13⤵
        
        PID:10420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39694.exe
        14⤵
        
        PID:7528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10420 -s 216
        14⤵
        
        PID:8428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8456 -s 216
        13⤵
        
        PID:11608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6976 -s 216
        12⤵
        
        PID:10180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4536 -s 216
        11⤵
        
        PID:7960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3364 -s 236
        10⤵
        
        PID:5168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2872 -s 216
        9⤵
        
        PID:4896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2939.exe
        8⤵
        
        PID:3408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10962.exe
        9⤵
        
        PID:4680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65309.exe
        10⤵
        
        PID:6644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3841.exe
        11⤵
        
        PID:9212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65381.exe
        12⤵
        
        PID:10888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59572.exe
        13⤵
        
        PID:12100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10888 -s 216
        13⤵
        
        PID:12720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6644 -s 216
        11⤵
        
        PID:9948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4680 -s 216
        10⤵
        
        PID:7704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3408 -s 216
        9⤵
        
        PID:5788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2436 -s 240
        8⤵
        
        PID:4156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16374.exe
        7⤵
        
        PID:2952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64558.exe
        8⤵
        
        PID:3524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21137.exe
        9⤵
        
        PID:5816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13576.exe
        10⤵
        
        PID:2060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26409.exe
        11⤵
        
        PID:11188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34970.exe
        12⤵
        
        PID:12956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11188 -s 216
        12⤵
        
        PID:6476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2060 -s 236
        11⤵
        
        PID:11516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5816 -s 236
        10⤵
        
        PID:9080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3524 -s 236
        9⤵
        
        PID:6296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2952 -s 216
        8⤵
        
        PID:5400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2840 -s 240
        7⤵
        Program crash
        
        PID:1804
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 764 -s 236
        6⤵
        Program crash
        
        PID:1512
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2852 -s 240
        5⤵
        Program crash
        
        PID:2004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31578.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31578.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51849.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33178.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45399.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36240.exe
        8⤵
        
        PID:2600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2600 -s 240
        9⤵
        Program crash
        
        PID:4064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10723.exe
        8⤵
        
        PID:4088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2284 -s 240
        8⤵
        Program crash
        
        PID:1592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16374.exe
        7⤵
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12124.exe
        8⤵
        
        PID:3700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61209.exe
        9⤵
        
        PID:5844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29529.exe
        10⤵
        
        PID:7984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51105.exe
        11⤵
        
        PID:11164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20985.exe
        12⤵
        
        PID:12496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11164 -s 216
        12⤵
        
        PID:7660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7984 -s 216
        11⤵
        
        PID:11480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5844 -s 216
        10⤵
        
        PID:8896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3700 -s 236
        9⤵
        
        PID:6336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2688 -s 216
        8⤵
        
        PID:5424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 240
        7⤵
        Program crash
        
        PID:2536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59275.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65321.exe
        7⤵
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63261.exe
        8⤵
        
        PID:3204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34891.exe
        9⤵
        
        PID:5092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36612.exe
        10⤵
        
        PID:7016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54085.exe
        11⤵
        
        PID:7612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20156.exe
        12⤵
        
        PID:11020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56815.exe
        13⤵
        
        PID:5864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7612 -s 216
        12⤵
        
        PID:11564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7016 -s 220
        11⤵
        
        PID:10048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5092 -s 216
        10⤵
        
        PID:7968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3204 -s 216
        9⤵
        
        PID:5360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2720 -s 236
        8⤵
        
        PID:4848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18699.exe
        7⤵
        
        PID:3280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26531.exe
        8⤵
        
        PID:4296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57141.exe
        9⤵
        
        PID:6612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6612 -s 220
        10⤵
        
        PID:8564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4296 -s 216
        9⤵
        
        PID:7696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3280 -s 216
        8⤵
        
        PID:5988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3004 -s 240
        7⤵
        
        PID:4480
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1656 -s 240
        6⤵
        Program crash
        
        PID:2084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37816.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29940.exe
        6⤵
        Executes dropped EXE
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24481.exe
        7⤵
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40765.exe
        8⤵
        
        PID:4012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35467.exe
        9⤵
        
        PID:4732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41962.exe
        10⤵
        
        PID:5160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15627.exe
        11⤵
        
        PID:8912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39979.exe
        12⤵
        
        PID:11072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9975.exe
        13⤵
        
        PID:12900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8912 -s 216
        12⤵
        
        PID:11916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5160 -s 216
        11⤵
        
        PID:9688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4732 -s 236
        10⤵
        
        PID:7384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4012 -s 216
        9⤵
        
        PID:5212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2400 -s 236
        8⤵
        
        PID:4752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43587.exe
        7⤵
        
        PID:4040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10529.exe
        8⤵
        
        PID:4348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38039.exe
        9⤵
        
        PID:6428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62907.exe
        10⤵
        
        PID:8800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46974.exe
        11⤵
        
        PID:10960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28001.exe
        12⤵
        
        PID:12304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10960 -s 216
        12⤵
        
        PID:12932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8800 -s 216
        11⤵
        
        PID:11284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6428 -s 216
        10⤵
        
        PID:9532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4348 -s 216
        9⤵
        
        PID:8172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4040 -s 236
        8⤵
        
        PID:6440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2800 -s 240
        7⤵
        
        PID:4244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64999.exe
        6⤵
        
        PID:1064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14252.exe
        7⤵
        
        PID:4076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13492.exe
        8⤵
        
        PID:4408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64458.exe
        9⤵
        
        PID:6552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12230.exe
        10⤵
        
        PID:9696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56230.exe
        11⤵
        
        PID:12460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9696 -s 216
        11⤵
        
        PID:12812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6552 -s 216
        10⤵
        
        PID:10860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4408 -s 216
        9⤵
        
        PID:8384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4076 -s 216
        8⤵
        
        PID:7004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1064 -s 236
        7⤵
        
        PID:4792
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2976 -s 240
        6⤵
        Program crash
        
        PID:1344
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 896 -s 240
        5⤵
        Program crash
        
        PID:2228
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2792 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:2892
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23441.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23441.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26364.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26364.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44833.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30931.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32332.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42166.exe
        8⤵
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19027.exe
        9⤵
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56821.exe
        10⤵
        
        PID:3660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43861.exe
        11⤵
        
        PID:4700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21371.exe
        12⤵
        
        PID:6624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54877.exe
        13⤵
        
        PID:9828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35369.exe
        14⤵
        
        PID:11960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9828 -s 236
        14⤵
        
        PID:12736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6624 -s 216
        13⤵
        
        PID:10516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4700 -s 216
        12⤵
        
        PID:9200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3660 -s 236
        11⤵
        
        PID:6820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1600 -s 236
        10⤵
        
        PID:4120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45124.exe
        9⤵
        
        PID:3692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3212.exe
        10⤵
        
        PID:4332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5688.exe
        11⤵
        
        PID:6956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21224.exe
        12⤵
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29453.exe
        13⤵
        
        PID:11964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2912 -s 236
        13⤵
        
        PID:12592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6956 -s 216
        12⤵
        
        PID:10280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4332 -s 216
        11⤵
        
        PID:8604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3692 -s 216
        10⤵
        
        PID:6748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1604 -s 240
        9⤵
        
        PID:4968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40001.exe
        8⤵
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35524.exe
        9⤵
        
        PID:3828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17660.exe
        10⤵
        
        PID:5200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28626.exe
        11⤵
        
        PID:7264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32283.exe
        12⤵
        
        PID:10328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58825.exe
        13⤵
        
        PID:12692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10328 -s 216
        13⤵
        
        PID:6936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7264 -s 236
        12⤵
        
        PID:10344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5200 -s 216
        11⤵
        
        PID:8712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3828 -s 216
        10⤵
        
        PID:6212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1664 -s 236
        9⤵
        
        PID:4644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1860 -s 240
        8⤵
        Program crash
        
        PID:3544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46805.exe
        7⤵
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44107.exe
        8⤵
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35607.exe
        9⤵
        
        PID:4000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12501.exe
        10⤵
        
        PID:5512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18782.exe
        11⤵
        
        PID:8120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3528.exe
        12⤵
        
        PID:11120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5011.exe
        13⤵
        
        PID:13248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11120 -s 216
        13⤵
        
        PID:12872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5512 -s 236
        11⤵
        
        PID:8540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4000 -s 236
        10⤵
        
        PID:4828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2552 -s 216
        9⤵
        
        PID:5232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48990.exe
        8⤵
        
        PID:3160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51313.exe
        9⤵
        
        PID:5568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4749.exe
        10⤵
        
        PID:7400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20057.exe
        11⤵
        
        PID:11064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27295.exe
        12⤵
        
        PID:13032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11064 -s 216
        12⤵
        
        PID:8584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7400 -s 216
        11⤵
        
        PID:11372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5568 -s 216
        10⤵
        
        PID:8764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3160 -s 216
        9⤵
        
        PID:7112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2808 -s 240
        8⤵
        
        PID:5264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 992 -s 240
        7⤵
        Program crash
        
        PID:1304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28034.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58502.exe
        7⤵
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35939.exe
        8⤵
        
        PID:1060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1974.exe
        9⤵
        
        PID:3328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4416.exe
        10⤵
        
        PID:5692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37038.exe
        11⤵
        
        PID:7232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36585.exe
        12⤵
        
        PID:11036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45359.exe
        13⤵
        
        PID:13064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11036 -s 216
        13⤵
        
        PID:7048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7232 -s 216
        12⤵
        
        PID:11352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5692 -s 236
        11⤵
        
        PID:8696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3328 -s 216
        10⤵
        
        PID:7164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1060 -s 236
        9⤵
        
        PID:5340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31885.exe
        8⤵
        
        PID:3424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61785.exe
        9⤵
        
        PID:5720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13192.exe
        10⤵
        
        PID:7760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51105.exe
        11⤵
        
        PID:11172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19724.exe
        12⤵
        
        PID:13300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11172 -s 220
        12⤵
        
        PID:12908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7760 -s 216
        11⤵
        
        PID:11492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5720 -s 216
        10⤵
        
        PID:8884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3424 -s 236
        9⤵
        
        PID:6188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1976 -s 240
        8⤵
        
        PID:5352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40577.exe
        7⤵
        
        PID:2484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56110.exe
        8⤵
        
        PID:3892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30203.exe
        9⤵
        
        PID:5296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42632.exe
        10⤵
        
        PID:8304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2096.exe
        11⤵
        
        PID:11224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53849.exe
        12⤵
        
        PID:12444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11224 -s 216
        12⤵
        
        PID:5656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8304 -s 216
        11⤵
        
        PID:11528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5296 -s 216
        10⤵
        
        PID:9316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3892 -s 216
        9⤵
        
        PID:6880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2484 -s 236
        8⤵
        
        PID:5492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2692 -s 240
        7⤵
        Program crash
        
        PID:3744
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1488 -s 240
        6⤵
        Program crash
        
        PID:2764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27401.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47708.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27065.exe
        7⤵
        
        PID:1816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29499.exe
        8⤵
        
        PID:1352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45742.exe
        9⤵
        
        PID:3116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12714.exe
        10⤵
        
        PID:5852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9767.exe
        11⤵
        
        PID:8376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13040.exe
        12⤵
        
        PID:10996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36807.exe
        13⤵
        
        PID:13208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10996 -s 216
        13⤵
        
        PID:7580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8376 -s 236
        12⤵
        
        PID:11320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5852 -s 216
        11⤵
        
        PID:9332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3116 -s 236
        10⤵
        
        PID:6696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1352 -s 216
        9⤵
        
        PID:5612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1816 -s 236
        8⤵
        Program crash
        
        PID:3996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42305.exe
        7⤵
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12729.exe
        8⤵
        
        PID:4600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18356.exe
        9⤵
        
        PID:6792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37749.exe
        10⤵
        
        PID:8532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53020.exe
        11⤵
        
        PID:10904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22223.exe
        12⤵
        
        PID:828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8532 -s 216
        11⤵
        
        PID:11664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6792 -s 220
        10⤵
        
        PID:10040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4600 -s 236
        9⤵
        
        PID:7856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2312 -s 236
        8⤵
        
        PID:6160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 532 -s 220
        7⤵
        Program crash
        
        PID:3232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65445.exe
        6⤵
        
        PID:912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21907.exe
        7⤵
        
        PID:344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29105.exe
        8⤵
        
        PID:4620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51173.exe
        9⤵
        
        PID:6524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45258.exe
        10⤵
        
        PID:8296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9740.exe
        11⤵
        
        PID:11252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65507.exe
        12⤵
        
        PID:6944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11252 -s 216
        12⤵
        
        PID:7060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8296 -s 216
        11⤵
        
        PID:11584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6524 -s 216
        10⤵
        
        PID:9956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4620 -s 216
        9⤵
        
        PID:7640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 344 -s 236
        8⤵
        
        PID:6092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 912 -s 216
        7⤵
        Program crash
        
        PID:3284
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1756 -s 240
        6⤵
        Program crash
        
        PID:1640
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 320 -s 240
        5⤵
        Program crash
        
        PID:2844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24967.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24967.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47267.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64044.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51377.exe
        7⤵
        
        PID:832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54387.exe
        8⤵
        
        PID:3124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21897.exe
        9⤵
        
        PID:4180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48978.exe
        10⤵
        
        PID:6080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20977.exe
        11⤵
        
        PID:7852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46590.exe
        12⤵
        
        PID:10908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21239.exe
        13⤵
        
        PID:13096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10908 -s 216
        13⤵
        
        PID:12748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7852 -s 236
        12⤵
        
        PID:10836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6080 -s 216
        11⤵
        
        PID:9024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4180 -s 236
        10⤵
        
        PID:7224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3124 -s 216
        9⤵
        
        PID:5928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 832 -s 236
        8⤵
        Program crash
        
        PID:3460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37536.exe
        7⤵
        
        PID:3192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46593.exe
        8⤵
        
        PID:3592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42154.exe
        9⤵
        
        PID:5952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48491.exe
        10⤵
        
        PID:8868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35786.exe
        11⤵
        
        PID:10664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32098.exe
        12⤵
        
        PID:13272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8868 -s 220
        11⤵
        
        PID:12152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5952 -s 216
        10⤵
        
        PID:9656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3592 -s 216
        9⤵
        
        PID:7360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3192 -s 216
        8⤵
        
        PID:5888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 768 -s 240
        7⤵
        Program crash
        
        PID:3980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48616.exe
        6⤵
        
        PID:2480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57402.exe
        7⤵
        
        PID:3208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63313.exe
        8⤵
        
        PID:4312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62107.exe
        9⤵
        
        PID:5768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4064.exe
        10⤵
        
        PID:8128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36118.exe
        11⤵
        
        PID:10816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4710.exe
        12⤵
        
        PID:13140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10816 -s 216
        12⤵
        
        PID:6836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8128 -s 236
        11⤵
        
        PID:11092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5768 -s 216
        10⤵
        
        PID:8808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4312 -s 216
        9⤵
        
        PID:6992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3208 -s 236
        8⤵
        
        PID:5664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2480 -s 236
        7⤵
        Program crash
        
        PID:3596
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1256 -s 240
        6⤵
        Program crash
        
        PID:876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11314.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19281.exe
        6⤵
        
        PID:836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7433.exe
        7⤵
        
        PID:3252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4216.exe
        8⤵
        
        PID:3488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56243.exe
        9⤵
        
        PID:5328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20785.exe
        10⤵
        
        PID:8044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2096.exe
        11⤵
        
        PID:11236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57606.exe
        12⤵
        
        PID:12552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11236 -s 220
        12⤵
        
        PID:13288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8044 -s 216
        11⤵
        
        PID:11548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5328 -s 216
        10⤵
        
        PID:9128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3488 -s 216
        9⤵
        
        PID:7256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3252 -s 216
        8⤵
        
        PID:5672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 836 -s 216
        7⤵
        Program crash
        
        PID:3628
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2136 -s 236
        6⤵
        Program crash
        
        PID:3776
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2848 -s 240
        5⤵
        Program crash
        
        PID:2532
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2244 -s 240
      4⤵
      Program crash
      PID:2904
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1916 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:1936
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2916 -s 240
  2⤵
  - Program crash
  PID:2736

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-13649.exe

Filesize
184KB

MD5
5a2b4fe8a96d9f6185ea9210d5347e41

SHA1
e8bdc54c0d3061d753c87bbcceda94e86b4d565b

SHA256
ae4a07b425f898177a9308b1d850cb491cfc94dc3fe1c8f6e563b3f8f61f38e8

SHA512
9b9d2aa80ca084a61342a5fb8862df7f51e05e6a46c6aad423aaca27c1f7b00a52e96e0441f3b9d9abc277e6b111b058a541ae01f2b1dea653d053b6585f6e1f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-13674.exe

Filesize
184KB

MD5
801132305449e4a3f9c1b5939d141d32

SHA1
d86969b3ed4fcbc11ff78a11631d7fc11e2116b0

SHA256
22a034c4bb35f96172eaeea4ea3b62bba3930783478734cff800c7869dbf6ab2

SHA512
8531d217c5371017e886ea7bebb9ac7d25125245270c02cab54a2d9b24d82e805fb9af80d3b0277fa3048b02af24924beb2dca3dcd03ecdb4a743d9b2cd25ff2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-13866.exe

Filesize
184KB

MD5
15bdf34b3a0eb170a4fbac4c522782c6

SHA1
7574473fa3c67d480f231032e09eefdfb343b26b

SHA256
b11f5ba5113999f33ce03126c082f0dd46cfef187d42ae33cfa7db2f90460a9a

SHA512
34361abb92c4c190fe5f96fd349cbc3608d0c7316a2e7118f5154748891cf04d9808487e4daa178c5b22baa44383a04a7c9ca62ef51abb50909195f13f98cfd9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18803.exe

Filesize
184KB

MD5
68507ca3fff6c36d45d3370e8cdfa5e6

SHA1
3a2a909eb293bab19a6513b094893d386a81ca55

SHA256
d1b65877587163a70e91cb7a4218524582db6c4b7126fc7f8a1ac6b870f6f875

SHA512
7b99068f0935b19c412e8d6616ba5f41f60e95568071357730b8f201594be41d9ea53bd529c341262bdaaf397cb9d0edffa647a2959bbf5e1a1e76a98a41f964

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37827.exe

Filesize
184KB

MD5
f25ba8ad18e124c0f18261e92470f40e

SHA1
4599d1c03d9ba2a75205290356455d4222c3e822

SHA256
2d355e74b6bbcb95067cb29a867aa57a41f577d2476290c2b9829a906c0f0dc7

SHA512
0ffd883c809582df35812714b511a81a782b8c29e84ce70e2231ce4e7dbb39fe9c54048655f80d92a5b54274f33a3ff76574c724fa1e2046618017623a462335

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40001.exe

Filesize
184KB

MD5
8e559c0047dc913be132db9023e37bd1

SHA1
5a1bac324cf43c9910864847f5e6acb32608c080

SHA256
441053259577b06c6f0fc853d4bbdd6f085fd71277601bac7502c20dbe8b0656

SHA512
e77014712bd08d1d63ddb2ec97cacca615a6b51f0a595114381d7a1cd285fd4224b138d47b965862079c02e11057c6e5a80eb5359092599264914903a77c2d72

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40577.exe

Filesize
184KB

MD5
3e65ccfb102635056cbe37c270e73c04

SHA1
ad4e6401d3b556e8b3188b26dcc0676eed09ca57

SHA256
c2907f4d5a15dafea626cd8e47b42f3d94c6d02f17c67cba3fce59c3af05c853

SHA512
00fb2b73fd0193572760aa36e0aafe5721dc41d6c6e53ea1af1da8624eef85e0b0e2834879e970e142650e1ed2db25c7dc10d398286e9ce3989c495283b46e96

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47501.exe

Filesize
184KB

MD5
914b9a4e1033575d02510f672f71b1c7

SHA1
b3ddaddc67ab6297e01b5e1ef497d8c8a5f0d0da

SHA256
04a903713c9b2f9b8e578eebe3455f2da348b60cc49aa54ebc7384dc1a713809

SHA512
061911d253affaf35faaca0ae6027f57a612e6e8aaf374c72c5d78e0ae8a4530e30e388a6e877ea05495f4e47f65ff9906fe25d18482581fcfcaa47765291311

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50038.exe

Filesize
184KB

MD5
7d766d9b3224082ae617663aca1b238d

SHA1
2ef91a809db6cab2216985ce4b10ae3b37821883

SHA256
82f7d6c685c34b30add0f29cf55eae6ab52c1c8468cce2588b41ede10444adb3

SHA512
e4c96fe57dc68596e852cf5199a1d223450bf5d7e7aa6357ca4d823c16cd9a0d883b9fd8182f8d67588130d64df43b70845d0fa6535c8ff7a35a0628701ba0f8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55669.exe

Filesize
184KB

MD5
9076d31a10fd79a98c75f93350d78361

SHA1
38f0686bd359afa3283a7c67409657fee112bf26

SHA256
ce3bc04092526e95a9b62242859b97a49c304c45941625d9d5e2bcf4cf304707

SHA512
7e23fbadc11cd0a0000155e7219517634db0d427c477c5c23bd8efbeac2bb81f9bd3075e298fbc1f933651c0c23547740c7df6997f30f4adf8384d280c323fbc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62907.exe

Filesize
184KB

MD5
2fec037f02935d31ed0cce13572112a0

SHA1
2b9ee02d704e46b5194fd3645b8b9c5d05ccd8aa

SHA256
15b8b4bd092d5fa11798bd2d5500db0f06d09fabf8b95da65588a329ca0351f8

SHA512
75dbf6906194a0f9e50951639d093913d7f7386f64cdf74f467c81f581ee28ac2386f335257dc6f5d3443e7acd47489c92675c48d562908e111bc9a82b396697

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-128.exe

Filesize
184KB

MD5
b831a2ac5cc47ed28632e306cad719a1

SHA1
9b1150c870b73c51e9e5487d603cdb578be920b5

SHA256
748418fec1be240be4d6c1e4155a85c1ab79d57d523e4aecdf5e16d940822697

SHA512
18da0b2463da4c121e94ee4e108b80a24f830692e82da3f858fe6b3141277e49606cc70d58092782b9a92faa7ca0d8010116b89ba0e1a090c430d784ff6076d8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-16138.exe

Filesize
184KB

MD5
ca30f5b0b0f9d8bc3377a6a11931ed03

SHA1
19cbcea316d2c25147932d21ea69c0cbede0cafd

SHA256
c07b01842cb06c8b3839e6257968fddfe1c2cdf5e0916da13937e237b64b4445

SHA512
9e27881f51c5edd66b3def4d014de6bd79079abf83df69720d32e508efd9baeba85c95544605a6ca9c565003db1f2b732b921d80413aba2030604c9815d81973

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-18572.exe

Filesize
184KB

MD5
52a25280036c957814bd928b8ce1274a

SHA1
537807868f7f65eeda610ba50e2da44ac3dbe5d0

SHA256
d1a698151859f10cd5f0f047bbb0d5b302bd7635da7a430b98827a019587013a

SHA512
a1cede8ead5a007bbabe40d914a8b2e14be23102c7deac6564f9201363e45e6190d71939221b090ff5c57e5ca65e4db4f8389dd499f2971a7adaf4e2ef60e564

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-23210.exe

Filesize
184KB

MD5
da956dbef072ca4871c6eb58e43369de

SHA1
936dc63a0588cbf5c91c2b06d8ad2639ee2b5c4b

SHA256
d7708216c705d4de4da9259781a7d8d40cbbcfaba59323cbbd7b70da0b839054

SHA512
af91f6868a8a9ae79bd4e7d565329d75442926a66e0377c82017303bdcb88d1fa18aec6808df702b0fcc0e47f706de4474d79bfdb2fbc9f8864a2c8feecdeab7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-23441.exe

Filesize
184KB

MD5
54cd2134f8c23c8cd3c9a2509e204a39

SHA1
bdcf42e140759f2ecd82376d379ef51157fc0324

SHA256
f503d08321269671cd44a524799b347caf42fcb9ccb5d54169f90b00b2c3fb08

SHA512
1e13bc190e9b773ed6749365feedf40a878cbb98315fa90f64331551832c10885db50937c7d8347b08e20fe2df019e6d766d86f11679c293630861c594f8f3a7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26364.exe

Filesize
184KB

MD5
a1349ab95764e1a44071eae044a58994

SHA1
280d695072749db4cf467137c466aafc41ce58c0

SHA256
d73302f5b9b20eb64501b3e6a2195d0c91f86d30947644f1e8d6699c3179724c

SHA512
145875c09dfb796e982eed269ebc2e87aa2b1d7d994168f188d6e2f8866d026d5e86c97cb93cdedd5b6604269ac870395311391e6801add92abffe5583a34457

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-37631.exe

Filesize
184KB

MD5
e2a2cb4c57e1fd7d18daeafdaa0a7877

SHA1
6968514ba5cd8df21a50eceb3bbe0e82725927ef

SHA256
2c444797080a249b769c673916bf4e5a4a5fe81d194cc62eee77e15fcceff8fb

SHA512
5df42e2901cd87b72151cfb8070ef780dafbda5b76bf00ce7d9f00fa255570e02a26ce4df45547f1b15bce1abf03bd077f7e2d7097416d4453357bea060a8edf

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-57497.exe

Filesize
184KB

MD5
0b7c2eb5cf10363cc02869f49084adf7

SHA1
6d2b9049557491e81305eac9dd0256eb257e464b

SHA256
1f15197ab3f7852e2bf53dcde5a2157bbd83a46ffe958fe6a2291a278a2a1d7e

SHA512
07044290f27e4c01a0a16ff24a1c7f3bd88a5af76f1fc71a45b8ec9a166367633fa302d73fe8ff7329f9176d4b2c0216685baa54a1cb219adc23b6680975d5aa

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-59321.exe

Filesize
184KB

MD5
68977773e363892764f6fd5754e69dd6

SHA1
4bca205af1e5c5837dfd4e8fbd262f3f79540e65

SHA256
d6beaa5ede2c9776839cb672d2ff2e147a01da7ff751c6cbc9da331b854f6a70

SHA512
ed4c1435a1ad4293e71a86885f9c4fc1cd6cbc172242cabafe251047c132080c7f890581e4acdb9d958a6b1c0486130a5ccabf79cddf9e8c2756ea2d56cc52a3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-64443.exe

Filesize
184KB

MD5
8ccc922036eaa31d884f7ae7688af796

SHA1
e03863859d549ab78091a995495b0cdc4de90417

SHA256
f4573d3eb569f32b990a8a6df5176a40826633e69d3a55688b8363e301e9d4d8

SHA512
abcdc20c63fe8ce4904a8ec5969c5b219754b9f1e8193524f7626be574028ee563a2a9fa50305f90029f02880642fb09b5f57826da1e1aefcac52310fa7e3212

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads