6a22c229f03618ec22f47168a1d43e970ae00db8a7170dde6e2ddb3091a7c759

Analysis

max time kernel
130s
max time network
121s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
04/06/2024, 22:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6a22c229f03618ec22f47168a1d43e970ae00db8a7170dde6e2ddb3091a7c759.exe
Size

184KB
MD5

f24982bc6d38b6aeb977bfd9c733d36b
SHA1

f3c3ad720d1dc5607e584cfed7d93544a0e3c830
SHA256

6a22c229f03618ec22f47168a1d43e970ae00db8a7170dde6e2ddb3091a7c759
SHA512

0519ff6d94bfc84db3bc8052166e2f3adf5ad1e3fde3356c79b68d6ab41871f29c33cc23756abc364be51613cb30f481badafd106e6de575bc89d62cd6349e66
SSDEEP

1536:p71/6jZAD3L9otx1g0OAlSwMojIy6Zcl9mdmxDLR2VzQt1hl5hj5nizpvd:hw43L9oTS0Ordo8LeBDLRKe1hlnViFl

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2092	Unicorn-6809.exe
2324	Unicorn-26436.exe
848	Unicorn-54702.exe
2828	Unicorn-24381.exe
3020	Unicorn-35241.exe
2700	Unicorn-51023.exe
1712	Unicorn-53208.exe
2800	Unicorn-18398.exe
2796	Unicorn-29258.exe
1816	Unicorn-10229.exe
2020	Unicorn-21090.exe
1080	Unicorn-11381.exe
2204	Unicorn-22242.exe
2364	Unicorn-3789.exe
2600	Unicorn-3789.exe
2552	Unicorn-14650.exe
2856	Unicorn-61158.exe
2152	Unicorn-26348.exe
2256	Unicorn-54614.exe
2388	Unicorn-18263.exe
2468	Unicorn-59850.exe
1656	Unicorn-40821.exe
1300	Unicorn-32653.exe
1752	Unicorn-43513.exe
2476	Unicorn-28569.exe
3028	Unicorn-39429.exe
2284	Unicorn-59295.exe
2380	Unicorn-31069.exe
808	Unicorn-50935.exe
2080	Unicorn-16125.exe
884	Unicorn-16125.exe
2040	Unicorn-26985.exe
2816	Unicorn-63462.exe
2812	Unicorn-8786.exe
2848	Unicorn-24568.exe
2624	Unicorn-51210.exe
2576	Unicorn-31344.exe
2588	Unicorn-38766.exe
1044	Unicorn-14816.exe
2500	Unicorn-65408.exe
352	Unicorn-9985.exe
2196	Unicorn-40712.exe
1204	Unicorn-36628.exe
1256	Unicorn-16762.exe
2228	Unicorn-63270.exe
2216	Unicorn-59186.exe
632	Unicorn-59186.exe
2860	Unicorn-4510.exe
1704	Unicorn-55102.exe
2872	Unicorn-35236.exe
1632	Unicorn-55102.exe
2776	Unicorn-426.exe
404	Unicorn-48278.exe
1784	Unicorn-59139.exe
1956	Unicorn-44002.exe
752	Unicorn-9191.exe
2232	Unicorn-20052.exe
1592	Unicorn-58392.exe
2832	Unicorn-58392.exe
564	Unicorn-3716.exe
2740	Unicorn-34442.exe
2904	Unicorn-50224.exe
2712	Unicorn-61085.exe
3032	Unicorn-2969.exe

Loads dropped DLL 64 IoCs

pid	Process
1240	6a22c229f03618ec22f47168a1d43e970ae00db8a7170dde6e2ddb3091a7c759.exe
1240	6a22c229f03618ec22f47168a1d43e970ae00db8a7170dde6e2ddb3091a7c759.exe
2092	Unicorn-6809.exe
1240	6a22c229f03618ec22f47168a1d43e970ae00db8a7170dde6e2ddb3091a7c759.exe
2092	Unicorn-6809.exe
1240	6a22c229f03618ec22f47168a1d43e970ae00db8a7170dde6e2ddb3091a7c759.exe
2324	Unicorn-26436.exe
2324	Unicorn-26436.exe
2092	Unicorn-6809.exe
2092	Unicorn-6809.exe
848	Unicorn-54702.exe
848	Unicorn-54702.exe
2556	WerFault.exe
2556	WerFault.exe
2556	WerFault.exe
2556	WerFault.exe
2556	WerFault.exe
3020	Unicorn-35241.exe
3020	Unicorn-35241.exe
2828	Unicorn-24381.exe
2828	Unicorn-24381.exe
2324	Unicorn-26436.exe
2324	Unicorn-26436.exe
2700	Unicorn-51023.exe
2700	Unicorn-51023.exe
848	Unicorn-54702.exe
848	Unicorn-54702.exe
2240	WerFault.exe
2240	WerFault.exe
2240	WerFault.exe
2240	WerFault.exe
2240	WerFault.exe
1708	WerFault.exe
1708	WerFault.exe
1708	WerFault.exe
1708	WerFault.exe
1708	WerFault.exe
1712	Unicorn-53208.exe
1712	Unicorn-53208.exe
3020	Unicorn-35241.exe
3020	Unicorn-35241.exe
2796	Unicorn-29258.exe
2800	Unicorn-18398.exe
2796	Unicorn-29258.exe
2800	Unicorn-18398.exe
2828	Unicorn-24381.exe
2828	Unicorn-24381.exe
2020	Unicorn-21090.exe
2020	Unicorn-21090.exe
1816	Unicorn-10229.exe
1816	Unicorn-10229.exe
2700	Unicorn-51023.exe
2700	Unicorn-51023.exe
1316	WerFault.exe
1316	WerFault.exe
1316	WerFault.exe
1316	WerFault.exe
1316	WerFault.exe
1788	WerFault.exe
1788	WerFault.exe
1788	WerFault.exe
1788	WerFault.exe
1788	WerFault.exe
2488	WerFault.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2660	1240	WerFault.exe	27
2556	2092	WerFault.exe	28
1708	848	WerFault.exe	30
2240	2324	WerFault.exe	29
1316	3020	WerFault.exe	33
1788	2828	WerFault.exe	32
2488	2700	WerFault.exe	34
2056	1712	WerFault.exe	36
624	2796	WerFault.exe	38
2428	2020	WerFault.exe	40
2320	1816	WerFault.exe	39
1608	2800	WerFault.exe	37
672	1080	WerFault.exe	43
1488	2204	WerFault.exe	44
2176	2600	WerFault.exe	45
2960	2856	WerFault.exe	48
1884	2152	WerFault.exe	49
3008	2256	WerFault.exe	50
1764	2552	WerFault.exe	47
1960	2364	WerFault.exe	46
1900	2388	WerFault.exe	54
1896	2468	WerFault.exe	55
548	1656	WerFault.exe	56
2772	1300	WerFault.exe	57
1284	1752	WerFault.exe	58
772	2284	WerFault.exe	60
864	2040	WerFault.exe	66
2496	2380	WerFault.exe	62
1536	2080	WerFault.exe	64
1792	884	WerFault.exe	65
532	808	WerFault.exe	63
296	3028	WerFault.exe	61
1852	2476	WerFault.exe	59
2424	2288	WerFault.exe	121
3512	2816	WerFault.exe	72
3532	2848	WerFault.exe	74
3524	2812	WerFault.exe	73
3568	2588	WerFault.exe	77
3584	2624	WerFault.exe	75
3616	2500	WerFault.exe	79
3768	2576	WerFault.exe	76
3788	352	WerFault.exe	80
3840	1632	WerFault.exe	90
3932	2740	WerFault.exe	108
3968	2216	WerFault.exe	86
3388	632	WerFault.exe	85
3396	2860	WerFault.exe	87
3496	2776	WerFault.exe	91
3992	1704	WerFault.exe	88
1416	1256	WerFault.exe	82
2200	2228	WerFault.exe	84
3472	2872	WerFault.exe	89
3696	1204	WerFault.exe	83
3360	2196	WerFault.exe	81
3812	564	WerFault.exe	107
4028	2688	WerFault.exe	116
4088	2164	WerFault.exe	115
3108	1848	WerFault.exe	119
3244	900	WerFault.exe	128
3448	2972	WerFault.exe	120
3484	2248	WerFault.exe	130
3780	1724	WerFault.exe	127
3868	1056	WerFault.exe	129
4024	944	WerFault.exe	126

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1240	6a22c229f03618ec22f47168a1d43e970ae00db8a7170dde6e2ddb3091a7c759.exe
2092	Unicorn-6809.exe
2324	Unicorn-26436.exe
848	Unicorn-54702.exe
2828	Unicorn-24381.exe
3020	Unicorn-35241.exe
2700	Unicorn-51023.exe
1712	Unicorn-53208.exe
2796	Unicorn-29258.exe
2800	Unicorn-18398.exe
2020	Unicorn-21090.exe
1816	Unicorn-10229.exe
1080	Unicorn-11381.exe
2204	Unicorn-22242.exe
2600	Unicorn-3789.exe
2364	Unicorn-3789.exe
2552	Unicorn-14650.exe
2256	Unicorn-54614.exe
2856	Unicorn-61158.exe
2152	Unicorn-26348.exe
2388	Unicorn-18263.exe
2468	Unicorn-59850.exe
1656	Unicorn-40821.exe
1300	Unicorn-32653.exe
1752	Unicorn-43513.exe
2476	Unicorn-28569.exe
3028	Unicorn-39429.exe
2284	Unicorn-59295.exe
2380	Unicorn-31069.exe
2080	Unicorn-16125.exe
808	Unicorn-50935.exe
884	Unicorn-16125.exe
2040	Unicorn-26985.exe
2816	Unicorn-63462.exe
2812	Unicorn-8786.exe
2848	Unicorn-24568.exe
2624	Unicorn-51210.exe
2576	Unicorn-31344.exe
2588	Unicorn-38766.exe
1044	Unicorn-14816.exe
2500	Unicorn-65408.exe
352	Unicorn-9985.exe
2196	Unicorn-40712.exe
1204	Unicorn-36628.exe
1256	Unicorn-16762.exe
2228	Unicorn-63270.exe
2216	Unicorn-59186.exe
632	Unicorn-59186.exe
1704	Unicorn-55102.exe
2872	Unicorn-35236.exe
2860	Unicorn-4510.exe
2776	Unicorn-426.exe
1632	Unicorn-55102.exe
1784	Unicorn-59139.exe
404	Unicorn-48278.exe
1956	Unicorn-44002.exe
2232	Unicorn-20052.exe
752	Unicorn-9191.exe
1592	Unicorn-58392.exe
564	Unicorn-3716.exe
2832	Unicorn-58392.exe
2740	Unicorn-34442.exe
2904	Unicorn-50224.exe
2712	Unicorn-61085.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1240 wrote to memory of 2092	1240	6a22c229f03618ec22f47168a1d43e970ae00db8a7170dde6e2ddb3091a7c759.exe	28
PID 1240 wrote to memory of 2092	1240	6a22c229f03618ec22f47168a1d43e970ae00db8a7170dde6e2ddb3091a7c759.exe	28
PID 1240 wrote to memory of 2092	1240	6a22c229f03618ec22f47168a1d43e970ae00db8a7170dde6e2ddb3091a7c759.exe	28
PID 1240 wrote to memory of 2092	1240	6a22c229f03618ec22f47168a1d43e970ae00db8a7170dde6e2ddb3091a7c759.exe	28
PID 2092 wrote to memory of 2324	2092	Unicorn-6809.exe	29
PID 2092 wrote to memory of 2324	2092	Unicorn-6809.exe	29
PID 2092 wrote to memory of 2324	2092	Unicorn-6809.exe	29
PID 2092 wrote to memory of 2324	2092	Unicorn-6809.exe	29
PID 1240 wrote to memory of 848	1240	6a22c229f03618ec22f47168a1d43e970ae00db8a7170dde6e2ddb3091a7c759.exe	30
PID 1240 wrote to memory of 848	1240	6a22c229f03618ec22f47168a1d43e970ae00db8a7170dde6e2ddb3091a7c759.exe	30
PID 1240 wrote to memory of 848	1240	6a22c229f03618ec22f47168a1d43e970ae00db8a7170dde6e2ddb3091a7c759.exe	30
PID 1240 wrote to memory of 848	1240	6a22c229f03618ec22f47168a1d43e970ae00db8a7170dde6e2ddb3091a7c759.exe	30
PID 1240 wrote to memory of 2660	1240	6a22c229f03618ec22f47168a1d43e970ae00db8a7170dde6e2ddb3091a7c759.exe	31
PID 1240 wrote to memory of 2660	1240	6a22c229f03618ec22f47168a1d43e970ae00db8a7170dde6e2ddb3091a7c759.exe	31
PID 1240 wrote to memory of 2660	1240	6a22c229f03618ec22f47168a1d43e970ae00db8a7170dde6e2ddb3091a7c759.exe	31
PID 1240 wrote to memory of 2660	1240	6a22c229f03618ec22f47168a1d43e970ae00db8a7170dde6e2ddb3091a7c759.exe	31
PID 2324 wrote to memory of 2828	2324	Unicorn-26436.exe	32
PID 2324 wrote to memory of 2828	2324	Unicorn-26436.exe	32
PID 2324 wrote to memory of 2828	2324	Unicorn-26436.exe	32
PID 2324 wrote to memory of 2828	2324	Unicorn-26436.exe	32
PID 2092 wrote to memory of 3020	2092	Unicorn-6809.exe	33
PID 2092 wrote to memory of 3020	2092	Unicorn-6809.exe	33
PID 2092 wrote to memory of 3020	2092	Unicorn-6809.exe	33
PID 2092 wrote to memory of 3020	2092	Unicorn-6809.exe	33
PID 848 wrote to memory of 2700	848	Unicorn-54702.exe	34
PID 848 wrote to memory of 2700	848	Unicorn-54702.exe	34
PID 848 wrote to memory of 2700	848	Unicorn-54702.exe	34
PID 848 wrote to memory of 2700	848	Unicorn-54702.exe	34
PID 2092 wrote to memory of 2556	2092	Unicorn-6809.exe	35
PID 2092 wrote to memory of 2556	2092	Unicorn-6809.exe	35
PID 2092 wrote to memory of 2556	2092	Unicorn-6809.exe	35
PID 2092 wrote to memory of 2556	2092	Unicorn-6809.exe	35
PID 3020 wrote to memory of 1712	3020	Unicorn-35241.exe	36
PID 3020 wrote to memory of 1712	3020	Unicorn-35241.exe	36
PID 3020 wrote to memory of 1712	3020	Unicorn-35241.exe	36
PID 3020 wrote to memory of 1712	3020	Unicorn-35241.exe	36
PID 2828 wrote to memory of 2800	2828	Unicorn-24381.exe	37
PID 2828 wrote to memory of 2800	2828	Unicorn-24381.exe	37
PID 2828 wrote to memory of 2800	2828	Unicorn-24381.exe	37
PID 2828 wrote to memory of 2800	2828	Unicorn-24381.exe	37
PID 2324 wrote to memory of 2796	2324	Unicorn-26436.exe	38
PID 2324 wrote to memory of 2796	2324	Unicorn-26436.exe	38
PID 2324 wrote to memory of 2796	2324	Unicorn-26436.exe	38
PID 2324 wrote to memory of 2796	2324	Unicorn-26436.exe	38
PID 2700 wrote to memory of 1816	2700	Unicorn-51023.exe	39
PID 2700 wrote to memory of 1816	2700	Unicorn-51023.exe	39
PID 2700 wrote to memory of 1816	2700	Unicorn-51023.exe	39
PID 2700 wrote to memory of 1816	2700	Unicorn-51023.exe	39
PID 848 wrote to memory of 2020	848	Unicorn-54702.exe	40
PID 848 wrote to memory of 2020	848	Unicorn-54702.exe	40
PID 848 wrote to memory of 2020	848	Unicorn-54702.exe	40
PID 848 wrote to memory of 2020	848	Unicorn-54702.exe	40
PID 2324 wrote to memory of 2240	2324	Unicorn-26436.exe	41
PID 2324 wrote to memory of 2240	2324	Unicorn-26436.exe	41
PID 2324 wrote to memory of 2240	2324	Unicorn-26436.exe	41
PID 2324 wrote to memory of 2240	2324	Unicorn-26436.exe	41
PID 848 wrote to memory of 1708	848	Unicorn-54702.exe	42
PID 848 wrote to memory of 1708	848	Unicorn-54702.exe	42
PID 848 wrote to memory of 1708	848	Unicorn-54702.exe	42
PID 848 wrote to memory of 1708	848	Unicorn-54702.exe	42
PID 1712 wrote to memory of 1080	1712	Unicorn-53208.exe	43
PID 1712 wrote to memory of 1080	1712	Unicorn-53208.exe	43
PID 1712 wrote to memory of 1080	1712	Unicorn-53208.exe	43
PID 1712 wrote to memory of 1080	1712	Unicorn-53208.exe	43

C:\Users\Admin\AppData\Local\Temp\6a22c229f03618ec22f47168a1d43e970ae00db8a7170dde6e2ddb3091a7c759.exe
"C:\Users\Admin\AppData\Local\Temp\6a22c229f03618ec22f47168a1d43e970ae00db8a7170dde6e2ddb3091a7c759.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1240
- C:\Users\Admin\AppData\Local\Temp\Unicorn-6809.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-6809.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2092
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26436.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26436.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24381.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24381.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18398.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3789.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32653.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38766.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58392.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50847.exe
        10⤵
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48792.exe
        11⤵
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8091.exe
        12⤵
        
        PID:4472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27425.exe
        13⤵
        
        PID:7520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31774.exe
        14⤵
        
        PID:10616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48972.exe
        15⤵
        
        PID:12724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10616 -s 236
        15⤵
        
        PID:7424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7520 -s 216
        14⤵
        
        PID:11020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4472 -s 236
        13⤵
        
        PID:8908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1568 -s 216
        12⤵
        
        PID:6796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2684 -s 236
        11⤵
        
        PID:4536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59653.exe
        10⤵
        
        PID:3180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53714.exe
        11⤵
        
        PID:5832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32516.exe
        12⤵
        
        PID:7188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55448.exe
        13⤵
        
        PID:11200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61883.exe
        14⤵
        
        PID:7200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11200 -s 236
        14⤵
        
        PID:8584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7188 -s 216
        13⤵
        
        PID:11560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5832 -s 216
        12⤵
        
        PID:9072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3180 -s 216
        11⤵
        
        PID:6388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2832 -s 240
        10⤵
        
        PID:4528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22621.exe
        9⤵
        
        PID:1796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30126.exe
        10⤵
        
        PID:3232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20152.exe
        11⤵
        
        PID:4380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62235.exe
        12⤵
        
        PID:7480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49179.exe
        13⤵
        
        PID:10572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25428.exe
        14⤵
        
        PID:13020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10572 -s 236
        14⤵
        
        PID:7080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7480 -s 216
        13⤵
        
        PID:10740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4380 -s 216
        12⤵
        
        PID:8884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3232 -s 216
        11⤵
        
        PID:6848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1796 -s 236
        10⤵
        
        PID:4584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2588 -s 220
        9⤵
        Program crash
        
        PID:3568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3716.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5538.exe
        9⤵
        
        PID:2540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41859.exe
        10⤵
        
        PID:4900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38167.exe
        11⤵
        
        PID:5352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52910.exe
        12⤵
        
        PID:9124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17597.exe
        13⤵
        
        PID:1388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21915.exe
        14⤵
        
        PID:8568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9124 -s 216
        13⤵
        
        PID:12152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5352 -s 216
        12⤵
        
        PID:9948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4900 -s 216
        11⤵
        
        PID:7912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2540 -s 236
        10⤵
        
        PID:6104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 564 -s 236
        9⤵
        Program crash
        
        PID:3812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1300 -s 240
        8⤵
        Program crash
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14816.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50224.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28097.exe
        9⤵
        
        PID:264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14557.exe
        10⤵
        
        PID:3888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6480.exe
        11⤵
        
        PID:6084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60419.exe
        12⤵
        
        PID:7516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27628.exe
        13⤵
        
        PID:10636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10134.exe
        14⤵
        
        PID:13040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10636 -s 216
        14⤵
        
        PID:9668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7516 -s 216
        13⤵
        
        PID:11856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6084 -s 216
        12⤵
        
        PID:9292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3888 -s 216
        11⤵
        
        PID:6880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 264 -s 216
        10⤵
        
        PID:5260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58859.exe
        9⤵
        
        PID:3144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63849.exe
        10⤵
        
        PID:6116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19387.exe
        11⤵
        
        PID:8132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11291.exe
        12⤵
        
        PID:10664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59335.exe
        13⤵
        
        PID:13052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10664 -s 216
        13⤵
        
        PID:9696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8132 -s 216
        12⤵
        
        PID:11876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6116 -s 216
        11⤵
        
        PID:9388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3144 -s 236
        10⤵
        
        PID:7136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2904 -s 240
        9⤵
        
        PID:5300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34873.exe
        8⤵
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37583.exe
        9⤵
        
        PID:4956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36880.exe
        10⤵
        
        PID:6824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44462.exe
        11⤵
        
        PID:9852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20254.exe
        12⤵
        
        PID:12524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9852 -s 216
        12⤵
        
        PID:12640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6824 -s 216
        11⤵
        
        PID:11064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4956 -s 236
        10⤵
        
        PID:8188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2820 -s 236
        9⤵
        
        PID:5932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1044 -s 240
        8⤵
        
        PID:4344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2600 -s 240
        7⤵
        Program crash
        
        PID:2176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43513.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65408.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2500 -s 240
        8⤵
        Program crash
        
        PID:3616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61085.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20121.exe
        8⤵
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56960.exe
        9⤵
        
        PID:4052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64884.exe
        10⤵
        
        PID:4880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14596.exe
        11⤵
        
        PID:6868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42573.exe
        12⤵
        
        PID:10416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2485.exe
        13⤵
        
        PID:12852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10416 -s 216
        13⤵
        
        PID:8212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6868 -s 216
        12⤵
        
        PID:11136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4880 -s 236
        11⤵
        
        PID:8712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4052 -s 236
        10⤵
        
        PID:6592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2668 -s 236
        9⤵
        
        PID:5084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33010.exe
        8⤵
        
        PID:4080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32020.exe
        9⤵
        
        PID:4312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22765.exe
        10⤵
        
        PID:7316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60855.exe
        11⤵
        
        PID:10428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49548.exe
        12⤵
        
        PID:12840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10428 -s 216
        12⤵
        
        PID:6972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7316 -s 216
        11⤵
        
        PID:10440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4312 -s 216
        10⤵
        
        PID:8752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4080 -s 236
        9⤵
        
        PID:6652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2712 -s 220
        8⤵
        
        PID:4280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1752 -s 240
        7⤵
        Program crash
        
        PID:1284
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2800 -s 220
        6⤵
        Program crash
        
        PID:1608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14650.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59295.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40712.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60338.exe
        8⤵
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62907.exe
        9⤵
        
        PID:1892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39446.exe
        10⤵
        
        PID:4072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40715.exe
        11⤵
        
        PID:5912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55759.exe
        12⤵
        
        PID:7940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41250.exe
        13⤵
        
        PID:10528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6242.exe
        14⤵
        
        PID:12900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10528 -s 236
        14⤵
        
        PID:8664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7940 -s 216
        13⤵
        
        PID:11812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5912 -s 216
        12⤵
        
        PID:8408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4072 -s 216
        11⤵
        
        PID:6540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1892 -s 236
        10⤵
        
        PID:5184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41946.exe
        9⤵
        
        PID:3164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65219.exe
        10⤵
        
        PID:6024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60419.exe
        11⤵
        
        PID:7400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16253.exe
        12⤵
        
        PID:10712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33269.exe
        13⤵
        
        PID:13132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10712 -s 240
        13⤵
        
        PID:9120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7400 -s 216
        12⤵
        
        PID:11892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3164 -s 236
        10⤵
        
        PID:6484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2784 -s 240
        9⤵
        
        PID:5216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4147.exe
        8⤵
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33115.exe
        9⤵
        
        PID:4828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9277.exe
        10⤵
        
        PID:6524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31395.exe
        11⤵
        
        PID:9304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41328.exe
        12⤵
        
        PID:11956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9304 -s 216
        12⤵
        
        PID:12476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6524 -s 236
        11⤵
        
        PID:10136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4828 -s 236
        10⤵
        
        PID:7280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2732 -s 236
        9⤵
        
        PID:5936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2196 -s 240
        8⤵
        Program crash
        
        PID:3360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36388.exe
        7⤵
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9622.exe
        8⤵
        
        PID:1780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25440.exe
        9⤵
        
        PID:3160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41400.exe
        10⤵
        
        PID:5640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5640 -s 376
        11⤵
        
        PID:8680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3160 -s 216
        10⤵
        
        PID:6212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1780 -s 236
        9⤵
        
        PID:4736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60805.exe
        8⤵
        
        PID:3612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18733.exe
        9⤵
        
        PID:5520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44576.exe
        10⤵
        
        PID:7540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6631.exe
        11⤵
        
        PID:10424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65173.exe
        12⤵
        
        PID:12772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10424 -s 216
        12⤵
        
        PID:13088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7540 -s 216
        11⤵
        
        PID:11732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5520 -s 216
        10⤵
        
        PID:9156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3612 -s 236
        9⤵
        
        PID:7040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1640 -s 240
        8⤵
        
        PID:5388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2284 -s 240
        7⤵
        Program crash
        
        PID:772
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2552 -s 236
        6⤵
        Program crash
        
        PID:1764
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2828 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:1788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29258.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29258.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3789.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28569.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9985.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2969.exe
        8⤵
        Executes dropped EXE
        
        PID:3032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34319.exe
        9⤵
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57152.exe
        10⤵
        
        PID:3648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1436.exe
        11⤵
        
        PID:5612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3351.exe
        12⤵
        
        PID:7528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30404.exe
        13⤵
        
        PID:11032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7145.exe
        14⤵
        
        PID:12452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11032 -s 216
        14⤵
        
        PID:7704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7528 -s 236
        13⤵
        
        PID:11376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5612 -s 216
        12⤵
        
        PID:8932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3648 -s 216
        11⤵
        
        PID:6152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2920 -s 236
        10⤵
        
        PID:4636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29118.exe
        9⤵
        
        PID:3752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25064.exe
        10⤵
        
        PID:5572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42246.exe
        11⤵
        
        PID:7488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7845.exe
        12⤵
        
        PID:10992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33980.exe
        13⤵
        
        PID:13284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10992 -s 236
        13⤵
        
        PID:13048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7488 -s 216
        12⤵
        
        PID:11360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5572 -s 216
        11⤵
        
        PID:9196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3752 -s 216
        10⤵
        
        PID:7112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3032 -s 220
        9⤵
        
        PID:5008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37011.exe
        8⤵
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55590.exe
        9⤵
        
        PID:3372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34794.exe
        10⤵
        
        PID:5432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5432 -s 224
        11⤵
        
        PID:7996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3372 -s 216
        10⤵
        
        PID:7012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2620 -s 236
        9⤵
        
        PID:4300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 352 -s 240
        8⤵
        Program crash
        
        PID:3788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13830.exe
        7⤵
        
        PID:2988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44433.exe
        8⤵
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16888.exe
        9⤵
        
        PID:3924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26517.exe
        10⤵
        
        PID:5864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28240.exe
        11⤵
        
        PID:7628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14991.exe
        12⤵
        
        PID:10384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46123.exe
        13⤵
        
        PID:8016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10384 -s 216
        13⤵
        
        PID:8004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7628 -s 216
        12⤵
        
        PID:11700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5864 -s 216
        11⤵
        
        PID:9284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3924 -s 216
        10⤵
        
        PID:6448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2368 -s 236
        9⤵
        
        PID:5144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54391.exe
        8⤵
        
        PID:4000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52440.exe
        9⤵
        
        PID:4888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60289.exe
        10⤵
        
        PID:7404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12422.exe
        11⤵
        
        PID:10536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14545.exe
        12⤵
        
        PID:12988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10536 -s 216
        12⤵
        
        PID:7228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7404 -s 216
        11⤵
        
        PID:10648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4888 -s 216
        10⤵
        
        PID:8804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4000 -s 236
        9⤵
        
        PID:6752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2988 -s 240
        8⤵
        
        PID:4440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2476 -s 240
        7⤵
        Program crash
        
        PID:1852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16762.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52170.exe
        7⤵
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38211.exe
        8⤵
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54303.exe
        9⤵
        
        PID:4872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1301.exe
        10⤵
        
        PID:6392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17306.exe
        11⤵
        
        PID:8960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14638.exe
        12⤵
        
        PID:12092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8960 -s 216
        12⤵
        
        PID:12352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6392 -s 236
        11⤵
        
        PID:9320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4872 -s 216
        10⤵
        
        PID:7284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2212 -s 216
        9⤵
        
        PID:6064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2164 -s 236
        8⤵
        Program crash
        
        PID:4088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40903.exe
        7⤵
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2004.exe
        8⤵
        
        PID:4520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45759.exe
        9⤵
        
        PID:5844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25993.exe
        10⤵
        
        PID:8256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51447.exe
        11⤵
        
        PID:10936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34878.exe
        12⤵
        
        PID:7700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8256 -s 216
        11⤵
        
        PID:12020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5844 -s 216
        10⤵
        
        PID:9504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4520 -s 216
        9⤵
        
        PID:7448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2528 -s 216
        8⤵
        
        PID:6008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1256 -s 240
        7⤵
        Program crash
        
        PID:1416
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2364 -s 240
        6⤵
        Program crash
        
        PID:1960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39429.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36628.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8999.exe
        7⤵
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42295.exe
        8⤵
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49752.exe
        9⤵
        
        PID:3364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33891.exe
        10⤵
        
        PID:5276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24431.exe
        11⤵
        
        PID:8380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21105.exe
        12⤵
        
        PID:11104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56066.exe
        13⤵
        
        PID:12600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8380 -s 216
        12⤵
        
        PID:12172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5276 -s 216
        11⤵
        
        PID:9624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3364 -s 216
        10⤵
        
        PID:7568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2744 -s 216
        9⤵
        
        PID:5956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2688 -s 236
        8⤵
        Program crash
        
        PID:4028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10177.exe
        7⤵
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62087.exe
        8⤵
        
        PID:4656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-725.exe
        9⤵
        
        PID:6276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40850.exe
        10⤵
        
        PID:8976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25765.exe
        11⤵
        
        PID:10688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27478.exe
        12⤵
        
        PID:8056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8976 -s 216
        11⤵
        
        PID:12164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6276 -s 216
        10⤵
        
        PID:9892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4656 -s 216
        9⤵
        
        PID:8164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2720 -s 216
        8⤵
        
        PID:5456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1204 -s 240
        7⤵
        Program crash
        
        PID:3696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19860.exe
        6⤵
        
        PID:1808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42295.exe
        7⤵
        
        PID:2652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19218.exe
        8⤵
        
        PID:1000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43237.exe
        9⤵
        
        PID:5168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39999.exe
        10⤵
        
        PID:7548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13237.exe
        11⤵
        
        PID:10800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44945.exe
        12⤵
        
        PID:13004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10800 -s 216
        12⤵
        
        PID:9656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7548 -s 236
        11⤵
        
        PID:11924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5168 -s 216
        10⤵
        
        PID:9364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1000 -s 236
        9⤵
        
        PID:6272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2652 -s 216
        8⤵
        
        PID:5336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33093.exe
        7⤵
        
        PID:3876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3876 -s 220
        8⤵
        
        PID:5772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1808 -s 220
        7⤵
        
        PID:5940
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3028 -s 240
        6⤵
        Program crash
        
        PID:296
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2796 -s 240
        5⤵
        Program crash
        
        PID:624
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2324 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:2240
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35241.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35241.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53208.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53208.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11381.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18263.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63462.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48278.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39965.exe
        9⤵
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44132.exe
        10⤵
        
        PID:3816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40380.exe
        11⤵
        
        PID:4936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20819.exe
        12⤵
        
        PID:7256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42573.exe
        13⤵
        
        PID:10408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49548.exe
        14⤵
        
        PID:12828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10408 -s 216
        14⤵
        
        PID:7380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7256 -s 216
        13⤵
        
        PID:11172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4936 -s 216
        12⤵
        
        PID:8736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3816 -s 216
        11⤵
        
        PID:6616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2104 -s 216
        10⤵
        
        PID:4116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20182.exe
        9⤵
        
        PID:3852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36104.exe
        10⤵
        
        PID:4988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47461.exe
        11⤵
        
        PID:6208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48795.exe
        12⤵
        
        PID:10376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39434.exe
        13⤵
        
        PID:12788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10376 -s 236
        13⤵
        
        PID:6896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6208 -s 216
        12⤵
        
        PID:11024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4988 -s 216
        11⤵
        
        PID:8672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3852 -s 216
        10⤵
        
        PID:6624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 404 -s 220
        9⤵
        
        PID:4248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42657.exe
        8⤵
        
        PID:1904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35964.exe
        9⤵
        
        PID:3880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33582.exe
        10⤵
        
        PID:4664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32687.exe
        11⤵
        
        PID:7032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64747.exe
        12⤵
        
        PID:10244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27291.exe
        13⤵
        
        PID:12672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10244 -s 216
        13⤵
        
        PID:13216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7032 -s 216
        12⤵
        
        PID:10456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4664 -s 216
        11⤵
        
        PID:8556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3880 -s 236
        10⤵
        
        PID:6440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1904 -s 236
        9⤵
        
        PID:4992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2816 -s 240
        8⤵
        Program crash
        
        PID:3512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59139.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33935.exe
        8⤵
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9513.exe
        9⤵
        
        PID:3632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46026.exe
        10⤵
        
        PID:4628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18489.exe
        11⤵
        
        PID:6804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51919.exe
        12⤵
        
        PID:10220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27291.exe
        13⤵
        
        PID:12684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10220 -s 216
        13⤵
        
        PID:7324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6804 -s 236
        12⤵
        
        PID:10276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4628 -s 216
        11⤵
        
        PID:8536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3632 -s 236
        10⤵
        
        PID:6424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2412 -s 236
        9⤵
        
        PID:4948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20374.exe
        8⤵
        
        PID:3660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52056.exe
        9⤵
        
        PID:4724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1960.exe
        10⤵
        
        PID:6996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51187.exe
        11⤵
        
        PID:10720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51878.exe
        12⤵
        
        PID:13108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10720 -s 216
        12⤵
        
        PID:7884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6996 -s 216
        11⤵
        
        PID:10960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4724 -s 216
        10⤵
        
        PID:8548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3660 -s 236
        9⤵
        
        PID:6460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1784 -s 240
        8⤵
        
        PID:5028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2388 -s 240
        7⤵
        Program crash
        
        PID:1900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8786.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44002.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3592.exe
        8⤵
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63374.exe
        9⤵
        
        PID:3436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20404.exe
        10⤵
        
        PID:5376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58006.exe
        11⤵
        
        PID:7856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64830.exe
        12⤵
        
        PID:10784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45656.exe
        13⤵
        
        PID:13196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10784 -s 236
        13⤵
        
        PID:8644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7856 -s 236
        12⤵
        
        PID:11196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5376 -s 236
        11⤵
        
        PID:8428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3436 -s 216
        10⤵
        
        PID:6988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2572 -s 236
        9⤵
        
        PID:4920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35340.exe
        8⤵
        
        PID:3464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6781.exe
        9⤵
        
        PID:5480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23580.exe
        10⤵
        
        PID:8112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51016.exe
        11⤵
        
        PID:10832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27182.exe
        12⤵
        
        PID:13156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10832 -s 216
        12⤵
        
        PID:8624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8112 -s 236
        11⤵
        
        PID:11276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5480 -s 216
        10⤵
        
        PID:8544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3464 -s 216
        9⤵
        
        PID:7096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1956 -s 220
        8⤵
        
        PID:4648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6285.exe
        7⤵
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6005.exe
        8⤵
        
        PID:3860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6096.exe
        9⤵
        
        PID:5716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48852.exe
        10⤵
        
        PID:8152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4109.exe
        11⤵
        
        PID:11236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37571.exe
        12⤵
        
        PID:7560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11236 -s 236
        12⤵
        
        PID:8388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8152 -s 216
        11⤵
        
        PID:11600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5716 -s 216
        10⤵
        
        PID:8528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3860 -s 216
        9⤵
        
        PID:6264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2964 -s 236
        8⤵
        
        PID:4940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2812 -s 240
        7⤵
        Program crash
        
        PID:3524
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1080 -s 240
        6⤵
        Program crash
        
        PID:672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59850.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24568.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9191.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34319.exe
        8⤵
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34594.exe
        9⤵
        
        PID:3548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34986.exe
        10⤵
        
        PID:5268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49262.exe
        11⤵
        
        PID:7668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-855.exe
        12⤵
        
        PID:10672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55962.exe
        13⤵
        
        PID:13076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10672 -s 216
        13⤵
        
        PID:12628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7668 -s 216
        12⤵
        
        PID:10264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5268 -s 216
        11⤵
        
        PID:8240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3548 -s 236
        10⤵
        
        PID:6924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2912 -s 236
        9⤵
        
        PID:4688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33202.exe
        8⤵
        
        PID:3704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42277.exe
        9⤵
        
        PID:5676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60720.exe
        10⤵
        
        PID:7580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54908.exe
        11⤵
        
        PID:11084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58868.exe
        12⤵
        
        PID:6984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11084 -s 216
        12⤵
        
        PID:13208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7580 -s 216
        11⤵
        
        PID:11460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5676 -s 216
        10⤵
        
        PID:8364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3704 -s 216
        9⤵
        
        PID:6268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 752 -s 240
        8⤵
        
        PID:4100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2848 -s 236
        7⤵
        Program crash
        
        PID:3532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20052.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54931.exe
        7⤵
        
        PID:2436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61044.exe
        8⤵
        
        PID:3980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64692.exe
        9⤵
        
        PID:4652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33647.exe
        10⤵
        
        PID:7372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32843.exe
        11⤵
        
        PID:10496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47410.exe
        12⤵
        
        PID:12892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10496 -s 216
        12⤵
        
        PID:12548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7372 -s 216
        11⤵
        
        PID:9188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4652 -s 216
        10⤵
        
        PID:8796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3980 -s 216
        9⤵
        
        PID:6716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2436 -s 236
        8⤵
        
        PID:4412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6368.exe
        7⤵
        
        PID:4016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60608.exe
        8⤵
        
        PID:4712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49407.exe
        9⤵
        
        PID:7344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12422.exe
        10⤵
        
        PID:10544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26798.exe
        11⤵
        
        PID:12972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10544 -s 216
        11⤵
        
        PID:6964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7344 -s 216
        10⤵
        
        PID:10624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4712 -s 216
        9⤵
        
        PID:8772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4016 -s 216
        8⤵
        
        PID:6728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2232 -s 220
        7⤵
        
        PID:4448
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2468 -s 240
        6⤵
        Program crash
        
        PID:1896
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1712 -s 240
        5⤵
        Program crash
        
        PID:2056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22242.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22242.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40821.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51210.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9985.exe
        7⤵
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5429.exe
        8⤵
        
        PID:3688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52056.exe
        9⤵
        
        PID:4716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45515.exe
        10⤵
        
        PID:6560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24291.exe
        11⤵
        
        PID:10336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32636.exe
        12⤵
        
        PID:12752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10336 -s 236
        12⤵
        
        PID:7604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6560 -s 236
        11⤵
        
        PID:10880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4716 -s 216
        10⤵
        
        PID:8612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3688 -s 216
        9⤵
        
        PID:6468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2612 -s 236
        8⤵
        
        PID:5020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2624 -s 236
        7⤵
        Program crash
        
        PID:3584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34442.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30235.exe
        7⤵
        
        PID:612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22726.exe
        8⤵
        
        PID:3712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59381.exe
        9⤵
        
        PID:5756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7243.exe
        10⤵
        
        PID:7864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63616.exe
        11⤵
        
        PID:11164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-622.exe
        12⤵
        
        PID:3540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11164 -s 216
        12⤵
        
        PID:9140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7864 -s 216
        11⤵
        
        PID:11432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5756 -s 216
        10⤵
        
        PID:8436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3712 -s 216
        9⤵
        
        PID:6304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 612 -s 236
        8⤵
        
        PID:4680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2740 -s 236
        7⤵
        Program crash
        
        PID:3932
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1656 -s 240
        6⤵
        Program crash
        
        PID:548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31344.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58392.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52793.exe
        7⤵
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63758.exe
        8⤵
        
        PID:3308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26517.exe
        9⤵
        
        PID:5888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17742.exe
        10⤵
        
        PID:7336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52962.exe
        11⤵
        
        PID:10924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33980.exe
        12⤵
        
        PID:13276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10924 -s 216
        12⤵
        
        PID:7416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7336 -s 216
        11⤵
        
        PID:11292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5888 -s 216
        10⤵
        
        PID:8992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3308 -s 216
        9⤵
        
        PID:6476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2628 -s 216
        8⤵
        
        PID:5160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45839.exe
        7⤵
        
        PID:3644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29340.exe
        8⤵
        
        PID:5512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1405.exe
        9⤵
        
        PID:7396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7845.exe
        10⤵
        
        PID:10984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46040.exe
        11⤵
        
        PID:6320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10984 -s 216
        11⤵
        
        PID:13100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7396 -s 216
        10⤵
        
        PID:11368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5512 -s 216
        9⤵
        
        PID:9076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3644 -s 216
        8⤵
        
        PID:7104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1592 -s 240
        7⤵
        
        PID:4776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28651.exe
        6⤵
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37308.exe
        7⤵
        
        PID:3220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47129.exe
        8⤵
        
        PID:5804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64612.exe
        9⤵
        
        PID:7988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22776.exe
        10⤵
        
        PID:11124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6652.exe
        11⤵
        
        PID:12540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11124 -s 216
        11⤵
        
        PID:4844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7988 -s 216
        10⤵
        
        PID:11488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5804 -s 216
        9⤵
        
        PID:8924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3220 -s 216
        8⤵
        
        PID:6384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1624 -s 216
        7⤵
        
        PID:5132
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2576 -s 240
        6⤵
        Program crash
        
        PID:3768
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2204 -s 240
        5⤵
        Program crash
        
        PID:1488
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3020 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1316
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2092 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2556
- C:\Users\Admin\AppData\Local\Temp\Unicorn-54702.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-54702.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:848
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51023.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51023.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10229.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10229.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26348.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16125.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55102.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15221.exe
        8⤵
        
        PID:944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45009.exe
        9⤵
        
        PID:3280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6472.exe
        10⤵
        
        PID:4800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23476.exe
        11⤵
        
        PID:6564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37425.exe
        12⤵
        
        PID:9260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53772.exe
        13⤵
        
        PID:11608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9260 -s 236
        13⤵
        
        PID:12456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6564 -s 236
        12⤵
        
        PID:9988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4800 -s 236
        11⤵
        
        PID:7664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 944 -s 216
        9⤵
        Program crash
        
        PID:4024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1632 -s 236
        8⤵
        Program crash
        
        PID:3840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26082.exe
        7⤵
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6114.exe
        8⤵
        
        PID:3332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38953.exe
        9⤵
        
        PID:4288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28498.exe
        10⤵
        
        PID:6360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34628.exe
        11⤵
        
        PID:9088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6989.exe
        12⤵
        
        PID:10780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53025.exe
        13⤵
        
        PID:9452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9088 -s 216
        12⤵
        
        PID:12236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6360 -s 216
        11⤵
        
        PID:9936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4288 -s 216
        10⤵
        
        PID:7272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3332 -s 236
        9⤵
        
        PID:5280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1724 -s 236
        8⤵
        Program crash
        
        PID:3780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 884 -s 240
        7⤵
        Program crash
        
        PID:1792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-426.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1900.exe
        7⤵
        
        PID:1076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30043.exe
        8⤵
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49067.exe
        9⤵
        
        PID:4432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34275.exe
        10⤵
        
        PID:5288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60009.exe
        11⤵
        
        PID:8632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9044.exe
        12⤵
        
        PID:10372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33591.exe
        13⤵
        
        PID:9132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8632 -s 216
        12⤵
        
        PID:11800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5288 -s 216
        11⤵
        
        PID:9820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4432 -s 216
        10⤵
        
        PID:7748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2676 -s 216
        9⤵
        
        PID:5444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1076 -s 216
        8⤵
        
        PID:3216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2009.exe
        7⤵
        
        PID:3192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51205.exe
        8⤵
        
        PID:4256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9194.exe
        9⤵
        
        PID:5596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30461.exe
        10⤵
        
        PID:8416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20913.exe
        11⤵
        
        PID:11140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1411.exe
        12⤵
        
        PID:12876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8416 -s 216
        11⤵
        
        PID:12280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5596 -s 216
        10⤵
        
        PID:9648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4256 -s 216
        9⤵
        
        PID:7584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3192 -s 236
        8⤵
        
        PID:5308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2776 -s 240
        7⤵
        Program crash
        
        PID:3496
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2152 -s 240
        6⤵
        Program crash
        
        PID:1884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26985.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63270.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19306.exe
        7⤵
        
        PID:952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55377.exe
        8⤵
        
        PID:3312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1293.exe
        9⤵
        
        PID:5116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39101.exe
        10⤵
        
        PID:7288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36351.exe
        11⤵
        
        PID:10468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26798.exe
        12⤵
        
        PID:12948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10468 -s 216
        12⤵
        
        PID:6956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7288 -s 216
        11⤵
        
        PID:11188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5116 -s 216
        10⤵
        
        PID:8744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3312 -s 216
        9⤵
        
        PID:6640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 952 -s 216
        8⤵
        
        PID:4128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29227.exe
        7⤵
        
        PID:3268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36815.exe
        8⤵
        
        PID:4492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15801.exe
        9⤵
        
        PID:5488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40658.exe
        10⤵
        
        PID:9176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52106.exe
        11⤵
        
        PID:10860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1686.exe
        12⤵
        
        PID:9460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9176 -s 216
        11⤵
        
        PID:12240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5488 -s 216
        10⤵
        
        PID:9956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4492 -s 216
        9⤵
        
        PID:7828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3268 -s 216
        8⤵
        
        PID:5580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2228 -s 240
        7⤵
        Program crash
        
        PID:2200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47572.exe
        6⤵
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11568.exe
        7⤵
        
        PID:872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51542.exe
        8⤵
        
        PID:4304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33865.exe
        9⤵
        
        PID:7072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23440.exe
        10⤵
        
        PID:10208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14270.exe
        11⤵
        
        PID:12616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10208 -s 216
        11⤵
        
        PID:12940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7072 -s 216
        10⤵
        
        PID:10588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4304 -s 216
        9⤵
        
        PID:8300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 872 -s 236
        8⤵
        
        PID:6188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1648 -s 216
        7⤵
        
        PID:3948
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2040 -s 240
        6⤵
        Program crash
        
        PID:864
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1816 -s 240
        5⤵
        Program crash
        
        PID:2320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54614.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54614.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16125.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55102.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45948.exe
        7⤵
        
        PID:900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60769.exe
        8⤵
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22617.exe
        9⤵
        
        PID:4356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26107.exe
        10⤵
        
        PID:6020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61031.exe
        11⤵
        
        PID:8780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56055.exe
        12⤵
        
        PID:12228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8780 -s 236
        12⤵
        
        PID:12400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6020 -s 216
        11⤵
        
        PID:9420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4356 -s 216
        10⤵
        
        PID:7760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3016 -s 216
        9⤵
        
        PID:5400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 900 -s 236
        8⤵
        Program crash
        
        PID:3244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29227.exe
        7⤵
        
        PID:3260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18341.exe
        8⤵
        
        PID:4384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3548.exe
        9⤵
        
        PID:5816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53102.exe
        10⤵
        
        PID:8944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28095.exe
        11⤵
        
        PID:10580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44281.exe
        12⤵
        
        PID:12776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8944 -s 236
        11⤵
        
        PID:12088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5816 -s 216
        10⤵
        
        PID:9884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4384 -s 216
        9⤵
        
        PID:7780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3260 -s 216
        8⤵
        
        PID:5408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1704 -s 240
        7⤵
        Program crash
        
        PID:3992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8677.exe
        6⤵
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21875.exe
        7⤵
        
        PID:3208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58003.exe
        8⤵
        
        PID:4692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60040.exe
        9⤵
        
        PID:6248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60476.exe
        10⤵
        
        PID:8860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24753.exe
        11⤵
        
        PID:12144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8860 -s 216
        11⤵
        
        PID:12372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6248 -s 216
        10⤵
        
        PID:9312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4692 -s 216
        9⤵
        
        PID:8096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3208 -s 236
        8⤵
        
        PID:5728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2248 -s 236
        7⤵
        Program crash
        
        PID:3484
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2080 -s 240
        6⤵
        Program crash
        
        PID:1536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35236.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58200.exe
        6⤵
        
        PID:1848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34127.exe
        7⤵
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63457.exe
        8⤵
        
        PID:4556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41374.exe
        9⤵
        
        PID:5704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57570.exe
        10⤵
        
        PID:8360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64166.exe
        11⤵
        
        PID:10944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59055.exe
        12⤵
        
        PID:9532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8360 -s 216
        11⤵
        
        PID:11328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5704 -s 216
        10⤵
        
        PID:9992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4556 -s 216
        9⤵
        
        PID:7808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2692 -s 236
        8⤵
        
        PID:5652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1848 -s 236
        7⤵
        Program crash
        
        PID:3108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6093.exe
        6⤵
        
        PID:1448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8802.exe
        7⤵
        
        PID:4616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15416.exe
        8⤵
        
        PID:5812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63709.exe
        9⤵
        
        PID:8512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27711.exe
        10⤵
        
        PID:11260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6564.exe
        11⤵
        
        PID:8640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8512 -s 236
        10⤵
        
        PID:11568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5812 -s 216
        9⤵
        
        PID:9752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4616 -s 216
        8⤵
        
        PID:7620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1448 -s 216
        7⤵
        
        PID:5656
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2872 -s 240
        6⤵
        Program crash
        
        PID:3472
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2256 -s 240
        5⤵
        Program crash
        
        PID:3008
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2700 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:2488
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21090.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21090.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61158.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61158.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50935.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59186.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23390.exe
        7⤵
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25959.exe
        8⤵
        
        PID:3092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64033.exe
        9⤵
        
        PID:4748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47404.exe
        10⤵
        
        PID:5592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10507.exe
        11⤵
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52106.exe
        12⤵
        
        PID:10844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31254.exe
        12⤵
        
        PID:11308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43980.exe
        13⤵
        
        PID:9712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2044 -s 240
        12⤵
        
        PID:5668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5592 -s 220
        11⤵
        
        PID:10008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4748 -s 236
        10⤵
        
        PID:7924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3092 -s 216
        9⤵
        
        PID:5744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2972 -s 236
        8⤵
        Program crash
        
        PID:3448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29227.exe
        7⤵
        
        PID:3252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45284.exe
        8⤵
        
        PID:3520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59874.exe
        9⤵
        
        PID:5544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33694.exe
        10⤵
        
        PID:8176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8037.exe
        11⤵
        
        PID:10864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33980.exe
        12⤵
        
        PID:13292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10864 -s 216
        12⤵
        
        PID:12816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8176 -s 216
        11⤵
        
        PID:11284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5544 -s 216
        10⤵
        
        PID:8660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3520 -s 216
        9⤵
        
        PID:7120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3252 -s 236
        8⤵
        
        PID:4964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2216 -s 240
        7⤵
        Program crash
        
        PID:3968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64977.exe
        6⤵
        
        PID:572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45009.exe
        7⤵
        
        PID:3288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4142.exe
        8⤵
        
        PID:4320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38713.exe
        8⤵
        
        PID:5104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1192.exe
        9⤵
        
        PID:7024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53590.exe
        10⤵
        
        PID:10116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24001.exe
        11⤵
        
        PID:12584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10116 -s 216
        11⤵
        
        PID:7420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7024 -s 216
        10⤵
        
        PID:10460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5104 -s 216
        9⤵
        
        PID:8280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3288 -s 220
        8⤵
        
        PID:5564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 572 -s 236
        7⤵
        
        PID:3412
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 808 -s 220
        6⤵
        Program crash
        
        PID:532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4510.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28543.exe
        6⤵
        
        PID:1056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6114.exe
        7⤵
        
        PID:3340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4142.exe
        8⤵
        
        PID:4328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7056.exe
        9⤵
        
        PID:6092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6340.exe
        10⤵
        
        PID:8480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15458.exe
        11⤵
        
        PID:11216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49351.exe
        12⤵
        
        PID:13072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8480 -s 236
        11⤵
        
        PID:12272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6092 -s 216
        10⤵
        
        PID:9728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4328 -s 216
        9⤵
        
        PID:7648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3340 -s 216
        8⤵
        
        PID:5372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1056 -s 216
        7⤵
        Program crash
        
        PID:3868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51786.exe
        6⤵
        
        PID:3324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12502.exe
        7⤵
        
        PID:3132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45759.exe
        8⤵
        
        PID:5840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11794.exe
        9⤵
        
        PID:8228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35111.exe
        10⤵
        
        PID:10980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40908.exe
        11⤵
        
        PID:8184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8228 -s 216
        10⤵
        
        PID:12036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5840 -s 216
        9⤵
        
        PID:9488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3132 -s 216
        8⤵
        
        PID:7440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3324 -s 216
        7⤵
        
        PID:5988
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2860 -s 240
        6⤵
        Program crash
        
        PID:3396
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2856 -s 240
        5⤵
        Program crash
        
        PID:2960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31069.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31069.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59186.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58200.exe
        6⤵
        
        PID:760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45009.exe
        7⤵
        
        PID:3296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10172.exe
        8⤵
        
        PID:4460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60917.exe
        9⤵
        
        PID:5540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24322.exe
        10⤵
        
        PID:9044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25765.exe
        11⤵
        
        PID:10652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1302.exe
        12⤵
        
        PID:6520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9044 -s 216
        11⤵
        
        PID:12116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5540 -s 216
        10⤵
        
        PID:9904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4460 -s 216
        9⤵
        
        PID:7768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3296 -s 216
        8⤵
        
        PID:5448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 760 -s 236
        7⤵
        
        PID:3504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51786.exe
        6⤵
        
        PID:3316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20095.exe
        7⤵
        
        PID:3916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15416.exe
        8⤵
        
        PID:5952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52443.exe
        9⤵
        
        PID:8352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21105.exe
        10⤵
        
        PID:11092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31562.exe
        11⤵
        
        PID:12604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8352 -s 236
        10⤵
        
        PID:12180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5952 -s 216
        9⤵
        
        PID:9588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3916 -s 216
        8⤵
        
        PID:7632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3316 -s 236
        7⤵
        
        PID:5980
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 632 -s 240
        6⤵
        Program crash
        
        PID:3388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34250.exe
        5⤵
        
        PID:2288
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2288 -s 240
        6⤵
        Program crash
        
        PID:2424
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2380 -s 240
        5⤵
        Program crash
        
        PID:2496
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2020 -s 240
      4⤵
      Program crash
      PID:2428
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 848 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:1708
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1240 -s 240
  2⤵
  - Program crash
  PID:2660

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10229.exe

Filesize
184KB

MD5
f04351fce2192479e13af24843d705ea

SHA1
d6e97135774adba24050431dbf16b2b8fe3f0634

SHA256
33652a30f9d860d78b2440347e9c6346b50f40050eed5ea1c3fa1d5db8a700c7

SHA512
9a93b9a60b04fe581221a5ceaa7a4adff34d154f3914d6d1f653f23580bf915a5cb5f76ee96c9fee8ba3473263fbc23459a070c3fb51ea81b83bd9dbaf641957

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-11794.exe

Filesize
184KB

MD5
ba954a2fb859f58fcb59023f0b3bee9a

SHA1
581b6d9d6cee73c6eecc4a95e902501a7734c113

SHA256
03d2a1d2954d19df0ac9c1e876e88bfc2168ab4918cd1082559002e4acc3545e

SHA512
e9ff53eab131cfbcbd06ef68e72bfc64624cce3ebbe58f0dcabc78d4685132e2faa21513aee0d28f96a1460d496f835aadf31193e88e4977e6cab548916957a1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-1411.exe

Filesize
184KB

MD5
0eb0a9ac56b113ef04467e81c8d87138

SHA1
7f895c88031f5d86ff0d467f87ae8c16b22a8ec4

SHA256
ba8a672842de28e8130349d49463d5b67f5354717bf40dab43351c6ba7f17150

SHA512
4bb80807345e825219acda88ca09ca6ec0ab956da5790b9805d4ba72c8910c05ba539295143341587137735f649a56336424784d07323ea83263b43d4340462c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14545.exe

Filesize
184KB

MD5
9fc0df53561dac8a48d7df05e65068fa

SHA1
1ed9bb93d3cacbaf07b445580dba9df11cbbb214

SHA256
7645ffd37709bdd2eb649ae645ddf4c6b784168db12a9cf58063fab1ae832e8c

SHA512
653bbc27632cea307611ef850c5b019ed6d8abd59ec21b171a32a1be51dff24b44e6d248291b782226306c90d202da1f7a7ef1186dea59d3932a32e511724fa3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18398.exe

Filesize
184KB

MD5
8d58636f40e44f7b30d5dd4cfa974fa6

SHA1
3b771220e6d93647d25e28b52f3dcfebb1a640b7

SHA256
6f45a54cb8238a693e166ff7db6e3d80e1753f33e9291b2e366e68d608fe71e6

SHA512
794be8c2816c0ccea8cdd8f55547b2504f5f1133517151cebf60d6858f652869a0b873e0bcbfb020e3204db1d225783ecbafd437947fc540ce1671e35670f3c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21090.exe

Filesize
184KB

MD5
873445612681c9c7f726d9bc5bfad2ab

SHA1
a9010692bc379221eba0eaba25808c510acfaa28

SHA256
04000e16a0564dd97f645c3fe68af2e1b97637ed79525454c6f58cfd7146b3fc

SHA512
b7cc58e674c49483be93e825b78e59795d540ed37b6bae768c95993dcccf1fcd9c8e8ed212cfae13c613835f960444ef418c77800f78697ed4117f506182abe6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22242.exe

Filesize
184KB

MD5
f73c4b1de88d0f24e1e26512954a98dd

SHA1
9f4c24d0d159a224fa693edd9b3c685c75b5e5bd

SHA256
378691a6665b1c49acb7ba6714ba011321d12ce04c1684b31fd1b064bff50998

SHA512
a77444ed4e7b8310640c0009498dde12f8ad3da35e43fc99c5b2b75b42e5fde86de7fc18dca6d602e3f453d6ea88812478af7d6f444b1e9bdc002d4dc7e9f80c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29258.exe

Filesize
184KB

MD5
6e1f5c3c50139a0350c6bab44701d3bf

SHA1
11eedfa4e2365bd6c77d904784b9296254713748

SHA256
6d01a2340503c386b6d9f819b6eece1c6835c3d667f141c974c49688149e28d9

SHA512
8f3a9bd6949227f8585d31468ad0f8e336cb4a4840df74e68af137bbac2307f3340fa51ef341b6cd60c586d0905fb4822e8c9d456f069ffcfda7c5fdad13afb0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35241.exe

Filesize
184KB

MD5
5060f248001b3fcf1665e3b9f145d2d7

SHA1
5431b5c26a1e90fc6f1256ce42a7d6b992c5c44a

SHA256
c5b5bc18682b8694026f9b683345ae5624388e848b546055da24065111c2f893

SHA512
2efec28210e546bc99c2223335c95ab0d5c5adbdc719a75adff9e591e21fb808969ad99ba72af5d5b40f86e12e460edf6d463627eff0acaf33b7b5aa7ccb1648

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38953.exe

Filesize
184KB

MD5
ed92104775fb4517d80be0ff876402bc

SHA1
7bbd55602379d1bf67f8ce68d3d6573ae9b54688

SHA256
4397906381117d749ce98738ccf02ca3bd04a71b5f9e42761bd61a3cb13ce7ce

SHA512
5a61c4fc099d52ff29b0bcd98191709f199ed4266017e94481f55f50ed6e1ccb794a14ab735455a2cfec55b26ef1a6990db5e985c8382681180b33430a92b2c0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40715.exe

Filesize
184KB

MD5
9bd489bfe66d850b12549af68a84dfe2

SHA1
1b45d7927cbd13008a50d783a6a2b9d2d821c469

SHA256
d00d541d99019e93fc6c26abbc522dbb0f6237f76120cda0bb557dafad20cebf

SHA512
8a73bb97482cbf75a7d34ce84b73c7c7feaf77c9653c9cb17996b32f2580917f3f8e24d1dd98e2ed3df101a1f5a4aeb6cbf9731273f7caf6f6be1d023934e764

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40850.exe

Filesize
184KB

MD5
002898b772fbfe551393ae13750a7431

SHA1
c12ed05ed018b5f1d21742505767f7a739b68537

SHA256
c846c8311e81251035db79fe6660cdd7229a1da8070ae017e9b9b918e623ec43

SHA512
9cdc0b174539fd12c2bcb929799d884165aa81bd03ad30f91fd1bdd712c644520afe6782e5c61d3f5f354ce344f6b7032041ef5d857b8b3484fd17160a21451a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40903.exe

Filesize
184KB

MD5
d819c3fda63720093ec71866bba57798

SHA1
ee16a589c5c9926894c4d56651f16e9be2d34330

SHA256
89f35c746eec355df78af4e189dabf70c657d19c2aa44c68b1d0198c90f2e554

SHA512
0d0a6a1d06b6ed02df76fd9e737db56cc00cceac9492981786909d7749ff023d7d37e6d7fc6764dbab443b359aebb2f84d74afc4a80cc6c7bd09c14a7e338c08

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41250.exe

Filesize
184KB

MD5
244f9e8cb2af4b044c079788076779a9

SHA1
a507ed3e6ccf8efe5ecbb9b88b9e6eee18c4c1ba

SHA256
af0528f11848cbea1d987287824a5e34def2551d758e1da1af4c7aaedca64fc2

SHA512
c9b892c4298575ed4fb2a094c29639a7d72d6b55d0f450292646d8d80cddd2d8d7e6eff1c7ba6b3a0e618f1b8a6772deecc077b0610a8e0e8ece7ac01551d458

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45656.exe

Filesize
184KB

MD5
ebf353209b80d1054cf318e1fedad2b3

SHA1
6fb4395a5ab9bfe8413825e06684c5cb5dadd7c7

SHA256
6bb43ac53abf451636d2f620f0af0f40f30eebf3df33de516950937d061e9f3c

SHA512
6f9c20cd74595aa84899f55c63a2cfd40a84c4ec83a4c9746a97763e79a40f7c8de1ef76f88b51d600b2deba83e724274987a120844a16122dc81bcadbc7ff20

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51023.exe

Filesize
184KB

MD5
5a9f11042b1bccff7fbd065119b9d9a4

SHA1
ba5a4b9a6a83f745cc61863bea0145c46d28dd88

SHA256
dabdf2544fc3df284f96f5720f859a465b80f82f3783d5951344db0f27c8c884

SHA512
f442ab5ce14a0860e2f1c82518927f31040b71550d1425185e16f19dd7e13550bb593dd206e036ac651cfd90aab58f6de45112649bfcf5206004e5ad0c6b215a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5538.exe

Filesize
184KB

MD5
29717f4b4781d199055761b1bf932d2e

SHA1
2559bd61a5e767a03c91782322c4fd696ec3b917

SHA256
e3ecf13fbb0e6a9953fbee4a48f998df25f66988e4f3bcd7ff4f4d3b989b1354

SHA512
92b2d2b5cfdfdfdc6b223a5763092d33aa76ac110ca21c433bae19ef305c9fd8d216eed730457a42b3274f82626781441ca38dc5104ea4934b47eb28fc9df1f7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-11381.exe

Filesize
184KB

MD5
88980f6a0faa9a70b18047a9e212c019

SHA1
d3067c052141fd308afe2498a9d131c6a0555309

SHA256
ddc95a0a4720a24359caffe6f1aa8b1e36e5277afb5008c08a73ac3c483ee3c5

SHA512
c2b7e24f0ec8b3ed63b7e07521c3a22eb487a43f7381366ed33ce9e7e701409681344e5b7fe60daba470dc0772bb117cebaa88a37dc5335a4da27f56472992ae

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-24381.exe

Filesize
184KB

MD5
00ea9868f0f0f0755e507e88864f9b92

SHA1
ac7695ccfa61002aefde236d1635660ad5067b8d

SHA256
f143f95111452eb13dc6dadffd758bc504bdddc252cc125b57017827c74b34cf

SHA512
262990e5cb8a4b3fc2ed68d6b6f82e7a984bdbe168f9a81bbf71c4381273f3b3b8af3bba6255d1a754be9226578eecef997ea8e876aafe00f10cfb349fb857c2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26436.exe

Filesize
184KB

MD5
a72ee2dd3dfd2705a43203ad6c9c217e

SHA1
28b26df0763af3356c1e85e668a4043f46665804

SHA256
221cada93013866660239fb6a650299cd87cccd8b9db9c8f80a39203eef10d01

SHA512
9deeb89c3b9a803d48083822cfb613294d9891a8e60540ba17e5f9691654a6e93fd715d75016a23f76d2ed8558257e0578b3ec68b7c6b570438ec84c008ca46d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3789.exe

Filesize
184KB

MD5
72a512655f34b92e9ad12d9bf5200518

SHA1
3301244e443e18947062cd7eda3d50455acccef4

SHA256
56634d98c535c2195e5f5f7a8a45259a577fe9e920f65d740c227219e47a33ae

SHA512
975858644e0a434f463e90d5ffaee1e922748d9b328a86b57be314b8bb3da09fdc8235e5fa2dcb0c34f31fe81360463bad18d08faefab657a1ff229a840f4912

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-53208.exe

Filesize
184KB

MD5
9bcb5f074242b130bf334625b1afa92a

SHA1
02fd056759c52110068985a8768ced9d06f5e85d

SHA256
9e54250e7590c76249959222cb7c343d51df4c47972f9fa0509c9bbb438b0437

SHA512
d24ad76e00f77dfd049036e863a3a792b9b3c6a9664e3887267aec7fd3ea99e620ad0c124ca57c7c89e34eea27503362adfb6b71dd8e18bd3da0f894c475a624

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-54702.exe

Filesize
184KB

MD5
554afd35da5ddbff197a6b296396f189

SHA1
473896a944c2e91ddf802620404cb50eb0fe75d9

SHA256
271f2fd69ded5b59c3c50f436e253fc377b1aa3cfd766c692a50b97caa25b195

SHA512
6b62c18fcf604ce9aade08b491de40fd67ea113ddbc15ce4b609df4ed9573c0604639c478300774532ee0528e3f074b2f6094e26493d54e8b846e6fecfc88413

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-6809.exe

Filesize
184KB

MD5
568c67337e101fedbfd22fee6c63a650

SHA1
8679eff059b2025e1495c71c12e5d4f62216089d

SHA256
f8bbdb055def9b5f2dff15203e5f6a2baaf1adcb85ee76aba2c1e6f2d150ee00

SHA512
12944f41abf78107c78df20a6410b3df0b57b00a28ed8db192f1d554b7b435a6b131a7c9371f2ff46216e0e440756b0f66632d339f21d6a9691a834bb6cf6d1c

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads