55ad7d422c6078a264ab60d95e97c06a51ce6c8ca611be0a105f1f0073c7b99a

Analysis

max time kernel
150s
max time network
123s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 21:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

55ad7d422c6078a264ab60d95e97c06a51ce6c8ca611be0a105f1f0073c7b99a.exe
Size

184KB
MD5

1567f171ecff42e72c9bd776e44fb73a
SHA1

88f05f7ccd1603c9ae27a35d27d3e1cf3171d87b
SHA256

55ad7d422c6078a264ab60d95e97c06a51ce6c8ca611be0a105f1f0073c7b99a
SHA512

598bc4edf5c9b9dde23a533ad26f25a6c55e4e16d7274f42925b26d56c6ecc44fe69f36cb8753c34ee663ed4ef9424ec49d2357432cca3bf0415d62c02397085
SSDEEP

3072:1ZInZ8ofGRSudjUW2iwLbtGjhlnViFIn3:1ZNo9qjUdLpGjhlnViFI

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-57127.exeUnicorn-36790.exeUnicorn-51735.exeUnicorn-21414.exeUnicorn-25498.exeUnicorn-5632.exeUnicorn-64439.exeUnicorn-33713.exeUnicorn-48658.exeUnicorn-2986.exeUnicorn-17931.exeUnicorn-45171.exeUnicorn-308.exeUnicorn-57677.exeUnicorn-12005.exeUnicorn-42732.exeUnicorn-46816.exeUnicorn-16090.exeUnicorn-62830.exeUnicorn-17242.exeUnicorn-19934.exeUnicorn-23272.exeUnicorn-15103.exeUnicorn-2851.exeUnicorn-52607.exeUnicorn-6935.exeUnicorn-41746.exeUnicorn-40354.exeUnicorn-29494.exeUnicorn-40354.exeUnicorn-44439.exeUnicorn-54273.exeUnicorn-3681.exeUnicorn-46105.exeUnicorn-60303.exeUnicorn-9711.exeUnicorn-21409.exeUnicorn-5627.exeUnicorn-43967.exeUnicorn-58912.exeUnicorn-28185.exeUnicorn-45913.exeUnicorn-15186.exeUnicorn-15186.exeUnicorn-49997.exeUnicorn-17687.exeUnicorn-17687.exeUnicorn-41637.exeUnicorn-60111.exeUnicorn-29385.exeUnicorn-9519.exeUnicorn-51341.exeUnicorn-49758.exeUnicorn-38897.exeUnicorn-61455.exeUnicorn-10863.exeUnicorn-22561.exeUnicorn-6779.exeUnicorn-18477.exeUnicorn-19354.exeUnicorn-55233.exeUnicorn-39451.exeUnicorn-9794.exeUnicorn-29660.exe

pid	process
1708	Unicorn-57127.exe
2848	Unicorn-36790.exe
2680	Unicorn-51735.exe
2836	Unicorn-21414.exe
2576	Unicorn-25498.exe
2740	Unicorn-5632.exe
1792	Unicorn-64439.exe
2624	Unicorn-33713.exe
2636	Unicorn-48658.exe
2980	Unicorn-2986.exe
1048	Unicorn-17931.exe
1652	Unicorn-45171.exe
2100	Unicorn-308.exe
2092	Unicorn-57677.exe
2312	Unicorn-12005.exe
2180	Unicorn-42732.exe
1976	Unicorn-46816.exe
484	Unicorn-16090.exe
1268	Unicorn-62830.exe
356	Unicorn-17242.exe
2956	Unicorn-19934.exe
1872	Unicorn-23272.exe
1100	Unicorn-15103.exe
1656	Unicorn-2851.exe
936	Unicorn-52607.exe
1904	Unicorn-6935.exe
852	Unicorn-41746.exe
1932	Unicorn-40354.exe
3036	Unicorn-29494.exe
2320	Unicorn-40354.exe
1876	Unicorn-44439.exe
2732	Unicorn-54273.exe
2676	Unicorn-3681.exe
2572	Unicorn-46105.exe
2584	Unicorn-60303.exe
2592	Unicorn-9711.exe
2568	Unicorn-21409.exe
3008	Unicorn-5627.exe
2804	Unicorn-43967.exe
304	Unicorn-58912.exe
2024	Unicorn-28185.exe
1332	Unicorn-45913.exe
2016	Unicorn-15186.exe
2012	Unicorn-15186.exe
1812	Unicorn-49997.exe
1444	Unicorn-17687.exe
804	Unicorn-17687.exe
2604	Unicorn-41637.exe
1696	Unicorn-60111.exe
2076	Unicorn-29385.exe
1336	Unicorn-9519.exe
1168	Unicorn-51341.exe
2192	Unicorn-49758.exe
872	Unicorn-38897.exe
3060	Unicorn-61455.exe
2040	Unicorn-10863.exe
848	Unicorn-22561.exe
2472	Unicorn-6779.exe
1784	Unicorn-18477.exe
2764	Unicorn-19354.exe
2272	Unicorn-55233.exe
2708	Unicorn-39451.exe
380	Unicorn-9794.exe
2552	Unicorn-29660.exe

Loads dropped DLL 64 IoCs

Processes:

55ad7d422c6078a264ab60d95e97c06a51ce6c8ca611be0a105f1f0073c7b99a.exeUnicorn-57127.exeUnicorn-51735.exeUnicorn-36790.exeWerFault.exeUnicorn-5632.exeUnicorn-21414.exeUnicorn-25498.exeWerFault.exeWerFault.exeUnicorn-64439.exeUnicorn-48658.exeUnicorn-33713.exeUnicorn-17931.exeUnicorn-2986.exeWerFault.exeWerFault.exeWerFault.exe

pid	process
1340	55ad7d422c6078a264ab60d95e97c06a51ce6c8ca611be0a105f1f0073c7b99a.exe
1340	55ad7d422c6078a264ab60d95e97c06a51ce6c8ca611be0a105f1f0073c7b99a.exe
1708	Unicorn-57127.exe
1708	Unicorn-57127.exe
1340	55ad7d422c6078a264ab60d95e97c06a51ce6c8ca611be0a105f1f0073c7b99a.exe
1340	55ad7d422c6078a264ab60d95e97c06a51ce6c8ca611be0a105f1f0073c7b99a.exe
2680	Unicorn-51735.exe
2680	Unicorn-51735.exe
1708	Unicorn-57127.exe
2848	Unicorn-36790.exe
1708	Unicorn-57127.exe
2848	Unicorn-36790.exe
3012	WerFault.exe
3012	WerFault.exe
3012	WerFault.exe
3012	WerFault.exe
3012	WerFault.exe
2740	Unicorn-5632.exe
2836	Unicorn-21414.exe
2740	Unicorn-5632.exe
2836	Unicorn-21414.exe
2680	Unicorn-51735.exe
2680	Unicorn-51735.exe
2576	Unicorn-25498.exe
2576	Unicorn-25498.exe
2848	Unicorn-36790.exe
2848	Unicorn-36790.exe
1808	WerFault.exe
1808	WerFault.exe
1808	WerFault.exe
1808	WerFault.exe
2596	WerFault.exe
2596	WerFault.exe
2596	WerFault.exe
2596	WerFault.exe
1808	WerFault.exe
2596	WerFault.exe
1792	Unicorn-64439.exe
1792	Unicorn-64439.exe
2740	Unicorn-5632.exe
2740	Unicorn-5632.exe
2636	Unicorn-48658.exe
2636	Unicorn-48658.exe
2836	Unicorn-21414.exe
2836	Unicorn-21414.exe
2624	Unicorn-33713.exe
1048	Unicorn-17931.exe
2624	Unicorn-33713.exe
1048	Unicorn-17931.exe
2980	Unicorn-2986.exe
2980	Unicorn-2986.exe
2576	Unicorn-25498.exe
2576	Unicorn-25498.exe
1920	WerFault.exe
556	WerFault.exe
556	WerFault.exe
1920	WerFault.exe
556	WerFault.exe
1920	WerFault.exe
556	WerFault.exe
1920	WerFault.exe
1920	WerFault.exe
556	WerFault.exe
408	WerFault.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2688	1340	WerFault.exe	55ad7d422c6078a264ab60d95e97c06a51ce6c8ca611be0a105f1f0073c7b99a.exe
3012	1708	WerFault.exe	Unicorn-57127.exe
1808	2680	WerFault.exe	Unicorn-51735.exe
2596	2848	WerFault.exe	Unicorn-36790.exe
1920	2740	WerFault.exe	Unicorn-5632.exe
556	2836	WerFault.exe	Unicorn-21414.exe
408	2576	WerFault.exe	Unicorn-25498.exe
1740	1792	WerFault.exe	Unicorn-64439.exe
3064	2624	WerFault.exe	Unicorn-33713.exe
2096	2636	WerFault.exe	Unicorn-48658.exe
1892	1048	WerFault.exe	Unicorn-17931.exe
2996	2980	WerFault.exe	Unicorn-2986.exe
332	1652	WerFault.exe	Unicorn-45171.exe
1512	2100	WerFault.exe	Unicorn-308.exe
1560	2092	WerFault.exe	Unicorn-57677.exe
1632	484	WerFault.exe	Unicorn-16090.exe
1856	2180	WerFault.exe	Unicorn-42732.exe
948	1976	WerFault.exe	Unicorn-46816.exe
1644	2312	WerFault.exe	Unicorn-12005.exe
2124	1268	WerFault.exe	Unicorn-62830.exe
1356	356	WerFault.exe	Unicorn-17242.exe
1556	2956	WerFault.exe	Unicorn-19934.exe
908	1872	WerFault.exe	Unicorn-23272.exe
2232	1100	WerFault.exe	Unicorn-15103.exe
876	1656	WerFault.exe	Unicorn-2851.exe
2748	936	WerFault.exe	Unicorn-52607.exe
2872	1932	WerFault.exe	Unicorn-40354.exe
2920	852	WerFault.exe	Unicorn-41746.exe
2788	1904	WerFault.exe	Unicorn-6935.exe
2364	2320	WerFault.exe	Unicorn-40354.exe
1988	3036	WerFault.exe	Unicorn-29494.exe
2796	1876	WerFault.exe	Unicorn-44439.exe
3240	2732	WerFault.exe	Unicorn-54273.exe
3248	2676	WerFault.exe	Unicorn-3681.exe
3288	2592	WerFault.exe	Unicorn-9711.exe
3304	2804	WerFault.exe	Unicorn-43967.exe
3328	3008	WerFault.exe	Unicorn-5627.exe
3352	2024	WerFault.exe	Unicorn-28185.exe
3420	1332	WerFault.exe	Unicorn-45913.exe
3428	1696	WerFault.exe	Unicorn-60111.exe
3436	804	WerFault.exe	Unicorn-17687.exe
3540	2604	WerFault.exe	Unicorn-41637.exe
3552	1444	WerFault.exe	Unicorn-17687.exe
4052	2012	WerFault.exe	Unicorn-15186.exe
3120	1336	WerFault.exe	Unicorn-9519.exe
3140	2572	WerFault.exe	Unicorn-46105.exe
3520	1000	WerFault.exe	Unicorn-41335.exe
3532	2076	WerFault.exe	Unicorn-29385.exe
3592	2584	WerFault.exe	Unicorn-60303.exe
3976	2016	WerFault.exe	Unicorn-15186.exe
4012	872	WerFault.exe	Unicorn-38897.exe
4016	1168	WerFault.exe	Unicorn-51341.exe
3212	304	WerFault.exe	Unicorn-58912.exe
3388	2568	WerFault.exe	Unicorn-21409.exe
3880	1812	WerFault.exe	Unicorn-49997.exe
3160	2272	WerFault.exe	Unicorn-55233.exe
3236	1448	WerFault.exe	Unicorn-2010.exe
3468	3020	WerFault.exe	Unicorn-11761.exe
3504	2336	WerFault.exe	Unicorn-49265.exe
3812	3060	WerFault.exe	Unicorn-61455.exe
3876	2952	WerFault.exe	Unicorn-28652.exe
3832	2188	WerFault.exe	Unicorn-16339.exe
3908	284	WerFault.exe	Unicorn-42488.exe
3132	620	WerFault.exe	Unicorn-42488.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

55ad7d422c6078a264ab60d95e97c06a51ce6c8ca611be0a105f1f0073c7b99a.exeUnicorn-57127.exeUnicorn-51735.exeUnicorn-36790.exeUnicorn-21414.exeUnicorn-5632.exeUnicorn-25498.exeUnicorn-64439.exeUnicorn-48658.exeUnicorn-2986.exeUnicorn-33713.exeUnicorn-17931.exeUnicorn-45171.exeUnicorn-308.exeUnicorn-12005.exeUnicorn-57677.exeUnicorn-46816.exeUnicorn-16090.exeUnicorn-42732.exeUnicorn-62830.exeUnicorn-17242.exeUnicorn-19934.exeUnicorn-23272.exeUnicorn-15103.exeUnicorn-2851.exeUnicorn-52607.exeUnicorn-41746.exeUnicorn-6935.exeUnicorn-40354.exeUnicorn-29494.exeUnicorn-40354.exeUnicorn-44439.exeUnicorn-54273.exeUnicorn-3681.exeUnicorn-46105.exeUnicorn-60303.exeUnicorn-9711.exeUnicorn-21409.exeUnicorn-5627.exeUnicorn-58912.exeUnicorn-43967.exeUnicorn-28185.exeUnicorn-45913.exeUnicorn-15186.exeUnicorn-49997.exeUnicorn-15186.exeUnicorn-17687.exeUnicorn-17687.exeUnicorn-29385.exeUnicorn-60111.exeUnicorn-41637.exeUnicorn-9519.exeUnicorn-51341.exeUnicorn-49758.exeUnicorn-38897.exeUnicorn-10863.exeUnicorn-61455.exeUnicorn-22561.exeUnicorn-6779.exeUnicorn-18477.exeUnicorn-19354.exeUnicorn-55233.exeUnicorn-39451.exeUnicorn-9794.exe

pid	process
1340	55ad7d422c6078a264ab60d95e97c06a51ce6c8ca611be0a105f1f0073c7b99a.exe
1708	Unicorn-57127.exe
2680	Unicorn-51735.exe
2848	Unicorn-36790.exe
2836	Unicorn-21414.exe
2740	Unicorn-5632.exe
2576	Unicorn-25498.exe
1792	Unicorn-64439.exe
2636	Unicorn-48658.exe
2980	Unicorn-2986.exe
2624	Unicorn-33713.exe
1048	Unicorn-17931.exe
1652	Unicorn-45171.exe
2100	Unicorn-308.exe
2312	Unicorn-12005.exe
2092	Unicorn-57677.exe
1976	Unicorn-46816.exe
484	Unicorn-16090.exe
2180	Unicorn-42732.exe
1268	Unicorn-62830.exe
356	Unicorn-17242.exe
2956	Unicorn-19934.exe
1872	Unicorn-23272.exe
1100	Unicorn-15103.exe
1656	Unicorn-2851.exe
936	Unicorn-52607.exe
852	Unicorn-41746.exe
1904	Unicorn-6935.exe
1932	Unicorn-40354.exe
3036	Unicorn-29494.exe
2320	Unicorn-40354.exe
1876	Unicorn-44439.exe
2732	Unicorn-54273.exe
2676	Unicorn-3681.exe
2572	Unicorn-46105.exe
2584	Unicorn-60303.exe
2592	Unicorn-9711.exe
2568	Unicorn-21409.exe
3008	Unicorn-5627.exe
304	Unicorn-58912.exe
2804	Unicorn-43967.exe
2024	Unicorn-28185.exe
1332	Unicorn-45913.exe
2016	Unicorn-15186.exe
1812	Unicorn-49997.exe
2012	Unicorn-15186.exe
804	Unicorn-17687.exe
1444	Unicorn-17687.exe
2076	Unicorn-29385.exe
1696	Unicorn-60111.exe
2604	Unicorn-41637.exe
1336	Unicorn-9519.exe
1168	Unicorn-51341.exe
2192	Unicorn-49758.exe
872	Unicorn-38897.exe
2040	Unicorn-10863.exe
3060	Unicorn-61455.exe
848	Unicorn-22561.exe
2472	Unicorn-6779.exe
1784	Unicorn-18477.exe
2764	Unicorn-19354.exe
2272	Unicorn-55233.exe
2708	Unicorn-39451.exe
380	Unicorn-9794.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

55ad7d422c6078a264ab60d95e97c06a51ce6c8ca611be0a105f1f0073c7b99a.exeUnicorn-57127.exeUnicorn-51735.exeUnicorn-36790.exeUnicorn-5632.exeUnicorn-21414.exeUnicorn-25498.exeUnicorn-64439.exe

description	pid	process	target process
PID 1340 wrote to memory of 1708	1340	55ad7d422c6078a264ab60d95e97c06a51ce6c8ca611be0a105f1f0073c7b99a.exe	Unicorn-57127.exe
PID 1340 wrote to memory of 1708	1340	55ad7d422c6078a264ab60d95e97c06a51ce6c8ca611be0a105f1f0073c7b99a.exe	Unicorn-57127.exe
PID 1340 wrote to memory of 1708	1340	55ad7d422c6078a264ab60d95e97c06a51ce6c8ca611be0a105f1f0073c7b99a.exe	Unicorn-57127.exe
PID 1340 wrote to memory of 1708	1340	55ad7d422c6078a264ab60d95e97c06a51ce6c8ca611be0a105f1f0073c7b99a.exe	Unicorn-57127.exe
PID 1708 wrote to memory of 2848	1708	Unicorn-57127.exe	Unicorn-36790.exe
PID 1708 wrote to memory of 2848	1708	Unicorn-57127.exe	Unicorn-36790.exe
PID 1708 wrote to memory of 2848	1708	Unicorn-57127.exe	Unicorn-36790.exe
PID 1708 wrote to memory of 2848	1708	Unicorn-57127.exe	Unicorn-36790.exe
PID 1340 wrote to memory of 2680	1340	55ad7d422c6078a264ab60d95e97c06a51ce6c8ca611be0a105f1f0073c7b99a.exe	Unicorn-51735.exe
PID 1340 wrote to memory of 2680	1340	55ad7d422c6078a264ab60d95e97c06a51ce6c8ca611be0a105f1f0073c7b99a.exe	Unicorn-51735.exe
PID 1340 wrote to memory of 2680	1340	55ad7d422c6078a264ab60d95e97c06a51ce6c8ca611be0a105f1f0073c7b99a.exe	Unicorn-51735.exe
PID 1340 wrote to memory of 2680	1340	55ad7d422c6078a264ab60d95e97c06a51ce6c8ca611be0a105f1f0073c7b99a.exe	Unicorn-51735.exe
PID 1340 wrote to memory of 2688	1340	55ad7d422c6078a264ab60d95e97c06a51ce6c8ca611be0a105f1f0073c7b99a.exe	WerFault.exe
PID 1340 wrote to memory of 2688	1340	55ad7d422c6078a264ab60d95e97c06a51ce6c8ca611be0a105f1f0073c7b99a.exe	WerFault.exe
PID 1340 wrote to memory of 2688	1340	55ad7d422c6078a264ab60d95e97c06a51ce6c8ca611be0a105f1f0073c7b99a.exe	WerFault.exe
PID 1340 wrote to memory of 2688	1340	55ad7d422c6078a264ab60d95e97c06a51ce6c8ca611be0a105f1f0073c7b99a.exe	WerFault.exe
PID 2680 wrote to memory of 2836	2680	Unicorn-51735.exe	Unicorn-21414.exe
PID 2680 wrote to memory of 2836	2680	Unicorn-51735.exe	Unicorn-21414.exe
PID 2680 wrote to memory of 2836	2680	Unicorn-51735.exe	Unicorn-21414.exe
PID 2680 wrote to memory of 2836	2680	Unicorn-51735.exe	Unicorn-21414.exe
PID 1708 wrote to memory of 2740	1708	Unicorn-57127.exe	Unicorn-5632.exe
PID 1708 wrote to memory of 2740	1708	Unicorn-57127.exe	Unicorn-5632.exe
PID 1708 wrote to memory of 2740	1708	Unicorn-57127.exe	Unicorn-5632.exe
PID 1708 wrote to memory of 2740	1708	Unicorn-57127.exe	Unicorn-5632.exe
PID 2848 wrote to memory of 2576	2848	Unicorn-36790.exe	Unicorn-25498.exe
PID 2848 wrote to memory of 2576	2848	Unicorn-36790.exe	Unicorn-25498.exe
PID 2848 wrote to memory of 2576	2848	Unicorn-36790.exe	Unicorn-25498.exe
PID 2848 wrote to memory of 2576	2848	Unicorn-36790.exe	Unicorn-25498.exe
PID 1708 wrote to memory of 3012	1708	Unicorn-57127.exe	WerFault.exe
PID 1708 wrote to memory of 3012	1708	Unicorn-57127.exe	WerFault.exe
PID 1708 wrote to memory of 3012	1708	Unicorn-57127.exe	WerFault.exe
PID 1708 wrote to memory of 3012	1708	Unicorn-57127.exe	WerFault.exe
PID 2740 wrote to memory of 1792	2740	Unicorn-5632.exe	Unicorn-64439.exe
PID 2740 wrote to memory of 1792	2740	Unicorn-5632.exe	Unicorn-64439.exe
PID 2740 wrote to memory of 1792	2740	Unicorn-5632.exe	Unicorn-64439.exe
PID 2740 wrote to memory of 1792	2740	Unicorn-5632.exe	Unicorn-64439.exe
PID 2836 wrote to memory of 2624	2836	Unicorn-21414.exe	Unicorn-33713.exe
PID 2836 wrote to memory of 2624	2836	Unicorn-21414.exe	Unicorn-33713.exe
PID 2836 wrote to memory of 2624	2836	Unicorn-21414.exe	Unicorn-33713.exe
PID 2836 wrote to memory of 2624	2836	Unicorn-21414.exe	Unicorn-33713.exe
PID 2680 wrote to memory of 2636	2680	Unicorn-51735.exe	Unicorn-48658.exe
PID 2680 wrote to memory of 2636	2680	Unicorn-51735.exe	Unicorn-48658.exe
PID 2680 wrote to memory of 2636	2680	Unicorn-51735.exe	Unicorn-48658.exe
PID 2680 wrote to memory of 2636	2680	Unicorn-51735.exe	Unicorn-48658.exe
PID 2576 wrote to memory of 2980	2576	Unicorn-25498.exe	Unicorn-2986.exe
PID 2576 wrote to memory of 2980	2576	Unicorn-25498.exe	Unicorn-2986.exe
PID 2576 wrote to memory of 2980	2576	Unicorn-25498.exe	Unicorn-2986.exe
PID 2576 wrote to memory of 2980	2576	Unicorn-25498.exe	Unicorn-2986.exe
PID 2848 wrote to memory of 1048	2848	Unicorn-36790.exe	Unicorn-17931.exe
PID 2848 wrote to memory of 1048	2848	Unicorn-36790.exe	Unicorn-17931.exe
PID 2848 wrote to memory of 1048	2848	Unicorn-36790.exe	Unicorn-17931.exe
PID 2848 wrote to memory of 1048	2848	Unicorn-36790.exe	Unicorn-17931.exe
PID 2680 wrote to memory of 1808	2680	Unicorn-51735.exe	WerFault.exe
PID 2680 wrote to memory of 1808	2680	Unicorn-51735.exe	WerFault.exe
PID 2680 wrote to memory of 1808	2680	Unicorn-51735.exe	WerFault.exe
PID 2680 wrote to memory of 1808	2680	Unicorn-51735.exe	WerFault.exe
PID 2848 wrote to memory of 2596	2848	Unicorn-36790.exe	WerFault.exe
PID 2848 wrote to memory of 2596	2848	Unicorn-36790.exe	WerFault.exe
PID 2848 wrote to memory of 2596	2848	Unicorn-36790.exe	WerFault.exe
PID 2848 wrote to memory of 2596	2848	Unicorn-36790.exe	WerFault.exe
PID 1792 wrote to memory of 1652	1792	Unicorn-64439.exe	Unicorn-45171.exe
PID 1792 wrote to memory of 1652	1792	Unicorn-64439.exe	Unicorn-45171.exe
PID 1792 wrote to memory of 1652	1792	Unicorn-64439.exe	Unicorn-45171.exe
PID 1792 wrote to memory of 1652	1792	Unicorn-64439.exe	Unicorn-45171.exe

C:\Users\Admin\AppData\Local\Temp\55ad7d422c6078a264ab60d95e97c06a51ce6c8ca611be0a105f1f0073c7b99a.exe
"C:\Users\Admin\AppData\Local\Temp\55ad7d422c6078a264ab60d95e97c06a51ce6c8ca611be0a105f1f0073c7b99a.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1340
- C:\Users\Admin\AppData\Local\Temp\Unicorn-57127.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-57127.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1708
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36790.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36790.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25498.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25498.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2986.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16090.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2851.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43967.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10910.exe
        9⤵
        
        PID:2300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6354.exe
        10⤵
        
        PID:3364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12166.exe
        11⤵
        
        PID:4036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20836.exe
        12⤵
        
        PID:5168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4551.exe
        13⤵
        
        PID:8116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34666.exe
        14⤵
        
        PID:10664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8116 -s 216
        14⤵
        
        PID:11724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5168 -s 216
        13⤵
        
        PID:8608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4036 -s 236
        12⤵
        
        PID:7112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3364 -s 216
        11⤵
        
        PID:4208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49670.exe
        10⤵
        
        PID:3096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21412.exe
        11⤵
        
        PID:5272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27494.exe
        12⤵
        
        PID:7972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10737.exe
        13⤵
        
        PID:10760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63680.exe
        14⤵
        
        PID:7616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7972 -s 216
        13⤵
        
        PID:11740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5272 -s 216
        12⤵
        
        PID:8516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3096 -s 216
        11⤵
        
        PID:7136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2300 -s 240
        10⤵
        
        PID:4376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2804 -s 216
        9⤵
        Program crash
        
        PID:3304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39451.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22992.exe
        9⤵
        
        PID:536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33189.exe
        10⤵
        
        PID:3764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55119.exe
        11⤵
        
        PID:4492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9875.exe
        12⤵
        
        PID:7180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36508.exe
        13⤵
        
        PID:9932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63187.exe
        14⤵
        
        PID:7304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7180 -s 216
        13⤵
        
        PID:10340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4492 -s 216
        12⤵
        
        PID:8556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3764 -s 216
        11⤵
        
        PID:6440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 536 -s 236
        10⤵
        
        PID:4976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1071.exe
        9⤵
        
        PID:3792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49281.exe
        10⤵
        
        PID:4368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11437.exe
        11⤵
        
        PID:7020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36425.exe
        12⤵
        
        PID:10124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2419.exe
        13⤵
        
        PID:13292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7020 -s 216
        12⤵
        
        PID:11124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4368 -s 216
        11⤵
        
        PID:8244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3792 -s 216
        10⤵
        
        PID:6336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2708 -s 240
        9⤵
        
        PID:4940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1656 -s 240
        8⤵
        Program crash
        
        PID:876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28185.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16339.exe
        8⤵
        
        PID:2188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41850.exe
        9⤵
        
        PID:3068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12166.exe
        10⤵
        
        PID:4048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58168.exe
        11⤵
        
        PID:5400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21080.exe
        12⤵
        
        PID:8076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20743.exe
        13⤵
        
        PID:11188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56690.exe
        14⤵
        
        PID:13112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8076 -s 216
        13⤵
        
        PID:11956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5400 -s 216
        12⤵
        
        PID:9352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4048 -s 216
        11⤵
        
        PID:6156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3068 -s 236
        10⤵
        
        PID:4548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2188 -s 216
        9⤵
        Program crash
        
        PID:3832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2024 -s 236
        8⤵
        Program crash
        
        PID:3352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 484 -s 240
        7⤵
        Program crash
        
        PID:1632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52607.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45913.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42488.exe
        8⤵
        
        PID:620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25514.exe
        9⤵
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33848.exe
        10⤵
        
        PID:3704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63404.exe
        11⤵
        
        PID:5672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23877.exe
        12⤵
        
        PID:8696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18517.exe
        13⤵
        
        PID:11988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8696 -s 216
        13⤵
        
        PID:6808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5672 -s 216
        12⤵
        
        PID:9836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3704 -s 216
        11⤵
        
        PID:7436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3016 -s 236
        10⤵
        
        PID:5676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 620 -s 236
        9⤵
        Program crash
        
        PID:3132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41335.exe
        8⤵
        
        PID:1000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1000 -s 240
        9⤵
        Program crash
        
        PID:3520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1332 -s 220
        8⤵
        Program crash
        
        PID:3420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49265.exe
        7⤵
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11123.exe
        8⤵
        
        PID:396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62628.exe
        9⤵
        
        PID:1688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36762.exe
        10⤵
        
        PID:5308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44105.exe
        11⤵
        
        PID:8940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19176.exe
        12⤵
        
        PID:4808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8940 -s 216
        12⤵
        
        PID:6700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5308 -s 216
        11⤵
        
        PID:10000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1688 -s 216
        10⤵
        
        PID:7444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 396 -s 236
        9⤵
        
        PID:5572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2336 -s 236
        8⤵
        Program crash
        
        PID:3504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 936 -s 240
        7⤵
        Program crash
        
        PID:2748
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2980 -s 240
        6⤵
        Program crash
        
        PID:2996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62830.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58912.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19354.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27652.exe
        8⤵
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37548.exe
        9⤵
        
        PID:3628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8967.exe
        10⤵
        
        PID:5356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6689.exe
        11⤵
        
        PID:8000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21729.exe
        12⤵
        
        PID:10896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8000 -s 216
        12⤵
        
        PID:11816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5356 -s 216
        11⤵
        
        PID:9328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3628 -s 236
        10⤵
        
        PID:5288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2784 -s 236
        9⤵
        
        PID:4516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48409.exe
        8⤵
        
        PID:3760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21220.exe
        9⤵
        
        PID:5492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54136.exe
        10⤵
        
        PID:8068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3638.exe
        11⤵
        
        PID:11044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8068 -s 216
        11⤵
        
        PID:11908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5492 -s 216
        10⤵
        
        PID:8848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3760 -s 236
        9⤵
        
        PID:6220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2764 -s 240
        8⤵
        
        PID:4700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65155.exe
        7⤵
        
        PID:1820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28010.exe
        8⤵
        
        PID:4680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44930.exe
        9⤵
        
        PID:5716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3264.exe
        10⤵
        
        PID:8904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27920.exe
        11⤵
        
        PID:12080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8904 -s 216
        11⤵
        
        PID:12332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5716 -s 216
        10⤵
        
        PID:9956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4680 -s 216
        9⤵
        
        PID:7416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1820 -s 216
        8⤵
        
        PID:5944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 304 -s 240
        7⤵
        Program crash
        
        PID:3212
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1268 -s 236
        6⤵
        Program crash
        
        PID:2124
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2576 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17931.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17931.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46816.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41746.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15186.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11761.exe
        8⤵
        
        PID:3020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23568.exe
        9⤵
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9343.exe
        10⤵
        
        PID:3952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1567.exe
        11⤵
        
        PID:5416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14748.exe
        12⤵
        
        PID:8280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40644.exe
        13⤵
        
        PID:11440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8280 -s 220
        13⤵
        
        PID:5616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5416 -s 216
        12⤵
        
        PID:9608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3952 -s 216
        11⤵
        
        PID:5392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1600 -s 236
        10⤵
        
        PID:5424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3020 -s 216
        9⤵
        Program crash
        
        PID:3468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30152.exe
        8⤵
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62628.exe
        9⤵
        
        PID:3084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20618.exe
        10⤵
        
        PID:5188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19217.exe
        11⤵
        
        PID:8584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16550.exe
        12⤵
        
        PID:10680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8584 -s 216
        12⤵
        
        PID:11840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5188 -s 216
        11⤵
        
        PID:9752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3084 -s 216
        10⤵
        
        PID:7292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2892 -s 216
        9⤵
        
        PID:5564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2012 -s 220
        8⤵
        Program crash
        
        PID:4052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 852 -s 236
        7⤵
        Program crash
        
        PID:2920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17687.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11761.exe
        7⤵
        
        PID:348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59063.exe
        8⤵
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64766.exe
        9⤵
        
        PID:3256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11681.exe
        10⤵
        
        PID:5688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23493.exe
        11⤵
        
        PID:8476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27048.exe
        12⤵
        
        PID:10756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8476 -s 216
        12⤵
        
        PID:12012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5688 -s 216
        11⤵
        
        PID:9676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3256 -s 216
        10⤵
        
        PID:7160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2500 -s 236
        9⤵
        
        PID:5480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40816.exe
        8⤵
        
        PID:3640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36954.exe
        9⤵
        
        PID:6084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35553.exe
        10⤵
        
        PID:8656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54287.exe
        11⤵
        
        PID:12160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8656 -s 216
        11⤵
        
        PID:6872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6084 -s 216
        10⤵
        
        PID:9828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3640 -s 216
        9⤵
        
        PID:7272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 348 -s 220
        8⤵
        
        PID:5528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29960.exe
        7⤵
        
        PID:1868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60599.exe
        8⤵
        
        PID:3928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47094.exe
        9⤵
        
        PID:4440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42486.exe
        10⤵
        
        PID:7712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56648.exe
        11⤵
        
        PID:11164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37121.exe
        12⤵
        
        PID:12516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7712 -s 216
        11⤵
        
        PID:11480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4440 -s 216
        10⤵
        
        PID:9060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3928 -s 216
        9⤵
        
        PID:6904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1868 -s 216
        8⤵
        
        PID:4524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 804 -s 220
        7⤵
        Program crash
        
        PID:3436
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1976 -s 240
        6⤵
        Program crash
        
        PID:948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40354.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15186.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30236.exe
        7⤵
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35628.exe
        8⤵
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7781.exe
        9⤵
        
        PID:4332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11764.exe
        10⤵
        
        PID:5408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3840.exe
        11⤵
        
        PID:9032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32606.exe
        12⤵
        
        PID:12268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9032 -s 216
        12⤵
        
        PID:6876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5408 -s 216
        11⤵
        
        PID:10024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4332 -s 216
        10⤵
        
        PID:7588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2292 -s 216
        9⤵
        
        PID:5912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2712 -s 236
        8⤵
        
        PID:3360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24999.exe
        7⤵
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3505.exe
        8⤵
        
        PID:4632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46767.exe
        9⤵
        
        PID:6296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64800.exe
        10⤵
        
        PID:8820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56119.exe
        11⤵
        
        PID:12428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8820 -s 216
        11⤵
        
        PID:12932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6296 -s 236
        10⤵
        
        PID:9988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4632 -s 216
        9⤵
        
        PID:7924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2136 -s 236
        8⤵
        
        PID:5184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2016 -s 220
        7⤵
        Program crash
        
        PID:3976
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1932 -s 216
        6⤵
        Program crash
        
        PID:2872
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1048 -s 240
        5⤵
        Program crash
        
        PID:1892
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2848 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:2596
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5632.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5632.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64439.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64439.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45171.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17242.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54273.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51341.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31352.exe
        9⤵
        
        PID:1200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64107.exe
        10⤵
        
        PID:3572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12633.exe
        11⤵
        
        PID:4988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20893.exe
        12⤵
        
        PID:6632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39082.exe
        13⤵
        
        PID:8432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6975.exe
        14⤵
        
        PID:12700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8432 -s 216
        14⤵
        
        PID:7672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6632 -s 216
        13⤵
        
        PID:10352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4988 -s 216
        12⤵
        
        PID:7252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3572 -s 236
        11⤵
        
        PID:6132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1200 -s 236
        10⤵
        
        PID:4776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31989.exe
        9⤵
        
        PID:3608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50760.exe
        10⤵
        
        PID:4304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3596.exe
        11⤵
        
        PID:5744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13762.exe
        12⤵
        
        PID:9204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15174.exe
        13⤵
        
        PID:11672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9204 -s 216
        13⤵
        
        PID:12456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5744 -s 216
        12⤵
        
        PID:10112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4304 -s 216
        11⤵
        
        PID:7604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3608 -s 216
        10⤵
        
        PID:5880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1168 -s 240
        9⤵
        Program crash
        
        PID:4016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17516.exe
        8⤵
        
        PID:2632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12960.exe
        9⤵
        
        PID:3692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48622.exe
        10⤵
        
        PID:4468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57374.exe
        11⤵
        
        PID:5332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48381.exe
        12⤵
        
        PID:8836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16270.exe
        13⤵
        
        PID:12212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8836 -s 216
        13⤵
        
        PID:6384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5332 -s 220
        12⤵
        
        PID:9908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4468 -s 216
        11⤵
        
        PID:7336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3692 -s 236
        10⤵
        
        PID:5840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61429.exe
        9⤵
        
        PID:4568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62719.exe
        10⤵
        
        PID:6224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13845.exe
        11⤵
        
        PID:8692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3327.exe
        12⤵
        
        PID:12308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6586.exe
        13⤵
        
        PID:12724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8692 -s 216
        12⤵
        
        PID:12736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6224 -s 216
        11⤵
        
        PID:9576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4568 -s 216
        10⤵
        
        PID:7752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2632 -s 240
        9⤵
        
        PID:6100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2732 -s 240
        8⤵
        Program crash
        
        PID:3240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49758.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6463.exe
        8⤵
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62545.exe
        9⤵
        
        PID:3900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45581.exe
        10⤵
        
        PID:4624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7400.exe
        11⤵
        
        PID:7348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61396.exe
        12⤵
        
        PID:10088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8833.exe
        13⤵
        
        PID:12492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7348 -s 216
        12⤵
        
        PID:10548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4624 -s 216
        11⤵
        
        PID:8644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3900 -s 216
        10⤵
        
        PID:6568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1948 -s 236
        9⤵
        
        PID:4104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34511.exe
        8⤵
        
        PID:3936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2192 -s 240
        8⤵
        
        PID:5040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 356 -s 240
        7⤵
        Program crash
        
        PID:1356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3681.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38897.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27268.exe
        8⤵
        
        PID:1996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37657.exe
        9⤵
        
        PID:3480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33848.exe
        10⤵
        
        PID:3948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48822.exe
        11⤵
        
        PID:5296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19409.exe
        12⤵
        
        PID:8436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14193.exe
        13⤵
        
        PID:11404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8436 -s 216
        13⤵
        
        PID:11752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5296 -s 216
        12⤵
        
        PID:9684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3948 -s 216
        11⤵
        
        PID:6832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3480 -s 216
        10⤵
        
        PID:5380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62991.exe
        9⤵
        
        PID:4132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42600.exe
        10⤵
        
        PID:6120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51505.exe
        11⤵
        
        PID:8348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9725.exe
        12⤵
        
        PID:11324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8348 -s 216
        12⤵
        
        PID:5588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6120 -s 216
        11⤵
        
        PID:9620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4132 -s 236
        10⤵
        
        PID:6436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1996 -s 240
        9⤵
        
        PID:5300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21875.exe
        8⤵
        
        PID:3508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11289.exe
        9⤵
        
        PID:3100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54852.exe
        10⤵
        
        PID:5488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64525.exe
        11⤵
        
        PID:8520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46674.exe
        12⤵
        
        PID:11508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8520 -s 216
        12⤵
        
        PID:12228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5488 -s 220
        11⤵
        
        PID:9728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3100 -s 216
        10⤵
        
        PID:6584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3508 -s 216
        9⤵
        
        PID:5456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 872 -s 240
        8⤵
        Program crash
        
        PID:4012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3318.exe
        7⤵
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21129.exe
        8⤵
        
        PID:3644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65150.exe
        9⤵
        
        PID:4416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55044.exe
        10⤵
        
        PID:6076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23986.exe
        11⤵
        
        PID:8312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35408.exe
        12⤵
        
        PID:10660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8312 -s 216
        12⤵
        
        PID:11996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6076 -s 216
        11⤵
        
        PID:9596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4416 -s 216
        10⤵
        
        PID:7064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3644 -s 236
        9⤵
        
        PID:5240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12420.exe
        8⤵
        
        PID:4536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28594.exe
        9⤵
        
        PID:5700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5210.exe
        10⤵
        
        PID:8972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60400.exe
        11⤵
        
        PID:12236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28761.exe
        12⤵
        
        PID:7192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8972 -s 216
        11⤵
        
        PID:12368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5700 -s 216
        10⤵
        
        PID:9980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4536 -s 216
        9⤵
        
        PID:7476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1648 -s 240
        8⤵
        
        PID:6032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2676 -s 240
        7⤵
        Program crash
        
        PID:3248
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1652 -s 240
        6⤵
        Program crash
        
        PID:332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19934.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46105.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61455.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37766.exe
        8⤵
        
        PID:2112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51144.exe
        9⤵
        
        PID:4732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59320.exe
        10⤵
        
        PID:5476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9486.exe
        11⤵
        
        PID:8808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55548.exe
        12⤵
        
        PID:11504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8808 -s 216
        12⤵
        
        PID:6976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5476 -s 216
        11⤵
        
        PID:9900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4732 -s 220
        10⤵
        
        PID:7468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2112 -s 236
        9⤵
        
        PID:6056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3060 -s 216
        8⤵
        Program crash
        
        PID:3812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32290.exe
        7⤵
        
        PID:2376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43962.exe
        8⤵
        
        PID:4188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20618.exe
        9⤵
        
        PID:5152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7540.exe
        10⤵
        
        PID:8760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24163.exe
        11⤵
        
        PID:11652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8760 -s 216
        11⤵
        
        PID:6408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5152 -s 216
        10⤵
        
        PID:9884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4188 -s 216
        9⤵
        
        PID:7280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2376 -s 236
        8⤵
        
        PID:5764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2572 -s 240
        7⤵
        Program crash
        
        PID:3140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10863.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57802.exe
        7⤵
        
        PID:992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55747.exe
        8⤵
        
        PID:3820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63479.exe
        9⤵
        
        PID:4404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19798.exe
        10⤵
        
        PID:6776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37494.exe
        11⤵
        
        PID:10188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55237.exe
        12⤵
        
        PID:13008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6776 -s 216
        11⤵
        
        PID:11140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4404 -s 216
        10⤵
        
        PID:8232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3820 -s 216
        9⤵
        
        PID:6344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27713.exe
        7⤵
        
        PID:3856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61533.exe
        8⤵
        
        PID:4276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50524.exe
        9⤵
        
        PID:6628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9974.exe
        10⤵
        
        PID:10068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59404.exe
        11⤵
        
        PID:13248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6628 -s 216
        10⤵
        
        PID:11048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4276 -s 216
        9⤵
        
        PID:8224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3856 -s 216
        8⤵
        
        PID:6328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2040 -s 240
        7⤵
        
        PID:4904
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2956 -s 240
        6⤵
        Program crash
        
        PID:1556
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1792 -s 240
        5⤵
        Program crash
        
        PID:1740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-308.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-308.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23272.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60303.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22561.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17983.exe
        8⤵
        
        PID:4088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16993.exe
        9⤵
        
        PID:4428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44925.exe
        10⤵
        
        PID:7884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16472.exe
        11⤵
        
        PID:10328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34407.exe
        12⤵
        
        PID:7904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7884 -s 236
        11⤵
        
        PID:10924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4428 -s 216
        10⤵
        
        PID:8304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4088 -s 216
        9⤵
        
        PID:6716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 848 -s 216
        8⤵
        
        PID:4340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20915.exe
        7⤵
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30340.exe
        8⤵
        
        PID:4388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40846.exe
        9⤵
        
        PID:5468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8526.exe
        10⤵
        
        PID:8376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8376 -s 220
        11⤵
        
        PID:10520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5468 -s 216
        10⤵
        
        PID:9660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4388 -s 216
        9⤵
        
        PID:7380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1732 -s 216
        8⤵
        
        PID:5888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2584 -s 240
        7⤵
        Program crash
        
        PID:3592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6779.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27713.exe
        7⤵
        
        PID:3864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59203.exe
        8⤵
        
        PID:4520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16975.exe
        9⤵
        
        PID:7244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48568.exe
        10⤵
        
        PID:9360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19934.exe
        11⤵
        
        PID:13176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7244 -s 216
        10⤵
        
        PID:10496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4520 -s 216
        9⤵
        
        PID:8636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3864 -s 236
        8⤵
        
        PID:6452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2472 -s 216
        7⤵
        
        PID:5012
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1872 -s 240
        6⤵
        Program crash
        
        PID:908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9711.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18477.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33106.exe
        7⤵
        
        PID:656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13344.exe
        8⤵
        
        PID:4024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32862.exe
        9⤵
        
        PID:4196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51318.exe
        10⤵
        
        PID:7004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11645.exe
        11⤵
        
        PID:9456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7406.exe
        12⤵
        
        PID:12856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7004 -s 236
        11⤵
        
        PID:10592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4196 -s 216
        10⤵
        
        PID:5864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4024 -s 216
        9⤵
        
        PID:5464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 656 -s 236
        8⤵
        
        PID:5064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54740.exe
        7⤵
        
        PID:3156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13352.exe
        8⤵
        
        PID:4756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28781.exe
        9⤵
        
        PID:8160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23509.exe
        10⤵
        
        PID:10932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8160 -s 216
        10⤵
        
        PID:11080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4756 -s 216
        9⤵
        
        PID:8856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3156 -s 216
        8⤵
        
        PID:6752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1784 -s 240
        7⤵
        
        PID:4560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24122.exe
        6⤵
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27927.exe
        7⤵
        
        PID:3680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48739.exe
        8⤵
        
        PID:4820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59123.exe
        9⤵
        
        PID:7956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21407.exe
        10⤵
        
        PID:10748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37230.exe
        11⤵
        
        PID:6404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7956 -s 216
        10⤵
        
        PID:10304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4820 -s 236
        9⤵
        
        PID:8536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3680 -s 216
        8⤵
        
        PID:6960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2780 -s 216
        7⤵
        
        PID:4876
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2592 -s 240
        6⤵
        Program crash
        
        PID:3288
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2100 -s 240
        5⤵
        Program crash
        
        PID:1512
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2740 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1920
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1708 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:3012
- C:\Users\Admin\AppData\Local\Temp\Unicorn-51735.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-51735.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2680
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21414.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21414.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33713.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33713.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42732.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6935.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49997.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30236.exe
        8⤵
        
        PID:812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61201.exe
        9⤵
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58653.exe
        10⤵
        
        PID:3808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33280.exe
        11⤵
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59206.exe
        12⤵
        
        PID:8052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60540.exe
        13⤵
        
        PID:11248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8052 -s 216
        13⤵
        
        PID:11616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1640 -s 216
        12⤵
        
        PID:8592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3808 -s 216
        11⤵
        
        PID:7028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1532 -s 236
        10⤵
        
        PID:4996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26535.exe
        9⤵
        
        PID:3848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26181.exe
        10⤵
        
        PID:4372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57452.exe
        11⤵
        
        PID:7580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7447.exe
        12⤵
        
        PID:11204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7580 -s 216
        12⤵
        
        PID:11580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4372 -s 216
        11⤵
        
        PID:9112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3848 -s 216
        10⤵
        
        PID:6936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 812 -s 240
        9⤵
        
        PID:4852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24999.exe
        8⤵
        
        PID:1064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10111.exe
        9⤵
        
        PID:4824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36269.exe
        10⤵
        
        PID:5508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26783.exe
        11⤵
        
        PID:8360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45107.exe
        12⤵
        
        PID:11312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8360 -s 216
        12⤵
        
        PID:12528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5508 -s 216
        11⤵
        
        PID:10232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4824 -s 216
        10⤵
        
        PID:7680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1064 -s 216
        9⤵
        
        PID:5668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1812 -s 240
        8⤵
        Program crash
        
        PID:3880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2010.exe
        7⤵
        
        PID:1448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23568.exe
        8⤵
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11289.exe
        9⤵
        
        PID:3968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19117.exe
        10⤵
        
        PID:6484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59502.exe
        11⤵
        
        PID:8220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41978.exe
        12⤵
        
        PID:12656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8220 -s 236
        12⤵
        
        PID:8188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6484 -s 216
        11⤵
        
        PID:10308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3968 -s 216
        10⤵
        
        PID:8028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2212 -s 216
        9⤵
        
        PID:5652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1448 -s 236
        8⤵
        Program crash
        
        PID:3236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1904 -s 240
        7⤵
        Program crash
        
        PID:2788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17687.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60770.exe
        7⤵
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49826.exe
        8⤵
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30065.exe
        9⤵
        
        PID:3404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22097.exe
        10⤵
        
        PID:4292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2714.exe
        11⤵
        
        PID:7424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34775.exe
        12⤵
        
        PID:11008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6586.exe
        13⤵
        
        PID:12720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7424 -s 216
        12⤵
        
        PID:11352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4292 -s 216
        11⤵
        
        PID:8936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3404 -s 216
        10⤵
        
        PID:6928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2840 -s 236
        9⤵
        
        PID:4844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45010.exe
        8⤵
        
        PID:3492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5184.exe
        9⤵
        
        PID:4380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58137.exe
        10⤵
        
        PID:7176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1033.exe
        11⤵
        
        PID:11036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7176 -s 216
        11⤵
        
        PID:11384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4380 -s 216
        10⤵
        
        PID:8892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3492 -s 236
        9⤵
        
        PID:6784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2772 -s 240
        8⤵
        
        PID:4588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12555.exe
        7⤵
        
        PID:2200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17813.exe
        8⤵
        
        PID:3620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60415.exe
        9⤵
        
        PID:4724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33441.exe
        10⤵
        
        PID:7344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41874.exe
        11⤵
        
        PID:11072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38133.exe
        12⤵
        
        PID:12888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7344 -s 216
        11⤵
        
        PID:11548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4724 -s 216
        10⤵
        
        PID:9012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3620 -s 216
        9⤵
        
        PID:6892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2200 -s 236
        8⤵
        
        PID:4796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1444 -s 240
        7⤵
        Program crash
        
        PID:3552
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2180 -s 220
        6⤵
        Program crash
        
        PID:1856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40354.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41637.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56686.exe
        7⤵
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59063.exe
        8⤵
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18280.exe
        9⤵
        
        PID:4788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1458.exe
        10⤵
        
        PID:6096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31085.exe
        11⤵
        
        PID:8420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54842.exe
        12⤵
        
        PID:11492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8420 -s 216
        12⤵
        
        PID:12176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6096 -s 216
        11⤵
        
        PID:9668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4788 -s 216
        10⤵
        
        PID:7636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1572 -s 216
        9⤵
        
        PID:5544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1700 -s 236
        8⤵
        
        PID:4064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29960.exe
        7⤵
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62737.exe
        8⤵
        
        PID:3736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12859.exe
        9⤵
        
        PID:4612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20264.exe
        10⤵
        
        PID:884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50893.exe
        11⤵
        
        PID:10996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11765.exe
        12⤵
        
        PID:13188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 884 -s 216
        11⤵
        
        PID:11900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4612 -s 216
        10⤵
        
        PID:9384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3736 -s 236
        9⤵
        
        PID:7044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2884 -s 216
        8⤵
        
        PID:5048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2604 -s 240
        7⤵
        Program crash
        
        PID:3540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6094.exe
        6⤵
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-817.exe
        7⤵
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2737.exe
        8⤵
        
        PID:3800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1375.exe
        9⤵
        
        PID:5592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47722.exe
        10⤵
        
        PID:8152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20551.exe
        11⤵
        
        PID:10324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8152 -s 216
        11⤵
        
        PID:12072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5592 -s 216
        10⤵
        
        PID:9368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3800 -s 216
        9⤵
        
        PID:6276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2616 -s 236
        8⤵
        
        PID:4444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62607.exe
        7⤵
        
        PID:3960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9351.exe
        8⤵
        
        PID:5752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61837.exe
        9⤵
        
        PID:8004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41251.exe
        10⤵
        
        PID:10636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19031.exe
        11⤵
        
        PID:7556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8004 -s 216
        10⤵
        
        PID:11224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5752 -s 216
        9⤵
        
        PID:8576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3960 -s 216
        8⤵
        
        PID:6464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1752 -s 220
        7⤵
        
        PID:4436
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2320 -s 240
        6⤵
        Program crash
        
        PID:2364
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2624 -s 240
        5⤵
        Program crash
        
        PID:3064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57677.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57677.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15103.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21409.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55233.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9177.exe
        8⤵
        
        PID:1152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58352.exe
        9⤵
        
        PID:4260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18288.exe
        10⤵
        
        PID:5724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11816.exe
        11⤵
        
        PID:9144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21397.exe
        12⤵
        
        PID:11532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9144 -s 216
        12⤵
        
        PID:12412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5724 -s 216
        11⤵
        
        PID:10100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4260 -s 216
        10⤵
        
        PID:7548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1152 -s 236
        9⤵
        
        PID:5936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2272 -s 236
        8⤵
        Program crash
        
        PID:3160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46681.exe
        7⤵
        
        PID:1500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16334.exe
        8⤵
        
        PID:4704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15033.exe
        9⤵
        
        PID:6512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26638.exe
        10⤵
        
        PID:8484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57821.exe
        11⤵
        
        PID:12744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8484 -s 216
        11⤵
        
        PID:7256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6512 -s 236
        10⤵
        
        PID:10360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4704 -s 220
        9⤵
        
        PID:8044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1500 -s 216
        8⤵
        
        PID:6044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2568 -s 240
        7⤵
        Program crash
        
        PID:3388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9794.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43988.exe
        7⤵
        
        PID:3004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62929.exe
        8⤵
        
        PID:3188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35911.exe
        9⤵
        
        PID:4900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22751.exe
        10⤵
        
        PID:8080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62055.exe
        11⤵
        
        PID:10832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49565.exe
        12⤵
        
        PID:12676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8080 -s 216
        11⤵
        
        PID:10916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4900 -s 216
        10⤵
        
        PID:8752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3188 -s 216
        9⤵
        
        PID:6760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3004 -s 236
        8⤵
        
        PID:4596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30811.exe
        7⤵
        
        PID:3264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19383.exe
        8⤵
        
        PID:4504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2714.exe
        9⤵
        
        PID:7452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52481.exe
        10⤵
        
        PID:10888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64147.exe
        11⤵
        
        PID:7760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7452 -s 216
        10⤵
        
        PID:11068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4504 -s 236
        9⤵
        
        PID:8920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3264 -s 236
        8⤵
        
        PID:6816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 380 -s 240
        7⤵
        
        PID:4728
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1100 -s 240
        6⤵
        Program crash
        
        PID:2232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5627.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29660.exe
        6⤵
        Executes dropped EXE
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63832.exe
        7⤵
        
        PID:1384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42125.exe
        8⤵
        
        PID:3988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33137.exe
        9⤵
        
        PID:4676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9346.exe
        10⤵
        
        PID:7392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35884.exe
        11⤵
        
        PID:10412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30733.exe
        12⤵
        
        PID:13048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7392 -s 216
        11⤵
        
        PID:11176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4676 -s 236
        10⤵
        
        PID:8728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3988 -s 236
        9⤵
        
        PID:6576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1384 -s 236
        8⤵
        
        PID:4120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40349.exe
        7⤵
        
        PID:3092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15046.exe
        8⤵
        
        PID:4300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4084.exe
        9⤵
        
        PID:7812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24531.exe
        10⤵
        
        PID:10536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58226.exe
        11⤵
        
        PID:7796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7812 -s 216
        10⤵
        
        PID:11152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4300 -s 236
        9⤵
        
        PID:8240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3092 -s 236
        8⤵
        
        PID:6692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2552 -s 220
        7⤵
        
        PID:4244
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3008 -s 236
        6⤵
        Program crash
        
        PID:3328
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2092 -s 240
        5⤵
        Program crash
        
        PID:1560
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2836 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:556
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48658.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48658.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12005.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12005.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29494.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60111.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42488.exe
        7⤵
        
        PID:284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24445.exe
        8⤵
        
        PID:584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32670.exe
        9⤵
        
        PID:4868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64857.exe
        10⤵
        
        PID:6184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45065.exe
        11⤵
        
        PID:8416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40063.exe
        12⤵
        
        PID:11528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8416 -s 236
        12⤵
        
        PID:6828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6184 -s 216
        11⤵
        
        PID:9408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4868 -s 216
        10⤵
        
        PID:7704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 584 -s 236
        9⤵
        
        PID:6108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 284 -s 236
        8⤵
        Program crash
        
        PID:3908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1696 -s 236
        7⤵
        Program crash
        
        PID:3428
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3036 -s 236
        6⤵
        Program crash
        
        PID:1988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9519.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48518.exe
        6⤵
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7039.exe
        7⤵
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33464.exe
        8⤵
        
        PID:3716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25880.exe
        9⤵
        
        PID:5692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29632.exe
        10⤵
        
        PID:7412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47577.exe
        11⤵
        
        PID:11060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7412 -s 216
        11⤵
        
        PID:12196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5692 -s 216
        10⤵
        
        PID:9540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3716 -s 216
        9⤵
        
        PID:6316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27796.exe
        7⤵
        
        PID:3912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54468.exe
        8⤵
        
        PID:5800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62496.exe
        9⤵
        
        PID:7840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57883.exe
        10⤵
        
        PID:10940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7840 -s 216
        10⤵
        
        PID:12184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5800 -s 216
        9⤵
        
        PID:9488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3912 -s 216
        8⤵
        
        PID:6532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2308 -s 220
        7⤵
        
        PID:5144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14885.exe
        6⤵
        
        PID:2148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13235.exe
        7⤵
        
        PID:3676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50384.exe
        8⤵
        
        PID:5856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46160.exe
        9⤵
        
        PID:8156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39409.exe
        10⤵
        
        PID:10872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8156 -s 216
        10⤵
        
        PID:12152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5856 -s 216
        9⤵
        
        PID:9508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3676 -s 216
        8⤵
        
        PID:6536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2148 -s 236
        7⤵
        
        PID:5136
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1336 -s 240
        6⤵
        Program crash
        
        PID:3120
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2312 -s 240
        5⤵
        Program crash
        
        PID:1644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44439.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44439.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29385.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60770.exe
        6⤵
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48949.exe
        7⤵
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46977.exe
        8⤵
        
        PID:4084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37556.exe
        9⤵
        
        PID:5444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31962.exe
        10⤵
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30665.exe
        11⤵
        
        PID:10452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2803.exe
        12⤵
        
        PID:7872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1980 -s 216
        11⤵
        
        PID:12104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5444 -s 216
        10⤵
        
        PID:9392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4084 -s 236
        9⤵
        
        PID:6208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2736 -s 236
        8⤵
        
        PID:4620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53754.exe
        7⤵
        
        PID:3172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56222.exe
        8⤵
        
        PID:5312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23410.exe
        9⤵
        
        PID:8108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52839.exe
        10⤵
        
        PID:11132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8108 -s 216
        10⤵
        
        PID:11928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5312 -s 216
        9⤵
        
        PID:2600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3172 -s 216
        8⤵
        
        PID:7144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2244 -s 240
        7⤵
        
        PID:4400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51642.exe
        6⤵
        
        PID:1592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42592.exe
        7⤵
        
        PID:4360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58635.exe
        8⤵
        
        PID:4312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2086.exe
        9⤵
        
        PID:8460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48999.exe
        10⤵
        
        PID:2544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8460 -s 216
        10⤵
        
        PID:12536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4312 -s 236
        9⤵
        
        PID:8496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4360 -s 216
        8⤵
        
        PID:7664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1592 -s 216
        7⤵
        
        PID:5928
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2076 -s 240
        6⤵
        Program crash
        
        PID:3532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28652.exe
        5⤵
        
        PID:2952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41850.exe
        6⤵
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28010.exe
        7⤵
        
        PID:4692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49844.exe
        8⤵
        
        PID:6540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43166.exe
        9⤵
        
        PID:8364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47515.exe
        10⤵
        
        PID:12788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8364 -s 216
        10⤵
        
        PID:8260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6540 -s 216
        9⤵
        
        PID:10392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4692 -s 220
        8⤵
        
        PID:8056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2904 -s 216
        7⤵
        
        PID:6064
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2952 -s 216
        6⤵
        Program crash
        
        PID:3876
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1876 -s 240
        5⤵
        Program crash
        
        PID:2796
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2636 -s 240
      4⤵
      Program crash
      PID:2096
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2680 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:1808
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1340 -s 240
  2⤵
  - Program crash
  PID:2688

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-15186.exe

Filesize
184KB

MD5
a38d95322344ca9d962f8e04e6be7d6a

SHA1
48f6cf35112a2964937fd056c2a36ffe58fb1ead

SHA256
15cf328d941f9bbebdc8f4bc1e0eb024633d1e9b8f3bd4bc5dbc9f59ad45f726

SHA512
99e732becc1ac66c79345d5646d5f2b8c72d90311b8f9bb47935c3ecef8f07fc4f94a26d11c9c91e11faae561df9021f1eacdd78dd229ca7df57d62e7e69d89b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21414.exe

Filesize
184KB

MD5
a402b3fbe3a62e7de9bd6adb11e371ab

SHA1
a60ccf0ad6e8ec957747752d5e9a502581fe6b61

SHA256
bd05a934539ca792d1d4b5cfbf09735f71c10ef4312093a31221a1923e0ed561

SHA512
537a24da3fb188f6a3e8c89b06297d698b6394a2fc02a18cd2e45ea59b7d5cc6fc87f0140208c08f928d9b05c7cd7cb41697aa2057e86a1d69983faecec43f88

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40349.exe

Filesize
184KB

MD5
6eee523cfdcb8b3bf59e0d79cc55001d

SHA1
6e42199009d70f91a0c520f45ce0931d176f44b4

SHA256
a8042752964e9fd04292451f18610b13ccd15d6cdfcf3b116e012d73c8bde190

SHA512
7611381fc4242408d1aa0d2e39e9c5b068857242ada303f73a7734457029c1edd33d4c4428d6374942b43335a767bb1bc49690fe3203d32a8cf2184e2a280577

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40816.exe

Filesize
184KB

MD5
2e6df9baf7396dc542e6be27996031b0

SHA1
1fc3cdc26561a13f9faf290ce8e18d873e004cd9

SHA256
cb8336d611e87b2458334fa3fe131db340d2f803ef0eb916681202ed5d0c4eab

SHA512
ff81863f2d54e9d8719518a82f4d01855cff0f7bcbf6d0c272571daee5cc60160977916ab4eccaa6373d1f087f81fbac78b2d39a14f44a956d7f4fa487be4943

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45171.exe

Filesize
184KB

MD5
967ad6a3ed15adc37d87b41063e706d4

SHA1
1bfe2604086d1714489a54337f1c4b07d2f744c8

SHA256
7b1f75075c950fc3ad020077da4e4b462ce836bda2cddaff4b7079133cf97644

SHA512
b06b76e918e55bff240661ee8b6f2f1a9499d88b17744ba0e7f7a19ee66e43a77e97e84430406c31dd5b5caec6cb7429624c64570c13089fcd82301dec443f97

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48568.exe

Filesize
184KB

MD5
ae8130d186e37839fe6657338787d379

SHA1
ad3c3da481bc71cee24ef66108aaa175cad8da80

SHA256
1d6d66cd85816d3cfe06fa08f52bffa78b280effc6cd4511ff7c463b615dbbc6

SHA512
ad824754d546a069a92ad3fa30e4f768aec4f501e4bb485b811158aa21f5205e33b4abebf97c2c2c1981b39dd16641ff1a45ff9b4d086dd1cce94a3b1eb4ddc5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49565.exe

Filesize
184KB

MD5
b0220f60e930e1bbce7d6a31e0df84be

SHA1
f2c898c2b4ffed8800a1dc9a408e3f5a093bd067

SHA256
f9df7ba30c64bd1266d49e464e678dc5cfc192a15ec15fcff36c8c8f855cba02

SHA512
19fa5d7891937e6b0a4a696e7a808d74d1962c8723a4c66ee8993e68f5363b65ab7fa638994e4ee3fd68ada635a116ddac3ccd90ba3455a70255ac1d8223972d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5632.exe

Filesize
184KB

MD5
5b8a190f8cbdf69e31b26bb0526dbe32

SHA1
f468417c1f73ca67077a0b189443240ab744c1e9

SHA256
83ee1da9e38a08a2c332263c3002eec5263f223bfa9338f3bbddaefbae85f8af

SHA512
a5ce3db36c4c9c10d1604256a92e99d6999c4ca9c0892804a50739a0887d52b139150bddbdaf54d7a5c8032eef65150dd342139f208e08de06de0d44ad231fb0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57883.exe

Filesize
184KB

MD5
d84a40b5a39f56368bcfdd22e517ac0f

SHA1
684d91e1455ab85dfd2fc9606836bb580ab8e10f

SHA256
1a5dda730bc3c320268ef773dfa202271377849bdf9804200b173faecca7bcca

SHA512
829874c08da94724624f82ba77321d4c54bbf4bb88b4b1859f4023714aa4bdee0052fe8448d7b0c1689e4db3a1ee89ace5763eb9446bece791c19fbcce6c91ab

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6094.exe

Filesize
184KB

MD5
f535feb94d9daf2271fb52283b1f8796

SHA1
69f59cebde901ec1b8fc4010eeee450029115492

SHA256
1603398f20e8c7168466462a198e3652e857507512f6fe5012aeb18e36cf29e5

SHA512
6a79d14d7e5357999f68d3304bc4157f2046c2b1fe0993ad9431766ccb6b10e7eba7636e61a80da4da615bc32f996a2bb5b9bb2ef1357a125068c5cb90e8ec1e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6463.exe

Filesize
184KB

MD5
97c0cba346a039d4bc79c316428ca58d

SHA1
b902bcdb1745f4b7ebd5ac87b64803f3b378194c

SHA256
0a1e6123c487a4cb603bc84e1fbf2485117650d214754a4ed53924b4f241ebf5

SHA512
d48712319a815f5b77719fd0530fba45293fad90cf006f2020f8e89bf09c4b81c126633d211ce4b79f2a09cd234ce1d2501c4a2c21b15e14c8d9b028deaf5e41

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-12005.exe

Filesize
184KB

MD5
06cd67a17e569b575c45399ab2e40a34

SHA1
cc53b5b415444a3e0893e39951855b2786ef40c2

SHA256
6f6b0bfcf1d7fb98c1cd4c05fa0efede9e1a3e64fc4734ec0007bb6fd5b70d23

SHA512
5a6b22f74dca81b9c03e28e9e8407d67592fe41a03a40149338c177ef717f0e8f81b33e80ab9508e582dc97db316fcd560ca979c3499aa0eaa8d25ead227abb4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-17931.exe

Filesize
184KB

MD5
20c33349cd4aa47bc6c987282f4866e2

SHA1
7d1d29cf9215dff80bfa79a5633dfa76fdba39da

SHA256
edf91aa2e65cb10746a78f8c131e9ea2f96b853a7f211d365bc7e91723913078

SHA512
99d3d04e0ee212b4f73853c97eec036f6df6cd82120822d92b4b9a84822a17170ad3c41a8746565196583439427fb691e4dc1f07b0a87f90d966360d0a6c4087

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-25498.exe

Filesize
184KB

MD5
ea8c170ce272e8df942f4e20822dbe33

SHA1
24ad8f04e5b76dda0f424e55db0ad3d6d5d32dfc

SHA256
2b9a23221aee49ef7b663f99629d0938592340eaae9de8ed471552063e8b4b33

SHA512
d7de223f46c75b91635ff2bd64842f3be31fb0e2ffe5b8cab45d0eb179cf3035ff3e7fd6951b407e3afea96304c30fb6f77b86cfda81c8bd5b7c08a4037c0c9a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-2986.exe

Filesize
184KB

MD5
34a19cbea202f96d4dc783164a4963d3

SHA1
f0085aba098081df85fa2b9373a5677126792edc

SHA256
85ea77824fe22d2cec52fc7a052b9032a7af19087b62e6b6bcd7d2c61c3eb071

SHA512
559fa83d369af84728dd366b5ec8b1569f8e07e1da43af096158cc092911b7f36a33557bb196158977fe7dd4831edf120526365cf913fbae534af8d7928cd6cb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-308.exe

Filesize
184KB

MD5
38a9bb4c427fa4eee3638056537bb367

SHA1
29e1c3479079febbee8d80f2d755827ed29a19ac

SHA256
bf9976b3a12f1d0e17c56dd972130025ac87e00fa4c8e8a1acb89838d9bf3c1f

SHA512
ca866dd474665d81618714d1627e557fc45d89ae0618714bd9a77288ac306691c2ec9aadc426ef8cce5b45d98d276712f238cc6d2246abce49521c9695f065a0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-33713.exe

Filesize
184KB

MD5
6de61ef419e16d2639ef8d88c2eff104

SHA1
644c3dc1877ef2239669f2fc9be2f032a1922b74

SHA256
6876a57b0ce5995114de9b61877436b0c86f8b79d938269f73931f4dc3e85f8d

SHA512
1fb2adab70f7d78d23f6673718f6ae605a3f0eab645bdb809ddedfa28e217b9900b4528ce5c80fed899e52867d36ef95a4264dc54bf4a65de295b7fb67583cd8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-36790.exe

Filesize
184KB

MD5
087f37e9e229a9a71ed9dfce520fcb42

SHA1
32b31ac84ec13ee28cbc4e1a9981b4f842fbd22c

SHA256
b53ac9605faa040302fce58e274be7bbebbed0f64b084cbc5af8467d9d725beb

SHA512
99f73c856b47b8c65e74a98fc31f9e5ea5b0a0a3f93e948fb534003de76d27b61f36975f2e776f8bf4a55e62c17eb82094f1679184218e7decbb7a09e5b19367

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48658.exe

Filesize
184KB

MD5
0942bf9f6156d96d6934bbabd9d9c3c5

SHA1
ab904a0315f76be8dc7b92c4350aa6fe82cddcfb

SHA256
b0f6973275b6a265b189b3557313cf8b9f56162da8b1ec34d84ddb0455b017b5

SHA512
5b88bc04a9092195076c0512ad18cd86d5125e2734f0d69987b61f9a2ccfe5d8c0f5879cff1e3a1a978da6b43dada7cc97c21313d054cac7ef5e0c9acccb817b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-51735.exe

Filesize
184KB

MD5
19789fb9f2414ee67e363b3590c361e7

SHA1
d58437b4c24f164058775e70aa2093eaa5da8e3a

SHA256
1a8cf520cd12ca1df5a2cd5dcb95f82f3869005add4648f4903edc8882c62400

SHA512
b986cfe3c499e83599c2306f6a8866bd35cf3af16530f61a510f24963e590747c7a51b50a55a79b9f65a805569720569f4b679115a07dbd471bdba278a093188

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-57127.exe

Filesize
184KB

MD5
5f1f50fbe9e18d94ba06fe7999d1268d

SHA1
3f76aa621703074ed2ffda9490e7f5bd826c6ce0

SHA256
80ab96efcf563b16a11dbd56f52987399d6bba98fcd0edeae58af4e88c6388d6

SHA512
9e21cf971f3b4406fa95db5a4bcf4fa72301bb81ea5170db55adb65b07b3ebc41879da5945f410cc642b70341edd49115df7df17370f12f9250013371fcecfda

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-64439.exe

Filesize
184KB

MD5
1161fa0d269b2afcc595d21056c342e1

SHA1
5d88a6f45c0b1cd709b525da794b1b6b2886293d

SHA256
2ad3b497024272c94ce533f30b8e2969783b2c6681c477cf99d83dec1899297b

SHA512
fec57d1e2d390c1a361e5355151af8e4ce2e01dfc8e54084850a287e0c49d4e80edbcd70f204ea528804a321c7b4538ddc6db12ba21e6ec1a7fc7892d2b3215b

Download Submit