202e3cf7c7721f296315aa0f28ec73d78e9459420478315a36cfae34f0c72054

Analysis

max time kernel
150s
max time network
117s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
22/05/2024, 19:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

202e3cf7c7721f296315aa0f28ec73d78e9459420478315a36cfae34f0c72054.exe
Size

184KB
MD5

d0104561683fb58a9bc0647dfd3d0ea3
SHA1

9a464168043347b9de4b6fc3402d51204ce58da0
SHA256

202e3cf7c7721f296315aa0f28ec73d78e9459420478315a36cfae34f0c72054
SHA512

7e164b743e23fb2c68b95fd84a593494e21bb4bd4d5a5879b375f4c38bcd095bcb77c1bd5a514cfaf24c38f9c3896dfd89909383d995e2957d8feb8096e1914d
SSDEEP

3072:hKuu9goU7HWvdpjYefeB94+pImY+lsNVpHYrd5q6psKblnVOFb:hKaonVpj6Bi+pIv9ZublnVOF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2620	Unicorn-55275.exe
2596	Unicorn-22650.exe
2556	Unicorn-53931.exe
2452	Unicorn-48306.exe
2568	Unicorn-28440.exe
2320	Unicorn-36054.exe
2860	Unicorn-44305.exe
2848	Unicorn-24439.exe
1808	Unicorn-13578.exe
864	Unicorn-46998.exe
1240	Unicorn-1326.exe
2060	Unicorn-54694.exe
2028	Unicorn-9577.exe
1876	Unicorn-40858.exe
332	Unicorn-44943.exe
692	Unicorn-29998.exe
1412	Unicorn-34082.exe
588	Unicorn-14216.exe
1720	Unicorn-64808.exe
2224	Unicorn-49624.exe
2388	Unicorn-64569.exe
956	Unicorn-57792.exe
3068	Unicorn-59115.exe
912	Unicorn-64590.exe
2124	Unicorn-33864.exe
2160	Unicorn-13998.exe
2300	Unicorn-21612.exe
1756	Unicorn-56422.exe
572	Unicorn-36556.exe
1440	Unicorn-5830.exe
2984	Unicorn-25203.exe
2548	Unicorn-25203.exe
2968	Unicorn-40147.exe
2192	Unicorn-21673.exe
2468	Unicorn-19713.exe
2876	Unicorn-34657.exe
2400	Unicorn-23797.exe
1636	Unicorn-8015.exe
2636	Unicorn-27881.exe
2844	Unicorn-42825.exe
1520	Unicorn-9406.exe
1628	Unicorn-44217.exe
288	Unicorn-28435.exe
2580	Unicorn-37995.exe
2296	Unicorn-7268.exe
1500	Unicorn-25743.exe
2260	Unicorn-40687.exe
2032	Unicorn-60553.exe
1260	Unicorn-12997.exe
544	Unicorn-49131.exe
604	Unicorn-38270.exe
2320	Unicorn-45047.exe
1576	Unicorn-15712.exe
472	Unicorn-15712.exe
2780	Unicorn-40216.exe
1956	Unicorn-55161.exe
2836	Unicorn-27964.exe
1952	Unicorn-42908.exe
2008	Unicorn-25826.exe
2512	Unicorn-60636.exe
2668	Unicorn-33994.exe
2404	Unicorn-33994.exe
2200	Unicorn-34548.exe
2460	Unicorn-23688.exe

Loads dropped DLL 64 IoCs

pid	Process
2312	202e3cf7c7721f296315aa0f28ec73d78e9459420478315a36cfae34f0c72054.exe
2312	202e3cf7c7721f296315aa0f28ec73d78e9459420478315a36cfae34f0c72054.exe
2620	Unicorn-55275.exe
2620	Unicorn-55275.exe
2312	202e3cf7c7721f296315aa0f28ec73d78e9459420478315a36cfae34f0c72054.exe
2312	202e3cf7c7721f296315aa0f28ec73d78e9459420478315a36cfae34f0c72054.exe
2620	Unicorn-55275.exe
2596	Unicorn-22650.exe
2596	Unicorn-22650.exe
2620	Unicorn-55275.exe
2556	Unicorn-53931.exe
2556	Unicorn-53931.exe
2632	WerFault.exe
2632	WerFault.exe
2632	WerFault.exe
2632	WerFault.exe
2632	WerFault.exe
2596	Unicorn-22650.exe
2452	Unicorn-48306.exe
2596	Unicorn-22650.exe
2452	Unicorn-48306.exe
2568	Unicorn-28440.exe
2568	Unicorn-28440.exe
2320	Unicorn-36054.exe
2556	Unicorn-53931.exe
2556	Unicorn-53931.exe
2320	Unicorn-36054.exe
1276	WerFault.exe
1276	WerFault.exe
1276	WerFault.exe
1276	WerFault.exe
1532	WerFault.exe
1532	WerFault.exe
1532	WerFault.exe
1532	WerFault.exe
1276	WerFault.exe
1532	WerFault.exe
2848	Unicorn-24439.exe
2848	Unicorn-24439.exe
2860	Unicorn-44305.exe
2860	Unicorn-44305.exe
2452	Unicorn-48306.exe
2452	Unicorn-48306.exe
1240	Unicorn-1326.exe
1240	Unicorn-1326.exe
2320	Unicorn-36054.exe
2320	Unicorn-36054.exe
2568	Unicorn-28440.exe
864	Unicorn-46998.exe
2568	Unicorn-28440.exe
864	Unicorn-46998.exe
1808	Unicorn-13578.exe
1808	Unicorn-13578.exe
2832	WerFault.exe
2832	WerFault.exe
2832	WerFault.exe
2832	WerFault.exe
2832	WerFault.exe
1684	WerFault.exe
1684	WerFault.exe
1684	WerFault.exe
1684	WerFault.exe
1684	WerFault.exe
2060	Unicorn-54694.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2440	2312	WerFault.exe	27
2632	2620	WerFault.exe	28
1276	2596	WerFault.exe	29
1532	2556	WerFault.exe	30
2832	2452	WerFault.exe	33
1684	2568	WerFault.exe	32
1540	2848	WerFault.exe	37
2752	2860	WerFault.exe	36
2588	1240	WerFault.exe	39
2660	1808	WerFault.exe	38
1036	864	WerFault.exe	40
2056	2060	WerFault.exe	43
1428	1876	WerFault.exe	45
1416	2028	WerFault.exe	44
1592	1412	WerFault.exe	49
2784	332	WerFault.exe	47
1072	1720	WerFault.exe	50
1984	692	WerFault.exe	46
1456	2876	WerFault.exe	74
1616	2388	WerFault.exe	54
2444	2224	WerFault.exe	53
896	956	WerFault.exe	55
1600	3068	WerFault.exe	56
1272	912	WerFault.exe	57
2592	2124	WerFault.exe	58
296	2160	WerFault.exe	59
2732	1440	WerFault.exe	63
1544	572	WerFault.exe	62
764	2300	WerFault.exe	60
1948	1756	WerFault.exe	61
2484	2984	WerFault.exe	66
1012	2548	WerFault.exe	67
924	2468	WerFault.exe	73
2340	2400	WerFault.exe	75
3228	1520	WerFault.exe	79
3264	1500	WerFault.exe	84
3296	2032	WerFault.exe	86
3308	2260	WerFault.exe	85
3404	2296	WerFault.exe	83
3432	1636	WerFault.exe	76
3440	1628	WerFault.exe	80
3456	2844	WerFault.exe	78
3564	2192	WerFault.exe	72
3676	2580	WerFault.exe	82
3700	2636	WerFault.exe	77
3716	288	WerFault.exe	81
3592	544	WerFault.exe	91
3836	1260	WerFault.exe	90
604	1576	WerFault.exe	98
3664	472	WerFault.exe	99
3760	1952	WerFault.exe	104
3840	2780	WerFault.exe	100
3880	2320	WerFault.exe	93
3920	2512	WerFault.exe	106
3956	2680	WerFault.exe	118
4056	2756	WerFault.exe	112
4092	2888	WerFault.exe	114
3136	2200	WerFault.exe	109
4024	2008	WerFault.exe	105
3624	2352	WerFault.exe	126
3572	704	WerFault.exe	127
4112	2328	WerFault.exe	130
4124	2284	WerFault.exe	129
4220	2424	WerFault.exe	132

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2312	202e3cf7c7721f296315aa0f28ec73d78e9459420478315a36cfae34f0c72054.exe
2620	Unicorn-55275.exe
2596	Unicorn-22650.exe
2556	Unicorn-53931.exe
2452	Unicorn-48306.exe
2568	Unicorn-28440.exe
2320	Unicorn-36054.exe
2848	Unicorn-24439.exe
2860	Unicorn-44305.exe
1240	Unicorn-1326.exe
1808	Unicorn-13578.exe
864	Unicorn-46998.exe
2060	Unicorn-54694.exe
2028	Unicorn-9577.exe
1876	Unicorn-40858.exe
332	Unicorn-44943.exe
1720	Unicorn-64808.exe
1412	Unicorn-34082.exe
692	Unicorn-29998.exe
588	Unicorn-14216.exe
2388	Unicorn-64569.exe
2224	Unicorn-49624.exe
956	Unicorn-57792.exe
3068	Unicorn-59115.exe
912	Unicorn-64590.exe
2124	Unicorn-33864.exe
2160	Unicorn-13998.exe
2300	Unicorn-21612.exe
572	Unicorn-36556.exe
1756	Unicorn-56422.exe
1440	Unicorn-5830.exe
2984	Unicorn-25203.exe
2548	Unicorn-25203.exe
2968	Unicorn-40147.exe
2192	Unicorn-21673.exe
2468	Unicorn-19713.exe
2876	Unicorn-34657.exe
2400	Unicorn-23797.exe
1636	Unicorn-8015.exe
2636	Unicorn-27881.exe
2844	Unicorn-42825.exe
1520	Unicorn-9406.exe
1628	Unicorn-44217.exe
288	Unicorn-28435.exe
2580	Unicorn-37995.exe
1500	Unicorn-25743.exe
2296	Unicorn-7268.exe
2260	Unicorn-40687.exe
2032	Unicorn-60553.exe
1260	Unicorn-12997.exe
544	Unicorn-49131.exe
604	Unicorn-38270.exe
2320	Unicorn-45047.exe
1576	Unicorn-15712.exe
472	Unicorn-15712.exe
2780	Unicorn-40216.exe
1956	Unicorn-55161.exe
1952	Unicorn-42908.exe
2836	Unicorn-27964.exe
2008	Unicorn-25826.exe
2512	Unicorn-60636.exe
2668	Unicorn-33994.exe
2404	Unicorn-33994.exe
2200	Unicorn-34548.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2312 wrote to memory of 2620	2312	202e3cf7c7721f296315aa0f28ec73d78e9459420478315a36cfae34f0c72054.exe	28
PID 2312 wrote to memory of 2620	2312	202e3cf7c7721f296315aa0f28ec73d78e9459420478315a36cfae34f0c72054.exe	28
PID 2312 wrote to memory of 2620	2312	202e3cf7c7721f296315aa0f28ec73d78e9459420478315a36cfae34f0c72054.exe	28
PID 2312 wrote to memory of 2620	2312	202e3cf7c7721f296315aa0f28ec73d78e9459420478315a36cfae34f0c72054.exe	28
PID 2620 wrote to memory of 2596	2620	Unicorn-55275.exe	29
PID 2620 wrote to memory of 2596	2620	Unicorn-55275.exe	29
PID 2620 wrote to memory of 2596	2620	Unicorn-55275.exe	29
PID 2620 wrote to memory of 2596	2620	Unicorn-55275.exe	29
PID 2312 wrote to memory of 2556	2312	202e3cf7c7721f296315aa0f28ec73d78e9459420478315a36cfae34f0c72054.exe	30
PID 2312 wrote to memory of 2556	2312	202e3cf7c7721f296315aa0f28ec73d78e9459420478315a36cfae34f0c72054.exe	30
PID 2312 wrote to memory of 2556	2312	202e3cf7c7721f296315aa0f28ec73d78e9459420478315a36cfae34f0c72054.exe	30
PID 2312 wrote to memory of 2556	2312	202e3cf7c7721f296315aa0f28ec73d78e9459420478315a36cfae34f0c72054.exe	30
PID 2312 wrote to memory of 2440	2312	202e3cf7c7721f296315aa0f28ec73d78e9459420478315a36cfae34f0c72054.exe	31
PID 2312 wrote to memory of 2440	2312	202e3cf7c7721f296315aa0f28ec73d78e9459420478315a36cfae34f0c72054.exe	31
PID 2312 wrote to memory of 2440	2312	202e3cf7c7721f296315aa0f28ec73d78e9459420478315a36cfae34f0c72054.exe	31
PID 2312 wrote to memory of 2440	2312	202e3cf7c7721f296315aa0f28ec73d78e9459420478315a36cfae34f0c72054.exe	31
PID 2596 wrote to memory of 2452	2596	Unicorn-22650.exe	33
PID 2596 wrote to memory of 2452	2596	Unicorn-22650.exe	33
PID 2596 wrote to memory of 2452	2596	Unicorn-22650.exe	33
PID 2596 wrote to memory of 2452	2596	Unicorn-22650.exe	33
PID 2620 wrote to memory of 2568	2620	Unicorn-55275.exe	32
PID 2620 wrote to memory of 2568	2620	Unicorn-55275.exe	32
PID 2620 wrote to memory of 2568	2620	Unicorn-55275.exe	32
PID 2620 wrote to memory of 2568	2620	Unicorn-55275.exe	32
PID 2556 wrote to memory of 2320	2556	Unicorn-53931.exe	34
PID 2556 wrote to memory of 2320	2556	Unicorn-53931.exe	34
PID 2556 wrote to memory of 2320	2556	Unicorn-53931.exe	34
PID 2556 wrote to memory of 2320	2556	Unicorn-53931.exe	34
PID 2620 wrote to memory of 2632	2620	Unicorn-55275.exe	35
PID 2620 wrote to memory of 2632	2620	Unicorn-55275.exe	35
PID 2620 wrote to memory of 2632	2620	Unicorn-55275.exe	35
PID 2620 wrote to memory of 2632	2620	Unicorn-55275.exe	35
PID 2452 wrote to memory of 2860	2452	Unicorn-48306.exe	36
PID 2596 wrote to memory of 2848	2596	Unicorn-22650.exe	37
PID 2452 wrote to memory of 2860	2452	Unicorn-48306.exe	36
PID 2596 wrote to memory of 2848	2596	Unicorn-22650.exe	37
PID 2452 wrote to memory of 2860	2452	Unicorn-48306.exe	36
PID 2596 wrote to memory of 2848	2596	Unicorn-22650.exe	37
PID 2452 wrote to memory of 2860	2452	Unicorn-48306.exe	36
PID 2596 wrote to memory of 2848	2596	Unicorn-22650.exe	37
PID 2568 wrote to memory of 1808	2568	Unicorn-28440.exe	38
PID 2568 wrote to memory of 1808	2568	Unicorn-28440.exe	38
PID 2568 wrote to memory of 1808	2568	Unicorn-28440.exe	38
PID 2568 wrote to memory of 1808	2568	Unicorn-28440.exe	38
PID 2556 wrote to memory of 864	2556	Unicorn-53931.exe	40
PID 2556 wrote to memory of 864	2556	Unicorn-53931.exe	40
PID 2556 wrote to memory of 864	2556	Unicorn-53931.exe	40
PID 2556 wrote to memory of 864	2556	Unicorn-53931.exe	40
PID 2320 wrote to memory of 1240	2320	Unicorn-36054.exe	39
PID 2320 wrote to memory of 1240	2320	Unicorn-36054.exe	39
PID 2320 wrote to memory of 1240	2320	Unicorn-36054.exe	39
PID 2320 wrote to memory of 1240	2320	Unicorn-36054.exe	39
PID 2596 wrote to memory of 1276	2596	Unicorn-22650.exe	41
PID 2596 wrote to memory of 1276	2596	Unicorn-22650.exe	41
PID 2596 wrote to memory of 1276	2596	Unicorn-22650.exe	41
PID 2596 wrote to memory of 1276	2596	Unicorn-22650.exe	41
PID 2556 wrote to memory of 1532	2556	Unicorn-53931.exe	42
PID 2556 wrote to memory of 1532	2556	Unicorn-53931.exe	42
PID 2556 wrote to memory of 1532	2556	Unicorn-53931.exe	42
PID 2556 wrote to memory of 1532	2556	Unicorn-53931.exe	42
PID 2848 wrote to memory of 2060	2848	Unicorn-24439.exe	43
PID 2848 wrote to memory of 2060	2848	Unicorn-24439.exe	43
PID 2848 wrote to memory of 2060	2848	Unicorn-24439.exe	43
PID 2848 wrote to memory of 2060	2848	Unicorn-24439.exe	43

C:\Users\Admin\AppData\Local\Temp\202e3cf7c7721f296315aa0f28ec73d78e9459420478315a36cfae34f0c72054.exe
"C:\Users\Admin\AppData\Local\Temp\202e3cf7c7721f296315aa0f28ec73d78e9459420478315a36cfae34f0c72054.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2312
- C:\Users\Admin\AppData\Local\Temp\Unicorn-55275.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-55275.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2620
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22650.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22650.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48306.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48306.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44305.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9577.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21673.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40216.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39614.exe
        9⤵
        
        PID:1996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52032.exe
        10⤵
        
        PID:3684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47668.exe
        11⤵
        
        PID:5276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31109.exe
        12⤵
        
        PID:8060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51711.exe
        13⤵
        
        PID:10632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28912.exe
        14⤵
        
        PID:13484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10632 -s 216
        14⤵
        
        PID:14304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8060 -s 216
        13⤵
        
        PID:11312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5276 -s 216
        12⤵
        
        PID:9388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3684 -s 216
        11⤵
        
        PID:6964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1996 -s 216
        10⤵
        
        PID:5644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2780 -s 216
        9⤵
        Program crash
        
        PID:3840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46391.exe
        8⤵
        
        PID:1560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54362.exe
        9⤵
        
        PID:3504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56329.exe
        10⤵
        
        PID:5676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28312.exe
        11⤵
        
        PID:7736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54129.exe
        12⤵
        
        PID:10104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8221.exe
        13⤵
        
        PID:11936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62347.exe
        14⤵
        
        PID:13856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10104 -s 220
        13⤵
        
        PID:12816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7736 -s 216
        12⤵
        
        PID:10908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5676 -s 216
        11⤵
        
        PID:8548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3504 -s 216
        10⤵
        
        PID:7040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1560 -s 236
        9⤵
        
        PID:5052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2192 -s 240
        8⤵
        Program crash
        
        PID:3564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2028 -s 236
        7⤵
        Program crash
        
        PID:1416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59115.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23797.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27964.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39614.exe
        9⤵
        
        PID:1904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56417.exe
        10⤵
        
        PID:4040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24259.exe
        11⤵
        
        PID:4228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55940.exe
        12⤵
        
        PID:7120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10190.exe
        13⤵
        
        PID:9448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3068.exe
        14⤵
        
        PID:12236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30718.exe
        15⤵
        
        PID:8332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9448 -s 220
        14⤵
        
        PID:12912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7120 -s 216
        13⤵
        
        PID:11080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4228 -s 216
        12⤵
        
        PID:8312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4040 -s 216
        11⤵
        
        PID:6344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1904 -s 236
        10⤵
        
        PID:4848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32467.exe
        9⤵
        
        PID:3168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2276.exe
        10⤵
        
        PID:4608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6547.exe
        11⤵
        
        PID:7004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41493.exe
        12⤵
        
        PID:9644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5590.exe
        13⤵
        
        PID:12416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44532.exe
        14⤵
        
        PID:14212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9644 -s 216
        13⤵
        
        PID:13116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7004 -s 216
        12⤵
        
        PID:11152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4608 -s 216
        11⤵
        
        PID:8612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3168 -s 216
        10⤵
        
        PID:6548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2836 -s 220
        9⤵
        
        PID:4636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28985.exe
        8⤵
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62639.exe
        9⤵
        
        PID:3940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14528.exe
        10⤵
        
        PID:5124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29106.exe
        11⤵
        
        PID:6880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33325.exe
        12⤵
        
        PID:9880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23406.exe
        13⤵
        
        PID:12004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54070.exe
        14⤵
        
        PID:14076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9880 -s 216
        13⤵
        
        PID:13216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6880 -s 216
        12⤵
        
        PID:11160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5124 -s 216
        11⤵
        
        PID:8560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3940 -s 216
        10⤵
        
        PID:6564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1664 -s 216
        9⤵
        
        PID:4808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2400 -s 240
        8⤵
        Program crash
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42908.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45836.exe
        8⤵
        
        PID:1028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31612.exe
        9⤵
        
        PID:3448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53890.exe
        10⤵
        
        PID:5204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51145.exe
        11⤵
        
        PID:7792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57850.exe
        12⤵
        
        PID:10644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64770.exe
        13⤵
        
        PID:12520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10644 -s 216
        13⤵
        
        PID:13688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7792 -s 216
        12⤵
        
        PID:12128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5204 -s 216
        11⤵
        
        PID:9328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3448 -s 216
        10⤵
        
        PID:6952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1028 -s 236
        9⤵
        
        PID:5548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1952 -s 236
        8⤵
        Program crash
        
        PID:3760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3068 -s 240
        7⤵
        Program crash
        
        PID:1600
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2860 -s 240
        6⤵
        Program crash
        
        PID:2752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40858.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57792.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19713.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15712.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11025.exe
        9⤵
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48057.exe
        10⤵
        
        PID:3508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16584.exe
        11⤵
        
        PID:4368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32183.exe
        12⤵
        
        PID:6172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15671.exe
        13⤵
        
        PID:9176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2650.exe
        14⤵
        
        PID:11280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58071.exe
        15⤵
        
        PID:7844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11280 -s 216
        15⤵
        
        PID:14116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9176 -s 236
        14⤵
        
        PID:13032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6172 -s 216
        13⤵
        
        PID:10264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4368 -s 236
        12⤵
        
        PID:7372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3508 -s 236
        11⤵
        
        PID:5384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1572 -s 236
        10⤵
        
        PID:4444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63002.exe
        9⤵
        
        PID:3536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5545.exe
        10⤵
        
        PID:3768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43968.exe
        11⤵
        
        PID:5956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5956 -s 200
        12⤵
        
        PID:7940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3768 -s 236
        11⤵
        
        PID:7424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3536 -s 236
        10⤵
        
        PID:5904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1576 -s 240
        9⤵
        Program crash
        
        PID:604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13718.exe
        8⤵
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11108.exe
        9⤵
        
        PID:3580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47118.exe
        10⤵
        
        PID:4584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63293.exe
        11⤵
        
        PID:6508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5831.exe
        12⤵
        
        PID:9348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25653.exe
        13⤵
        
        PID:10744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51849.exe
        14⤵
        
        PID:13696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10744 -s 236
        14⤵
        
        PID:7912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9348 -s 216
        13⤵
        
        PID:13068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6508 -s 216
        12⤵
        
        PID:10504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4584 -s 216
        11⤵
        
        PID:7636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3580 -s 236
        10⤵
        
        PID:6096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2644 -s 236
        9⤵
        
        PID:4484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2468 -s 240
        8⤵
        Program crash
        
        PID:924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55161.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1788.exe
        8⤵
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39396.exe
        9⤵
        
        PID:3904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33387.exe
        10⤵
        
        PID:5324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58908.exe
        11⤵
        
        PID:8052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21649.exe
        12⤵
        
        PID:9944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45061.exe
        13⤵
        
        PID:12936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55113.exe
        14⤵
        
        PID:13884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9944 -s 236
        13⤵
        
        PID:13400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8052 -s 236
        12⤵
        
        PID:11332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5324 -s 216
        11⤵
        
        PID:9144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3904 -s 216
        10⤵
        
        PID:6740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1672 -s 216
        9⤵
        
        PID:4404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27698.exe
        8⤵
        
        PID:3996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29111.exe
        9⤵
        
        PID:5472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45826.exe
        10⤵
        
        PID:6384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6384 -s 188
        11⤵
        
        PID:7456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5472 -s 216
        10⤵
        
        PID:8884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3996 -s 216
        9⤵
        
        PID:6796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1956 -s 220
        8⤵
        
        PID:4200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 956 -s 240
        7⤵
        Program crash
        
        PID:896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34657.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2876 -s 240
        7⤵
        Program crash
        
        PID:1456
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1876 -s 240
        6⤵
        Program crash
        
        PID:1428
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2452 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:2832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24439.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24439.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54694.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49624.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25203.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12997.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4611.exe
        9⤵
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45727.exe
        10⤵
        
        PID:616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21882.exe
        11⤵
        
        PID:3472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48628.exe
        12⤵
        
        PID:5332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31192.exe
        13⤵
        
        PID:8672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50232.exe
        14⤵
        
        PID:11528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37547.exe
        15⤵
        
        PID:13804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11528 -s 216
        15⤵
        
        PID:7632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8672 -s 216
        14⤵
        
        PID:11288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5332 -s 216
        13⤵
        
        PID:9840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3472 -s 216
        12⤵
        
        PID:7584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 616 -s 216
        11⤵
        
        PID:6016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38772.exe
        10⤵
        
        PID:3804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60880.exe
        11⤵
        
        PID:5428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15431.exe
        12⤵
        
        PID:8748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30196.exe
        13⤵
        
        PID:11640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38123.exe
        14⤵
        
        PID:13936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11640 -s 216
        14⤵
        
        PID:14016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8748 -s 216
        13⤵
        
        PID:12056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5428 -s 216
        12⤵
        
        PID:9904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3804 -s 216
        11⤵
        
        PID:7692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1732 -s 240
        10⤵
        
        PID:6068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29945.exe
        9⤵
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40740.exe
        10⤵
        
        PID:3520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17793.exe
        11⤵
        
        PID:5632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37798.exe
        12⤵
        
        PID:9016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55276.exe
        13⤵
        
        PID:11860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26639.exe
        14⤵
        
        PID:14140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11860 -s 216
        14⤵
        
        PID:8292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9016 -s 216
        13⤵
        
        PID:4740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5632 -s 216
        12⤵
        
        PID:10192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3520 -s 216
        11⤵
        
        PID:8076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2824 -s 216
        10⤵
        
        PID:5540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1260 -s 240
        9⤵
        Program crash
        
        PID:3836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54367.exe
        8⤵
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43589.exe
        9⤵
        
        PID:1256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44824.exe
        10⤵
        
        PID:4104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38213.exe
        11⤵
        
        PID:6012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39744.exe
        12⤵
        
        PID:9080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12297.exe
        13⤵
        
        PID:11832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5834.exe
        14⤵
        
        PID:13996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11832 -s 220
        14⤵
        
        PID:14204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9080 -s 216
        13⤵
        
        PID:11536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6012 -s 216
        12⤵
        
        PID:10236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4104 -s 216
        11⤵
        
        PID:8120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1256 -s 216
        10⤵
        
        PID:5588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2352 -s 236
        9⤵
        Program crash
        
        PID:3624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2984 -s 240
        8⤵
        Program crash
        
        PID:2484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49131.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47590.exe
        8⤵
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37367.exe
        9⤵
        
        PID:3100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44824.exe
        10⤵
        
        PID:3348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38213.exe
        11⤵
        
        PID:6076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23984.exe
        12⤵
        
        PID:9148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24550.exe
        13⤵
        
        PID:11892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32477.exe
        14⤵
        
        PID:14024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11892 -s 220
        14⤵
        
        PID:14216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9148 -s 236
        13⤵
        
        PID:11880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6076 -s 236
        12⤵
        
        PID:9804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3348 -s 216
        11⤵
        
        PID:8112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3100 -s 216
        10⤵
        
        PID:5608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2284 -s 236
        9⤵
        Program crash
        
        PID:4124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21585.exe
        8⤵
        
        PID:3148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52608.exe
        9⤵
        
        PID:3144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28208.exe
        10⤵
        
        PID:5268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31192.exe
        11⤵
        
        PID:8664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56262.exe
        12⤵
        
        PID:11572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19841.exe
        13⤵
        
        PID:13840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11572 -s 216
        13⤵
        
        PID:13944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8664 -s 236
        12⤵
        
        PID:11828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5268 -s 216
        11⤵
        
        PID:9832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3144 -s 216
        10⤵
        
        PID:7576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3148 -s 236
        9⤵
        
        PID:6004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 544 -s 220
        8⤵
        Program crash
        
        PID:3592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2224 -s 240
        7⤵
        Program crash
        
        PID:2444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40147.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15712.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50989.exe
        8⤵
        
        PID:2268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9245.exe
        9⤵
        
        PID:3556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50107.exe
        10⤵
        
        PID:5692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32396.exe
        11⤵
        
        PID:7820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51991.exe
        12⤵
        
        PID:10228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24833.exe
        13⤵
        
        PID:12820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32939.exe
        14⤵
        
        PID:14056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10228 -s 216
        13⤵
        
        PID:13316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7820 -s 216
        12⤵
        
        PID:10624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3556 -s 216
        10⤵
        
        PID:7072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2268 -s 216
        9⤵
        
        PID:3928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 472 -s 236
        8⤵
        Program crash
        
        PID:3664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51544.exe
        7⤵
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15576.exe
        8⤵
        
        PID:3816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12006.exe
        9⤵
        
        PID:4580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2079.exe
        10⤵
        
        PID:6520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63667.exe
        11⤵
        
        PID:10092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48870.exe
        12⤵
        
        PID:11768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50178.exe
        13⤵
        
        PID:14228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10092 -s 216
        12⤵
        
        PID:12584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6520 -s 220
        11⤵
        
        PID:10932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4580 -s 216
        10⤵
        
        PID:8028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3816 -s 216
        9⤵
        
        PID:6256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2788 -s 236
        8⤵
        
        PID:4760
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2060 -s 240
        6⤵
        Program crash
        
        PID:2056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64569.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25203.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38270.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59842.exe
        8⤵
        
        PID:704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-610.exe
        9⤵
        
        PID:1892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40164.exe
        10⤵
        
        PID:3576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62826.exe
        11⤵
        
        PID:5832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1041.exe
        12⤵
        
        PID:8808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58976.exe
        13⤵
        
        PID:11600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38315.exe
        14⤵
        
        PID:14068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11600 -s 216
        14⤵
        
        PID:14192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8808 -s 216
        13⤵
        
        PID:11476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5832 -s 216
        12⤵
        
        PID:9928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3576 -s 216
        11⤵
        
        PID:7860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1892 -s 236
        10⤵
        
        PID:6132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 704 -s 236
        9⤵
        Program crash
        
        PID:3572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46282.exe
        8⤵
        
        PID:1848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27912.exe
        9⤵
        
        PID:3084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15764.exe
        10⤵
        
        PID:5500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47528.exe
        11⤵
        
        PID:8840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65006.exe
        12⤵
        
        PID:11684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22555.exe
        13⤵
        
        PID:14104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11684 -s 216
        13⤵
        
        PID:8248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8840 -s 216
        12⤵
        
        PID:12000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5500 -s 216
        11⤵
        
        PID:9936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3084 -s 216
        10⤵
        
        PID:7712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1848 -s 216
        9⤵
        
        PID:6088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27724.exe
        7⤵
        
        PID:2328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47673.exe
        8⤵
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28488.exe
        9⤵
        
        PID:3324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20232.exe
        10⤵
        
        PID:5292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33714.exe
        11⤵
        
        PID:8932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7637.exe
        12⤵
        
        PID:11736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58735.exe
        13⤵
        
        PID:13904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11736 -s 216
        13⤵
        
        PID:5712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8932 -s 216
        12⤵
        
        PID:11356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5292 -s 216
        11⤵
        
        PID:9960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3324 -s 236
        10⤵
        
        PID:8020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2356 -s 236
        9⤵
        
        PID:5372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2328 -s 236
        8⤵
        Program crash
        
        PID:4112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2548 -s 220
        7⤵
        Program crash
        
        PID:1012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45047.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29116.exe
        7⤵
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4502.exe
        8⤵
        
        PID:3204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59022.exe
        9⤵
        
        PID:4240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50273.exe
        10⤵
        
        PID:5840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21353.exe
        11⤵
        
        PID:8660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47492.exe
        12⤵
        
        PID:12008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29654.exe
        13⤵
        
        PID:14176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8660 -s 216
        12⤵
        
        PID:12380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5840 -s 236
        11⤵
        
        PID:9828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4240 -s 236
        10⤵
        
        PID:7180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3204 -s 236
        9⤵
        
        PID:5192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2424 -s 236
        8⤵
        Program crash
        
        PID:4220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19447.exe
        7⤵
        
        PID:3240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32920.exe
        8⤵
        
        PID:4408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52364.exe
        9⤵
        
        PID:6944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58130.exe
        10⤵
        
        PID:9748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45580.exe
        11⤵
        
        PID:11484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31237.exe
        12⤵
        
        PID:13728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9748 -s 216
        11⤵
        
        PID:13076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6944 -s 216
        10⤵
        
        PID:10716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4408 -s 216
        9⤵
        
        PID:7772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3240 -s 236
        8⤵
        
        PID:5468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2320 -s 240
        7⤵
        Program crash
        
        PID:3880
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2388 -s 220
        6⤵
        Program crash
        
        PID:1616
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2848 -s 240
        5⤵
        Program crash
        
        PID:1540
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2596 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1276
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28440.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28440.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13578.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13578.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64808.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8015.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25826.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27362.exe
        8⤵
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3132.exe
        9⤵
        
        PID:3288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32811.exe
        10⤵
        
        PID:5256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11207.exe
        11⤵
        
        PID:6608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57829.exe
        12⤵
        
        PID:9956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40209.exe
        13⤵
        
        PID:12588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54044.exe
        14⤵
        
        PID:7804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9956 -s 216
        13⤵
        
        PID:13256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6608 -s 216
        12⤵
        
        PID:11184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5256 -s 216
        11⤵
        
        PID:8696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3288 -s 216
        10⤵
        
        PID:6688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3040 -s 236
        9⤵
        
        PID:4960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39265.exe
        8⤵
        
        PID:3380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58685.exe
        9⤵
        
        PID:4972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48794.exe
        10⤵
        
        PID:6856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11067.exe
        11⤵
        
        PID:9780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31766.exe
        12⤵
        
        PID:11772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12378.exe
        13⤵
        
        PID:7764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11772 -s 236
        13⤵
        
        PID:7344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9780 -s 216
        12⤵
        
        PID:13148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6856 -s 216
        11⤵
        
        PID:10760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4972 -s 216
        10⤵
        
        PID:7348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3380 -s 236
        9⤵
        
        PID:6112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2008 -s 240
        8⤵
        Program crash
        
        PID:4024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30054.exe
        7⤵
        
        PID:2280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16838.exe
        8⤵
        
        PID:4028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25027.exe
        9⤵
        
        PID:5504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46402.exe
        10⤵
        
        PID:7248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6490.exe
        11⤵
        
        PID:10152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50432.exe
        12⤵
        
        PID:12252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54070.exe
        13⤵
        
        PID:14084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10152 -s 216
        12⤵
        
        PID:12448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7248 -s 216
        11⤵
        
        PID:10248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5504 -s 216
        10⤵
        
        PID:9108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4028 -s 216
        9⤵
        
        PID:6828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2280 -s 216
        8⤵
        
        PID:4968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1636 -s 240
        7⤵
        Program crash
        
        PID:3432
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1720 -s 236
        6⤵
        Program crash
        
        PID:1072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5830.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7268.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5213.exe
        7⤵
        
        PID:1468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18125.exe
        8⤵
        
        PID:676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25691.exe
        9⤵
        
        PID:3080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31057.exe
        10⤵
        
        PID:4880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4880 -s 220
        11⤵
        
        PID:6272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3080 -s 216
        10⤵
        
        PID:6408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 676 -s 236
        9⤵
        
        PID:4856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32467.exe
        8⤵
        
        PID:3172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49531.exe
        9⤵
        
        PID:4400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4025.exe
        10⤵
        
        PID:7000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14274.exe
        11⤵
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26565.exe
        12⤵
        
        PID:12556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34885.exe
        13⤵
        
        PID:13680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2432 -s 216
        12⤵
        
        PID:13132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7000 -s 216
        11⤵
        
        PID:11096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4400 -s 216
        10⤵
        
        PID:8304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3172 -s 216
        9⤵
        
        PID:6360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1468 -s 240
        8⤵
        
        PID:4476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10511.exe
        7⤵
        
        PID:3032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18976.exe
        8⤵
        
        PID:3872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55945.exe
        9⤵
        
        PID:5352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13153.exe
        10⤵
        
        PID:7104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4544.exe
        11⤵
        
        PID:10088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23873.exe
        12⤵
        
        PID:12524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36831.exe
        13⤵
        
        PID:7264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10088 -s 216
        12⤵
        
        PID:5236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7104 -s 216
        11⤵
        
        PID:11200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5352 -s 236
        10⤵
        
        PID:8720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3872 -s 216
        9⤵
        
        PID:6748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3032 -s 236
        8⤵
        
        PID:4388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2296 -s 240
        7⤵
        Program crash
        
        PID:3404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54969.exe
        6⤵
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39614.exe
        7⤵
        
        PID:1860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1860 -s 240
        8⤵
        
        PID:5084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41211.exe
        7⤵
        
        PID:3612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53423.exe
        8⤵
        
        PID:5172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18800.exe
        9⤵
        
        PID:7136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2598.exe
        10⤵
        
        PID:9772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13758.exe
        11⤵
        
        PID:12488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33048.exe
        12⤵
        
        PID:9100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9772 -s 216
        11⤵
        
        PID:13252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7136 -s 216
        10⤵
        
        PID:11144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5172 -s 216
        9⤵
        
        PID:8632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3612 -s 216
        8⤵
        
        PID:6632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2256 -s 240
        7⤵
        
        PID:4664
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1440 -s 240
        6⤵
        Program crash
        
        PID:2732
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1808 -s 240
        5⤵
        Program crash
        
        PID:2660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14216.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14216.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21612.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25743.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46246.exe
        7⤵
        
        PID:1032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60034.exe
        8⤵
        
        PID:1300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59816.exe
        9⤵
        
        PID:3948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10828.exe
        10⤵
        
        PID:5408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15291.exe
        11⤵
        
        PID:6904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14850.exe
        12⤵
        
        PID:10004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24174.exe
        13⤵
        
        PID:11948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47656.exe
        14⤵
        
        PID:7816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10004 -s 216
        13⤵
        
        PID:12708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6904 -s 216
        12⤵
        
        PID:11192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5408 -s 216
        11⤵
        
        PID:8704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3948 -s 216
        10⤵
        
        PID:6776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1300 -s 236
        9⤵
        
        PID:4628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14076.exe
        8⤵
        
        PID:3164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54383.exe
        9⤵
        
        PID:5564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21706.exe
        10⤵
        
        PID:7400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57637.exe
        11⤵
        
        PID:9560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58792.exe
        12⤵
        
        PID:11776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9529.exe
        13⤵
        
        PID:9192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9560 -s 216
        12⤵
        
        PID:12796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7400 -s 236
        11⤵
        
        PID:2100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5564 -s 216
        10⤵
        
        PID:9196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3164 -s 216
        9⤵
        
        PID:6956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1032 -s 220
        8⤵
        
        PID:4364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45322.exe
        7⤵
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13438.exe
        8⤵
        
        PID:3108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31057.exe
        9⤵
        
        PID:4872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4872 -s 220
        10⤵
        
        PID:6524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3108 -s 216
        9⤵
        
        PID:6416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2908 -s 216
        8⤵
        
        PID:4864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1500 -s 240
        7⤵
        Program crash
        
        PID:3264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61191.exe
        6⤵
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42629.exe
        7⤵
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50662.exe
        8⤵
        
        PID:3364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21410.exe
        9⤵
        
        PID:5900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45774.exe
        10⤵
        
        PID:8504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60154.exe
        11⤵
        
        PID:11436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46099.exe
        12⤵
        
        PID:13740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11436 -s 216
        12⤵
        
        PID:7536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8504 -s 216
        11⤵
        
        PID:11972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5900 -s 216
        10⤵
        
        PID:9676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3364 -s 216
        9⤵
        
        PID:7388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2152 -s 236
        8⤵
        
        PID:5884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2888 -s 216
        7⤵
        Program crash
        
        PID:4092
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2300 -s 240
        6⤵
        Program crash
        
        PID:764
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2568 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1684
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2620 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2632
- C:\Users\Admin\AppData\Local\Temp\Unicorn-53931.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-53931.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2556
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36054.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36054.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1326.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1326.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29998.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56422.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60553.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50330.exe
        8⤵
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20071.exe
        9⤵
        
        PID:1792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61907.exe
        10⤵
        
        PID:3936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65348.exe
        11⤵
        
        PID:5400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9209.exe
        12⤵
        
        PID:8904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25920.exe
        13⤵
        
        PID:11804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1366.exe
        14⤵
        
        PID:13876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11804 -s 216
        14⤵
        
        PID:13992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8904 -s 216
        13⤵
        
        PID:11304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5400 -s 216
        12⤵
        
        PID:9948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3936 -s 216
        11⤵
        
        PID:7992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1792 -s 216
        10⤵
        
        PID:5348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23806.exe
        9⤵
        
        PID:3644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3106.exe
        10⤵
        
        PID:5844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14798.exe
        11⤵
        
        PID:7924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49853.exe
        12⤵
        
        PID:9700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10442.exe
        13⤵
        
        PID:12852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55113.exe
        14⤵
        
        PID:7520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9700 -s 216
        13⤵
        
        PID:13324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7924 -s 216
        12⤵
        
        PID:1304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5844 -s 216
        11⤵
        
        PID:8620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3644 -s 216
        10⤵
        
        PID:7112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2464 -s 240
        9⤵
        
        PID:4560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2032 -s 236
        8⤵
        Program crash
        
        PID:3296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16074.exe
        7⤵
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58965.exe
        8⤵
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44165.exe
        9⤵
        
        PID:3912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40979.exe
        10⤵
        
        PID:5060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16999.exe
        11⤵
        
        PID:6896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62214.exe
        12⤵
        
        PID:9808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10577.exe
        13⤵
        
        PID:11620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13338.exe
        14⤵
        
        PID:13820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9808 -s 216
        13⤵
        
        PID:13124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6896 -s 216
        12⤵
        
        PID:10748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5060 -s 216
        11⤵
        
        PID:7396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3912 -s 236
        10⤵
        
        PID:5940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2852 -s 236
        9⤵
        
        PID:4800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1741.exe
        8⤵
        
        PID:4004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24259.exe
        9⤵
        
        PID:4152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63869.exe
        10⤵
        
        PID:7624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7066.exe
        11⤵
        
        PID:9996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48761.exe
        12⤵
        
        PID:12780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55113.exe
        13⤵
        
        PID:7532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9996 -s 216
        12⤵
        
        PID:12976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7624 -s 216
        11⤵
        
        PID:10796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4152 -s 216
        10⤵
        
        PID:8536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4004 -s 216
        9⤵
        
        PID:6336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1932 -s 240
        8⤵
        
        PID:4432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1756 -s 240
        7⤵
        Program crash
        
        PID:1948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40687.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56121.exe
        7⤵
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47481.exe
        8⤵
        
        PID:3352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26158.exe
        9⤵
        
        PID:4300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59017.exe
        10⤵
        
        PID:5336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57917.exe
        11⤵
        
        PID:8984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4020.exe
        12⤵
        
        PID:12228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39898.exe
        13⤵
        
        PID:6968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 12228 -s 236
        13⤵
        
        PID:9168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8984 -s 216
        12⤵
        
        PID:12884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5336 -s 236
        11⤵
        
        PID:9768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4300 -s 216
        10⤵
        
        PID:7244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3352 -s 236
        9⤵
        
        PID:5944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2624 -s 236
        8⤵
        
        PID:4276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2260 -s 216
        7⤵
        Program crash
        
        PID:3308
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 692 -s 240
        6⤵
        Program crash
        
        PID:1984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36556.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37995.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50330.exe
        7⤵
        
        PID:1760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38545.exe
        8⤵
        
        PID:1580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5270.exe
        9⤵
        
        PID:3844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32427.exe
        10⤵
        
        PID:4988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59448.exe
        11⤵
        
        PID:6148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58514.exe
        12⤵
        
        PID:10052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14059.exe
        13⤵
        
        PID:11628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47656.exe
        14⤵
        
        PID:14168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10052 -s 216
        13⤵
        
        PID:12576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6148 -s 220
        12⤵
        
        PID:10892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4988 -s 216
        11⤵
        
        PID:8428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3844 -s 216
        10⤵
        
        PID:6304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1580 -s 236
        9⤵
        
        PID:4768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55026.exe
        8⤵
        
        PID:3884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41363.exe
        9⤵
        
        PID:4656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18416.exe
        10⤵
        
        PID:6848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58514.exe
        11⤵
        
        PID:10044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37796.exe
        12⤵
        
        PID:11852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6348.exe
        13⤵
        
        PID:13528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11852 -s 216
        13⤵
        
        PID:14048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10044 -s 216
        12⤵
        
        PID:13164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6848 -s 216
        11⤵
        
        PID:10884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4656 -s 216
        10⤵
        
        PID:8232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3884 -s 216
        9⤵
        
        PID:6376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1760 -s 240
        8⤵
        
        PID:4504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10511.exe
        7⤵
        
        PID:1372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11767.exe
        8⤵
        
        PID:3828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27824.exe
        9⤵
        
        PID:5488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61726.exe
        10⤵
        
        PID:8404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7061.exe
        11⤵
        
        PID:11400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46016.exe
        12⤵
        
        PID:13616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11400 -s 236
        12⤵
        
        PID:7256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8404 -s 216
        11⤵
        
        PID:11664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5488 -s 216
        10⤵
        
        PID:9628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3828 -s 216
        9⤵
        
        PID:7236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1372 -s 236
        8⤵
        
        PID:5816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2580 -s 240
        7⤵
        Program crash
        
        PID:3676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50885.exe
        6⤵
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44767.exe
        7⤵
        
        PID:1928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29474.exe
        8⤵
        
        PID:3588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62058.exe
        9⤵
        
        PID:5252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63480.exe
        10⤵
        
        PID:8136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44119.exe
        11⤵
        
        PID:10972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9067.exe
        12⤵
        
        PID:13536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10972 -s 216
        12⤵
        
        PID:14332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8136 -s 236
        11⤵
        
        PID:11448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5252 -s 216
        10⤵
        
        PID:9476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3588 -s 216
        9⤵
        
        PID:7052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1928 -s 216
        8⤵
        
        PID:5652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2680 -s 236
        7⤵
        Program crash
        
        PID:3956
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 572 -s 240
        6⤵
        Program crash
        
        PID:1544
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1240 -s 240
        5⤵
        Program crash
        
        PID:2588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44943.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44943.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33864.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9406.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23688.exe
        7⤵
        Executes dropped EXE
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58965.exe
        8⤵
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31913.exe
        9⤵
        
        PID:3972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47393.exe
        10⤵
        
        PID:4468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8109.exe
        11⤵
        
        PID:6912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30803.exe
        12⤵
        
        PID:10208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22228.exe
        13⤵
        
        PID:11500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36281.exe
        14⤵
        
        PID:13956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10208 -s 216
        13⤵
        
        PID:12568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6912 -s 216
        12⤵
        
        PID:10988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4468 -s 216
        11⤵
        
        PID:8256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3972 -s 236
        10⤵
        
        PID:6480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2508 -s 236
        9⤵
        
        PID:4792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36551.exe
        8⤵
        
        PID:4048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7922.exe
        9⤵
        
        PID:4752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10247.exe
        10⤵
        
        PID:6392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53361.exe
        11⤵
        
        PID:10144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7645.exe
        12⤵
        
        PID:11632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12762.exe
        13⤵
        
        PID:7284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10144 -s 216
        12⤵
        
        PID:12732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6392 -s 216
        11⤵
        
        PID:10940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4752 -s 216
        10⤵
        
        PID:8084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4048 -s 236
        9⤵
        
        PID:6284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2460 -s 240
        8⤵
        
        PID:4356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39099.exe
        7⤵
        
        PID:1588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11300.exe
        8⤵
        
        PID:3200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65483.exe
        9⤵
        
        PID:5104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46656.exe
        10⤵
        
        PID:6984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60076.exe
        11⤵
        
        PID:9872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7069.exe
        12⤵
        
        PID:11912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49903.exe
        13⤵
        
        PID:13564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11912 -s 216
        13⤵
        
        PID:9492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9872 -s 216
        12⤵
        
        PID:13192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6984 -s 216
        11⤵
        
        PID:10804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5104 -s 216
        10⤵
        
        PID:7840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3200 -s 236
        9⤵
        
        PID:6040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1588 -s 236
        8⤵
        
        PID:4912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1520 -s 240
        7⤵
        Program crash
        
        PID:3228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38632.exe
        6⤵
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30377.exe
        7⤵
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54471.exe
        8⤵
        
        PID:3752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22313.exe
        9⤵
        
        PID:4456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28722.exe
        10⤵
        
        PID:6228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18551.exe
        11⤵
        
        PID:10136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37796.exe
        12⤵
        
        PID:11888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6348.exe
        13⤵
        
        PID:13560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11888 -s 236
        13⤵
        
        PID:14036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10136 -s 216
        12⤵
        
        PID:13180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6228 -s 216
        11⤵
        
        PID:10948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4456 -s 216
        10⤵
        
        PID:7756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3752 -s 216
        9⤵
        
        PID:6240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2572 -s 236
        8⤵
        
        PID:4744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3879.exe
        7⤵
        
        PID:3780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16091.exe
        8⤵
        
        PID:4672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22500.exe
        9⤵
        
        PID:6704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59583.exe
        10⤵
        
        PID:10076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31190.exe
        11⤵
        
        PID:11568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62923.exe
        12⤵
        
        PID:13912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10076 -s 216
        11⤵
        
        PID:13092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6704 -s 220
        10⤵
        
        PID:10900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4672 -s 216
        9⤵
        
        PID:8208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3780 -s 236
        8⤵
        
        PID:6264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2976 -s 220
        7⤵
        
        PID:4336
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2124 -s 240
        6⤵
        Program crash
        
        PID:2592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28435.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58498.exe
        6⤵
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60034.exe
        7⤵
        
        PID:900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27336.exe
        8⤵
        
        PID:3544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61207.exe
        9⤵
        
        PID:4320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-133.exe
        10⤵
        
        PID:7124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37025.exe
        11⤵
        
        PID:10016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26120.exe
        12⤵
        
        PID:12244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13338.exe
        13⤵
        
        PID:7504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10016 -s 216
        12⤵
        
        PID:12724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7124 -s 216
        11⤵
        
        PID:10876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4320 -s 216
        10⤵
        
        PID:7296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3544 -s 236
        9⤵
        
        PID:6220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 900 -s 216
        8⤵
        
        PID:5092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2756 -s 236
        7⤵
        Program crash
        
        PID:4056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45322.exe
        6⤵
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54746.exe
        7⤵
        
        PID:3628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46682.exe
        8⤵
        
        PID:6080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15047.exe
        9⤵
        
        PID:8520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8815.exe
        10⤵
        
        PID:11468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37163.exe
        11⤵
        
        PID:13712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11468 -s 216
        11⤵
        
        PID:13888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8520 -s 216
        10⤵
        
        PID:12104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6080 -s 216
        9⤵
        
        PID:9684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3628 -s 236
        8⤵
        
        PID:7564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2472 -s 236
        7⤵
        
        PID:5972
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 288 -s 240
        6⤵
        Program crash
        
        PID:3716
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 332 -s 240
        5⤵
        Program crash
        
        PID:2784
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46998.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46998.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34082.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34082.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64590.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27881.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33994.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42629.exe
        8⤵
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3215.exe
        9⤵
        
        PID:3256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48161.exe
        10⤵
        
        PID:5600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15483.exe
        11⤵
        
        PID:7524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56267.exe
        12⤵
        
        PID:9896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35933.exe
        13⤵
        
        PID:12220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18082.exe
        14⤵
        
        PID:8872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9896 -s 216
        13⤵
        
        PID:12848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7524 -s 216
        12⤵
        
        PID:10656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5600 -s 216
        11⤵
        
        PID:8336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3256 -s 236
        10⤵
        
        PID:6928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1936 -s 236
        9⤵
        
        PID:4596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30412.exe
        8⤵
        
        PID:3372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56329.exe
        9⤵
        
        PID:5664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60600.exe
        10⤵
        
        PID:7352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41301.exe
        11⤵
        
        PID:10200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20365.exe
        12⤵
        
        PID:12700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38777.exe
        13⤵
        
        PID:7484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10200 -s 220
        12⤵
        
        PID:12532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7352 -s 216
        11⤵
        
        PID:10108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5664 -s 216
        10⤵
        
        PID:8216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3372 -s 216
        9⤵
        
        PID:7032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 240
        8⤵
        
        PID:5072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-205.exe
        7⤵
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28104.exe
        8⤵
        
        PID:3220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27632.exe
        9⤵
        
        PID:5808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14471.exe
        10⤵
        
        PID:8324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7061.exe
        11⤵
        
        PID:11392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25103.exe
        12⤵
        
        PID:13668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11392 -s 216
        12⤵
        
        PID:13848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8324 -s 216
        11⤵
        
        PID:11692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5808 -s 216
        10⤵
        
        PID:9604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3220 -s 216
        9⤵
        
        PID:7332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2244 -s 236
        8⤵
        
        PID:5868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2636 -s 240
        7⤵
        Program crash
        
        PID:3700
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 912 -s 236
        6⤵
        Program crash
        
        PID:1272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42825.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60636.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26293.exe
        7⤵
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19360.exe
        8⤵
        
        PID:3284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12473.exe
        9⤵
        
        PID:6056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42977.exe
        10⤵
        
        PID:7744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41514.exe
        11⤵
        
        PID:10616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19462.exe
        12⤵
        
        PID:13244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10616 -s 216
        12⤵
        
        PID:13592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7744 -s 216
        11⤵
        
        PID:12120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6056 -s 216
        10⤵
        
        PID:9320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3284 -s 216
        9⤵
        
        PID:7152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2692 -s 216
        8⤵
        
        PID:5432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2512 -s 216
        7⤵
        Program crash
        
        PID:3920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63796.exe
        6⤵
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42110.exe
        7⤵
        
        PID:3092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26432.exe
        8⤵
        
        PID:5416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18172.exe
        9⤵
        
        PID:8064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11062.exe
        10⤵
        
        PID:11272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52046.exe
        11⤵
        
        PID:13512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11272 -s 216
        11⤵
        
        PID:13356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8064 -s 236
        10⤵
        
        PID:11608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5416 -s 216
        9⤵
        
        PID:9572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3092 -s 216
        8⤵
        
        PID:7212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2392 -s 216
        7⤵
        
        PID:5116
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2844 -s 240
        6⤵
        Program crash
        
        PID:3456
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1412 -s 240
        5⤵
        Program crash
        
        PID:1592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13998.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13998.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44217.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33994.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65187.exe
        7⤵
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29666.exe
        8⤵
        
        PID:3776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31633.exe
        9⤵
        
        PID:5740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49609.exe
        10⤵
        
        PID:7952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5504.exe
        11⤵
        
        PID:9864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61314.exe
        12⤵
        
        PID:12328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54070.exe
        13⤵
        
        PID:14080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9864 -s 216
        12⤵
        
        PID:12920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7952 -s 236
        11⤵
        
        PID:10288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5740 -s 216
        10⤵
        
        PID:8928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3776 -s 216
        9⤵
        
        PID:7096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2500 -s 236
        8⤵
        
        PID:4840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38388.exe
        7⤵
        
        PID:3088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63812.exe
        8⤵
        
        PID:5924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16143.exe
        9⤵
        
        PID:7304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12001.exe
        10⤵
        
        PID:10472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52134.exe
        11⤵
        
        PID:13296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10472 -s 216
        11⤵
        
        PID:13604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7304 -s 236
        10⤵
        
        PID:11940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5924 -s 236
        9⤵
        
        PID:9244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3088 -s 216
        8⤵
        
        PID:6440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2668 -s 240
        7⤵
        
        PID:5308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4289.exe
        6⤵
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51648.exe
        7⤵
        
        PID:4076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25027.exe
        8⤵
        
        PID:5512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45826.exe
        9⤵
        
        PID:6728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6728 -s 188
        10⤵
        
        PID:7448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5512 -s 236
        9⤵
        
        PID:8892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4076 -s 216
        8⤵
        
        PID:6820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2948 -s 236
        7⤵
        
        PID:4892
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1628 -s 240
        6⤵
        Program crash
        
        PID:3440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34548.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26053.exe
        6⤵
        
        PID:3632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10169.exe
        7⤵
        
        PID:4676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16807.exe
        8⤵
        
        PID:6588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65146.exe
        9⤵
        
        PID:9432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25653.exe
        10⤵
        
        PID:11416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53987.exe
        11⤵
        
        PID:13640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11416 -s 236
        11⤵
        
        PID:14136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9432 -s 236
        10⤵
        
        PID:13060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6588 -s 236
        9⤵
        
        PID:10512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4676 -s 216
        8⤵
        
        PID:7872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3632 -s 236
        7⤵
        
        PID:5452
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2200 -s 216
        6⤵
        Program crash
        
        PID:3136
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2160 -s 240
        5⤵
        Program crash
        
        PID:296
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 864 -s 240
      4⤵
      Program crash
      PID:1036
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2556 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:1532
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2312 -s 240
  2⤵
  - Program crash
  PID:2440

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-1366.exe

Filesize
184KB

MD5
8d94984e9822fac39ff8a78e7e1e66f5

SHA1
a95254da61c5e853de14a45fec1356ee9f62befb

SHA256
e2427434884ffc057330c2654a82c28ca3ffd915eb6b530bf0be3070e598ece4

SHA512
d201524d31c3a2b33cb4bab53beb81e158e71cff18f5d2783bda24fc6d34e1ceea8de12f72ac1f871f70d21b65a43dc739ea0aa543dfbb2534a92f254ada8d88

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20365.exe

Filesize
184KB

MD5
dfaf2ea8aa0fd485e1aeae12c625c394

SHA1
7252c2526a4ebc8c37318bc7e7770fd1fc2830df

SHA256
b9bdc852c88c08416cbb963d69aa333e4e47a2d3e6602ceff45857c06086f3ec

SHA512
c11f0bd30e7ea3d947869bd0201b39b193f43f6754e6d37218263581514de771832d9ddeb30e86044e57637efcfbc7bfe35ea8ba404f1f6fb0e8ff5f90d142f7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40147.exe

Filesize
184KB

MD5
0161aa2554a99e6d9faf1960038d3ca7

SHA1
ea88cd9084cf7808ef25b88a13ed93969e922e3e

SHA256
73750d9046ec49ac3b84c0b966721617ded5877e9765812842122aee4f6ea864

SHA512
700b029074847668c07f7fe39838aad1b0d92ecb6d04dbc1b747e07168815940ac911c3cabb9f239fa6e60b3d31edd33c694fbdee38d004ae36073b062de6ab0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40687.exe

Filesize
184KB

MD5
af5d5c31a64a479f2d0630a05f72bc69

SHA1
4078d207c3799e800a0210dc1b55a1afbb16f680

SHA256
ffaab291ec99d6b2869c02ccea4732640aa7ba2c7b70e73d8175d73fad3b27ca

SHA512
753b8dc7702714c3488b3830dcb42795d680eee417a2119e2a96ca3a10e881e58ab402d7e5a57d0253c33756236d64a5386dd792bde14cb29073fa81f3f06833

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46998.exe

Filesize
184KB

MD5
ad64ee45739af76a2edf321702b7b8d6

SHA1
b3cb10c48cf1a92ce4ea186595f3d9526dc9c4b7

SHA256
08ec219deed36b16c32bf1f01de4b03d2e4d9ad2b1d4d665fff7436a4443157d

SHA512
2f7521a648ecf5bc53d1701782cfbc67385f976626e04a4dc21a8d5b16be5e8f1b93ae1854601fe3e6451ec7e4d27c004e23efc6fb507952a364ad801224181c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5545.exe

Filesize
184KB

MD5
8b9cfae06d291997d65789ddcc696ba0

SHA1
8091c09e50b3fb865e2b0bbf435aef35b31c38b8

SHA256
a5625dfad1272074bb6398af9df84e72b99882e80ab8ae06281889ba799f6b63

SHA512
1d68e6d9545380cd66a1c1f48aa6beff515eb9b12724be3edefd56e35be0ccf24e6e83954587258cd0a6e83eb808e9c5457844dd420a9b8e81fb36c9c3c5e050

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-1326.exe

Filesize
184KB

MD5
57cb4505b67cca91571a01774d1139ef

SHA1
21db4e9f7e9989abc1f041cff26bfaebe9f3b403

SHA256
13385fd929906e473462363ef7ada8c9845f4bab25988be0084ed3a9000fccc9

SHA512
f9b92f740602b0d3ffe2091bd17a95899f1b462390ad8f531d08579326fd65d2cc4150d9598caae91e716d70ff117a53fffab2a092766eb550caf3b4a17283f0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-13578.exe

Filesize
184KB

MD5
a21d9846489f305039cd7132a2ddc23b

SHA1
3671f1ff492e8db2d248583bb523c5a83588c648

SHA256
c29df5b939b0f0399e34b51e7a841aee70e7155c1217c930487d3b19a94a5745

SHA512
e767123448542be39fcea9be1601b04f1aee816cf3a03f6a1809c934e6ffd5fd30646a55b8c004d42e7ee7f970d4a4975f6b89c929906259b609bfdb789bccc4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-22650.exe

Filesize
184KB

MD5
9f355c730882b4746fdc35cfe07a8ea5

SHA1
baaf45c8e885b1e993a5c949c1941fff81b6ea74

SHA256
987855990282ad307336d37d0ca112df7f800e5ada63747e9a4927e4a5649b45

SHA512
01551122263f4cfba3117be96bab2e090bdfb5c27a23b1588e6c1d269260e982770a38db8087757c3b1eb79787f60668bc175a64ce20f7bafa4f4e9441da0824

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-24439.exe

Filesize
184KB

MD5
4126cf293f75f6f22023bd47d1d9f497

SHA1
4cd2006ef39ef68d954dbaef3fc1bcf8f59d8c7d

SHA256
99dd68e97e6a1c4d785ad48c9c804ad1c9c1eb5527c10e7c8c5f6a39830f545e

SHA512
8442c74a58651db5c4d4006b5ffada63714ddf04b6c04581bd320206988f1a4d3dc36bb1b38d156039b36445a9d5c42dbaa89ba528c8676c3ad88aa15c61bced

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-28440.exe

Filesize
184KB

MD5
4c45784089f63b8049b6fad015f85400

SHA1
56615bd1b400246346a5861af65afe867bb845b1

SHA256
ec932370a9a8287b4cf12e5efed153287ee5542f6d09b43066e5d8816e3b3a8d

SHA512
064ba9fcf5df13100aa48d0c66b0df2338fa62490956e41f1cd2ba4dd585035afaa6b30ae1c7c14c87cf62d21311679b56a3f989547f8a26863cdeccdda0196b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-36054.exe

Filesize
184KB

MD5
a83fe40d0b4f98c0c42c264d63e408e5

SHA1
bc73995b337b37f73471a3a44314e3feba4b7bc6

SHA256
4416a2e4270d2a97079cff2d32dac64cea0c7721b8ca70331ed9780c38df365b

SHA512
16dfb1d5d33eadeeaf303c4435a4b9a9cacd82c0c2fc65978642cf4c0394a13c48e04d664513ef0bc9ff0e1642cb6126916084f74b3e4a8d7631ecaf36779ac9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-40858.exe

Filesize
184KB

MD5
3b8aa5e2a0d57901bcedbae9b2e0e12c

SHA1
0dcaec6e7bc9ba23f2be9b85c42f30bf7b1d700d

SHA256
a488eaee88617b2eb8bef8bd4ee1fcb92b372b0a529b2256820e554d7655e45a

SHA512
290fccdce7f51384eeb392ac641c18dd49ca704f9256d44dec52353fe682b83d1dc3715c355ba26b335d6889db9753fd0e13c7f567accf07440debf9086ee578

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-44305.exe

Filesize
184KB

MD5
893e98601ced8c86e45f29c04959153f

SHA1
0757bb00e7db53f36f0a8ff5719ce22832d19aed

SHA256
6fae2d7f5e2bceb2556ef707b364d7667e37261bb5adcde63e8eb505a4c06991

SHA512
b8f7ac0ad211ae96c73680aff6466db4fdda787f954c94f4305d645e97755b415f87f893f05adee9010ca5f0b7f50cd0544bb1f1ff4efe594707670da9b7bd4e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48306.exe

Filesize
184KB

MD5
2bc83b17badc51d07bf550041fb4707c

SHA1
2fd2c512de287863120ae12b9f9a51c5d0cc96a1

SHA256
dc41993d22cee68b55a454ae1f477df6076e55fab81f40fe062531becff79076

SHA512
786c73a71086c62933395abc278fc742ec734d571b909ea2c845e2e84ceb3e06cc6ae743159c237ec15b7168204bb3084c3507bfb080b9d04103b0c6c45eaeff

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-53931.exe

Filesize
184KB

MD5
5f68494c3ddb84eb7720aaeb0408e281

SHA1
646e6249811661c6db7099a0cd430bfc2a9d5945

SHA256
61e16e98a8a7797a022218dd835b9980f4c30cf41a039d487b8a520068679a44

SHA512
4dd0e340c5c0a8d954b1d7fc21a1e945315e62549efc197c3413c483719d15a080fbef0c6c357947a4eef28cfdcf26f0ae331f8ebb79e87663e62ad6ac571eb8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-54694.exe

Filesize
184KB

MD5
b2536b078c31944442fa98968a5073a0

SHA1
1ee65d119556cb8a311ace82e3cdee523708115e

SHA256
8d0939648909e382fe7a4f02fac8b1678d7dd1568b0931e352d01c3521848a13

SHA512
2061f619c1b279223582d6b7a8e0171197b3631b0aa86216504263153a4a1835a7cb9bba264697d0add985d4f779f7bf6288e70ee9d8dda629d23b4c7045da5b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55275.exe

Filesize
184KB

MD5
8fc50f59d1222c1901db629ebc579108

SHA1
62151560a9c677f1ed0675b2f2148e665e6239ab

SHA256
13d614a799568b664d3bf7c9abe62b129bb3cd2df124b07b28a21d3c50d7f134

SHA512
24312985598a51d525a603b424d1ee4d63f4ad7c66f41120ebb267709d4e7497c9ff7965966a6b7cf67607cd610aa9bf18ed666cba030e0a80d83d74f3f51224

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9577.exe

Filesize
184KB

MD5
d3a108a48965e71bba05cc45c5f633f9

SHA1
a4d93399623eebec76629d9f8970f46bdcb98ec5

SHA256
16b97776b14a9fd624e78aedbec3c026b718abdfccfb7c2ee6d12e876658b8e5

SHA512
c36ff0e3c06595cb4647cf07be84ea9ae9baea9d32dc120e5287aba8ea89b7d3dbf975ca14ad519d24b190b02154dec7631704edaf9ce476c4c49a9d52d963df

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads