5a46833eabe7cc402d9ee05ff5389c3aec3d89e7ed36e0f01a2aba8bc6b0ee0d

Analysis

max time kernel
150s
max time network
121s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
04/06/2024, 21:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5a46833eabe7cc402d9ee05ff5389c3aec3d89e7ed36e0f01a2aba8bc6b0ee0d.exe
Size

184KB
MD5

4b12bda37a0efed51ea477aab5aad668
SHA1

e30678d760ba8d54e7f6e9993de33aa70662b565
SHA256

5a46833eabe7cc402d9ee05ff5389c3aec3d89e7ed36e0f01a2aba8bc6b0ee0d
SHA512

bc2a8e722064eef92b81cc43435febe80eafa929a7501930650bbe13bcfcde7d96853a16a3b365501e5f82f9b7f555357e18ee7615862067aa1637f4700e4175
SSDEEP

1536:z7om6gbAu3JSoPx1x/cAlawM1LJyvZcl8md1xyrR2Vzetihl5hj5Vizpvn:Pg43JSoZn/cTd19We1yrRKsihlnniFv

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2184	Unicorn-43446.exe
3008	Unicorn-47099.exe
3028	Unicorn-1427.exe
2568	Unicorn-15901.exe
2560	Unicorn-26761.exe
2624	Unicorn-46627.exe
2988	Unicorn-57016.exe
2004	Unicorn-14037.exe
1932	Unicorn-24898.exe
2732	Unicorn-24898.exe
1664	Unicorn-44764.exe
1584	Unicorn-60078.exe
2792	Unicorn-40212.exe
2808	Unicorn-29352.exe
2220	Unicorn-32044.exe
1524	Unicorn-55994.exe
2620	Unicorn-1318.exe
604	Unicorn-21184.exe
2424	Unicorn-43742.exe
1900	Unicorn-846.exe
2060	Unicorn-4930.exe
1536	Unicorn-11707.exe
1616	Unicorn-15813.exe
1140	Unicorn-15813.exe
1720	Unicorn-46539.exe
2384	Unicorn-26673.exe
2380	Unicorn-49232.exe
1324	Unicorn-49232.exe
3056	Unicorn-49232.exe
2876	Unicorn-3560.exe
2872	Unicorn-3560.exe
1960	Unicorn-37878.exe
2180	Unicorn-3067.exe
1128	Unicorn-48739.exe
2804	Unicorn-7151.exe
2128	Unicorn-2252.exe
2704	Unicorn-44676.exe
2636	Unicorn-18034.exe
2480	Unicorn-12366.exe
2980	Unicorn-54790.exe
2916	Unicorn-46622.exe
1760	Unicorn-18588.exe
1940	Unicorn-15896.exe
2024	Unicorn-49315.exe
1484	Unicorn-30840.exe
1648	Unicorn-50706.exe
2328	Unicorn-38454.exe
2496	Unicorn-42538.exe
560	Unicorn-35522.exe
1784	Unicorn-34130.exe
1964	Unicorn-19186.exe
1552	Unicorn-37660.exe
620	Unicorn-21878.exe
1080	Unicorn-2657.exe
2860	Unicorn-13518.exe
1120	Unicorn-21132.exe
2284	Unicorn-40160.exe
1936	Unicorn-51858.exe
2964	Unicorn-19740.exe
1948	Unicorn-19740.exe
2588	Unicorn-43690.exe
572	Unicorn-31246.exe
2500	Unicorn-46191.exe
2464	Unicorn-10825.exe

Loads dropped DLL 64 IoCs

pid	Process
2820	5a46833eabe7cc402d9ee05ff5389c3aec3d89e7ed36e0f01a2aba8bc6b0ee0d.exe
2820	5a46833eabe7cc402d9ee05ff5389c3aec3d89e7ed36e0f01a2aba8bc6b0ee0d.exe
2820	5a46833eabe7cc402d9ee05ff5389c3aec3d89e7ed36e0f01a2aba8bc6b0ee0d.exe
2184	Unicorn-43446.exe
2820	5a46833eabe7cc402d9ee05ff5389c3aec3d89e7ed36e0f01a2aba8bc6b0ee0d.exe
2184	Unicorn-43446.exe
3008	Unicorn-47099.exe
3008	Unicorn-47099.exe
2184	Unicorn-43446.exe
2184	Unicorn-43446.exe
3028	Unicorn-1427.exe
3028	Unicorn-1427.exe
2512	WerFault.exe
2512	WerFault.exe
2512	WerFault.exe
2512	WerFault.exe
2512	WerFault.exe
2560	Unicorn-26761.exe
2560	Unicorn-26761.exe
2624	Unicorn-46627.exe
2624	Unicorn-46627.exe
3008	Unicorn-47099.exe
3028	Unicorn-1427.exe
2568	Unicorn-15901.exe
3008	Unicorn-47099.exe
2568	Unicorn-15901.exe
3028	Unicorn-1427.exe
960	WerFault.exe
960	WerFault.exe
960	WerFault.exe
960	WerFault.exe
1268	WerFault.exe
1268	WerFault.exe
1268	WerFault.exe
1268	WerFault.exe
960	WerFault.exe
1268	WerFault.exe
2988	Unicorn-57016.exe
2560	Unicorn-26761.exe
2988	Unicorn-57016.exe
2560	Unicorn-26761.exe
2004	Unicorn-14037.exe
2004	Unicorn-14037.exe
2624	Unicorn-46627.exe
2624	Unicorn-46627.exe
2732	Unicorn-24898.exe
2732	Unicorn-24898.exe
2568	Unicorn-15901.exe
1664	Unicorn-44764.exe
2568	Unicorn-15901.exe
1932	Unicorn-24898.exe
1664	Unicorn-44764.exe
1932	Unicorn-24898.exe
1056	WerFault.exe
1056	WerFault.exe
1056	WerFault.exe
1056	WerFault.exe
2416	WerFault.exe
2416	WerFault.exe
2416	WerFault.exe
2416	WerFault.exe
1056	WerFault.exe
2416	WerFault.exe
696	WerFault.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2648	2820	WerFault.exe	27
2512	2184	WerFault.exe	28
960	3008	WerFault.exe	29
1268	3028	WerFault.exe	30
1056	2560	WerFault.exe	33
2416	2624	WerFault.exe	34
696	2568	WerFault.exe	32
308	2988	WerFault.exe	36
912	2004	WerFault.exe	37
1060	2732	WerFault.exe	38
3000	1664	WerFault.exe	40
1596	1932	WerFault.exe	39
2932	2792	WerFault.exe	44
2628	1584	WerFault.exe	43
1976	2220	WerFault.exe	46
2260	2808	WerFault.exe	45
1220	1524	WerFault.exe	47
2344	2424	WerFault.exe	50
1476	2620	WerFault.exe	48
240	604	WerFault.exe	49
3048	2804	WerFault.exe	74
2104	2060	WerFault.exe	55
1980	1900	WerFault.exe	54
988	1536	WerFault.exe	56
1820	1616	WerFault.exe	58
920	1140	WerFault.exe	57
2816	2384	WerFault.exe	60
2996	2876	WerFault.exe	64
3032	3056	WerFault.exe	61
1956	1324	WerFault.exe	62
2708	1720	WerFault.exe	59
2640	2872	WerFault.exe	65
2580	2380	WerFault.exe	63
2856	1784	WerFault.exe	97
1528	1960	WerFault.exe	71
1412	2180	WerFault.exe	72
3080	2128	WerFault.exe	75
3220	2480	WerFault.exe	78
3244	2916	WerFault.exe	80
3260	2328	WerFault.exe	85
3268	2024	WerFault.exe	84
3316	1940	WerFault.exe	81
3308	2496	WerFault.exe	86
3436	1760	WerFault.exe	82
3460	2636	WerFault.exe	77
3488	1648	WerFault.exe	87
3620	1484	WerFault.exe	83
3628	2980	WerFault.exe	79
3648	1128	WerFault.exe	73
3728	2704	WerFault.exe	76
3148	560	WerFault.exe	93
3172	1964	WerFault.exe	98
4028	2588	WerFault.exe	109
4032	2500	WerFault.exe	111
3856	2900	WerFault.exe	120
3780	620	WerFault.exe	100
3972	1872	WerFault.exe	114
3812	2976	WerFault.exe	121
3996	2464	WerFault.exe	112
4172	1948	WerFault.exe	107
4524	2044	WerFault.exe	115
4540	2964	WerFault.exe	108
4672	2860	WerFault.exe	103
4780	776	WerFault.exe	119

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2820	5a46833eabe7cc402d9ee05ff5389c3aec3d89e7ed36e0f01a2aba8bc6b0ee0d.exe
2184	Unicorn-43446.exe
3008	Unicorn-47099.exe
3028	Unicorn-1427.exe
2568	Unicorn-15901.exe
2560	Unicorn-26761.exe
2624	Unicorn-46627.exe
2988	Unicorn-57016.exe
2004	Unicorn-14037.exe
2732	Unicorn-24898.exe
1664	Unicorn-44764.exe
1932	Unicorn-24898.exe
1584	Unicorn-60078.exe
2792	Unicorn-40212.exe
2808	Unicorn-29352.exe
2220	Unicorn-32044.exe
2620	Unicorn-1318.exe
1524	Unicorn-55994.exe
604	Unicorn-21184.exe
2424	Unicorn-43742.exe
1900	Unicorn-846.exe
2060	Unicorn-4930.exe
1536	Unicorn-11707.exe
1140	Unicorn-15813.exe
1616	Unicorn-15813.exe
2384	Unicorn-26673.exe
1720	Unicorn-46539.exe
2876	Unicorn-3560.exe
2872	Unicorn-3560.exe
1324	Unicorn-49232.exe
3056	Unicorn-49232.exe
2380	Unicorn-49232.exe
1960	Unicorn-37878.exe
2180	Unicorn-3067.exe
1128	Unicorn-48739.exe
2804	Unicorn-7151.exe
2128	Unicorn-2252.exe
2704	Unicorn-44676.exe
2636	Unicorn-18034.exe
2480	Unicorn-12366.exe
2980	Unicorn-54790.exe
2916	Unicorn-46622.exe
2024	Unicorn-49315.exe
1760	Unicorn-18588.exe
1940	Unicorn-15896.exe
1484	Unicorn-30840.exe
1648	Unicorn-50706.exe
2496	Unicorn-42538.exe
2328	Unicorn-38454.exe
560	Unicorn-35522.exe
1784	Unicorn-34130.exe
1964	Unicorn-19186.exe
1552	Unicorn-37660.exe
620	Unicorn-21878.exe
1080	Unicorn-2657.exe
2860	Unicorn-13518.exe
1120	Unicorn-21132.exe
2284	Unicorn-40160.exe
1936	Unicorn-51858.exe
2964	Unicorn-19740.exe
1948	Unicorn-19740.exe
2588	Unicorn-43690.exe
572	Unicorn-31246.exe
2500	Unicorn-46191.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2820 wrote to memory of 2184	2820	5a46833eabe7cc402d9ee05ff5389c3aec3d89e7ed36e0f01a2aba8bc6b0ee0d.exe	28
PID 2820 wrote to memory of 2184	2820	5a46833eabe7cc402d9ee05ff5389c3aec3d89e7ed36e0f01a2aba8bc6b0ee0d.exe	28
PID 2820 wrote to memory of 2184	2820	5a46833eabe7cc402d9ee05ff5389c3aec3d89e7ed36e0f01a2aba8bc6b0ee0d.exe	28
PID 2820 wrote to memory of 2184	2820	5a46833eabe7cc402d9ee05ff5389c3aec3d89e7ed36e0f01a2aba8bc6b0ee0d.exe	28
PID 2820 wrote to memory of 3008	2820	5a46833eabe7cc402d9ee05ff5389c3aec3d89e7ed36e0f01a2aba8bc6b0ee0d.exe	29
PID 2820 wrote to memory of 3008	2820	5a46833eabe7cc402d9ee05ff5389c3aec3d89e7ed36e0f01a2aba8bc6b0ee0d.exe	29
PID 2820 wrote to memory of 3008	2820	5a46833eabe7cc402d9ee05ff5389c3aec3d89e7ed36e0f01a2aba8bc6b0ee0d.exe	29
PID 2820 wrote to memory of 3008	2820	5a46833eabe7cc402d9ee05ff5389c3aec3d89e7ed36e0f01a2aba8bc6b0ee0d.exe	29
PID 2184 wrote to memory of 3028	2184	Unicorn-43446.exe	30
PID 2184 wrote to memory of 3028	2184	Unicorn-43446.exe	30
PID 2184 wrote to memory of 3028	2184	Unicorn-43446.exe	30
PID 2184 wrote to memory of 3028	2184	Unicorn-43446.exe	30
PID 2820 wrote to memory of 2648	2820	5a46833eabe7cc402d9ee05ff5389c3aec3d89e7ed36e0f01a2aba8bc6b0ee0d.exe	31
PID 2820 wrote to memory of 2648	2820	5a46833eabe7cc402d9ee05ff5389c3aec3d89e7ed36e0f01a2aba8bc6b0ee0d.exe	31
PID 2820 wrote to memory of 2648	2820	5a46833eabe7cc402d9ee05ff5389c3aec3d89e7ed36e0f01a2aba8bc6b0ee0d.exe	31
PID 2820 wrote to memory of 2648	2820	5a46833eabe7cc402d9ee05ff5389c3aec3d89e7ed36e0f01a2aba8bc6b0ee0d.exe	31
PID 3008 wrote to memory of 2568	3008	Unicorn-47099.exe	32
PID 3008 wrote to memory of 2568	3008	Unicorn-47099.exe	32
PID 3008 wrote to memory of 2568	3008	Unicorn-47099.exe	32
PID 3008 wrote to memory of 2568	3008	Unicorn-47099.exe	32
PID 2184 wrote to memory of 2560	2184	Unicorn-43446.exe	33
PID 2184 wrote to memory of 2560	2184	Unicorn-43446.exe	33
PID 2184 wrote to memory of 2560	2184	Unicorn-43446.exe	33
PID 2184 wrote to memory of 2560	2184	Unicorn-43446.exe	33
PID 3028 wrote to memory of 2624	3028	Unicorn-1427.exe	34
PID 3028 wrote to memory of 2624	3028	Unicorn-1427.exe	34
PID 3028 wrote to memory of 2624	3028	Unicorn-1427.exe	34
PID 3028 wrote to memory of 2624	3028	Unicorn-1427.exe	34
PID 2184 wrote to memory of 2512	2184	Unicorn-43446.exe	35
PID 2184 wrote to memory of 2512	2184	Unicorn-43446.exe	35
PID 2184 wrote to memory of 2512	2184	Unicorn-43446.exe	35
PID 2184 wrote to memory of 2512	2184	Unicorn-43446.exe	35
PID 2560 wrote to memory of 2988	2560	Unicorn-26761.exe	36
PID 2560 wrote to memory of 2988	2560	Unicorn-26761.exe	36
PID 2560 wrote to memory of 2988	2560	Unicorn-26761.exe	36
PID 2560 wrote to memory of 2988	2560	Unicorn-26761.exe	36
PID 2624 wrote to memory of 2004	2624	Unicorn-46627.exe	37
PID 2624 wrote to memory of 2004	2624	Unicorn-46627.exe	37
PID 2624 wrote to memory of 2004	2624	Unicorn-46627.exe	37
PID 2624 wrote to memory of 2004	2624	Unicorn-46627.exe	37
PID 3008 wrote to memory of 2732	3008	Unicorn-47099.exe	38
PID 3008 wrote to memory of 2732	3008	Unicorn-47099.exe	38
PID 3008 wrote to memory of 2732	3008	Unicorn-47099.exe	38
PID 3008 wrote to memory of 2732	3008	Unicorn-47099.exe	38
PID 3028 wrote to memory of 1932	3028	Unicorn-1427.exe	39
PID 3028 wrote to memory of 1932	3028	Unicorn-1427.exe	39
PID 3028 wrote to memory of 1932	3028	Unicorn-1427.exe	39
PID 3028 wrote to memory of 1932	3028	Unicorn-1427.exe	39
PID 2568 wrote to memory of 1664	2568	Unicorn-15901.exe	40
PID 2568 wrote to memory of 1664	2568	Unicorn-15901.exe	40
PID 2568 wrote to memory of 1664	2568	Unicorn-15901.exe	40
PID 2568 wrote to memory of 1664	2568	Unicorn-15901.exe	40
PID 3008 wrote to memory of 960	3008	Unicorn-47099.exe	41
PID 3008 wrote to memory of 960	3008	Unicorn-47099.exe	41
PID 3008 wrote to memory of 960	3008	Unicorn-47099.exe	41
PID 3008 wrote to memory of 960	3008	Unicorn-47099.exe	41
PID 3028 wrote to memory of 1268	3028	Unicorn-1427.exe	42
PID 3028 wrote to memory of 1268	3028	Unicorn-1427.exe	42
PID 3028 wrote to memory of 1268	3028	Unicorn-1427.exe	42
PID 3028 wrote to memory of 1268	3028	Unicorn-1427.exe	42
PID 2988 wrote to memory of 1584	2988	Unicorn-57016.exe	43
PID 2988 wrote to memory of 1584	2988	Unicorn-57016.exe	43
PID 2988 wrote to memory of 1584	2988	Unicorn-57016.exe	43
PID 2988 wrote to memory of 1584	2988	Unicorn-57016.exe	43

C:\Users\Admin\AppData\Local\Temp\5a46833eabe7cc402d9ee05ff5389c3aec3d89e7ed36e0f01a2aba8bc6b0ee0d.exe
"C:\Users\Admin\AppData\Local\Temp\5a46833eabe7cc402d9ee05ff5389c3aec3d89e7ed36e0f01a2aba8bc6b0ee0d.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2820
- C:\Users\Admin\AppData\Local\Temp\Unicorn-43446.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-43446.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2184
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1427.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1427.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46627.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46627.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14037.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29352.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15813.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44676.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21132.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54235.exe
        10⤵
        
        PID:3060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30582.exe
        11⤵
        
        PID:964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1365.exe
        12⤵
        
        PID:4256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40660.exe
        13⤵
        
        PID:8036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14090.exe
        14⤵
        
        PID:10500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54659.exe
        15⤵
        
        PID:13644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8036 -s 216
        14⤵
        
        PID:12360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4256 -s 216
        13⤵
        
        PID:9356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 964 -s 236
        12⤵
        
        PID:7016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3060 -s 216
        11⤵
        
        PID:4568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60493.exe
        10⤵
        
        PID:3324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51298.exe
        11⤵
        
        PID:5428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3026.exe
        12⤵
        
        PID:8320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18943.exe
        13⤵
        
        PID:11420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8320 -s 216
        13⤵
        
        PID:12656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5428 -s 236
        12⤵
        
        PID:9684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3324 -s 216
        11⤵
        
        PID:6796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1120 -s 220
        10⤵
        
        PID:4944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61012.exe
        9⤵
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35050.exe
        10⤵
        
        PID:4024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47660.exe
        11⤵
        
        PID:4924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15387.exe
        12⤵
        
        PID:7576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1599.exe
        13⤵
        
        PID:10548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46107.exe
        14⤵
        
        PID:4740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7576 -s 216
        13⤵
        
        PID:11568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4924 -s 216
        12⤵
        
        PID:8980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4024 -s 236
        11⤵
        
        PID:6524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15542.exe
        10⤵
        
        PID:4988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45922.exe
        11⤵
        
        PID:7636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61646.exe
        12⤵
        
        PID:11020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4176.exe
        13⤵
        
        PID:14116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11020 -s 236
        13⤵
        
        PID:9280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7636 -s 220
        12⤵
        
        PID:11628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4988 -s 216
        11⤵
        
        PID:9084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1752 -s 220
        10⤵
        
        PID:6600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 240
        9⤵
        Program crash
        
        PID:3728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40160.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13394.exe
        9⤵
        
        PID:1136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6653.exe
        10⤵
        
        PID:3512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38854.exe
        11⤵
        
        PID:5628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32191.exe
        12⤵
        
        PID:8488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13187.exe
        13⤵
        
        PID:11788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8488 -s 216
        13⤵
        
        PID:12928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5628 -s 216
        12⤵
        
        PID:9828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3512 -s 216
        11⤵
        
        PID:7024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1136 -s 236
        10⤵
        
        PID:4476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9346.exe
        9⤵
        
        PID:3724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2927.exe
        10⤵
        
        PID:4144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60696.exe
        11⤵
        
        PID:7528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63400.exe
        12⤵
        
        PID:10560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39973.exe
        13⤵
        
        PID:14004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10560 -s 236
        13⤵
        
        PID:8964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7528 -s 216
        12⤵
        
        PID:12184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4144 -s 216
        11⤵
        
        PID:8632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2284 -s 220
        9⤵
        
        PID:4120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1140 -s 220
        8⤵
        Program crash
        
        PID:920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12366.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43690.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44121.exe
        9⤵
        
        PID:320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31158.exe
        10⤵
        
        PID:3208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17509.exe
        11⤵
        
        PID:5168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3083.exe
        12⤵
        
        PID:8200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42443.exe
        13⤵
        
        PID:13224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8200 -s 216
        13⤵
        
        PID:12976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5168 -s 236
        12⤵
        
        PID:10680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3208 -s 220
        11⤵
        
        PID:7916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 320 -s 236
        10⤵
        
        PID:5716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2588 -s 236
        9⤵
        Program crash
        
        PID:4028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19979.exe
        8⤵
        
        PID:3068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61500.exe
        9⤵
        
        PID:3736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23540.exe
        10⤵
        
        PID:4332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13057.exe
        11⤵
        
        PID:7900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49394.exe
        12⤵
        
        PID:11144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11144 -s 220
        13⤵
        
        PID:7960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7900 -s 216
        12⤵
        
        PID:11736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4332 -s 216
        11⤵
        
        PID:8340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3736 -s 216
        10⤵
        
        PID:6700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3068 -s 236
        9⤵
        
        PID:4280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2480 -s 240
        8⤵
        Program crash
        
        PID:3220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2808 -s 240
        7⤵
        Program crash
        
        PID:2260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26673.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54790.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31246.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25647.exe
        9⤵
        
        PID:2376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20468.exe
        10⤵
        
        PID:3380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50182.exe
        11⤵
        
        PID:4488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64396.exe
        12⤵
        
        PID:7700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58968.exe
        13⤵
        
        PID:10776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33279.exe
        14⤵
        
        PID:14260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7700 -s 216
        13⤵
        
        PID:11580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4488 -s 216
        12⤵
        
        PID:9164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3380 -s 236
        11⤵
        
        PID:6724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2376 -s 236
        10⤵
        
        PID:4148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39496.exe
        9⤵
        
        PID:3432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27624.exe
        10⤵
        
        PID:4456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29586.exe
        11⤵
        
        PID:7776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10499.exe
        12⤵
        
        PID:11096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30949.exe
        13⤵
        
        PID:14136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7776 -s 216
        12⤵
        
        PID:11684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4456 -s 216
        11⤵
        
        PID:9172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3432 -s 236
        10⤵
        
        PID:6716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 572 -s 220
        9⤵
        
        PID:4956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1697.exe
        8⤵
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50078.exe
        9⤵
        
        PID:4732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42310.exe
        10⤵
        
        PID:7132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27116.exe
        11⤵
        
        PID:10356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10356 -s 240
        12⤵
        
        PID:13364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7132 -s 216
        11⤵
        
        PID:10644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4732 -s 236
        10⤵
        
        PID:7972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1696 -s 216
        9⤵
        
        PID:5928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2980 -s 240
        8⤵
        Program crash
        
        PID:3628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46191.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13394.exe
        8⤵
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51386.exe
        9⤵
        
        PID:3804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60919.exe
        10⤵
        
        PID:5852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8070.exe
        11⤵
        
        PID:8652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43722.exe
        12⤵
        
        PID:11928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8652 -s 220
        12⤵
        
        PID:12992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5852 -s 220
        11⤵
        
        PID:10068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3804 -s 216
        10⤵
        
        PID:6500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2272 -s 236
        9⤵
        
        PID:5300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2500 -s 216
        8⤵
        Program crash
        
        PID:4032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2384 -s 240
        7⤵
        Program crash
        
        PID:2816
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2004 -s 240
        6⤵
        Program crash
        
        PID:912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32044.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15813.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18034.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51858.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46067.exe
        9⤵
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37188.exe
        10⤵
        
        PID:3960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9772.exe
        11⤵
        
        PID:5960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48911.exe
        12⤵
        
        PID:8748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40022.exe
        13⤵
        
        PID:12152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8748 -s 220
        13⤵
        
        PID:13076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5960 -s 220
        12⤵
        
        PID:10132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3960 -s 216
        11⤵
        
        PID:7220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2880 -s 236
        10⤵
        
        PID:5472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39688.exe
        9⤵
        
        PID:3548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22217.exe
        10⤵
        
        PID:5556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32767.exe
        11⤵
        
        PID:9148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1127.exe
        12⤵
        
        PID:12080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9148 -s 216
        12⤵
        
        PID:13020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5556 -s 220
        11⤵
        
        PID:9784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3548 -s 216
        10⤵
        
        PID:7680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1936 -s 240
        9⤵
        
        PID:5984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14525.exe
        8⤵
        
        PID:884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2569.exe
        9⤵
        
        PID:3772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62818.exe
        10⤵
        
        PID:4668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46114.exe
        11⤵
        
        PID:6888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15653.exe
        12⤵
        
        PID:11140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43969.exe
        13⤵
        
        PID:13552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6888 -s 216
        12⤵
        
        PID:12004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4668 -s 216
        11⤵
        
        PID:9312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3772 -s 216
        10⤵
        
        PID:6900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 884 -s 216
        9⤵
        
        PID:4576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2636 -s 240
        8⤵
        Program crash
        
        PID:3460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19740.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29731.exe
        8⤵
        
        PID:704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22606.exe
        9⤵
        
        PID:4040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60213.exe
        10⤵
        
        PID:4972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55221.exe
        11⤵
        
        PID:7648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-447.exe
        12⤵
        
        PID:11120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24597.exe
        13⤵
        
        PID:14200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11120 -s 236
        13⤵
        
        PID:9376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7648 -s 216
        12⤵
        
        PID:11904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4972 -s 216
        11⤵
        
        PID:9040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4040 -s 216
        10⤵
        
        PID:6220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11567.exe
        9⤵
        
        PID:5028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57359.exe
        10⤵
        
        PID:7544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3654.exe
        11⤵
        
        PID:11100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20513.exe
        12⤵
        
        PID:14172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11100 -s 216
        12⤵
        
        PID:9384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7544 -s 216
        11⤵
        
        PID:11848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5028 -s 216
        10⤵
        
        PID:8972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 704 -s 240
        9⤵
        
        PID:6240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33466.exe
        8⤵
        
        PID:4068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53882.exe
        9⤵
        
        PID:4708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51760.exe
        10⤵
        
        PID:8172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18128.exe
        11⤵
        
        PID:10612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26050.exe
        12⤵
        
        PID:14252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8172 -s 216
        11⤵
        
        PID:11544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4708 -s 216
        10⤵
        
        PID:8876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4068 -s 236
        9⤵
        
        PID:6488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2964 -s 240
        8⤵
        Program crash
        
        PID:4540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1616 -s 240
        7⤵
        Program crash
        
        PID:1820
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2220 -s 216
        6⤵
        Program crash
        
        PID:1976
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2624 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:2416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24898.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24898.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43742.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3560.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46622.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10825.exe
        8⤵
        Executes dropped EXE
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38475.exe
        9⤵
        
        PID:1308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1609.exe
        10⤵
        
        PID:3864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55361.exe
        11⤵
        
        PID:4272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43763.exe
        12⤵
        
        PID:7028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56088.exe
        13⤵
        
        PID:10592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6641.exe
        14⤵
        
        PID:13516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10592 -s 216
        14⤵
        
        PID:13940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7028 -s 216
        13⤵
        
        PID:10608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4272 -s 216
        12⤵
        
        PID:8364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3864 -s 236
        11⤵
        
        PID:5828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31411.exe
        10⤵
        
        PID:4320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62813.exe
        11⤵
        
        PID:6184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28870.exe
        12⤵
        
        PID:10492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1981.exe
        13⤵
        
        PID:13424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10492 -s 216
        13⤵
        
        PID:8464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6184 -s 216
        12⤵
        
        PID:11212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4320 -s 216
        11⤵
        
        PID:8380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1308 -s 240
        10⤵
        
        PID:5844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38920.exe
        9⤵
        
        PID:3920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-898.exe
        10⤵
        
        PID:4868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33047.exe
        11⤵
        
        PID:7816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11137.exe
        12⤵
        
        PID:11196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11196 -s 220
        13⤵
        
        PID:14068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7816 -s 216
        12⤵
        
        PID:12052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4868 -s 236
        11⤵
        
        PID:8244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3920 -s 236
        10⤵
        
        PID:5132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2464 -s 220
        9⤵
        Program crash
        
        PID:3996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41167.exe
        8⤵
        
        PID:2280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42450.exe
        9⤵
        
        PID:3964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51277.exe
        10⤵
        
        PID:4312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18766.exe
        11⤵
        
        PID:7096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35092.exe
        12⤵
        
        PID:10456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57404.exe
        13⤵
        
        PID:13408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10456 -s 216
        13⤵
        
        PID:8444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7096 -s 216
        12⤵
        
        PID:10396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4312 -s 216
        11⤵
        
        PID:8372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3964 -s 236
        10⤵
        
        PID:5860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53778.exe
        9⤵
        
        PID:4372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44832.exe
        10⤵
        
        PID:6640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15055.exe
        11⤵
        
        PID:10648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57788.exe
        12⤵
        
        PID:13560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10648 -s 216
        12⤵
        
        PID:9096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6640 -s 216
        11⤵
        
        PID:10676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4372 -s 216
        10⤵
        
        PID:8084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2280 -s 240
        9⤵
        
        PID:5940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2916 -s 240
        8⤵
        Program crash
        
        PID:3244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21686.exe
        7⤵
        
        PID:1436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35761.exe
        8⤵
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20276.exe
        9⤵
        
        PID:3944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44344.exe
        10⤵
        
        PID:5012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5849.exe
        11⤵
        
        PID:8144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24890.exe
        12⤵
        
        PID:11176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15463.exe
        13⤵
        
        PID:5520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8144 -s 216
        12⤵
        
        PID:12064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5012 -s 216
        11⤵
        
        PID:9412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3944 -s 216
        10⤵
        
        PID:7008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2276 -s 216
        9⤵
        
        PID:4532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27052.exe
        8⤵
        
        PID:3980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55034.exe
        9⤵
        
        PID:5200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25585.exe
        10⤵
        
        PID:7420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46161.exe
        11⤵
        
        PID:11452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7420 -s 216
        11⤵
        
        PID:12664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5200 -s 216
        10⤵
        
        PID:9708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3980 -s 216
        9⤵
        
        PID:6384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1436 -s 220
        8⤵
        
        PID:4684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2876 -s 240
        7⤵
        Program crash
        
        PID:2996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30840.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33192.exe
        7⤵
        
        PID:956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5034.exe
        8⤵
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57608.exe
        9⤵
        
        PID:3764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65496.exe
        10⤵
        
        PID:5696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27915.exe
        11⤵
        
        PID:8552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40323.exe
        12⤵
        
        PID:11676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8552 -s 216
        12⤵
        
        PID:12836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5696 -s 216
        11⤵
        
        PID:9888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3764 -s 216
        10⤵
        
        PID:7072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2356 -s 236
        9⤵
        
        PID:4744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48049.exe
        8⤵
        
        PID:3108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56643.exe
        9⤵
        
        PID:5252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60971.exe
        10⤵
        
        PID:8992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44682.exe
        11⤵
        
        PID:12196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8992 -s 236
        11⤵
        
        PID:13112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5252 -s 216
        10⤵
        
        PID:9508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3108 -s 220
        9⤵
        
        PID:7348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 956 -s 240
        8⤵
        
        PID:5728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42537.exe
        7⤵
        
        PID:1104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2377.exe
        8⤵
        
        PID:3196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24931.exe
        9⤵
        
        PID:5704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36358.exe
        10⤵
        
        PID:8328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45450.exe
        11⤵
        
        PID:12012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8328 -s 216
        11⤵
        
        PID:13284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5704 -s 216
        10⤵
        
        PID:10076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3196 -s 216
        9⤵
        
        PID:7708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1104 -s 216
        8⤵
        
        PID:5948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1484 -s 240
        7⤵
        Program crash
        
        PID:3620
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2424 -s 240
        6⤵
        Program crash
        
        PID:2344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49232.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42538.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42189.exe
        7⤵
        
        PID:2040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29430.exe
        8⤵
        
        PID:3388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26882.exe
        9⤵
        
        PID:3592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11718.exe
        10⤵
        
        PID:6072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36659.exe
        11⤵
        
        PID:8828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40022.exe
        12⤵
        
        PID:12140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8828 -s 220
        12⤵
        
        PID:13084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6072 -s 216
        11⤵
        
        PID:10164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3592 -s 216
        10⤵
        
        PID:7300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3388 -s 236
        9⤵
        
        PID:5588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60301.exe
        8⤵
        
        PID:3848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50613.exe
        9⤵
        
        PID:6108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5932.exe
        10⤵
        
        PID:8796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25824.exe
        11⤵
        
        PID:11992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8796 -s 216
        11⤵
        
        PID:11672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6108 -s 216
        10⤵
        
        PID:10156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3848 -s 216
        9⤵
        
        PID:7292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2040 -s 240
        8⤵
        
        PID:5604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2496 -s 216
        7⤵
        Program crash
        
        PID:3308
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2380 -s 236
        6⤵
        Program crash
        
        PID:2580
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1932 -s 240
        5⤵
        Program crash
        
        PID:1596
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3028 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1268
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26761.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26761.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57016.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57016.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60078.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4930.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37878.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35522.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2932.exe
        9⤵
        
        PID:876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28553.exe
        10⤵
        
        PID:3100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18906.exe
        11⤵
        
        PID:3404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52175.exe
        12⤵
        
        PID:5656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58641.exe
        13⤵
        
        PID:8524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52383.exe
        14⤵
        
        PID:11496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8524 -s 216
        14⤵
        
        PID:12704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5656 -s 216
        13⤵
        
        PID:9852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3404 -s 216
        12⤵
        
        PID:6868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3100 -s 236
        11⤵
        
        PID:3916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17514.exe
        10⤵
        
        PID:3596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10841.exe
        11⤵
        
        PID:5776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40167.exe
        12⤵
        
        PID:8616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17080.exe
        13⤵
        
        PID:11884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8616 -s 220
        13⤵
        
        PID:12952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5776 -s 220
        12⤵
        
        PID:10052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3596 -s 216
        11⤵
        
        PID:6996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 876 -s 240
        10⤵
        
        PID:5192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26092.exe
        9⤵
        
        PID:3140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20276.exe
        10⤵
        
        PID:3956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61256.exe
        11⤵
        
        PID:4308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61957.exe
        12⤵
        
        PID:7876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21081.exe
        13⤵
        
        PID:11336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15463.exe
        14⤵
        
        PID:5524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7876 -s 220
        13⤵
        
        PID:12604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4308 -s 216
        12⤵
        
        PID:9472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3956 -s 216
        11⤵
        
        PID:7088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3140 -s 236
        10⤵
        
        PID:4968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 560 -s 240
        9⤵
        Program crash
        
        PID:3148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27991.exe
        8⤵
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63363.exe
        9⤵
        
        PID:3176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51578.exe
        10⤵
        
        PID:3992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19887.exe
        11⤵
        
        PID:6024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48911.exe
        12⤵
        
        PID:8716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17080.exe
        13⤵
        
        PID:11896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8716 -s 216
        13⤵
        
        PID:12960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6024 -s 216
        12⤵
        
        PID:10120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3992 -s 216
        11⤵
        
        PID:7260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3176 -s 216
        10⤵
        
        PID:5504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19460.exe
        9⤵
        
        PID:4036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50566.exe
        10⤵
        
        PID:5112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56420.exe
        11⤵
        
        PID:7896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6114.exe
        12⤵
        
        PID:11240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15463.exe
        13⤵
        
        PID:9272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7896 -s 216
        12⤵
        
        PID:11632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5112 -s 216
        11⤵
        
        PID:9304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4036 -s 236
        10⤵
        
        PID:6908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1944 -s 240
        9⤵
        
        PID:4428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1960 -s 240
        8⤵
        Program crash
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34130.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1784 -s 220
        8⤵
        Program crash
        
        PID:2856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2060 -s 240
        7⤵
        Program crash
        
        PID:2104
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1584 -s 236
        6⤵
        Program crash
        
        PID:2628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11707.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7151.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2804 -s 240
        7⤵
        Program crash
        
        PID:3048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13518.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56373.exe
        7⤵
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30774.exe
        8⤵
        
        PID:3680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29762.exe
        9⤵
        
        PID:4156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39700.exe
        10⤵
        
        PID:7828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28782.exe
        11⤵
        
        PID:11184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53979.exe
        12⤵
        
        PID:13904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11184 -s 216
        12⤵
        
        PID:9032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7828 -s 216
        11⤵
        
        PID:11784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4156 -s 216
        10⤵
        
        PID:9196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3680 -s 236
        9⤵
        
        PID:6664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2508 -s 216
        8⤵
        
        PID:4224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33274.exe
        7⤵
        
        PID:3796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55828.exe
        8⤵
        
        PID:4760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27640.exe
        9⤵
        
        PID:7408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46716.exe
        10⤵
        
        PID:10964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57015.exe
        11⤵
        
        PID:2952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7408 -s 220
        10⤵
        
        PID:11616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4760 -s 216
        9⤵
        
        PID:9004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3796 -s 216
        8⤵
        
        PID:6508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2860 -s 240
        7⤵
        Program crash
        
        PID:4672
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1536 -s 240
        6⤵
        Program crash
        
        PID:988
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2988 -s 240
        5⤵
        Program crash
        
        PID:308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40212.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40212.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-846.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3067.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37660.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60457.exe
        8⤵
        
        PID:588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43410.exe
        9⤵
        
        PID:4092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1412.exe
        10⤵
        
        PID:5996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56503.exe
        11⤵
        
        PID:8584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17080.exe
        12⤵
        
        PID:11876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8584 -s 220
        12⤵
        
        PID:12968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5996 -s 216
        11⤵
        
        PID:9980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4092 -s 216
        10⤵
        
        PID:7244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 588 -s 236
        9⤵
        
        PID:5480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15376.exe
        8⤵
        
        PID:3408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17894.exe
        9⤵
        
        PID:4360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58558.exe
        10⤵
        
        PID:7744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39472.exe
        11⤵
        
        PID:10716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6745.exe
        12⤵
        
        PID:13828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7744 -s 216
        11⤵
        
        PID:11976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4360 -s 236
        10⤵
        
        PID:9248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3408 -s 236
        9⤵
        
        PID:6852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1552 -s 240
        8⤵
        
        PID:4200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36507.exe
        7⤵
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63638.exe
        8⤵
        
        PID:3252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62543.exe
        9⤵
        
        PID:4452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61490.exe
        10⤵
        
        PID:8044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12097.exe
        11⤵
        
        PID:10448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7575.exe
        12⤵
        
        PID:13384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8044 -s 236
        11⤵
        
        PID:11372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4452 -s 216
        10⤵
        
        PID:8788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3252 -s 236
        9⤵
        
        PID:6368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2844 -s 236
        8⤵
        
        PID:4108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2180 -s 240
        7⤵
        Program crash
        
        PID:1412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21878.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28422.exe
        7⤵
        
        PID:3572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57883.exe
        8⤵
        
        PID:4552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65496.exe
        9⤵
        
        PID:5684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41921.exe
        10⤵
        
        PID:8252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50053.exe
        11⤵
        
        PID:11552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8252 -s 220
        11⤵
        
        PID:12768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5684 -s 216
        10⤵
        
        PID:9664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4552 -s 216
        9⤵
        
        PID:7144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3572 -s 236
        8⤵
        
        PID:5212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 620 -s 216
        7⤵
        Program crash
        
        PID:3780
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1900 -s 240
        6⤵
        Program crash
        
        PID:1980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48739.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19186.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42175.exe
        7⤵
        
        PID:1428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52372.exe
        8⤵
        
        PID:3500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38449.exe
        9⤵
        
        PID:3228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-317.exe
        10⤵
        
        PID:6396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35071.exe
        11⤵
        
        PID:9332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60014.exe
        12⤵
        
        PID:13008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9332 -s 216
        12⤵
        
        PID:13648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6396 -s 236
        11⤵
        
        PID:10780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3228 -s 216
        10⤵
        
        PID:8184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3500 -s 236
        9⤵
        
        PID:5456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37057.exe
        8⤵
        
        PID:4132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62730.exe
        9⤵
        
        PID:6784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44547.exe
        10⤵
        
        PID:9864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41971.exe
        11⤵
        
        PID:13220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9864 -s 216
        11⤵
        
        PID:14028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6784 -s 236
        10⤵
        
        PID:11012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4132 -s 216
        9⤵
        
        PID:7424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1428 -s 240
        8⤵
        
        PID:5636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36590.exe
        7⤵
        
        PID:3540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45055.exe
        8⤵
        
        PID:4412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27624.exe
        9⤵
        
        PID:4464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50006.exe
        10⤵
        
        PID:5580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32674.exe
        11⤵
        
        PID:1468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14612.exe
        12⤵
        
        PID:14180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5580 -s 216
        11⤵
        
        PID:12268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4464 -s 216
        10⤵
        
        PID:7668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4412 -s 216
        9⤵
        
        PID:6708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9704.exe
        8⤵
        
        PID:4776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56036.exe
        9⤵
        
        PID:8008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32866.exe
        10⤵
        
        PID:11224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49999.exe
        11⤵
        
        PID:13592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8008 -s 216
        10⤵
        
        PID:11868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4776 -s 216
        9⤵
        
        PID:8836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3540 -s 240
        8⤵
        
        PID:6772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1964 -s 240
        7⤵
        Program crash
        
        PID:3172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48760.exe
        6⤵
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47302.exe
        7⤵
        
        PID:3660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25917.exe
        8⤵
        
        PID:5172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13908.exe
        9⤵
        
        PID:8920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1127.exe
        10⤵
        
        PID:12068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8920 -s 216
        10⤵
        
        PID:13012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5172 -s 216
        9⤵
        
        PID:9340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3660 -s 220
        8⤵
        
        PID:7340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1620 -s 236
        7⤵
        
        PID:5708
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1128 -s 240
        6⤵
        Program crash
        
        PID:3648
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2792 -s 220
        5⤵
        Program crash
        
        PID:2932
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2560 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1056
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2184 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2512
- C:\Users\Admin\AppData\Local\Temp\Unicorn-47099.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-47099.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3008
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15901.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15901.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44764.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44764.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21184.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3560.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38454.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62610.exe
        8⤵
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49850.exe
        9⤵
        
        PID:3328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54100.exe
        10⤵
        
        PID:3560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2180.exe
        11⤵
        
        PID:5884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35481.exe
        12⤵
        
        PID:9208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30484.exe
        13⤵
        
        PID:11492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9208 -s 216
        13⤵
        
        PID:13300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5884 -s 216
        12⤵
        
        PID:10040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3560 -s 216
        11⤵
        
        PID:7760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3328 -s 216
        10⤵
        
        PID:5124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63892.exe
        9⤵
        
        PID:3684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24739.exe
        10⤵
        
        PID:5980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24106.exe
        11⤵
        
        PID:8456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6555.exe
        12⤵
        
        PID:11964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8456 -s 216
        12⤵
        
        PID:13276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5980 -s 240
        11⤵
        
        PID:9872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3684 -s 216
        10⤵
        
        PID:7768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2432 -s 240
        9⤵
        
        PID:5388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2328 -s 216
        8⤵
        Program crash
        
        PID:3260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1074.exe
        7⤵
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34391.exe
        8⤵
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28636.exe
        9⤵
        
        PID:3880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7395.exe
        10⤵
        
        PID:4564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31423.exe
        11⤵
        
        PID:7792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16037.exe
        12⤵
        
        PID:10932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29579.exe
        13⤵
        
        PID:8812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7792 -s 216
        12⤵
        
        PID:12400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4564 -s 216
        11⤵
        
        PID:9480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3880 -s 236
        10⤵
        
        PID:7052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2244 -s 216
        9⤵
        
        PID:4752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35220.exe
        8⤵
        
        PID:3900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10109.exe
        9⤵
        
        PID:5152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20925.exe
        10⤵
        
        PID:7484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41693.exe
        11⤵
        
        PID:11276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11276 -s 188
        12⤵
        
        PID:11816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7484 -s 216
        11⤵
        
        PID:12548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5152 -s 216
        10⤵
        
        PID:9568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3900 -s 216
        9⤵
        
        PID:7104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2028 -s 240
        8⤵
        
        PID:5080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2872 -s 240
        7⤵
        Program crash
        
        PID:2640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49315.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33192.exe
        7⤵
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41983.exe
        8⤵
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18522.exe
        9⤵
        
        PID:3116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7312.exe
        10⤵
        
        PID:4296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63088.exe
        11⤵
        
        PID:7952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3353.exe
        12⤵
        
        PID:10380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50554.exe
        13⤵
        
        PID:13320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7952 -s 236
        12⤵
        
        PID:11332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4296 -s 236
        11⤵
        
        PID:8660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3116 -s 236
        10⤵
        
        PID:6340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2412 -s 236
        9⤵
        
        PID:3168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29382.exe
        8⤵
        
        PID:3184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5750.exe
        9⤵
        
        PID:4632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29202.exe
        10⤵
        
        PID:8136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7821.exe
        11⤵
        
        PID:10528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58722.exe
        12⤵
        
        PID:14312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8136 -s 216
        11⤵
        
        PID:11440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4632 -s 216
        10⤵
        
        PID:8856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3184 -s 236
        9⤵
        
        PID:6456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2044 -s 240
        8⤵
        Program crash
        
        PID:4524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26201.exe
        7⤵
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60924.exe
        8⤵
        
        PID:4004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-898.exe
        9⤵
        
        PID:4876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34225.exe
        10⤵
        
        PID:7412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64915.exe
        11⤵
        
        PID:10956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11000.exe
        12⤵
        
        PID:13932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10956 -s 216
        12⤵
        
        PID:8868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7412 -s 216
        11⤵
        
        PID:11664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4876 -s 216
        10⤵
        
        PID:8860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4004 -s 216
        9⤵
        
        PID:5232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56684.exe
        8⤵
        
        PID:4932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36747.exe
        9⤵
        
        PID:7620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3654.exe
        10⤵
        
        PID:11108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44524.exe
        11⤵
        
        PID:14280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7620 -s 216
        10⤵
        
        PID:11856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4932 -s 216
        9⤵
        
        PID:9020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2292 -s 240
        8⤵
        
        PID:6176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2024 -s 220
        7⤵
        Program crash
        
        PID:3268
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 604 -s 220
        6⤵
        Program crash
        
        PID:240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49232.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19740.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22200.exe
        7⤵
        
        PID:3672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11588.exe
        8⤵
        
        PID:5100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35569.exe
        9⤵
        
        PID:7884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43810.exe
        10⤵
        
        PID:11228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56968.exe
        11⤵
        
        PID:13584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7884 -s 236
        10⤵
        
        PID:12164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5100 -s 216
        9⤵
        
        PID:8576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3672 -s 236
        8⤵
        
        PID:6300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1948 -s 236
        7⤵
        Program crash
        
        PID:4172
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3056 -s 236
        6⤵
        Program crash
        
        PID:3032
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1664 -s 240
        5⤵
        Program crash
        
        PID:3000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1318.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1318.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2252.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2657.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3088.exe
        7⤵
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8023.exe
        8⤵
        
        PID:4056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30338.exe
        9⤵
        
        PID:5264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44059.exe
        10⤵
        
        PID:7824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8636.exe
        11⤵
        
        PID:11364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7824 -s 216
        11⤵
        
        PID:12672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5264 -s 216
        10⤵
        
        PID:9628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4056 -s 236
        9⤵
        
        PID:6736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2748 -s 216
        8⤵
        
        PID:5036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37934.exe
        7⤵
        
        PID:3204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18626.exe
        8⤵
        
        PID:5396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33753.exe
        9⤵
        
        PID:8276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39747.exe
        10⤵
        
        PID:11608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8276 -s 216
        10⤵
        
        PID:12828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5396 -s 216
        9⤵
        
        PID:9692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3204 -s 216
        8⤵
        
        PID:6684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1080 -s 240
        7⤵
        
        PID:4864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52844.exe
        6⤵
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1609.exe
        7⤵
        
        PID:3872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45247.exe
        8⤵
        
        PID:4204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6129.exe
        9⤵
        
        PID:6532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47536.exe
        10⤵
        
        PID:10428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57404.exe
        11⤵
        
        PID:13396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10428 -s 216
        11⤵
        
        PID:8240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6532 -s 216
        10⤵
        
        PID:10212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4204 -s 216
        9⤵
        
        PID:7716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3872 -s 236
        8⤵
        
        PID:5796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43663.exe
        7⤵
        
        PID:4236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59222.exe
        8⤵
        
        PID:6924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15055.exe
        9⤵
        
        PID:10636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61872.exe
        10⤵
        
        PID:13596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10636 -s 216
        10⤵
        
        PID:14000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6924 -s 216
        9⤵
        
        PID:11248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4236 -s 216
        8⤵
        
        PID:8292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2904 -s 220
        7⤵
        
        PID:5804
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2128 -s 240
        6⤵
        Program crash
        
        PID:3080
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2620 -s 236
        5⤵
        Program crash
        
        PID:1476
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2568 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:696
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24898.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24898.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55994.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55994.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46539.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50706.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59834.exe
        7⤵
        
        PID:772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-950.exe
        8⤵
        
        PID:1812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33296.exe
        9⤵
        
        PID:3836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56835.exe
        10⤵
        
        PID:5916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58641.exe
        11⤵
        
        PID:8532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48299.exe
        12⤵
        
        PID:11744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8532 -s 216
        12⤵
        
        PID:12896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5916 -s 216
        11⤵
        
        PID:9844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3836 -s 216
        10⤵
        
        PID:7196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1812 -s 216
        9⤵
        
        PID:5488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27628.exe
        8⤵
        
        PID:3908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1557.exe
        9⤵
        
        PID:4652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46114.exe
        10⤵
        
        PID:7908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15653.exe
        11⤵
        
        PID:11132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4652 -s 216
        10⤵
        
        PID:9264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3908 -s 236
        9⤵
        
        PID:6872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 772 -s 240
        8⤵
        
        PID:4368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11811.exe
        7⤵
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35242.exe
        8⤵
        
        PID:3400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3400 -s 220
        9⤵
        
        PID:6052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2332 -s 236
        8⤵
        
        PID:5612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1648 -s 240
        7⤵
        Program crash
        
        PID:3488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5158.exe
        6⤵
        
        PID:776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50151.exe
        7⤵
        
        PID:2540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24552.exe
        8⤵
        
        PID:3516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10088.exe
        9⤵
        
        PID:4628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40660.exe
        10⤵
        
        PID:7984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36649.exe
        11⤵
        
        PID:10568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54659.exe
        12⤵
        
        PID:9052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7984 -s 216
        11⤵
        
        PID:12376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4628 -s 216
        10⤵
        
        PID:9388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3516 -s 216
        9⤵
        
        PID:6948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2540 -s 236
        8⤵
        
        PID:4164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27244.exe
        7⤵
        
        PID:3568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49606.exe
        8⤵
        
        PID:5068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15387.exe
        9⤵
        
        PID:7580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9191.exe
        10⤵
        
        PID:10980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9075.exe
        11⤵
        
        PID:9192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7580 -s 216
        10⤵
        
        PID:12440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3568 -s 236
        8⤵
        
        PID:6608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 776 -s 220
        7⤵
        Program crash
        
        PID:4780
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1720 -s 220
        6⤵
        Program crash
        
        PID:2708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18588.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2465.exe
        6⤵
        
        PID:1872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31677.exe
        7⤵
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18583.exe
        8⤵
        
        PID:3828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53986.exe
        9⤵
        
        PID:6576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4728.exe
        10⤵
        
        PID:9556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58644.exe
        11⤵
        
        PID:13232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9556 -s 216
        11⤵
        
        PID:13784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6576 -s 216
        10⤵
        
        PID:10916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3828 -s 216
        9⤵
        
        PID:7672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2764 -s 236
        8⤵
        
        PID:5468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38920.exe
        7⤵
        
        PID:3928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2460.exe
        8⤵
        
        PID:4612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60784.exe
        9⤵
        
        PID:6164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-473.exe
        10⤵
        
        PID:10384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30186.exe
        11⤵
        
        PID:13340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10384 -s 216
        11⤵
        
        PID:13660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6164 -s 216
        10⤵
        
        PID:10664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4612 -s 236
        9⤵
        
        PID:8152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3928 -s 216
        8⤵
        
        PID:5788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1872 -s 240
        7⤵
        Program crash
        
        PID:3972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65096.exe
        6⤵
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52408.exe
        7⤵
        
        PID:4440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16934.exe
        8⤵
        
        PID:4856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50198.exe
        9⤵
        
        PID:7496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58968.exe
        10⤵
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36896.exe
        11⤵
        
        PID:7660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7496 -s 216
        10⤵
        
        PID:11592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4856 -s 216
        9⤵
        
        PID:9012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4440 -s 236
        8⤵
        
        PID:6540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1700 -s 236
        7⤵
        
        PID:4504
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1760 -s 240
        6⤵
        Program crash
        
        PID:3436
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1524 -s 240
        5⤵
        Program crash
        
        PID:1220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49232.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49232.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15896.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25024.exe
        6⤵
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38475.exe
        7⤵
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17946.exe
        8⤵
        
        PID:3756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16851.exe
        9⤵
        
        PID:4696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28304.exe
        10⤵
        
        PID:6984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65242.exe
        11⤵
        
        PID:9900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52936.exe
        12⤵
        
        PID:6428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9900 -s 216
        12⤵
        
        PID:13528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6984 -s 236
        11⤵
        
        PID:10436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4696 -s 216
        10⤵
        
        PID:7444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3756 -s 236
        9⤵
        
        PID:5880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24011.exe
        8⤵
        
        PID:4808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59881.exe
        9⤵
        
        PID:7724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25720.exe
        10⤵
        
        PID:11160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58722.exe
        11⤵
        
        PID:14320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7724 -s 236
        10⤵
        
        PID:12040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4808 -s 216
        9⤵
        
        PID:9132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2536 -s 240
        8⤵
        
        PID:5784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51365.exe
        7⤵
        
        PID:3788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31625.exe
        8⤵
        
        PID:4836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59497.exe
        9⤵
        
        PID:7488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34573.exe
        10⤵
        
        PID:11044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38411.exe
        11⤵
        
        PID:14080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11044 -s 236
        11⤵
        
        PID:9236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7488 -s 216
        10⤵
        
        PID:11840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4836 -s 216
        9⤵
        
        PID:8900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3788 -s 216
        8⤵
        
        PID:5992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2976 -s 240
        7⤵
        Program crash
        
        PID:3812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6357.exe
        6⤵
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40504.exe
        7⤵
        
        PID:3820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51853.exe
        8⤵
        
        PID:4492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14541.exe
        9⤵
        
        PID:5368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41921.exe
        10⤵
        
        PID:8260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41693.exe
        11⤵
        
        PID:11268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11268 -s 188
        12⤵
        
        PID:11824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8260 -s 216
        11⤵
        
        PID:12556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5368 -s 216
        10⤵
        
        PID:9672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4492 -s 216
        9⤵
        
        PID:6588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3820 -s 236
        8⤵
        
        PID:5176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1069.exe
        7⤵
        
        PID:4640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25699.exe
        8⤵
        
        PID:5772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16129.exe
        9⤵
        
        PID:9616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25780.exe
        10⤵
        
        PID:12432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9616 -s 216
        10⤵
        
        PID:13816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5772 -s 216
        9⤵
        
        PID:10936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4640 -s 216
        8⤵
        
        PID:7924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2196 -s 240
        7⤵
        
        PID:5276
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1940 -s 240
        6⤵
        Program crash
        
        PID:3316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27716.exe
        5⤵
        
        PID:2900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54235.exe
        6⤵
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23374.exe
        7⤵
        
        PID:3344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3887.exe
        8⤵
        
        PID:5236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56311.exe
        9⤵
        
        PID:7836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-468.exe
        10⤵
        
        PID:11392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7836 -s 216
        10⤵
        
        PID:12696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3344 -s 236
        8⤵
        
        PID:6620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2100 -s 216
        7⤵
        
        PID:4716
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2900 -s 236
        6⤵
        Program crash
        
        PID:3856
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1324 -s 240
        5⤵
        Program crash
        
        PID:1956
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2732 -s 240
      4⤵
      Program crash
      PID:1060
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3008 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:960
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2820 -s 240
  2⤵
  - Program crash
  PID:2648

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-1365.exe

Filesize
184KB

MD5
00bee8ad8a4d5efe6c40c9d0f9c48509

SHA1
4487401571a97ed31cf8736b6154dd871f6667df

SHA256
ce8d15d705b1afd204e52b195f47ebc78353f1fba444316df44e61a7d4bfd297

SHA512
fafe27554d830d92db368beb90a9d2e49193f0656ff9448f09ec2b42f7fa5d93c28e689fdf64a2fc98ebcf73de0dd50ed5f4b06b8c97aaa67726fbeec7784678

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15901.exe

Filesize
184KB

MD5
cb1ae5ba8903d6a06c2ee32e680efc8f

SHA1
54250adfb287905be780e059ea72f7d9fed7d64b

SHA256
0d24ca4594e72d1021e9985d4967862f5025992dd51753beb35e7b32ab889322

SHA512
47e427fed4b815a8344e50a10f43519c256d05fa61d036b20e5a24bef43a8d0b9e1927cee09524df3c2df7469cc032eae82d7ac339a1ddc07a5997654c8aa945

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18766.exe

Filesize
184KB

MD5
7f8740af6e9e172771b9fe0e30f4234e

SHA1
c5dac63655532965c20e896fcefac221aad7b871

SHA256
012c0218e8a4c38136ce8ba9d91b9d871623ef07472d5f08e8f43e89d1ded7c1

SHA512
4c5fcae016d38ceb151d4082e8e904d4635cdf93370955608576cc48292812192e7041252a285751a66ba51ade7d51a47a21a9451f591e584eb7acb482873eaf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24898.exe

Filesize
184KB

MD5
d72fd4b8f9aa456841188e1ddf0a7f02

SHA1
20730d9cb574c36864a89401f740b1c9695213e5

SHA256
a402617773c6b457dc635ed3a2073e51529e2351ed2441e78f20ed8d6df565ea

SHA512
d6e841eb858f687166b87da9ded6837cc7ec927de00db0169252c8e2f991c615ccb879c33afe26b89cd44e643987c222ba47e165f059ea648581ed0309344792

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26761.exe

Filesize
184KB

MD5
2f4a962375c8a5394217f813fa92d232

SHA1
d90e8b9e8c577bd728308fda6610e2ec885cefa2

SHA256
8124f301bc999668cd6db0103786183f086840e18c8a3e03ad975ca61e426e8b

SHA512
c0b122445b8b8432e81264253104231195b7332ba64753ee625b88476ebe72fff58e6f461cddca5da67d7ac4c4b75c8287ff053980b405112770d567c7496156

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46627.exe

Filesize
184KB

MD5
85130043720478cd5477d220b1e79454

SHA1
f80fa1d649de242cada27ab06603b08ca2a4d2d3

SHA256
d2c155bb05ca64b37f0dbe2756a62b84fb69fc9aec7fbabf6631f035f5441385

SHA512
deb84267ee13456295619e9167efdc2b8e3f0f122ff1c64d3203f50f3eecd6ec89043bfa17dc2a20851ddf41cb0006b1853ce7df93d7537c352a9562f02a3058

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47099.exe

Filesize
184KB

MD5
fd673334acabe617c921dda749a8cc33

SHA1
982de117ef1b9cedb0682485845bfd1ac21cecd0

SHA256
f93f1659ca4bfe58a473eecb8099673340a75d488372922d64c5d2b385e4863b

SHA512
956eda8829a4b2fd58e3d95bba1bc27af110471654d5f043fce1be700d9c399a413756940ede7b9451546d442506d25c39ca3e6a86bc9b15c438c5258827d200

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57016.exe

Filesize
184KB

MD5
6776796e626d9a0d9ffb0000f103733e

SHA1
c89adf3f20abd3dfe2fb7dc5a4220049fd559797

SHA256
932d836b91b229af376b3fdff5d73e3645c76999f6f54e586c3b5a3750f1998c

SHA512
10acf2879f5309cc034c6802fab7b0a56796cecb2e5b79d06cbd0e46ff0753fa3bd9e979bfbcafde5589c1e76fe47eba7dd47418fcc8110869b7b1b144f50ec0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5750.exe

Filesize
184KB

MD5
14694f626409410e721340fcfb66d056

SHA1
8260509a5774e92d929f023a86e889c8c59a7f10

SHA256
711ce8c1621d7d0878b6ba833dbd0f0c186e81fd9237dfa721846e9286387f59

SHA512
1bd1876ec777872cdcf6c188829a82bb33173a109f9a8c1bceb47a958bb846c569be906ece613487446c4c91a9178a6d18158d220a54bcafb12210d0eb8e9979

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60078.exe

Filesize
184KB

MD5
2f3bf59735a37a0ab952c982f71c42b7

SHA1
7bb993e1cf3991926eb7ae4c8859893849664580

SHA256
1da17af8618a0292c105adf681b3b5c31ce3bf7c7ecd79562164ef415c5540b5

SHA512
f390a82675bab4cb1bbc8c25321eec7bb11d57f0751c194db97e95c8471a41781f7be9abc42f254ae5dbe45658f69a93352a03d3d3c0121bf3f09d320db6a074

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6653.exe

Filesize
184KB

MD5
32f0262321c6d012d1d0fd3f37c19643

SHA1
482761763e39e0055ad4930c1055eaf4748dc208

SHA256
935ea4e7a28803b2dfd8d6bf14f498d7bd970ebe1b6aab12969b84d38ac6a902

SHA512
447a6cd5b20b70884568512e50b51d0b438a9b78da829e365e72eb4413e493fcca6d4b8eb1bce6b5b7cf7fe470832f1c65ade9b991ddba03ec37b49dbb5c679f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9704.exe

Filesize
184KB

MD5
049bf6d55e85d9f6e600244ebc387692

SHA1
969a81247438e7be556542042485b26401921f10

SHA256
4fb7b9f767e1f7cecadef1e58b2b669b059483284fd06b63ac10afec789ce86f

SHA512
7ae29ec282dc9381e9112477a68ca0284a89ac381272ab75b2c50e71750ce9cfb74b23c53e2e2f19c8ab0e4032cda81e3a2da82fc2b6dad2476e47c11e73b3cb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-14037.exe

Filesize
184KB

MD5
df9d98ddb38513e23daf637216e68001

SHA1
fee08d941ca18e6520484195b292a561f6aba81c

SHA256
e45b8a5393507e40425ba841a9e9dfb4a1787b25f5fca95e770681694be5e9db

SHA512
43135f39109520d88bedbb827e5f868269091ae16f1e21fa1a8be53f3aed65b814c4d15faf6db6c17496588668b639f09615818bf412925813991af27e4be1be

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-1427.exe

Filesize
184KB

MD5
87e08507e0bad04a7329daef2544a739

SHA1
1a1e67d5795076a62d6083468ffb495062664edf

SHA256
2a3dfb74d6ac582982a654d137ebb85d661bf140533a334dc1b7d30964fae400

SHA512
6b9c57396a7f2e7c2743c2f9829e4527f7333d4f361a78623a37b9c2a70535537ef629f8d4f465938f582ed9a0cea54b1fded28c5770485e27ba17c44bd8a4a8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-29352.exe

Filesize
184KB

MD5
a16f66739c733bc12b33329d4669cf17

SHA1
c0e5dfcda1b6160e9d5fb5b8f474707b5671983a

SHA256
d5f4800ab199447dc55a49f52a2611e654cefd3b10b545c000067a5f93a8c7ed

SHA512
fb75e7acb65efb42b08ebc87c222282b7622303c6f775315f7d0b9bea07063b30f225007d276fc1caf989ca7199963a056bd10a95362bcff2246fdce87f1eb5a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-40212.exe

Filesize
184KB

MD5
59490e7d8c40efb3de2ee99c0f82b6d0

SHA1
837355b18152a0861cb49aa37f119d6f3eee3f47

SHA256
f5d5df0976d5c6522a43018f27903b2a697939322a99e994d576dd184dc03292

SHA512
d1f61a93d0a6455b003459696e9225f585bef6803c4dd70c3de19df7f6edf68be43f2bc98283c0a69efb6840fd0efa0f3f796450cf19f38012ffc2f59d393d89

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-43446.exe

Filesize
184KB

MD5
5b882164ab4f7b53f2e6b40e0c78c4b6

SHA1
2fe82a1fc0257707e869d0b8431cf097787c3255

SHA256
8b39fac908bb28c84abd889695c54533ddbd08bb6e0f4659af1cef904a3a05c7

SHA512
309baabdd61dfc85f7b7047005e8c453de34359a81e9bdd1c20f3a40f22feb0d19aaccfbea6d8bf7fb5c51034bd7a2f16a7fe3d043cad207460367cc28d836f6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-44764.exe

Filesize
184KB

MD5
9ca245594504f13e4113107233cbe9db

SHA1
37e2bcb5d52821099c3566df9340cd77e217a084

SHA256
b101911282cbdf014d4a417f94db0804393feb5a6d8df42098319da1d0e9aed9

SHA512
fdeb6923070c0d61d22d52543c8e185972f006c0e3c1e6d5dd086f6d433f77e81b7a49c417b7a91bd522dd0d593bbe3f072723799c332e73ec742d6f8f8cf79c

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads