61054b47cd04e4ecb764e4f8b8217887c9c0d567f09770f1b999de41252dac3b

Analysis

max time kernel
150s
max time network
119s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 22:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

61054b47cd04e4ecb764e4f8b8217887c9c0d567f09770f1b999de41252dac3b.exe
Size

184KB
MD5

d592984473daa4fdc95f368ca8acff4c
SHA1

54f45b3603eb5c5ac48f0c397a26731233bce18e
SHA256

61054b47cd04e4ecb764e4f8b8217887c9c0d567f09770f1b999de41252dac3b
SHA512

fd0dd1e1351d1b6fe977eb3892cd38c916acd20330c9f443d61e53aa42afc15256cc987be3a99d769a39a83a2f2c633cbb0956b8f747f7a70bdce922fc3a5e9a
SSDEEP

1536:G7r/6j4luWPQotx1tgi9lpwMG2Iyvhcl0md8qSA92bzktR7l5hj5nizpvO:QmPWPQoTfgiZdGtWWJSA9sCR7lnViFm

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-52507.exeUnicorn-41407.exeUnicorn-17265.exeUnicorn-31148.exeUnicorn-46093.exeUnicorn-27064.exeUnicorn-64095.exeUnicorn-9227.exeUnicorn-55735.exeUnicorn-5143.exeUnicorn-29093.exeUnicorn-22077.exeUnicorn-63664.exeUnicorn-1656.exeUnicorn-43820.exeUnicorn-59601.exeUnicorn-841.exeUnicorn-20707.exeUnicorn-51433.exeUnicorn-50940.exeUnicorn-50940.exeUnicorn-348.exeUnicorn-35180.exeUnicorn-27012.exeUnicorn-37872.exeUnicorn-14567.exeUnicorn-49378.exeUnicorn-25428.exeUnicorn-6399.exeUnicorn-52071.exeUnicorn-23011.exeUnicorn-3145.exeUnicorn-57821.exeUnicorn-64598.exeUnicorn-53737.exeUnicorn-45569.exeUnicorn-52346.exeUnicorn-63851.exeUnicorn-13259.exeUnicorn-39901.exeUnicorn-55683.exeUnicorn-30987.exeUnicorn-45932.exeUnicorn-26903.exeUnicorn-41847.exeUnicorn-22819.exeUnicorn-57629.exeUnicorn-64406.exeUnicorn-53270.exeUnicorn-64967.exeUnicorn-21797.exeUnicorn-55216.exeUnicorn-32103.exeUnicorn-32103.exeUnicorn-20427.exeUnicorn-47069.exeUnicorn-8174.exeUnicorn-42985.exeUnicorn-19035.exeUnicorn-45678.exeUnicorn-45678.exeUnicorn-26649.exeUnicorn-26649.exeUnicorn-26649.exe

pid	process
2308	Unicorn-52507.exe
2688	Unicorn-41407.exe
2632	Unicorn-17265.exe
2612	Unicorn-31148.exe
2728	Unicorn-46093.exe
2912	Unicorn-27064.exe
2780	Unicorn-64095.exe
2716	Unicorn-9227.exe
2180	Unicorn-55735.exe
316	Unicorn-5143.exe
1228	Unicorn-29093.exe
2324	Unicorn-22077.exe
2268	Unicorn-63664.exe
2032	Unicorn-1656.exe
2416	Unicorn-43820.exe
1408	Unicorn-59601.exe
1784	Unicorn-841.exe
900	Unicorn-20707.exe
2428	Unicorn-51433.exe
2872	Unicorn-50940.exe
1252	Unicorn-50940.exe
1576	Unicorn-348.exe
1864	Unicorn-35180.exe
896	Unicorn-27012.exe
2396	Unicorn-37872.exe
1860	Unicorn-14567.exe
1808	Unicorn-49378.exe
1108	Unicorn-25428.exe
604	Unicorn-6399.exe
2952	Unicorn-52071.exe
296	Unicorn-23011.exe
2672	Unicorn-3145.exe
2484	Unicorn-57821.exe
2504	Unicorn-64598.exe
2476	Unicorn-53737.exe
2596	Unicorn-45569.exe
2040	Unicorn-52346.exe
2464	Unicorn-63851.exe
2712	Unicorn-13259.exe
1736	Unicorn-39901.exe
2192	Unicorn-55683.exe
1872	Unicorn-30987.exe
1608	Unicorn-45932.exe
2448	Unicorn-26903.exe
1440	Unicorn-41847.exe
1516	Unicorn-22819.exe
2320	Unicorn-57629.exe
2244	Unicorn-64406.exe
1360	Unicorn-53270.exe
2444	Unicorn-64967.exe
1040	Unicorn-21797.exe
2020	Unicorn-55216.exe
1924	Unicorn-32103.exe
2836	Unicorn-32103.exe
892	Unicorn-20427.exe
2188	Unicorn-47069.exe
440	Unicorn-8174.exe
2600	Unicorn-42985.exe
2676	Unicorn-19035.exe
2588	Unicorn-45678.exe
2520	Unicorn-45678.exe
2376	Unicorn-26649.exe
2548	Unicorn-26649.exe
2916	Unicorn-26649.exe

Loads dropped DLL 64 IoCs

Processes:

61054b47cd04e4ecb764e4f8b8217887c9c0d567f09770f1b999de41252dac3b.exeUnicorn-52507.exeUnicorn-41407.exeUnicorn-17265.exeWerFault.exeUnicorn-31148.exeUnicorn-27064.exeUnicorn-46093.exeWerFault.exeWerFault.exeUnicorn-64095.exeUnicorn-55735.exeUnicorn-29093.exeUnicorn-9227.exeUnicorn-5143.exeWerFault.exeWerFault.exeWerFault.exe

pid	process
2400	61054b47cd04e4ecb764e4f8b8217887c9c0d567f09770f1b999de41252dac3b.exe
2400	61054b47cd04e4ecb764e4f8b8217887c9c0d567f09770f1b999de41252dac3b.exe
2308	Unicorn-52507.exe
2308	Unicorn-52507.exe
2400	61054b47cd04e4ecb764e4f8b8217887c9c0d567f09770f1b999de41252dac3b.exe
2400	61054b47cd04e4ecb764e4f8b8217887c9c0d567f09770f1b999de41252dac3b.exe
2688	Unicorn-41407.exe
2308	Unicorn-52507.exe
2688	Unicorn-41407.exe
2308	Unicorn-52507.exe
2632	Unicorn-17265.exe
2632	Unicorn-17265.exe
1592	WerFault.exe
1592	WerFault.exe
1592	WerFault.exe
1592	WerFault.exe
1592	WerFault.exe
2612	Unicorn-31148.exe
2612	Unicorn-31148.exe
2688	Unicorn-41407.exe
2912	Unicorn-27064.exe
2688	Unicorn-41407.exe
2912	Unicorn-27064.exe
2632	Unicorn-17265.exe
2632	Unicorn-17265.exe
2728	Unicorn-46093.exe
2728	Unicorn-46093.exe
264	WerFault.exe
264	WerFault.exe
264	WerFault.exe
264	WerFault.exe
264	WerFault.exe
1840	WerFault.exe
1840	WerFault.exe
1840	WerFault.exe
1840	WerFault.exe
1840	WerFault.exe
2780	Unicorn-64095.exe
2780	Unicorn-64095.exe
2612	Unicorn-31148.exe
2612	Unicorn-31148.exe
2180	Unicorn-55735.exe
2180	Unicorn-55735.exe
2912	Unicorn-27064.exe
2912	Unicorn-27064.exe
1228	Unicorn-29093.exe
1228	Unicorn-29093.exe
2728	Unicorn-46093.exe
2728	Unicorn-46093.exe
2716	Unicorn-9227.exe
2716	Unicorn-9227.exe
316	Unicorn-5143.exe
316	Unicorn-5143.exe
680	WerFault.exe
680	WerFault.exe
680	WerFault.exe
680	WerFault.exe
680	WerFault.exe
1720	WerFault.exe
1720	WerFault.exe
1720	WerFault.exe
1720	WerFault.exe
1720	WerFault.exe
1704	WerFault.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2736	2400	WerFault.exe	61054b47cd04e4ecb764e4f8b8217887c9c0d567f09770f1b999de41252dac3b.exe
1592	2308	WerFault.exe	Unicorn-52507.exe
264	2688	WerFault.exe	Unicorn-41407.exe
1840	2632	WerFault.exe	Unicorn-17265.exe
680	2612	WerFault.exe	Unicorn-31148.exe
1720	2728	WerFault.exe	Unicorn-46093.exe
1704	2912	WerFault.exe	Unicorn-27064.exe
1524	2780	WerFault.exe	Unicorn-64095.exe
1640	2180	WerFault.exe	Unicorn-55735.exe
2584	1228	WerFault.exe	Unicorn-29093.exe
2616	2716	WerFault.exe	Unicorn-9227.exe
2636	316	WerFault.exe	Unicorn-5143.exe
2288	2268	WerFault.exe	Unicorn-63664.exe
1076	2324	WerFault.exe	Unicorn-22077.exe
1780	2416	WerFault.exe	Unicorn-43820.exe
2816	2032	WerFault.exe	Unicorn-1656.exe
2432	1784	WerFault.exe	Unicorn-841.exe
288	1408	WerFault.exe	Unicorn-59601.exe
2332	2428	WerFault.exe	Unicorn-51433.exe
1692	900	WerFault.exe	Unicorn-20707.exe
880	1252	WerFault.exe	Unicorn-50940.exe
2248	2872	WerFault.exe	Unicorn-50940.exe
1560	1576	WerFault.exe	Unicorn-348.exe
1300	1864	WerFault.exe	Unicorn-35180.exe
236	896	WerFault.exe	Unicorn-27012.exe
2336	2396	WerFault.exe	Unicorn-37872.exe
1492	604	WerFault.exe	Unicorn-6399.exe
2240	1808	WerFault.exe	Unicorn-49378.exe
1992	2952	WerFault.exe	Unicorn-52071.exe
2272	1108	WerFault.exe	Unicorn-25428.exe
2864	1860	WerFault.exe	Unicorn-14567.exe
2924	2464	WerFault.exe	Unicorn-63851.exe
1856	1736	WerFault.exe	Unicorn-39901.exe
2364	2504	WerFault.exe	Unicorn-64598.exe
2436	2712	WerFault.exe	Unicorn-13259.exe
1904	2040	WerFault.exe	Unicorn-52346.exe
3080	2476	WerFault.exe	Unicorn-53737.exe
3120	1608	WerFault.exe	Unicorn-45932.exe
3112	296	WerFault.exe	Unicorn-23011.exe
3128	1440	WerFault.exe	Unicorn-41847.exe
3136	1872	WerFault.exe	Unicorn-30987.exe
3176	2448	WerFault.exe	Unicorn-26903.exe
3192	2244	WerFault.exe	Unicorn-64406.exe
3948	2596	WerFault.exe	Unicorn-45569.exe
3980	2484	WerFault.exe	Unicorn-57821.exe
3472	2192	WerFault.exe	Unicorn-55683.exe
3520	2320	WerFault.exe	Unicorn-57629.exe
3624	2020	WerFault.exe	Unicorn-55216.exe
3756	2672	WerFault.exe	Unicorn-3145.exe
3264	1516	WerFault.exe	Unicorn-22819.exe
3312	2588	WerFault.exe	Unicorn-45678.exe
3324	1040	WerFault.exe	Unicorn-21797.exe
3944	2376	WerFault.exe	Unicorn-26649.exe
3380	2188	WerFault.exe	Unicorn-47069.exe
3548	1748	WerFault.exe	Unicorn-25065.exe
3564	440	WerFault.exe	Unicorn-8174.exe
3596	1616	WerFault.exe	Unicorn-8729.exe
3604	752	WerFault.exe	Unicorn-20981.exe
3692	2172	WerFault.exe	Unicorn-6036.exe
3720	884	WerFault.exe	Unicorn-10120.exe
3768	860	WerFault.exe	Unicorn-51708.exe
3784	2444	WerFault.exe	Unicorn-64967.exe
3696	1924	WerFault.exe	Unicorn-32103.exe
3448	2704	WerFault.exe	Unicorn-44630.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

61054b47cd04e4ecb764e4f8b8217887c9c0d567f09770f1b999de41252dac3b.exeUnicorn-52507.exeUnicorn-41407.exeUnicorn-17265.exeUnicorn-31148.exeUnicorn-27064.exeUnicorn-46093.exeUnicorn-64095.exeUnicorn-55735.exeUnicorn-9227.exeUnicorn-29093.exeUnicorn-5143.exeUnicorn-22077.exeUnicorn-63664.exeUnicorn-1656.exeUnicorn-43820.exeUnicorn-841.exeUnicorn-59601.exeUnicorn-20707.exeUnicorn-51433.exeUnicorn-50940.exeUnicorn-50940.exeUnicorn-348.exeUnicorn-35180.exeUnicorn-27012.exeUnicorn-37872.exeUnicorn-14567.exeUnicorn-49378.exeUnicorn-25428.exeUnicorn-6399.exeUnicorn-52071.exeUnicorn-3145.exeUnicorn-23011.exeUnicorn-64598.exeUnicorn-57821.exeUnicorn-53737.exeUnicorn-45569.exeUnicorn-52346.exeUnicorn-63851.exeUnicorn-13259.exeUnicorn-39901.exeUnicorn-55683.exeUnicorn-45932.exeUnicorn-26903.exeUnicorn-30987.exeUnicorn-22819.exeUnicorn-41847.exeUnicorn-57629.exeUnicorn-64406.exeUnicorn-53270.exeUnicorn-64967.exeUnicorn-21797.exeUnicorn-55216.exeUnicorn-32103.exeUnicorn-32103.exeUnicorn-20427.exeUnicorn-47069.exeUnicorn-42985.exeUnicorn-8174.exeUnicorn-45678.exeUnicorn-19035.exeUnicorn-45678.exeUnicorn-26649.exeUnicorn-26649.exe

pid	process
2400	61054b47cd04e4ecb764e4f8b8217887c9c0d567f09770f1b999de41252dac3b.exe
2308	Unicorn-52507.exe
2688	Unicorn-41407.exe
2632	Unicorn-17265.exe
2612	Unicorn-31148.exe
2912	Unicorn-27064.exe
2728	Unicorn-46093.exe
2780	Unicorn-64095.exe
2180	Unicorn-55735.exe
2716	Unicorn-9227.exe
1228	Unicorn-29093.exe
316	Unicorn-5143.exe
2324	Unicorn-22077.exe
2268	Unicorn-63664.exe
2032	Unicorn-1656.exe
2416	Unicorn-43820.exe
1784	Unicorn-841.exe
1408	Unicorn-59601.exe
900	Unicorn-20707.exe
2428	Unicorn-51433.exe
2872	Unicorn-50940.exe
1252	Unicorn-50940.exe
1576	Unicorn-348.exe
1864	Unicorn-35180.exe
896	Unicorn-27012.exe
2396	Unicorn-37872.exe
1860	Unicorn-14567.exe
1808	Unicorn-49378.exe
1108	Unicorn-25428.exe
604	Unicorn-6399.exe
2952	Unicorn-52071.exe
2672	Unicorn-3145.exe
296	Unicorn-23011.exe
2504	Unicorn-64598.exe
2484	Unicorn-57821.exe
2476	Unicorn-53737.exe
2596	Unicorn-45569.exe
2040	Unicorn-52346.exe
2464	Unicorn-63851.exe
2712	Unicorn-13259.exe
1736	Unicorn-39901.exe
2192	Unicorn-55683.exe
1608	Unicorn-45932.exe
2448	Unicorn-26903.exe
1872	Unicorn-30987.exe
1516	Unicorn-22819.exe
1440	Unicorn-41847.exe
2320	Unicorn-57629.exe
2244	Unicorn-64406.exe
1360	Unicorn-53270.exe
2444	Unicorn-64967.exe
1040	Unicorn-21797.exe
2020	Unicorn-55216.exe
2836	Unicorn-32103.exe
1924	Unicorn-32103.exe
892	Unicorn-20427.exe
2188	Unicorn-47069.exe
2600	Unicorn-42985.exe
440	Unicorn-8174.exe
2588	Unicorn-45678.exe
2676	Unicorn-19035.exe
2520	Unicorn-45678.exe
2376	Unicorn-26649.exe
2548	Unicorn-26649.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

61054b47cd04e4ecb764e4f8b8217887c9c0d567f09770f1b999de41252dac3b.exeUnicorn-52507.exeUnicorn-41407.exeUnicorn-17265.exeUnicorn-31148.exeUnicorn-27064.exeUnicorn-46093.exeUnicorn-64095.exe

description	pid	process	target process
PID 2400 wrote to memory of 2308	2400	61054b47cd04e4ecb764e4f8b8217887c9c0d567f09770f1b999de41252dac3b.exe	Unicorn-52507.exe
PID 2400 wrote to memory of 2308	2400	61054b47cd04e4ecb764e4f8b8217887c9c0d567f09770f1b999de41252dac3b.exe	Unicorn-52507.exe
PID 2400 wrote to memory of 2308	2400	61054b47cd04e4ecb764e4f8b8217887c9c0d567f09770f1b999de41252dac3b.exe	Unicorn-52507.exe
PID 2400 wrote to memory of 2308	2400	61054b47cd04e4ecb764e4f8b8217887c9c0d567f09770f1b999de41252dac3b.exe	Unicorn-52507.exe
PID 2308 wrote to memory of 2688	2308	Unicorn-52507.exe	Unicorn-41407.exe
PID 2308 wrote to memory of 2688	2308	Unicorn-52507.exe	Unicorn-41407.exe
PID 2308 wrote to memory of 2688	2308	Unicorn-52507.exe	Unicorn-41407.exe
PID 2308 wrote to memory of 2688	2308	Unicorn-52507.exe	Unicorn-41407.exe
PID 2400 wrote to memory of 2632	2400	61054b47cd04e4ecb764e4f8b8217887c9c0d567f09770f1b999de41252dac3b.exe	Unicorn-17265.exe
PID 2400 wrote to memory of 2632	2400	61054b47cd04e4ecb764e4f8b8217887c9c0d567f09770f1b999de41252dac3b.exe	Unicorn-17265.exe
PID 2400 wrote to memory of 2632	2400	61054b47cd04e4ecb764e4f8b8217887c9c0d567f09770f1b999de41252dac3b.exe	Unicorn-17265.exe
PID 2400 wrote to memory of 2632	2400	61054b47cd04e4ecb764e4f8b8217887c9c0d567f09770f1b999de41252dac3b.exe	Unicorn-17265.exe
PID 2400 wrote to memory of 2736	2400	61054b47cd04e4ecb764e4f8b8217887c9c0d567f09770f1b999de41252dac3b.exe	WerFault.exe
PID 2400 wrote to memory of 2736	2400	61054b47cd04e4ecb764e4f8b8217887c9c0d567f09770f1b999de41252dac3b.exe	WerFault.exe
PID 2400 wrote to memory of 2736	2400	61054b47cd04e4ecb764e4f8b8217887c9c0d567f09770f1b999de41252dac3b.exe	WerFault.exe
PID 2400 wrote to memory of 2736	2400	61054b47cd04e4ecb764e4f8b8217887c9c0d567f09770f1b999de41252dac3b.exe	WerFault.exe
PID 2688 wrote to memory of 2612	2688	Unicorn-41407.exe	Unicorn-31148.exe
PID 2688 wrote to memory of 2612	2688	Unicorn-41407.exe	Unicorn-31148.exe
PID 2688 wrote to memory of 2612	2688	Unicorn-41407.exe	Unicorn-31148.exe
PID 2688 wrote to memory of 2612	2688	Unicorn-41407.exe	Unicorn-31148.exe
PID 2308 wrote to memory of 2728	2308	Unicorn-52507.exe	Unicorn-46093.exe
PID 2308 wrote to memory of 2728	2308	Unicorn-52507.exe	Unicorn-46093.exe
PID 2308 wrote to memory of 2728	2308	Unicorn-52507.exe	Unicorn-46093.exe
PID 2308 wrote to memory of 2728	2308	Unicorn-52507.exe	Unicorn-46093.exe
PID 2632 wrote to memory of 2912	2632	Unicorn-17265.exe	Unicorn-27064.exe
PID 2632 wrote to memory of 2912	2632	Unicorn-17265.exe	Unicorn-27064.exe
PID 2632 wrote to memory of 2912	2632	Unicorn-17265.exe	Unicorn-27064.exe
PID 2632 wrote to memory of 2912	2632	Unicorn-17265.exe	Unicorn-27064.exe
PID 2308 wrote to memory of 1592	2308	Unicorn-52507.exe	WerFault.exe
PID 2308 wrote to memory of 1592	2308	Unicorn-52507.exe	WerFault.exe
PID 2308 wrote to memory of 1592	2308	Unicorn-52507.exe	WerFault.exe
PID 2308 wrote to memory of 1592	2308	Unicorn-52507.exe	WerFault.exe
PID 2612 wrote to memory of 2780	2612	Unicorn-31148.exe	Unicorn-64095.exe
PID 2612 wrote to memory of 2780	2612	Unicorn-31148.exe	Unicorn-64095.exe
PID 2612 wrote to memory of 2780	2612	Unicorn-31148.exe	Unicorn-64095.exe
PID 2612 wrote to memory of 2780	2612	Unicorn-31148.exe	Unicorn-64095.exe
PID 2688 wrote to memory of 2716	2688	Unicorn-41407.exe	Unicorn-9227.exe
PID 2688 wrote to memory of 2716	2688	Unicorn-41407.exe	Unicorn-9227.exe
PID 2688 wrote to memory of 2716	2688	Unicorn-41407.exe	Unicorn-9227.exe
PID 2688 wrote to memory of 2716	2688	Unicorn-41407.exe	Unicorn-9227.exe
PID 2912 wrote to memory of 2180	2912	Unicorn-27064.exe	Unicorn-55735.exe
PID 2912 wrote to memory of 2180	2912	Unicorn-27064.exe	Unicorn-55735.exe
PID 2912 wrote to memory of 2180	2912	Unicorn-27064.exe	Unicorn-55735.exe
PID 2912 wrote to memory of 2180	2912	Unicorn-27064.exe	Unicorn-55735.exe
PID 2632 wrote to memory of 316	2632	Unicorn-17265.exe	Unicorn-5143.exe
PID 2632 wrote to memory of 316	2632	Unicorn-17265.exe	Unicorn-5143.exe
PID 2632 wrote to memory of 316	2632	Unicorn-17265.exe	Unicorn-5143.exe
PID 2632 wrote to memory of 316	2632	Unicorn-17265.exe	Unicorn-5143.exe
PID 2728 wrote to memory of 1228	2728	Unicorn-46093.exe	Unicorn-29093.exe
PID 2728 wrote to memory of 1228	2728	Unicorn-46093.exe	Unicorn-29093.exe
PID 2728 wrote to memory of 1228	2728	Unicorn-46093.exe	Unicorn-29093.exe
PID 2728 wrote to memory of 1228	2728	Unicorn-46093.exe	Unicorn-29093.exe
PID 2688 wrote to memory of 264	2688	Unicorn-41407.exe	WerFault.exe
PID 2688 wrote to memory of 264	2688	Unicorn-41407.exe	WerFault.exe
PID 2688 wrote to memory of 264	2688	Unicorn-41407.exe	WerFault.exe
PID 2688 wrote to memory of 264	2688	Unicorn-41407.exe	WerFault.exe
PID 2632 wrote to memory of 1840	2632	Unicorn-17265.exe	WerFault.exe
PID 2632 wrote to memory of 1840	2632	Unicorn-17265.exe	WerFault.exe
PID 2632 wrote to memory of 1840	2632	Unicorn-17265.exe	WerFault.exe
PID 2632 wrote to memory of 1840	2632	Unicorn-17265.exe	WerFault.exe
PID 2780 wrote to memory of 2324	2780	Unicorn-64095.exe	Unicorn-22077.exe
PID 2780 wrote to memory of 2324	2780	Unicorn-64095.exe	Unicorn-22077.exe
PID 2780 wrote to memory of 2324	2780	Unicorn-64095.exe	Unicorn-22077.exe
PID 2780 wrote to memory of 2324	2780	Unicorn-64095.exe	Unicorn-22077.exe

C:\Users\Admin\AppData\Local\Temp\61054b47cd04e4ecb764e4f8b8217887c9c0d567f09770f1b999de41252dac3b.exe
"C:\Users\Admin\AppData\Local\Temp\61054b47cd04e4ecb764e4f8b8217887c9c0d567f09770f1b999de41252dac3b.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2400
- C:\Users\Admin\AppData\Local\Temp\Unicorn-52507.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-52507.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2308
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41407.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41407.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31148.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31148.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64095.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22077.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50940.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57821.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26649.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29062.exe
        10⤵
        
        PID:1552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43426.exe
        11⤵
        
        PID:3868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45066.exe
        12⤵
        
        PID:5296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31313.exe
        12⤵
        
        PID:6060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57959.exe
        13⤵
        
        PID:8220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52085.exe
        14⤵
        
        PID:10940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19507.exe
        15⤵
        
        PID:13180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8220 -s 216
        14⤵
        
        PID:11932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6060 -s 216
        13⤵
        
        PID:9424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3868 -s 220
        12⤵
        
        PID:7512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1552 -s 216
        11⤵
        
        PID:5628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2376 -s 216
        10⤵
        Program crash
        
        PID:3944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27670.exe
        9⤵
        
        PID:864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33888.exe
        10⤵
        
        PID:3440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22316.exe
        11⤵
        
        PID:5456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46200.exe
        12⤵
        
        PID:8072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20892.exe
        13⤵
        
        PID:10976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1779.exe
        14⤵
        
        PID:12396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10976 -s 216
        14⤵
        
        PID:7652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8072 -s 216
        13⤵
        
        PID:11416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5456 -s 216
        12⤵
        
        PID:8376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3440 -s 216
        11⤵
        
        PID:6900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 864 -s 236
        10⤵
        
        PID:5712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2484 -s 220
        9⤵
        Program crash
        
        PID:3980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25065.exe
        8⤵
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8449.exe
        9⤵
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1407.exe
        10⤵
        
        PID:3316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60525.exe
        11⤵
        
        PID:5200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43761.exe
        12⤵
        
        PID:7348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47233.exe
        13⤵
        
        PID:10460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51027.exe
        14⤵
        
        PID:12848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10460 -s 236
        14⤵
        
        PID:13020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7348 -s 216
        13⤵
        
        PID:11720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5200 -s 216
        12⤵
        
        PID:9364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3316 -s 216
        11⤵
        
        PID:7220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2576 -s 236
        10⤵
        
        PID:6004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1748 -s 216
        9⤵
        Program crash
        
        PID:3548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2872 -s 240
        8⤵
        Program crash
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64598.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32103.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30816.exe
        9⤵
        
        PID:536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10286.exe
        10⤵
        
        PID:3328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13706.exe
        11⤵
        
        PID:4936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13052.exe
        12⤵
        
        PID:6492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3159.exe
        13⤵
        
        PID:7880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31399.exe
        13⤵
        
        PID:8252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22833.exe
        14⤵
        
        PID:11908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8252 -s 236
        14⤵
        
        PID:12068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6492 -s 220
        13⤵
        
        PID:10144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4936 -s 216
        12⤵
        
        PID:8056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3328 -s 216
        11⤵
        
        PID:5468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 536 -s 216
        10⤵
        
        PID:4352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12979.exe
        9⤵
        
        PID:3400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20121.exe
        10⤵
        
        PID:4900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3457.exe
        11⤵
        
        PID:6064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45240.exe
        12⤵
        
        PID:7484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56688.exe
        13⤵
        
        PID:10740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27763.exe
        14⤵
        
        PID:6488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10740 -s 236
        14⤵
        
        PID:7200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7484 -s 216
        13⤵
        
        PID:11276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6064 -s 216
        12⤵
        
        PID:8680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4900 -s 236
        11⤵
        
        PID:6572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3400 -s 216
        10⤵
        
        PID:5568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2836 -s 240
        9⤵
        
        PID:4164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41676.exe
        8⤵
        
        PID:1448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26383.exe
        9⤵
        
        PID:4024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35554.exe
        10⤵
        
        PID:5608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57409.exe
        11⤵
        
        PID:7804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20752.exe
        12⤵
        
        PID:10040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50648.exe
        13⤵
        
        PID:12264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10040 -s 216
        13⤵
        
        PID:12504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7804 -s 236
        12⤵
        
        PID:11000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5608 -s 216
        11⤵
        
        PID:9096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4024 -s 216
        10⤵
        
        PID:7092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1448 -s 216
        9⤵
        
        PID:4592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2504 -s 220
        8⤵
        Program crash
        
        PID:2364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2324 -s 240
        7⤵
        Program crash
        
        PID:1076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-348.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53737.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47069.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51620.exe
        9⤵
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18922.exe
        10⤵
        
        PID:3160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54796.exe
        11⤵
        
        PID:6032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28712.exe
        12⤵
        
        PID:7596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25962.exe
        13⤵
        
        PID:10768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50321.exe
        14⤵
        
        PID:6276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10768 -s 236
        14⤵
        
        PID:8088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7596 -s 236
        13⤵
        
        PID:11284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6032 -s 236
        12⤵
        
        PID:8416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3160 -s 216
        11⤵
        
        PID:6564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2976 -s 236
        10⤵
        
        PID:5416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2188 -s 236
        9⤵
        Program crash
        
        PID:3380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2476 -s 236
        8⤵
        Program crash
        
        PID:3080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19035.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12725.exe
        8⤵
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13192.exe
        9⤵
        
        PID:4036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15242.exe
        10⤵
        
        PID:5036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11716.exe
        11⤵
        
        PID:6376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42495.exe
        12⤵
        
        PID:9872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42205.exe
        13⤵
        
        PID:11920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9872 -s 216
        13⤵
        
        PID:6528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6376 -s 216
        12⤵
        
        PID:10488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5036 -s 216
        11⤵
        
        PID:8492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4036 -s 216
        10⤵
        
        PID:6648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2592 -s 236
        9⤵
        
        PID:4600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15885.exe
        8⤵
        
        PID:1520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40576.exe
        9⤵
        
        PID:5880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42910.exe
        10⤵
        
        PID:8128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5650.exe
        11⤵
        
        PID:10328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50430.exe
        12⤵
        
        PID:11940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10328 -s 216
        12⤵
        
        PID:12888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8128 -s 236
        11⤵
        
        PID:10388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5880 -s 216
        10⤵
        
        PID:8396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1520 -s 216
        9⤵
        
        PID:6436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2676 -s 220
        8⤵
        
        PID:4656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1576 -s 240
        7⤵
        Program crash
        
        PID:1560
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2780 -s 240
        6⤵
        Program crash
        
        PID:1524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63664.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50940.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23011.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51791.exe
        8⤵
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42959.exe
        9⤵
        
        PID:3588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34127.exe
        10⤵
        
        PID:5100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22734.exe
        11⤵
        
        PID:6604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33886.exe
        12⤵
        
        PID:8236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63206.exe
        13⤵
        
        PID:10812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53113.exe
        14⤵
        
        PID:13052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8236 -s 216
        13⤵
        
        PID:11732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6604 -s 216
        12⤵
        
        PID:10212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5100 -s 216
        11⤵
        
        PID:7276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3588 -s 216
        10⤵
        
        PID:5680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2460 -s 236
        9⤵
        
        PID:4508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 296 -s 236
        8⤵
        Program crash
        
        PID:3112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20981.exe
        7⤵
        
        PID:752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-281.exe
        8⤵
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61900.exe
        9⤵
        
        PID:3960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45066.exe
        10⤵
        
        PID:5312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2645.exe
        11⤵
        
        PID:7856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20316.exe
        12⤵
        
        PID:10896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31930.exe
        13⤵
        
        PID:12348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10896 -s 216
        13⤵
        
        PID:7616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7856 -s 236
        12⤵
        
        PID:11360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5312 -s 216
        11⤵
        
        PID:8208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3960 -s 236
        10⤵
        
        PID:6716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1716 -s 216
        9⤵
        
        PID:5640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 752 -s 236
        8⤵
        Program crash
        
        PID:3604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1252 -s 240
        7⤵
        Program crash
        
        PID:880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3145.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20427.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55704.exe
        8⤵
        
        PID:480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36135.exe
        9⤵
        
        PID:3840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17272.exe
        10⤵
        
        PID:5544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49433.exe
        11⤵
        
        PID:7640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36548.exe
        12⤵
        
        PID:9572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45111.exe
        13⤵
        
        PID:6472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9572 -s 216
        13⤵
        
        PID:12472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7640 -s 216
        12⤵
        
        PID:10856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5544 -s 236
        11⤵
        
        PID:8940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3840 -s 216
        10⤵
        
        PID:7060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 480 -s 236
        9⤵
        
        PID:4484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34551.exe
        8⤵
        
        PID:3928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35554.exe
        9⤵
        
        PID:5580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4124.exe
        10⤵
        
        PID:7760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10253.exe
        11⤵
        
        PID:10096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2324.exe
        12⤵
        
        PID:4988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10096 -s 216
        12⤵
        
        PID:12408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7760 -s 216
        11⤵
        
        PID:11028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5580 -s 216
        10⤵
        
        PID:9044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3928 -s 216
        9⤵
        
        PID:7084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 892 -s 240
        8⤵
        
        PID:4692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23586.exe
        7⤵
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15221.exe
        8⤵
        
        PID:3452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52357.exe
        9⤵
        
        PID:5972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53683.exe
        10⤵
        
        PID:7884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54825.exe
        11⤵
        
        PID:10404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61717.exe
        12⤵
        
        PID:12928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10404 -s 216
        12⤵
        
        PID:8732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7884 -s 216
        11⤵
        
        PID:11636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5972 -s 216
        10⤵
        
        PID:8920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3452 -s 216
        9⤵
        
        PID:6588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2700 -s 236
        8⤵
        
        PID:5868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2672 -s 240
        7⤵
        Program crash
        
        PID:3756
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2268 -s 220
        6⤵
        Program crash
        
        PID:2288
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2612 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9227.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9227.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20707.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6399.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30987.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22373.exe
        8⤵
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49674.exe
        9⤵
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47619.exe
        10⤵
        
        PID:3828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37971.exe
        11⤵
        
        PID:4320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17555.exe
        12⤵
        
        PID:6824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65245.exe
        13⤵
        
        PID:9796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42734.exe
        14⤵
        
        PID:11664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9796 -s 236
        14⤵
        
        PID:6512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6824 -s 216
        13⤵
        
        PID:10432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4320 -s 216
        12⤵
        
        PID:8200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3828 -s 216
        11⤵
        
        PID:6520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2528 -s 236
        10⤵
        
        PID:4476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19585.exe
        9⤵
        
        PID:3860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7868.exe
        10⤵
        
        PID:4400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39838.exe
        11⤵
        
        PID:6236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12946.exe
        12⤵
        
        PID:9240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9895.exe
        13⤵
        
        PID:12072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9240 -s 216
        13⤵
        
        PID:11688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6236 -s 216
        12⤵
        
        PID:1620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4400 -s 236
        11⤵
        
        PID:8008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3860 -s 236
        10⤵
        
        PID:5492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2648 -s 240
        9⤵
        
        PID:4804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17364.exe
        8⤵
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11054.exe
        9⤵
        
        PID:3356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15819.exe
        10⤵
        
        PID:5240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38743.exe
        11⤵
        
        PID:7296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21966.exe
        12⤵
        
        PID:10024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35791.exe
        13⤵
        
        PID:5948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10024 -s 216
        13⤵
        
        PID:7832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7296 -s 216
        12⤵
        
        PID:10604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5240 -s 216
        11⤵
        
        PID:8832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3356 -s 236
        10⤵
        
        PID:6756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2176 -s 236
        9⤵
        
        PID:4792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1872 -s 240
        8⤵
        Program crash
        
        PID:3136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 604 -s 236
        7⤵
        Program crash
        
        PID:1492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45932.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26649.exe
        7⤵
        Executes dropped EXE
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44282.exe
        8⤵
        
        PID:3728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18367.exe
        9⤵
        
        PID:4316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30108.exe
        10⤵
        
        PID:6444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43865.exe
        11⤵
        
        PID:9508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49942.exe
        12⤵
        
        PID:12248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9508 -s 236
        12⤵
        
        PID:6200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6444 -s 236
        11⤵
        
        PID:10280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4316 -s 236
        10⤵
        
        PID:7492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3728 -s 216
        9⤵
        
        PID:668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2916 -s 216
        8⤵
        
        PID:4748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1608 -s 216
        7⤵
        Program crash
        
        PID:3120
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 900 -s 240
        6⤵
        Program crash
        
        PID:1692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52071.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22819.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10120.exe
        7⤵
        
        PID:884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53566.exe
        8⤵
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34080.exe
        9⤵
        
        PID:3940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63047.exe
        10⤵
        
        PID:5748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49791.exe
        11⤵
        
        PID:8256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47809.exe
        12⤵
        
        PID:11148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56839.exe
        13⤵
        
        PID:13268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8256 -s 216
        12⤵
        
        PID:11988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5748 -s 216
        11⤵
        
        PID:9444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3940 -s 216
        10⤵
        
        PID:7388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2824 -s 216
        9⤵
        
        PID:6088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 884 -s 236
        8⤵
        Program crash
        
        PID:3720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56259.exe
        7⤵
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29996.exe
        8⤵
        
        PID:3856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54879.exe
        9⤵
        
        PID:5968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64721.exe
        10⤵
        
        PID:8284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54031.exe
        11⤵
        
        PID:11080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29237.exe
        12⤵
        
        PID:13068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8284 -s 216
        11⤵
        
        PID:11952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5968 -s 216
        10⤵
        
        PID:9476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3856 -s 216
        9⤵
        
        PID:7408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2744 -s 236
        8⤵
        
        PID:6096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1516 -s 220
        7⤵
        Program crash
        
        PID:3264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51708.exe
        6⤵
        
        PID:860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10587.exe
        7⤵
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44386.exe
        8⤵
        
        PID:4032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29799.exe
        9⤵
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25618.exe
        9⤵
        
        PID:7008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56418.exe
        10⤵
        
        PID:8820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62111.exe
        11⤵
        
        PID:11840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8820 -s 236
        11⤵
        
        PID:11916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7008 -s 216
        10⤵
        
        PID:10020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4032 -s 220
        9⤵
        
        PID:7768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2840 -s 216
        8⤵
        
        PID:5996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 860 -s 236
        7⤵
        Program crash
        
        PID:3768
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2952 -s 240
        6⤵
        Program crash
        
        PID:1992
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2716 -s 240
        5⤵
        Program crash
        
        PID:2616
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2688 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:264
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46093.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46093.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29093.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29093.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59601.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14567.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57629.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1952.exe
        8⤵
        
        PID:1912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53566.exe
        9⤵
        
        PID:1844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11630.exe
        10⤵
        
        PID:3684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39254.exe
        11⤵
        
        PID:5440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-232.exe
        12⤵
        
        PID:7560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18074.exe
        13⤵
        
        PID:9484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3502.exe
        14⤵
        
        PID:11588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9484 -s 216
        14⤵
        
        PID:7976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7560 -s 216
        13⤵
        
        PID:10840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5440 -s 216
        12⤵
        
        PID:8912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3684 -s 216
        11⤵
        
        PID:6972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1844 -s 236
        10⤵
        
        PID:4112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22491.exe
        9⤵
        
        PID:3724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26810.exe
        10⤵
        
        PID:5472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61685.exe
        11⤵
        
        PID:7588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20020.exe
        12⤵
        
        PID:9840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6024.exe
        13⤵
        
        PID:11728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9840 -s 236
        13⤵
        
        PID:12320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7588 -s 216
        12⤵
        
        PID:10920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5472 -s 216
        11⤵
        
        PID:8928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3724 -s 236
        10⤵
        
        PID:6996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1912 -s 220
        9⤵
        
        PID:4152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29616.exe
        8⤵
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50224.exe
        9⤵
        
        PID:3272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40297.exe
        10⤵
        
        PID:5700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9059.exe
        11⤵
        
        PID:7488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47150.exe
        12⤵
        
        PID:11132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7171.exe
        13⤵
        
        PID:12796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11132 -s 216
        13⤵
        
        PID:12988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7488 -s 216
        12⤵
        
        PID:11464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5700 -s 216
        11⤵
        
        PID:9220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3272 -s 236
        10⤵
        
        PID:7028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2256 -s 236
        9⤵
        
        PID:5796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2320 -s 240
        8⤵
        Program crash
        
        PID:3520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8729.exe
        7⤵
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4365.exe
        8⤵
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23774.exe
        9⤵
        
        PID:4208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26099.exe
        10⤵
        
        PID:5292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60637.exe
        11⤵
        
        PID:8312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62007.exe
        12⤵
        
        PID:11244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1032.exe
        13⤵
        
        PID:13152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8312 -s 216
        12⤵
        
        PID:12016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5292 -s 216
        11⤵
        
        PID:9492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4208 -s 216
        10⤵
        
        PID:7428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1616 -s 216
        8⤵
        Program crash
        
        PID:3596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1860 -s 220
        7⤵
        Program crash
        
        PID:2864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64406.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6036.exe
        7⤵
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22840.exe
        8⤵
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39726.exe
        9⤵
        
        PID:4016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29991.exe
        10⤵
        
        PID:5896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24026.exe
        11⤵
        
        PID:8136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30321.exe
        12⤵
        
        PID:11236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22932.exe
        13⤵
        
        PID:12728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11236 -s 216
        13⤵
        
        PID:12916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8136 -s 216
        12⤵
        
        PID:11516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5896 -s 216
        11⤵
        
        PID:8796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4016 -s 236
        10⤵
        
        PID:6424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1624 -s 236
        9⤵
        
        PID:5852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2172 -s 236
        8⤵
        Program crash
        
        PID:3692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33700.exe
        7⤵
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5024.exe
        8⤵
        
        PID:3184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45969.exe
        9⤵
        
        PID:4388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56833.exe
        10⤵
        
        PID:7124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-886.exe
        11⤵
        
        PID:9980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45303.exe
        12⤵
        
        PID:5932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9980 -s 216
        12⤵
        
        PID:12384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7124 -s 216
        11⤵
        
        PID:11008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4388 -s 216
        10⤵
        
        PID:8528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3184 -s 216
        9⤵
        
        PID:6704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1568 -s 236
        8⤵
        
        PID:4624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2244 -s 240
        7⤵
        Program crash
        
        PID:3192
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1408 -s 220
        6⤵
        Program crash
        
        PID:288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25428.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53270.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52798.exe
        7⤵
        
        PID:2996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28761.exe
        8⤵
        
        PID:3456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55424.exe
        9⤵
        
        PID:4768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63815.exe
        10⤵
        
        PID:6348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45069.exe
        11⤵
        
        PID:8800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33658.exe
        12⤵
        
        PID:10344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11805.exe
        13⤵
        
        PID:12600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8800 -s 216
        12⤵
        
        PID:11424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6348 -s 236
        11⤵
        
        PID:9964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4768 -s 216
        10⤵
        
        PID:7984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3456 -s 236
        9⤵
        
        PID:5560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2996 -s 216
        8⤵
        
        PID:4140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31261.exe
        7⤵
        
        PID:3496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48517.exe
        8⤵
        
        PID:4964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39503.exe
        9⤵
        
        PID:6544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65380.exe
        10⤵
        
        PID:8520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16227.exe
        11⤵
        
        PID:11532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8520 -s 216
        11⤵
        
        PID:5264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6544 -s 236
        10⤵
        
        PID:10168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4964 -s 216
        9⤵
        
        PID:8160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3496 -s 216
        8⤵
        
        PID:5460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1360 -s 240
        7⤵
        
        PID:4364
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1108 -s 236
        6⤵
        Program crash
        
        PID:2272
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1228 -s 240
        5⤵
        Program crash
        
        PID:2584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-841.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-841.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13259.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32103.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57458.exe
        7⤵
        
        PID:760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47043.exe
        8⤵
        
        PID:3536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14391.exe
        9⤵
        
        PID:4848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13846.exe
        10⤵
        
        PID:5500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31509.exe
        11⤵
        
        PID:7196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16891.exe
        12⤵
        
        PID:10764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49849.exe
        13⤵
        
        PID:13032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7196 -s 216
        12⤵
        
        PID:11804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5500 -s 216
        11⤵
        
        PID:9376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4848 -s 236
        10⤵
        
        PID:7368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3536 -s 216
        9⤵
        
        PID:5348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 760 -s 236
        8⤵
        
        PID:4180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23093.exe
        7⤵
        
        PID:3580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6415.exe
        8⤵
        
        PID:4716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24537.exe
        9⤵
        
        PID:6152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52277.exe
        10⤵
        
        PID:8436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63424.exe
        11⤵
        
        PID:11120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1224.exe
        12⤵
        
        PID:8104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8436 -s 216
        11⤵
        
        PID:12188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6152 -s 216
        10⤵
        
        PID:9640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4716 -s 216
        9⤵
        
        PID:7692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3580 -s 236
        8⤵
        
        PID:5508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1924 -s 240
        7⤵
        Program crash
        
        PID:3696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21064.exe
        6⤵
        
        PID:1240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38875.exe
        7⤵
        
        PID:3636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58823.exe
        8⤵
        
        PID:5028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38735.exe
        9⤵
        
        PID:6204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50331.exe
        10⤵
        
        PID:8384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3232.exe
        11⤵
        
        PID:10804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44779.exe
        12⤵
        
        PID:7216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8384 -s 216
        11⤵
        
        PID:12152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6204 -s 216
        10⤵
        
        PID:9600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5028 -s 216
        9⤵
        
        PID:7712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3636 -s 216
        8⤵
        
        PID:6044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1240 -s 236
        7⤵
        
        PID:4416
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2712 -s 240
        6⤵
        Program crash
        
        PID:2436
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1784 -s 216
        5⤵
        Program crash
        
        PID:2432
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2728 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1720
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2308 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:1592
- C:\Users\Admin\AppData\Local\Temp\Unicorn-17265.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-17265.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2632
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27064.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27064.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55735.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55735.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1656.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27012.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63851.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64967.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44630.exe
        9⤵
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22539.exe
        10⤵
        
        PID:3256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7821.exe
        11⤵
        
        PID:4464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34843.exe
        12⤵
        
        PID:6040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17119.exe
        13⤵
        
        PID:7744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53455.exe
        14⤵
        
        PID:10828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16601.exe
        15⤵
        
        PID:12972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7744 -s 216
        14⤵
        
        PID:11896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6040 -s 216
        13⤵
        
        PID:9400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4464 -s 216
        12⤵
        
        PID:7544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3256 -s 216
        11⤵
        
        PID:5268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 236
        10⤵
        Program crash
        
        PID:3448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33399.exe
        9⤵
        
        PID:3296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40494.exe
        10⤵
        
        PID:4604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20837.exe
        11⤵
        
        PID:6292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5790.exe
        12⤵
        
        PID:8604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19460.exe
        13⤵
        
        PID:11112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20358.exe
        14⤵
        
        PID:8096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8604 -s 216
        13⤵
        
        PID:4360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6292 -s 216
        12⤵
        
        PID:9756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4604 -s 216
        11⤵
        
        PID:7908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3296 -s 216
        10⤵
        
        PID:5392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2444 -s 240
        9⤵
        Program crash
        
        PID:3784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51215.exe
        8⤵
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45097.exe
        9⤵
        
        PID:3368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5538.exe
        10⤵
        
        PID:4992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26818.exe
        11⤵
        
        PID:6576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50222.exe
        12⤵
        
        PID:9176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63206.exe
        13⤵
        
        PID:4396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42807.exe
        14⤵
        
        PID:8656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9176 -s 216
        13⤵
        
        PID:5172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6576 -s 216
        12⤵
        
        PID:10184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4992 -s 216
        11⤵
        
        PID:7248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3368 -s 216
        10⤵
        
        PID:5912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2740 -s 216
        9⤵
        
        PID:4380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2464 -s 240
        8⤵
        Program crash
        
        PID:2924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55216.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46576.exe
        8⤵
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45097.exe
        9⤵
        
        PID:3360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5683.exe
        10⤵
        
        PID:4572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25113.exe
        11⤵
        
        PID:6260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24073.exe
        12⤵
        
        PID:8672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39880.exe
        13⤵
        
        PID:10836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35926.exe
        14⤵
        
        PID:12532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8672 -s 216
        13⤵
        
        PID:11300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6260 -s 216
        12⤵
        
        PID:9780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4572 -s 216
        11⤵
        
        PID:7888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3360 -s 216
        10⤵
        
        PID:5360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2196 -s 216
        9⤵
        
        PID:3900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2020 -s 236
        8⤵
        Program crash
        
        PID:3624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 896 -s 240
        7⤵
        Program crash
        
        PID:236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39901.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21797.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58828.exe
        8⤵
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32845.exe
        9⤵
        
        PID:3412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38740.exe
        10⤵
        
        PID:4244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53317.exe
        11⤵
        
        PID:5648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48193.exe
        12⤵
        
        PID:8464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40181.exe
        13⤵
        
        PID:10656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60347.exe
        14⤵
        
        PID:13208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8464 -s 216
        13⤵
        
        PID:12096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5648 -s 216
        12⤵
        
        PID:9632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4244 -s 216
        11⤵
        
        PID:7452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3412 -s 236
        10⤵
        
        PID:6116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2496 -s 236
        9⤵
        
        PID:4124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4619.exe
        8⤵
        
        PID:3476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57214.exe
        9⤵
        
        PID:4308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18315.exe
        10⤵
        
        PID:5328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54415.exe
        11⤵
        
        PID:8352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23113.exe
        12⤵
        
        PID:10440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44395.exe
        13⤵
        
        PID:13304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8352 -s 216
        12⤵
        
        PID:12048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5328 -s 216
        11⤵
        
        PID:9592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4308 -s 216
        10⤵
        
        PID:7664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3476 -s 236
        9⤵
        
        PID:5144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1040 -s 240
        8⤵
        Program crash
        
        PID:3324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8236.exe
        7⤵
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53026.exe
        8⤵
        
        PID:4060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25248.exe
        9⤵
        
        PID:5684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55271.exe
        10⤵
        
        PID:7864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14913.exe
        11⤵
        
        PID:10180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51032.exe
        12⤵
        
        PID:12104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10180 -s 216
        12⤵
        
        PID:12648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7864 -s 236
        11⤵
        
        PID:11156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5684 -s 236
        10⤵
        
        PID:9156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4060 -s 216
        9⤵
        
        PID:6148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1604 -s 236
        8⤵
        
        PID:4960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1736 -s 240
        7⤵
        Program crash
        
        PID:1856
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2032 -s 240
        6⤵
        Program crash
        
        PID:2816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37872.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55683.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42985.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25615.exe
        8⤵
        
        PID:3920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34127.exe
        9⤵
        
        PID:5092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42962.exe
        10⤵
        
        PID:6848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6449.exe
        11⤵
        
        PID:8892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20119.exe
        12⤵
        
        PID:11648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6848 -s 216
        11⤵
        
        PID:9524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5092 -s 216
        10⤵
        
        PID:7444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3920 -s 216
        9⤵
        
        PID:5696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2600 -s 216
        8⤵
        
        PID:4452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64427.exe
        7⤵
        
        PID:1544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62476.exe
        8⤵
        
        PID:4056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52549.exe
        9⤵
        
        PID:5592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25396.exe
        10⤵
        
        PID:7680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50933.exe
        11⤵
        
        PID:11192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43352.exe
        12⤵
        
        PID:12768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11192 -s 216
        12⤵
        
        PID:12964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7680 -s 216
        11⤵
        
        PID:11488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5592 -s 216
        10⤵
        
        PID:9064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4056 -s 216
        9⤵
        
        PID:7004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1544 -s 216
        8⤵
        
        PID:5776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2192 -s 240
        7⤵
        Program crash
        
        PID:3472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45678.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39176.exe
        7⤵
        
        PID:1676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21169.exe
        8⤵
        
        PID:3528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48491.exe
        9⤵
        
        PID:5336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15608.exe
        10⤵
        
        PID:7268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62998.exe
        11⤵
        
        PID:10076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13424.exe
        12⤵
        
        PID:12084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10076 -s 216
        12⤵
        
        PID:6928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7268 -s 216
        11⤵
        
        PID:10664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5336 -s 216
        10⤵
        
        PID:8840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3528 -s 236
        9⤵
        
        PID:6832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1676 -s 236
        8⤵
        
        PID:5048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58672.exe
        7⤵
        
        PID:3560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22918.exe
        8⤵
        
        PID:5364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5686.exe
        9⤵
        
        PID:7476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65328.exe
        10⤵
        
        PID:9348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49195.exe
        11⤵
        
        PID:6412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9348 -s 216
        11⤵
        
        PID:12516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7476 -s 216
        10⤵
        
        PID:10796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5364 -s 216
        9⤵
        
        PID:8860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3560 -s 236
        8⤵
        
        PID:6892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2520 -s 220
        7⤵
        
        PID:5056
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2396 -s 240
        6⤵
        Program crash
        
        PID:2336
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2180 -s 240
        5⤵
        Program crash
        
        PID:1640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43820.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43820.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35180.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45569.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8174.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35092.exe
        8⤵
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35834.exe
        9⤵
        
        PID:3908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-333.exe
        10⤵
        
        PID:5660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50092.exe
        11⤵
        
        PID:1364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51234.exe
        12⤵
        
        PID:11104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39076.exe
        13⤵
        
        PID:12604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11104 -s 236
        13⤵
        
        PID:12748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1364 -s 216
        12⤵
        
        PID:11456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5660 -s 216
        11⤵
        
        PID:8560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3908 -s 216
        10⤵
        
        PID:7024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1944 -s 216
        9⤵
        
        PID:5768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 440 -s 216
        8⤵
        Program crash
        
        PID:3564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2974.exe
        7⤵
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40603.exe
        8⤵
        
        PID:3432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31662.exe
        9⤵
        
        PID:5956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18790.exe
        10⤵
        
        PID:7324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51836.exe
        11⤵
        
        PID:10516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29709.exe
        12⤵
        
        PID:6740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10516 -s 216
        12⤵
        
        PID:13116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7324 -s 216
        11⤵
        
        PID:10984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5956 -s 236
        10⤵
        
        PID:8576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3432 -s 216
        9⤵
        
        PID:6532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2056 -s 216
        8⤵
        
        PID:5304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2596 -s 240
        7⤵
        Program crash
        
        PID:3948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45678.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37230.exe
        7⤵
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31174.exe
        8⤵
        
        PID:4052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35855.exe
        9⤵
        
        PID:4172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23393.exe
        10⤵
        
        PID:6364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4176.exe
        11⤵
        
        PID:9908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47612.exe
        12⤵
        
        PID:5168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9908 -s 216
        12⤵
        
        PID:12332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6364 -s 216
        11⤵
        
        PID:10496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4172 -s 216
        10⤵
        
        PID:8512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4052 -s 236
        9⤵
        
        PID:6668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2776 -s 216
        8⤵
        
        PID:4120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2588 -s 236
        7⤵
        Program crash
        
        PID:3312
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1864 -s 240
        6⤵
        Program crash
        
        PID:1300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52346.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53929.exe
        6⤵
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28761.exe
        7⤵
        
        PID:3464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42295.exe
        8⤵
        
        PID:5060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57928.exe
        9⤵
        
        PID:6904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35038.exe
        10⤵
        
        PID:9032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12142.exe
        11⤵
        
        PID:11572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9032 -s 236
        11⤵
        
        PID:5436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6904 -s 236
        10⤵
        
        PID:9844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5060 -s 216
        9⤵
        
        PID:7532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3464 -s 216
        8⤵
        
        PID:5624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1636 -s 236
        7⤵
        
        PID:4436
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2040 -s 236
        6⤵
        Program crash
        
        PID:1904
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2416 -s 240
        5⤵
        Program crash
        
        PID:1780
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2912 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1704
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5143.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5143.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51433.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51433.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49378.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26903.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10120.exe
        7⤵
        
        PID:1216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29062.exe
        8⤵
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30105.exe
        9⤵
        
        PID:3780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18402.exe
        10⤵
        
        PID:4280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17036.exe
        11⤵
        
        PID:7720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42874.exe
        12⤵
        
        PID:10816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27763.exe
        13⤵
        
        PID:7624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10816 -s 216
        13⤵
        
        PID:8176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7720 -s 216
        12⤵
        
        PID:11316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4280 -s 236
        11⤵
        
        PID:9184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3780 -s 216
        10⤵
        
        PID:6676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1628 -s 216
        9⤵
        
        PID:4148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42911.exe
        8⤵
        
        PID:3884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21356.exe
        9⤵
        
        PID:5512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8208.exe
        10⤵
        
        PID:7732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14529.exe
        11⤵
        
        PID:9900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44618.exe
        12⤵
        
        PID:12092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9900 -s 216
        12⤵
        
        PID:12492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7732 -s 216
        11⤵
        
        PID:10928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5512 -s 216
        10⤵
        
        PID:9024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3884 -s 216
        9⤵
        
        PID:7048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1216 -s 220
        8⤵
        
        PID:4444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62481.exe
        7⤵
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41781.exe
        8⤵
        
        PID:3388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55782.exe
        9⤵
        
        PID:5276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22407.exe
        10⤵
        
        PID:7336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34218.exe
        11⤵
        
        PID:10136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27815.exe
        12⤵
        
        PID:12132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10136 -s 216
        12⤵
        
        PID:7436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7336 -s 216
        11⤵
        
        PID:10672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5276 -s 216
        10⤵
        
        PID:8812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3388 -s 216
        9⤵
        
        PID:6808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2420 -s 236
        8⤵
        
        PID:4648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2448 -s 240
        7⤵
        Program crash
        
        PID:3176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51708.exe
        6⤵
        
        PID:1900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14863.exe
        7⤵
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25061.exe
        8⤵
        
        PID:3772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3976.exe
        9⤵
        
        PID:4236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41784.exe
        10⤵
        
        PID:6356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8670.exe
        11⤵
        
        PID:9324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43336.exe
        12⤵
        
        PID:12116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9324 -s 236
        12⤵
        
        PID:11960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6356 -s 216
        11⤵
        
        PID:9868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4236 -s 236
        10⤵
        
        PID:7292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3772 -s 216
        9⤵
        
        PID:5576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2748 -s 236
        8⤵
        
        PID:4684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31837.exe
        7⤵
        
        PID:3800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14282.exe
        8⤵
        
        PID:4108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2938.exe
        9⤵
        
        PID:6428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37093.exe
        10⤵
        
        PID:9056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34042.exe
        11⤵
        
        PID:10880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8297.exe
        12⤵
        
        PID:12844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9056 -s 236
        11⤵
        
        PID:11480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6428 -s 216
        10⤵
        
        PID:10100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4108 -s 216
        9⤵
        
        PID:8028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3800 -s 236
        8⤵
        
        PID:5744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1900 -s 220
        7⤵
        
        PID:4560
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1808 -s 240
        6⤵
        Program crash
        
        PID:2240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41847.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26649.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10587.exe
        7⤵
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17277.exe
        8⤵
        
        PID:4008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27687.exe
        9⤵
        
        PID:4472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31561.exe
        10⤵
        
        PID:7068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1462.exe
        11⤵
        
        PID:9832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40212.exe
        12⤵
        
        PID:11552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9832 -s 216
        12⤵
        
        PID:1480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7068 -s 216
        11⤵
        
        PID:10452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4472 -s 216
        10⤵
        
        PID:8424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4008 -s 216
        9⤵
        
        PID:6628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2508 -s 236
        8⤵
        
        PID:4548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54780.exe
        7⤵
        
        PID:4064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19519.exe
        8⤵
        
        PID:4332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3548.exe
        9⤵
        
        PID:6860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13413.exe
        10⤵
        
        PID:9936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29953.exe
        11⤵
        
        PID:11972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9936 -s 216
        11⤵
        
        PID:7056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6860 -s 216
        10⤵
        
        PID:10504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4332 -s 216
        9⤵
        
        PID:8504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4064 -s 216
        8⤵
        
        PID:6640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2548 -s 220
        7⤵
        
        PID:4568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25532.exe
        6⤵
        
        PID:1884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62393.exe
        7⤵
        
        PID:3280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44900.exe
        8⤵
        
        PID:5208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3356.exe
        9⤵
        
        PID:7188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7188 -s 300
        10⤵
        
        PID:10016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5208 -s 216
        9⤵
        
        PID:8684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3280 -s 236
        8⤵
        
        PID:6732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1884 -s 236
        7⤵
        
        PID:4760
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1440 -s 220
        6⤵
        Program crash
        
        PID:3128
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2428 -s 240
        5⤵
        Program crash
        
        PID:2332
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 316 -s 236
      4⤵
      Program crash
      PID:2636
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2632 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:1840
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2400 -s 240
  2⤵
  - Program crash
  PID:2736

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-2645.exe

Filesize
184KB

MD5
126e38655c66a4de1389be3b900431fa

SHA1
943548818166ea041e06c3941fd43558400c9044

SHA256
4574558dd87d7d14ad51ce45167c2f26c667eaabdfba5129d7380a4da95b01b9

SHA512
86f460d3d37c2dc3948164df5cd2ba42dd0d05ab23b6f8fb8e83a83595122de2dfae010b9e0909ed6e12575237701905c9580b6d3bf6354d778e18fdb4e2f8a7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27064.exe

Filesize
184KB

MD5
6276d6940254eff15fc163e242e2c7c0

SHA1
a7fa298641c38808c8542d2fe61901f5be27a378

SHA256
083fbb4d8e262f22f674e71dfac87a48dd43f4af6011361339dd8f92d12ac8b0

SHA512
7de701b2e9adc8605f1162834496ec90cd798915050af66a5c5789d11b897c0d5dc9f59dd5e50252e38acd0d42d4e15831be9c1c89fcc6b0d782db2a7853787d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36548.exe

Filesize
184KB

MD5
de48c28a6de0c971d8d5d494305395a6

SHA1
769a2373ec2e73af620776ccc6b99cc66d2479d8

SHA256
ed3027c25dae03b7b89425831e6026e49efd549dfa9b46e31ec41697468ec549

SHA512
37158b6fa3b3ff1e45bcf48389ef897f682dc5c245f3c243bcadc8ab23d87ee96f55cf0e0ea67441675c3865273ec4852a3959c4415b82ec467596c5d27d3595

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39901.exe

Filesize
184KB

MD5
7790caf3ffac8d2288b4e6cc77223257

SHA1
f1542c2fb4d43871d85200802d234f288921f34f

SHA256
2a06d622038743cc8943be188ba2cf4c2814ae159cc69cef30777064c3c95240

SHA512
8317368c36987871c247588a332c26cdb3de02d54e8a7f9789e59b94a565e90e5fd40a57b28ca94810be2b201f9861278209c76219e953bc8049430d2b51b9c7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40576.exe

Filesize
184KB

MD5
748bd26f118c21489363f0c1d62a07f0

SHA1
c6c18ac03f8743eaf33ec2225f0da05668ffeb2d

SHA256
c6c9a6465d85b4e6558d6bfae6f3114025c441f44a50543c5a0ad0c217d7db87

SHA512
ccc1b76fec6efda862b4d4fc6d4863e6edf4d21e721de45ac37d20e3f81aa02d014b5d1133bbb52dec61dece003b98536faed9eaf4d0663c2213a228ffe30828

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44386.exe

Filesize
184KB

MD5
c64ed97c12d062487b4e27ee65823973

SHA1
37cfbfa0ce61272b5c484f4455506db6d87fe326

SHA256
a978347af7e2e7becdbb2f103e75ce809a11e06f76c2139639ea1bfb557e4d60

SHA512
3b563f2e3306924f131cc3a8129fcd1f9ec984ab97587a71712217dc4069323e42d9df50725abebf66704a4b43d782af76cd733b7a2038b65f143c06e2c659fe

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45303.exe

Filesize
184KB

MD5
6b3ef7b7df623ca40efc1a427717f05c

SHA1
510e3870525d521110e27f12c6f733a4af0f355a

SHA256
d519ce378a74d46883c4db56d1b58b1b146ecb38338d98e7b06912f21074a09e

SHA512
76842a4c4ee626d24bd150d92aa42cae94909e8e6920e3905e35dcc789d80884d6026b2566ad3e087cffd5c2f5e3939a567e8ef01ab817dddcf55da85a7d0c20

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49849.exe

Filesize
184KB

MD5
854643fcb00efe6010d1612c1508a122

SHA1
c9789173ac38424534b77e013047a23cb636834e

SHA256
ad587eecf845199e0a22eb0cde1e0ff54541d588f95fb4cd6bb2980ee10aeab8

SHA512
f064d9eca18c3a097c261a50b793232704780cf3d6240a43a872173e9c6d0741492910d360d18fee4f8a8aa830ee5fd12271220d393c63071b431b4494473c4d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49942.exe

Filesize
184KB

MD5
c04f84d2b847b2709052557aab68a491

SHA1
57e19541cd9e80c27fc9d224de092efb2ff9db13

SHA256
8b8b40614687a3831dc6e149b1abb41ae76977b51960faceb38ac133f7410512

SHA512
4cff4d9f114bc76af6f433943240f8120dbbc62aa004fcfb57589f8e570ac02c1b7d83920512c8596139538247b9ae07db152bef172cbf278b17544e156178c5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5686.exe

Filesize
184KB

MD5
8e10045900c2a01aebdaa56a0f635f58

SHA1
96cec39ce455a5e822b6d111a8142c1ecd250f78

SHA256
0c29f1fd08bb56b626ead55db88b6fc72c81dc0d567d0b67894e270c02379a03

SHA512
888830ca39bd94d8362d1620d91bb778d9683cb33b3ed02324cb36f1c6123631a2d92e2d3d21c94a061a2d5530acc61d0bca6b5baa1bc27f3daae345b98982af

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6036.exe

Filesize
184KB

MD5
81d6393f0395dc4276b7ff15cf046dcf

SHA1
09f7e94577374424e0d7ed27b0f31768df9a8306

SHA256
5806ca635dd35a7899ce13589657b652a0df194fd12cf5a934bf647324758f72

SHA512
51f3282c87d86bc55db8e8869f1a1a96bd22dcb0ce670dce9c0f106cc6ae7f865217fcf19bdd8548d4ba58c26de1089cc54b999ea4be54525907e49c0e47dd73

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6399.exe

Filesize
184KB

MD5
aa810ded5228d739a7b9a046ec5874d2

SHA1
fd7d5715160aceca60e648a3dae720f439192eef

SHA256
d6b40ca2fb6f02b1bad28111b3160c7a681093a0b2cd717bf43cd926e909fa87

SHA512
5956ea65f42ed03444144237b7c40cbee8e7cf2d9dcdbba01311f40455753ab08325c440d49c47951d098ef0fbd2725d20ef0f3d0aeb9efbf868d9c1efc47f23

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64095.exe

Filesize
184KB

MD5
e0948c4e039b2aa54f94fe8fea4e5c21

SHA1
c995221fd55851c5958855a556f66555e4100abf

SHA256
59eecb7284ebe774252c2e0f304e0fc8e3ab9059b62ac6801dba34c4a2b1a96a

SHA512
587ea8a030fc91540e9a056d68b037adad1947c9e82686b2d5a4b8abda1f31de0a69d3abb661caae7632c8d8f4ddf2090d53b6c223898f3186e70907c52483c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6415.exe

Filesize
184KB

MD5
f848549f4e9b4a85c0de8941146e1640

SHA1
223b310e09e9a73cfd99ca78f0e55b9fd7da46b8

SHA256
f679767cfb9834581cc86f95681adf6d3124c284d4deda4847c543cb1287726e

SHA512
21a9ecddd536c00f109860d67d4e0e4e8de07f79cd91cecafbb34f90fb8f62b861d0520f81e0c60dd3025bb63380366695974820fbb610589b0206a522c1793b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9227.exe

Filesize
184KB

MD5
779e396b2e1786387205c441c5c4a857

SHA1
73433d76e48acb4ead71dfe36d3b35f6000ebde3

SHA256
cc5c7217b94bbaa5b4cf865c9ef0529b71d701ba488634b23f365f56c5f7ae96

SHA512
39acd96f12fcd010803ba39e1a0fac571588097241b8ae38f302ce049bbd25b5bde9083268935fbd5d96f9ad2e16a26dec16be2efa2cd6a1eea62d4329457c54

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9895.exe

Filesize
184KB

MD5
874ae01adbe941da477b050ccbaa3209

SHA1
488074890eedc84c4b8098a09f80d21e7726950e

SHA256
e2751aa1b38f2b9f85e02ce94a90dfb116e4c08ef1f982ea4f9a8d1992a342d8

SHA512
8c8d20bed17f48cd62f42d7296d267e8fe3cdbc52b31761bb2eddc85999f8d76e61951273ba2ef307d4e63b50c34b9585d48cd54db62919e1a62670da81c2699

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-1656.exe

Filesize
184KB

MD5
69c9175de4e445a1713f6e42db61072e

SHA1
a9b35539cee5734565c4e0b9583923b405b8bbe4

SHA256
30b8b42f29918d048975ec7b6fd03250464efd02e5d377f0c1a01049658655a9

SHA512
faf62a5eeffc537a4570d4b425116b1e7a59a7ea99a0b0a1f7e34bdc4e05211cea0b2f7184417c2d663cadfd655d040dc94fa6c8ba7fec5d0a201036a96801cf

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-17265.exe

Filesize
184KB

MD5
2a6b83a35849643282e4a1c41b37446c

SHA1
62805da6ad4f84976ee8cf18c29c16de5f37d9cd

SHA256
b2a6dba662619fb43e231f5403d3493ec9afa3abe402efc3d753b61997ef0002

SHA512
550ba1794634c702728055305f2b1f849b06863bb64fd051a60a3b43306adec5a0e4cc193d35ed1a187cc0070b7645dac1fef0e2f77554418e9ccc44781a9b90

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-22077.exe

Filesize
184KB

MD5
f663e068ec19cc39d131df50e1001ebe

SHA1
220b5f031f18e28840aa2b212c0bcce8ece3bc39

SHA256
b17c75135dd34a5b136783540f55e130a8b7182d2cbe55f873e27ce6aa66ed46

SHA512
1e1c8d483a7eeb47098b31b7c20f53cbd48a978cee6cd6914ed20147c717785e142aadd2a190d30c69beafb486f0bea49948aec50288c095cfed5d43024f86cf

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-29093.exe

Filesize
184KB

MD5
fbf7cc23e8963be130f4391b9128e3de

SHA1
c78c1416c09783e6df3bec46955ba6b19e14507b

SHA256
7d5c368c50a97392d6dd7a3e1eadfb14889a8b275dd9eec0fe81be60e18579e7

SHA512
2a5fafc7b8895ec32cd06394e3bf3374e7d9b513f343387365d08c6d80ec4a6a3197d0ed281aca95eabaf4621458ac91c626fae6a7c30a72cb836c15d4348e14

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-31148.exe

Filesize
184KB

MD5
91c5e59fbb61a7b83c436687b429a9fc

SHA1
27371f6af014c972551144e30df8ac908b73786b

SHA256
576cca2b1fcb9bda4d561fef26bf516c0de288f58a919b6525e02d544195dcb1

SHA512
9a07a9abcd93400883070118ac6932d5fd662f0f4f368c0ded8dfd2bc2315a70b1f43a1c9b8fdbed211116bcd23610393c265e9aa2d22ab8a20d909968b38c00

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-41407.exe

Filesize
184KB

MD5
c49b7da9ef5a7146241c09efb03fb629

SHA1
e422012acb1f6ab75734ff564a370c9637f79c30

SHA256
0f556a48b0cf2f6eae99a6db9aecfd5c96c911a13fdfcd1bd824c4a0fba213ee

SHA512
a491d5a4c54e8c29f31ceb72c023069cc000698258dfe8733fbebd198e0d7e604e36b68a95edf60f9113a2e798a238174f6bdf0625d6740034830fa8b089ac0f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-46093.exe

Filesize
184KB

MD5
9386be3f91c93504cbc84d061aafb480

SHA1
59781ca696ffa1506c81df6f8334d04742732704

SHA256
c70126a5931d732f3dae0a4fa82944b7d0eb873e500f31ad6cbf92236c6cb278

SHA512
f38548d9e8bb52390fbd4340f33e463d073c9b2088b3a2fd500f3e95618b732fe3e4464add8bb5c63789c29a020a8f4da392ed118d7e6fb8d28d9980245ef980

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-5143.exe

Filesize
184KB

MD5
293511eadf3ce6a1bcdff1919e9e24cf

SHA1
cd5b47833c1608e88a9b9164aaadb01eb9356fc2

SHA256
11f4503800e6313d63ef8738de638ec38f6e3f18b8121db5f52e5dfb92d4a49e

SHA512
d68321ab6e7143035043dd9ad2a13b8eef82de96b08009f443474217553f3d670a93d4933557f477ec40c119fd1e40920ee1728d1e217b1d6eeaa6f659180438

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-52507.exe

Filesize
184KB

MD5
31ef04479a6ce691040bfc9aff2ad87d

SHA1
909e4ca77b9992d3d110e13a991873d3e70c0ca4

SHA256
3504777236dbd9713ca42ef5b77037b8226a023b067493a940373b6e77c85211

SHA512
a2130f661d1739d205c4c3999c6841895e72f72475f267a27ba5ea7bc8e1d5f04f8cf8ed26e6fd67da01c01c1f1cf1ad4aa24a87d6f4599f02b8ed1904fe8637

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55735.exe

Filesize
184KB

MD5
2d81a66dd5cb983e614a835c619b7021

SHA1
860e115daceeef06e619d8ce2b65a9f30e6c675a

SHA256
175ef6ac763dd8c74d64fc3cfec6835c50b8e3ccb46e39a6bde370f43a35a083

SHA512
369acb77ba994ae1f9df33777e73314ea9c5f35e8a40655a8aafdc350f0b450f14f8c369f204259922c3b8455cc7606ff1f1bfa4f3c7bcd023941f956d8b05c9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-63664.exe

Filesize
184KB

MD5
28d69b110e967284b217997d223b7a69

SHA1
99d3c3428b8ba5fe8ead8a1dd584d3e7a058dc05

SHA256
05b4b480c6d6487ce33aa6000e4ed629f62080f5d473d7be52f354f149e0ba02

SHA512
c32ce0ac8cec0147e56bcb7402c5bff8eaf365688a0ee738348bfe7244fa8119f50febf4373c929a0d4b30841f80403a2074eede8187a46818cfcb297f5a4a33

Download Submit