476510f824fcda9e300724d3b9117381f643576fac2b6bd8578cdfe4a1319ccd

Analysis

max time kernel
149s
max time network
125s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 21:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

476510f824fcda9e300724d3b9117381f643576fac2b6bd8578cdfe4a1319ccd.exe
Size

184KB
MD5

4f10e33115b4fd695b888b03b9cfa591
SHA1

cb718cb618e61c432ab434d65e1b107c7f2d7c28
SHA256

476510f824fcda9e300724d3b9117381f643576fac2b6bd8578cdfe4a1319ccd
SHA512

2a563b39dba8abd3f72a96ca9eec05983ae22c81f5fe83e2f847e8e77b4ecd5ba5b7c9594e569e22317adc295c75f7a965fa5cf6c23222d9e7b5023772ccc419
SSDEEP

3072:WA5+oOmpBzdVjweg0LpxWjIKvZUYtKA+wIO5fgayEhlnVW:WnoxpVjhLPWjI9/S/hlnVW

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-51036.exeUnicorn-9017.exeUnicorn-37283.exeUnicorn-19371.exeUnicorn-34315.exeUnicorn-50097.exeUnicorn-51503.exeUnicorn-8524.exeUnicorn-59116.exeUnicorn-59116.exeUnicorn-5831.exeUnicorn-62214.exeUnicorn-54601.exeUnicorn-35572.exeUnicorn-11067.exeUnicorn-3454.exeUnicorn-3454.exeUnicorn-23320.exeUnicorn-40485.exeUnicorn-56075.exeUnicorn-11705.exeUnicorn-15042.exeUnicorn-56630.exeUnicorn-10958.exeUnicorn-45769.exeUnicorn-23211.exeUnicorn-23211.exeUnicorn-64798.exeUnicorn-34071.exeUnicorn-21540.exeUnicorn-39822.exeUnicorn-30262.exeUnicorn-58296.exeUnicorn-41768.exeUnicorn-56713.exeUnicorn-56713.exeUnicorn-9671.exeUnicorn-51259.exeUnicorn-40398.exeUnicorn-30838.exeUnicorn-19978.exeUnicorn-46620.exeUnicorn-58872.exeUnicorn-8280.exeUnicorn-54788.exeUnicorn-34176.exeUnicorn-49121.exeUnicorn-43630.exeUnicorn-63496.exeUnicorn-43076.exeUnicorn-2598.exeUnicorn-18380.exeUnicorn-30632.exeUnicorn-45577.exeUnicorn-14295.exeUnicorn-29240.exeUnicorn-10211.exeUnicorn-25178.exeUnicorn-11856.exeUnicorn-10465.exeUnicorn-42391.exeUnicorn-17887.exeUnicorn-10273.exeUnicorn-30139.exe

pid	process
2564	Unicorn-51036.exe
2684	Unicorn-9017.exe
2596	Unicorn-37283.exe
2772	Unicorn-19371.exe
2472	Unicorn-34315.exe
2640	Unicorn-50097.exe
748	Unicorn-51503.exe
2540	Unicorn-8524.exe
1500	Unicorn-59116.exe
1032	Unicorn-59116.exe
1028	Unicorn-5831.exe
2000	Unicorn-62214.exe
2916	Unicorn-54601.exe
2212	Unicorn-35572.exe
2216	Unicorn-11067.exe
664	Unicorn-3454.exe
776	Unicorn-3454.exe
712	Unicorn-23320.exe
408	Unicorn-40485.exe
3048	Unicorn-56075.exe
1700	Unicorn-11705.exe
1464	Unicorn-15042.exe
236	Unicorn-56630.exe
900	Unicorn-10958.exe
908	Unicorn-45769.exe
2220	Unicorn-23211.exe
2424	Unicorn-23211.exe
2256	Unicorn-64798.exe
988	Unicorn-34071.exe
1528	Unicorn-21540.exe
2140	Unicorn-39822.exe
2088	Unicorn-30262.exe
2624	Unicorn-58296.exe
2844	Unicorn-41768.exe
2516	Unicorn-56713.exe
2608	Unicorn-56713.exe
2536	Unicorn-9671.exe
2928	Unicorn-51259.exe
2932	Unicorn-40398.exe
2192	Unicorn-30838.exe
864	Unicorn-19978.exe
1584	Unicorn-46620.exe
1448	Unicorn-58872.exe
1356	Unicorn-8280.exe
2384	Unicorn-54788.exe
752	Unicorn-34176.exe
2164	Unicorn-49121.exe
1832	Unicorn-43630.exe
1156	Unicorn-63496.exe
784	Unicorn-43076.exe
584	Unicorn-2598.exe
876	Unicorn-18380.exe
2876	Unicorn-30632.exe
1288	Unicorn-45577.exe
1852	Unicorn-14295.exe
2180	Unicorn-29240.exe
1664	Unicorn-10211.exe
2736	Unicorn-25178.exe
1208	Unicorn-11856.exe
2668	Unicorn-10465.exe
2660	Unicorn-42391.exe
2500	Unicorn-17887.exe
2936	Unicorn-10273.exe
2156	Unicorn-30139.exe

Loads dropped DLL 64 IoCs

Processes:

476510f824fcda9e300724d3b9117381f643576fac2b6bd8578cdfe4a1319ccd.exeUnicorn-51036.exeUnicorn-9017.exeUnicorn-37283.exeWerFault.exeUnicorn-19371.exeUnicorn-34315.exeUnicorn-50097.exeWerFault.exeWerFault.exeUnicorn-59116.exeUnicorn-8524.exeUnicorn-59116.exeUnicorn-51503.exeWerFault.exeWerFault.exeWerFault.exeUnicorn-5831.exeUnicorn-62214.exeUnicorn-11067.exe

pid	process
2252	476510f824fcda9e300724d3b9117381f643576fac2b6bd8578cdfe4a1319ccd.exe
2252	476510f824fcda9e300724d3b9117381f643576fac2b6bd8578cdfe4a1319ccd.exe
2564	Unicorn-51036.exe
2564	Unicorn-51036.exe
2252	476510f824fcda9e300724d3b9117381f643576fac2b6bd8578cdfe4a1319ccd.exe
2252	476510f824fcda9e300724d3b9117381f643576fac2b6bd8578cdfe4a1319ccd.exe
2684	Unicorn-9017.exe
2684	Unicorn-9017.exe
2564	Unicorn-51036.exe
2564	Unicorn-51036.exe
2596	Unicorn-37283.exe
2596	Unicorn-37283.exe
1552	WerFault.exe
1552	WerFault.exe
1552	WerFault.exe
2772	Unicorn-19371.exe
2472	Unicorn-34315.exe
2684	Unicorn-9017.exe
2596	Unicorn-37283.exe
2640	Unicorn-50097.exe
2684	Unicorn-9017.exe
2596	Unicorn-37283.exe
2472	Unicorn-34315.exe
2640	Unicorn-50097.exe
2772	Unicorn-19371.exe
1744	WerFault.exe
1744	WerFault.exe
1744	WerFault.exe
316	WerFault.exe
316	WerFault.exe
316	WerFault.exe
1032	Unicorn-59116.exe
1032	Unicorn-59116.exe
2772	Unicorn-19371.exe
2772	Unicorn-19371.exe
2540	Unicorn-8524.exe
2540	Unicorn-8524.exe
1500	Unicorn-59116.exe
1500	Unicorn-59116.exe
2472	Unicorn-34315.exe
2640	Unicorn-50097.exe
2472	Unicorn-34315.exe
2640	Unicorn-50097.exe
748	Unicorn-51503.exe
748	Unicorn-51503.exe
1748	WerFault.exe
1748	WerFault.exe
1140	WerFault.exe
1140	WerFault.exe
1748	WerFault.exe
1140	WerFault.exe
2316	WerFault.exe
2316	WerFault.exe
2316	WerFault.exe
1028	Unicorn-5831.exe
1028	Unicorn-5831.exe
2000	Unicorn-62214.exe
2000	Unicorn-62214.exe
1032	Unicorn-59116.exe
1032	Unicorn-59116.exe
2216	Unicorn-11067.exe
2216	Unicorn-11067.exe
1500	Unicorn-59116.exe
1500	Unicorn-59116.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2572	2252	WerFault.exe	476510f824fcda9e300724d3b9117381f643576fac2b6bd8578cdfe4a1319ccd.exe
1552	2564	WerFault.exe	Unicorn-51036.exe
1744	2684	WerFault.exe	Unicorn-9017.exe
316	2596	WerFault.exe	Unicorn-37283.exe
1140	2472	WerFault.exe	Unicorn-34315.exe
1748	2772	WerFault.exe	Unicorn-19371.exe
2316	2640	WerFault.exe	Unicorn-50097.exe
3052	1032	WerFault.exe	Unicorn-59116.exe
1424	2540	WerFault.exe	Unicorn-8524.exe
2148	1500	WerFault.exe	Unicorn-59116.exe
2964	1028	WerFault.exe	Unicorn-5831.exe
1532	748	WerFault.exe	Unicorn-51503.exe
2800	2000	WerFault.exe	Unicorn-62214.exe
1408	2216	WerFault.exe	Unicorn-11067.exe
560	664	WerFault.exe	Unicorn-3454.exe
1488	776	WerFault.exe	Unicorn-3454.exe
3040	2916	WerFault.exe	Unicorn-54601.exe
1136	712	WerFault.exe	Unicorn-23320.exe
832	2212	WerFault.exe	Unicorn-35572.exe
2432	408	WerFault.exe	Unicorn-40485.exe
780	3048	WerFault.exe	Unicorn-56075.exe
956	1700	WerFault.exe	Unicorn-11705.exe
2740	1464	WerFault.exe	Unicorn-15042.exe
2412	908	WerFault.exe	Unicorn-45769.exe
2476	900	WerFault.exe	Unicorn-10958.exe
2620	236	WerFault.exe	Unicorn-56630.exe
2692	2256	WerFault.exe	Unicorn-64798.exe
2544	2220	WerFault.exe	Unicorn-23211.exe
1572	988	WerFault.exe	Unicorn-34071.exe
1648	2424	WerFault.exe	Unicorn-23211.exe
1276	1528	WerFault.exe	Unicorn-21540.exe
1212	2140	WerFault.exe	Unicorn-39822.exe
2576	2608	WerFault.exe	Unicorn-56713.exe
3296	1356	WerFault.exe	Unicorn-8280.exe
3328	2384	WerFault.exe	Unicorn-54788.exe
3360	752	WerFault.exe	Unicorn-34176.exe
3384	2844	WerFault.exe	Unicorn-41768.exe
3464	2516	WerFault.exe	Unicorn-56713.exe
3708	1584	WerFault.exe	Unicorn-46620.exe
3716	2932	WerFault.exe	Unicorn-40398.exe
3732	2164	WerFault.exe	Unicorn-49121.exe
3748	2928	WerFault.exe	Unicorn-51259.exe
3772	1832	WerFault.exe	Unicorn-43630.exe
3764	2088	WerFault.exe	Unicorn-30262.exe
3796	1156	WerFault.exe	Unicorn-63496.exe
3852	784	WerFault.exe	Unicorn-43076.exe
3944	864	WerFault.exe	Unicorn-19978.exe
3964	2536	WerFault.exe	Unicorn-9671.exe
3440	2624	WerFault.exe	Unicorn-58296.exe
3540	2192	WerFault.exe	Unicorn-30838.exe
3580	328	WerFault.exe	Unicorn-13610.exe
3656	1852	WerFault.exe	Unicorn-14295.exe
3740	2812	WerFault.exe	Unicorn-24471.exe
3920	2156	WerFault.exe	Unicorn-30139.exe
3952	1924	WerFault.exe	Unicorn-24471.exe
1448	2668	WerFault.exe	Unicorn-10465.exe
3092	584	WerFault.exe	Unicorn-2598.exe
3116	2368	WerFault.exe	Unicorn-59282.exe
3128	2180	WerFault.exe	Unicorn-29240.exe
3160	2876	WerFault.exe	Unicorn-30632.exe
3172	1288	WerFault.exe	Unicorn-45577.exe
3216	2736	WerFault.exe	Unicorn-25178.exe
3272	876	WerFault.exe	Unicorn-18380.exe
3432	2184	WerFault.exe	Unicorn-1358.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

476510f824fcda9e300724d3b9117381f643576fac2b6bd8578cdfe4a1319ccd.exeUnicorn-51036.exeUnicorn-9017.exeUnicorn-37283.exeUnicorn-34315.exeUnicorn-19371.exeUnicorn-50097.exeUnicorn-51503.exeUnicorn-59116.exeUnicorn-59116.exeUnicorn-5831.exeUnicorn-8524.exeUnicorn-62214.exeUnicorn-54601.exeUnicorn-11067.exeUnicorn-3454.exeUnicorn-35572.exeUnicorn-3454.exeUnicorn-23320.exeUnicorn-40485.exeUnicorn-56075.exeUnicorn-11705.exeUnicorn-15042.exeUnicorn-56630.exeUnicorn-45769.exeUnicorn-10958.exeUnicorn-23211.exeUnicorn-64798.exeUnicorn-34071.exeUnicorn-23211.exeUnicorn-21540.exeUnicorn-39822.exeUnicorn-30262.exeUnicorn-58296.exeUnicorn-41768.exeUnicorn-56713.exeUnicorn-56713.exeUnicorn-9671.exeUnicorn-51259.exeUnicorn-40398.exeUnicorn-30838.exeUnicorn-46620.exeUnicorn-19978.exeUnicorn-8280.exeUnicorn-58872.exeUnicorn-54788.exeUnicorn-34176.exeUnicorn-49121.exeUnicorn-63496.exeUnicorn-43630.exeUnicorn-43076.exeUnicorn-2598.exeUnicorn-18380.exeUnicorn-45577.exeUnicorn-30632.exeUnicorn-14295.exeUnicorn-29240.exeUnicorn-10211.exeUnicorn-25178.exeUnicorn-11856.exeUnicorn-10465.exeUnicorn-42391.exeUnicorn-17887.exeUnicorn-10273.exe

pid	process
2252	476510f824fcda9e300724d3b9117381f643576fac2b6bd8578cdfe4a1319ccd.exe
2564	Unicorn-51036.exe
2684	Unicorn-9017.exe
2596	Unicorn-37283.exe
2472	Unicorn-34315.exe
2772	Unicorn-19371.exe
2640	Unicorn-50097.exe
748	Unicorn-51503.exe
1032	Unicorn-59116.exe
1500	Unicorn-59116.exe
1028	Unicorn-5831.exe
2540	Unicorn-8524.exe
2000	Unicorn-62214.exe
2916	Unicorn-54601.exe
2216	Unicorn-11067.exe
776	Unicorn-3454.exe
2212	Unicorn-35572.exe
664	Unicorn-3454.exe
712	Unicorn-23320.exe
408	Unicorn-40485.exe
3048	Unicorn-56075.exe
1700	Unicorn-11705.exe
1464	Unicorn-15042.exe
236	Unicorn-56630.exe
908	Unicorn-45769.exe
900	Unicorn-10958.exe
2220	Unicorn-23211.exe
2256	Unicorn-64798.exe
988	Unicorn-34071.exe
2424	Unicorn-23211.exe
1528	Unicorn-21540.exe
2140	Unicorn-39822.exe
2088	Unicorn-30262.exe
2624	Unicorn-58296.exe
2844	Unicorn-41768.exe
2608	Unicorn-56713.exe
2516	Unicorn-56713.exe
2536	Unicorn-9671.exe
2928	Unicorn-51259.exe
2932	Unicorn-40398.exe
2192	Unicorn-30838.exe
1584	Unicorn-46620.exe
864	Unicorn-19978.exe
1356	Unicorn-8280.exe
1448	Unicorn-58872.exe
2384	Unicorn-54788.exe
752	Unicorn-34176.exe
2164	Unicorn-49121.exe
1156	Unicorn-63496.exe
1832	Unicorn-43630.exe
784	Unicorn-43076.exe
584	Unicorn-2598.exe
876	Unicorn-18380.exe
1288	Unicorn-45577.exe
2876	Unicorn-30632.exe
1852	Unicorn-14295.exe
2180	Unicorn-29240.exe
1664	Unicorn-10211.exe
2736	Unicorn-25178.exe
1208	Unicorn-11856.exe
2668	Unicorn-10465.exe
2660	Unicorn-42391.exe
2500	Unicorn-17887.exe
2936	Unicorn-10273.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

476510f824fcda9e300724d3b9117381f643576fac2b6bd8578cdfe4a1319ccd.exeUnicorn-51036.exeUnicorn-9017.exeUnicorn-37283.exeUnicorn-34315.exeUnicorn-50097.exeUnicorn-19371.exeUnicorn-59116.exe

description	pid	process	target process
PID 2252 wrote to memory of 2564	2252	476510f824fcda9e300724d3b9117381f643576fac2b6bd8578cdfe4a1319ccd.exe	Unicorn-51036.exe
PID 2252 wrote to memory of 2564	2252	476510f824fcda9e300724d3b9117381f643576fac2b6bd8578cdfe4a1319ccd.exe	Unicorn-51036.exe
PID 2252 wrote to memory of 2564	2252	476510f824fcda9e300724d3b9117381f643576fac2b6bd8578cdfe4a1319ccd.exe	Unicorn-51036.exe
PID 2252 wrote to memory of 2564	2252	476510f824fcda9e300724d3b9117381f643576fac2b6bd8578cdfe4a1319ccd.exe	Unicorn-51036.exe
PID 2564 wrote to memory of 2684	2564	Unicorn-51036.exe	Unicorn-9017.exe
PID 2564 wrote to memory of 2684	2564	Unicorn-51036.exe	Unicorn-9017.exe
PID 2564 wrote to memory of 2684	2564	Unicorn-51036.exe	Unicorn-9017.exe
PID 2564 wrote to memory of 2684	2564	Unicorn-51036.exe	Unicorn-9017.exe
PID 2252 wrote to memory of 2596	2252	476510f824fcda9e300724d3b9117381f643576fac2b6bd8578cdfe4a1319ccd.exe	Unicorn-37283.exe
PID 2252 wrote to memory of 2596	2252	476510f824fcda9e300724d3b9117381f643576fac2b6bd8578cdfe4a1319ccd.exe	Unicorn-37283.exe
PID 2252 wrote to memory of 2596	2252	476510f824fcda9e300724d3b9117381f643576fac2b6bd8578cdfe4a1319ccd.exe	Unicorn-37283.exe
PID 2252 wrote to memory of 2596	2252	476510f824fcda9e300724d3b9117381f643576fac2b6bd8578cdfe4a1319ccd.exe	Unicorn-37283.exe
PID 2252 wrote to memory of 2572	2252	476510f824fcda9e300724d3b9117381f643576fac2b6bd8578cdfe4a1319ccd.exe	WerFault.exe
PID 2252 wrote to memory of 2572	2252	476510f824fcda9e300724d3b9117381f643576fac2b6bd8578cdfe4a1319ccd.exe	WerFault.exe
PID 2252 wrote to memory of 2572	2252	476510f824fcda9e300724d3b9117381f643576fac2b6bd8578cdfe4a1319ccd.exe	WerFault.exe
PID 2252 wrote to memory of 2572	2252	476510f824fcda9e300724d3b9117381f643576fac2b6bd8578cdfe4a1319ccd.exe	WerFault.exe
PID 2684 wrote to memory of 2772	2684	Unicorn-9017.exe	Unicorn-19371.exe
PID 2684 wrote to memory of 2772	2684	Unicorn-9017.exe	Unicorn-19371.exe
PID 2684 wrote to memory of 2772	2684	Unicorn-9017.exe	Unicorn-19371.exe
PID 2684 wrote to memory of 2772	2684	Unicorn-9017.exe	Unicorn-19371.exe
PID 2564 wrote to memory of 2472	2564	Unicorn-51036.exe	Unicorn-34315.exe
PID 2564 wrote to memory of 2472	2564	Unicorn-51036.exe	Unicorn-34315.exe
PID 2564 wrote to memory of 2472	2564	Unicorn-51036.exe	Unicorn-34315.exe
PID 2564 wrote to memory of 2472	2564	Unicorn-51036.exe	Unicorn-34315.exe
PID 2596 wrote to memory of 2640	2596	Unicorn-37283.exe	Unicorn-50097.exe
PID 2596 wrote to memory of 2640	2596	Unicorn-37283.exe	Unicorn-50097.exe
PID 2596 wrote to memory of 2640	2596	Unicorn-37283.exe	Unicorn-50097.exe
PID 2596 wrote to memory of 2640	2596	Unicorn-37283.exe	Unicorn-50097.exe
PID 2564 wrote to memory of 1552	2564	Unicorn-51036.exe	WerFault.exe
PID 2564 wrote to memory of 1552	2564	Unicorn-51036.exe	WerFault.exe
PID 2564 wrote to memory of 1552	2564	Unicorn-51036.exe	WerFault.exe
PID 2564 wrote to memory of 1552	2564	Unicorn-51036.exe	WerFault.exe
PID 2684 wrote to memory of 2540	2684	Unicorn-9017.exe	Unicorn-8524.exe
PID 2684 wrote to memory of 2540	2684	Unicorn-9017.exe	Unicorn-8524.exe
PID 2684 wrote to memory of 2540	2684	Unicorn-9017.exe	Unicorn-8524.exe
PID 2684 wrote to memory of 2540	2684	Unicorn-9017.exe	Unicorn-8524.exe
PID 2596 wrote to memory of 748	2596	Unicorn-37283.exe	Unicorn-51503.exe
PID 2596 wrote to memory of 748	2596	Unicorn-37283.exe	Unicorn-51503.exe
PID 2596 wrote to memory of 748	2596	Unicorn-37283.exe	Unicorn-51503.exe
PID 2596 wrote to memory of 748	2596	Unicorn-37283.exe	Unicorn-51503.exe
PID 2472 wrote to memory of 1500	2472	Unicorn-34315.exe	Unicorn-59116.exe
PID 2472 wrote to memory of 1500	2472	Unicorn-34315.exe	Unicorn-59116.exe
PID 2472 wrote to memory of 1500	2472	Unicorn-34315.exe	Unicorn-59116.exe
PID 2472 wrote to memory of 1500	2472	Unicorn-34315.exe	Unicorn-59116.exe
PID 2640 wrote to memory of 1028	2640	Unicorn-50097.exe	Unicorn-5831.exe
PID 2640 wrote to memory of 1028	2640	Unicorn-50097.exe	Unicorn-5831.exe
PID 2640 wrote to memory of 1028	2640	Unicorn-50097.exe	Unicorn-5831.exe
PID 2640 wrote to memory of 1028	2640	Unicorn-50097.exe	Unicorn-5831.exe
PID 2772 wrote to memory of 1032	2772	Unicorn-19371.exe	Unicorn-59116.exe
PID 2772 wrote to memory of 1032	2772	Unicorn-19371.exe	Unicorn-59116.exe
PID 2772 wrote to memory of 1032	2772	Unicorn-19371.exe	Unicorn-59116.exe
PID 2772 wrote to memory of 1032	2772	Unicorn-19371.exe	Unicorn-59116.exe
PID 2684 wrote to memory of 1744	2684	Unicorn-9017.exe	WerFault.exe
PID 2684 wrote to memory of 1744	2684	Unicorn-9017.exe	WerFault.exe
PID 2684 wrote to memory of 1744	2684	Unicorn-9017.exe	WerFault.exe
PID 2684 wrote to memory of 1744	2684	Unicorn-9017.exe	WerFault.exe
PID 2596 wrote to memory of 316	2596	Unicorn-37283.exe	WerFault.exe
PID 2596 wrote to memory of 316	2596	Unicorn-37283.exe	WerFault.exe
PID 2596 wrote to memory of 316	2596	Unicorn-37283.exe	WerFault.exe
PID 2596 wrote to memory of 316	2596	Unicorn-37283.exe	WerFault.exe
PID 1032 wrote to memory of 2000	1032	Unicorn-59116.exe	Unicorn-62214.exe
PID 1032 wrote to memory of 2000	1032	Unicorn-59116.exe	Unicorn-62214.exe
PID 1032 wrote to memory of 2000	1032	Unicorn-59116.exe	Unicorn-62214.exe
PID 1032 wrote to memory of 2000	1032	Unicorn-59116.exe	Unicorn-62214.exe

C:\Users\Admin\AppData\Local\Temp\476510f824fcda9e300724d3b9117381f643576fac2b6bd8578cdfe4a1319ccd.exe
"C:\Users\Admin\AppData\Local\Temp\476510f824fcda9e300724d3b9117381f643576fac2b6bd8578cdfe4a1319ccd.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2252
- C:\Users\Admin\AppData\Local\Temp\Unicorn-51036.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-51036.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2564
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9017.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9017.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19371.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19371.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59116.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62214.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56075.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39822.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43076.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51327.exe
        10⤵
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50040.exe
        11⤵
        
        PID:3200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9282.exe
        12⤵
        
        PID:4060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60712.exe
        13⤵
        
        PID:5420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27240.exe
        14⤵
        
        PID:7900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42249.exe
        15⤵
        
        PID:11404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19598.exe
        16⤵
        
        PID:12140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7900 -s 216
        15⤵
        
        PID:12036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5420 -s 220
        14⤵
        
        PID:9804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4060 -s 216
        13⤵
        
        PID:6680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3200 -s 216
        12⤵
        
        PID:5332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7891.exe
        11⤵
        
        PID:3284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12279.exe
        12⤵
        
        PID:5872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35876.exe
        13⤵
        
        PID:8064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48139.exe
        14⤵
        
        PID:10308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35311.exe
        15⤵
        
        PID:6972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10308 -s 216
        15⤵
        
        PID:8692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8064 -s 216
        14⤵
        
        PID:11476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5872 -s 220
        13⤵
        
        PID:8860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3284 -s 220
        12⤵
        
        PID:6196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3000 -s 240
        11⤵
        
        PID:5456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60901.exe
        10⤵
        
        PID:3240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30388.exe
        11⤵
        
        PID:3112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5699.exe
        12⤵
        
        PID:5072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-598.exe
        13⤵
        
        PID:7472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42010.exe
        14⤵
        
        PID:8404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25140.exe
        15⤵
        
        PID:11564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8404 -s 216
        15⤵
        
        PID:11920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7472 -s 216
        14⤵
        
        PID:9652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5072 -s 216
        13⤵
        
        PID:8440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3240 -s 216
        11⤵
        
        PID:4524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 784 -s 240
        10⤵
        Program crash
        
        PID:3852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46428.exe
        9⤵
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10953.exe
        10⤵
        
        PID:3316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1498.exe
        11⤵
        
        PID:4348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56026.exe
        12⤵
        
        PID:5364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38938.exe
        13⤵
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48196.exe
        14⤵
        
        PID:4156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18036.exe
        15⤵
        
        PID:6360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2832 -s 216
        14⤵
        
        PID:11844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5364 -s 216
        13⤵
        
        PID:9796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4348 -s 216
        12⤵
        
        PID:7248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3316 -s 216
        11⤵
        
        PID:5812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2821.exe
        10⤵
        
        PID:4452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32041.exe
        11⤵
        
        PID:5304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19265.exe
        12⤵
        
        PID:8016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55113.exe
        13⤵
        
        PID:9988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56442.exe
        14⤵
        
        PID:6356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9988 -s 216
        14⤵
        
        PID:12192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8016 -s 216
        13⤵
        
        PID:10568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5304 -s 216
        12⤵
        
        PID:8772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4452 -s 216
        11⤵
        
        PID:6664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2416 -s 240
        10⤵
        
        PID:4892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2140 -s 240
        9⤵
        Program crash
        
        PID:1212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2598.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62593.exe
        9⤵
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56454.exe
        10⤵
        
        PID:3492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22495.exe
        11⤵
        
        PID:4676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59809.exe
        12⤵
        
        PID:6316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28907.exe
        13⤵
        
        PID:8380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-744.exe
        14⤵
        
        PID:11864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8380 -s 216
        14⤵
        
        PID:7372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6316 -s 216
        13⤵
        
        PID:10088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4676 -s 216
        12⤵
        
        PID:7604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3492 -s 236
        11⤵
        
        PID:6136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19541.exe
        10⤵
        
        PID:4908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13841.exe
        11⤵
        
        PID:6060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35876.exe
        12⤵
        
        PID:8036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24496.exe
        13⤵
        
        PID:9604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34076.exe
        14⤵
        
        PID:11660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9604 -s 216
        14⤵
        
        PID:7380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8036 -s 216
        13⤵
        
        PID:10292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6060 -s 220
        12⤵
        
        PID:8984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4908 -s 216
        11⤵
        
        PID:6440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48841.exe
        9⤵
        
        PID:3520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37269.exe
        10⤵
        
        PID:5076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3520 -s 236
        10⤵
        
        PID:5012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 584 -s 240
        9⤵
        Program crash
        
        PID:3092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3048 -s 240
        8⤵
        Program crash
        
        PID:780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30262.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18380.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52095.exe
        9⤵
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26195.exe
        10⤵
        
        PID:4180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40977.exe
        11⤵
        
        PID:5212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40453.exe
        12⤵
        
        PID:8160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35757.exe
        13⤵
        
        PID:10596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6914.exe
        14⤵
        
        PID:12240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10596 -s 236
        14⤵
        
        PID:8924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8160 -s 216
        13⤵
        
        PID:10332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5212 -s 216
        12⤵
        
        PID:8540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4180 -s 236
        11⤵
        
        PID:6232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2900 -s 236
        10⤵
        
        PID:5384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 876 -s 236
        9⤵
        Program crash
        
        PID:3272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44482.exe
        8⤵
        
        PID:1792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46615.exe
        9⤵
        
        PID:4168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15788.exe
        10⤵
        
        PID:5168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36369.exe
        11⤵
        
        PID:7320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28196.exe
        12⤵
        
        PID:9416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64911.exe
        13⤵
        
        PID:12080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9416 -s 236
        13⤵
        
        PID:6388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7320 -s 216
        12⤵
        
        PID:10368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5168 -s 216
        11⤵
        
        PID:8948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4168 -s 216
        10⤵
        
        PID:6496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1792 -s 236
        9⤵
        
        PID:5680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2088 -s 240
        8⤵
        Program crash
        
        PID:3764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2000 -s 240
        7⤵
        Program crash
        
        PID:2800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11705.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58296.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30632.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11062.exe
        9⤵
        
        PID:628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20549.exe
        10⤵
        
        PID:4432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10525.exe
        11⤵
        
        PID:5208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40536.exe
        12⤵
        
        PID:7488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2887.exe
        13⤵
        
        PID:11044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52545.exe
        14⤵
        
        PID:8208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7488 -s 216
        13⤵
        
        PID:11748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5208 -s 220
        12⤵
        
        PID:9732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4432 -s 216
        11⤵
        
        PID:7184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 628 -s 236
        10⤵
        
        PID:5856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2876 -s 216
        9⤵
        Program crash
        
        PID:3160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32229.exe
        8⤵
        
        PID:1248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1882.exe
        9⤵
        
        PID:4840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32124.exe
        10⤵
        
        PID:5524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41906.exe
        11⤵
        
        PID:8132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54361.exe
        12⤵
        
        PID:1968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35166.exe
        13⤵
        
        PID:7768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8132 -s 216
        12⤵
        
        PID:11484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5524 -s 220
        11⤵
        
        PID:9236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4840 -s 216
        10⤵
        
        PID:6596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1248 -s 216
        9⤵
        
        PID:5276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2624 -s 240
        8⤵
        Program crash
        
        PID:3440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45577.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45873.exe
        8⤵
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47575.exe
        9⤵
        
        PID:4972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1314.exe
        10⤵
        
        PID:5264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45907.exe
        11⤵
        
        PID:7948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54838.exe
        12⤵
        
        PID:9384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11517.exe
        13⤵
        
        PID:11712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9384 -s 216
        13⤵
        
        PID:11304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7948 -s 216
        12⤵
        
        PID:10256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5264 -s 216
        11⤵
        
        PID:8748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4972 -s 216
        10⤵
        
        PID:6656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1288 -s 236
        8⤵
        Program crash
        
        PID:3172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1700 -s 240
        7⤵
        Program crash
        
        PID:956
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1032 -s 240
        6⤵
        Program crash
        
        PID:3052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54601.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23211.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34176.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52266.exe
        8⤵
        
        PID:1544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2593.exe
        9⤵
        
        PID:3408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20549.exe
        10⤵
        
        PID:4424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45637.exe
        11⤵
        
        PID:5660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30339.exe
        12⤵
        
        PID:7936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42306.exe
        13⤵
        
        PID:10128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19961.exe
        14⤵
        
        PID:6736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10128 -s 216
        14⤵
        
        PID:8416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7936 -s 216
        13⤵
        
        PID:10956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5660 -s 216
        12⤵
        
        PID:9208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4424 -s 216
        11⤵
        
        PID:6284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3408 -s 216
        10⤵
        
        PID:5864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55914.exe
        9⤵
        
        PID:4484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43582.exe
        10⤵
        
        PID:5148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11610.exe
        11⤵
        
        PID:7508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60391.exe
        12⤵
        
        PID:10592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18975.exe
        13⤵
        
        PID:12092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10592 -s 220
        13⤵
        
        PID:2080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7508 -s 220
        12⤵
        
        PID:11508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5148 -s 216
        11⤵
        
        PID:9904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4484 -s 216
        10⤵
        
        PID:7340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1544 -s 240
        9⤵
        
        PID:5932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 752 -s 236
        8⤵
        Program crash
        
        PID:3360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16303.exe
        7⤵
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19423.exe
        8⤵
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30388.exe
        9⤵
        
        PID:3132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3836.exe
        10⤵
        
        PID:5620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5620 -s 220
        11⤵
        
        PID:7452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3132 -s 216
        10⤵
        
        PID:6888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1716 -s 236
        9⤵
        
        PID:4236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57284.exe
        8⤵
        
        PID:3224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59067.exe
        9⤵
        
        PID:5788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21595.exe
        10⤵
        
        PID:1712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63089.exe
        11⤵
        
        PID:9836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25860.exe
        12⤵
        
        PID:6344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9836 -s 216
        12⤵
        
        PID:11984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1712 -s 216
        11⤵
        
        PID:10496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5788 -s 220
        10⤵
        
        PID:9088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3224 -s 236
        9⤵
        
        PID:7036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1616 -s 240
        8⤵
        
        PID:4984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2424 -s 240
        7⤵
        Program crash
        
        PID:1648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49121.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48421.exe
        7⤵
        
        PID:1688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29537.exe
        8⤵
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39407.exe
        9⤵
        
        PID:4924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58740.exe
        10⤵
        
        PID:6276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51465.exe
        11⤵
        
        PID:8352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2498.exe
        12⤵
        
        PID:11908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8352 -s 236
        12⤵
        
        PID:11288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6276 -s 216
        11⤵
        
        PID:10072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4924 -s 216
        10⤵
        
        PID:7524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1720 -s 216
        9⤵
        
        PID:5416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1688 -s 236
        8⤵
        
        PID:3488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20553.exe
        7⤵
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63143.exe
        8⤵
        
        PID:3340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55777.exe
        9⤵
        
        PID:4296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49799.exe
        10⤵
        
        PID:7500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3307.exe
        11⤵
        
        PID:9184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31362.exe
        12⤵
        
        PID:11412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9184 -s 216
        12⤵
        
        PID:7180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7500 -s 236
        11⤵
        
        PID:9428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4296 -s 216
        10⤵
        
        PID:8456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3340 -s 216
        9⤵
        
        PID:6460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2612 -s 236
        8⤵
        
        PID:4548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2164 -s 240
        7⤵
        Program crash
        
        PID:3732
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2916 -s 220
        6⤵
        Program crash
        
        PID:3040
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2772 -s 220
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:1748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8524.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8524.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35572.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56713.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25178.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56179.exe
        8⤵
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8296.exe
        9⤵
        
        PID:4392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-136.exe
        10⤵
        
        PID:6032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26255.exe
        11⤵
        
        PID:7976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12243.exe
        12⤵
        
        PID:9632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9488.exe
        13⤵
        
        PID:12132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9632 -s 216
        13⤵
        
        PID:7696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7976 -s 236
        12⤵
        
        PID:10300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6032 -s 216
        11⤵
        
        PID:8232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4392 -s 216
        10⤵
        
        PID:7136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2856 -s 216
        9⤵
        
        PID:5140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2736 -s 236
        8⤵
        Program crash
        
        PID:3216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44482.exe
        7⤵
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31457.exe
        8⤵
        
        PID:3188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32041.exe
        9⤵
        
        PID:5316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28009.exe
        10⤵
        
        PID:8164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55876.exe
        11⤵
        
        PID:10800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17740.exe
        12⤵
        
        PID:12044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10800 -s 236
        12⤵
        
        PID:8116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8164 -s 220
        11⤵
        
        PID:1948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5316 -s 216
        10⤵
        
        PID:8868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3188 -s 236
        9⤵
        
        PID:6672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2012 -s 236
        8⤵
        
        PID:4896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2516 -s 240
        7⤵
        Program crash
        
        PID:3464
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2212 -s 236
        6⤵
        Program crash
        
        PID:832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34071.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54788.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17887.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18690.exe
        8⤵
        
        PID:3676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23790.exe
        9⤵
        
        PID:4740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45824.exe
        10⤵
        
        PID:7280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-785.exe
        11⤵
        
        PID:8504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22317.exe
        12⤵
        
        PID:12280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8504 -s 216
        12⤵
        
        PID:6808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7280 -s 236
        11⤵
        
        PID:10188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4740 -s 216
        10⤵
        
        PID:7944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3676 -s 236
        9⤵
        
        PID:6244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2500 -s 236
        8⤵
        
        PID:4332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2384 -s 236
        7⤵
        Program crash
        
        PID:3328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10273.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54809.exe
        7⤵
        
        PID:984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24633.exe
        8⤵
        
        PID:4588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54215.exe
        9⤵
        
        PID:4264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15372.exe
        10⤵
        
        PID:7820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43977.exe
        11⤵
        
        PID:9628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17932.exe
        12⤵
        
        PID:7028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9628 -s 236
        12⤵
        
        PID:7600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7820 -s 216
        11⤵
        
        PID:10768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4264 -s 236
        10⤵
        
        PID:8632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4588 -s 236
        9⤵
        
        PID:6564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 984 -s 216
        8⤵
        
        PID:4732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2936 -s 236
        7⤵
        
        PID:4056
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 988 -s 240
        6⤵
        Program crash
        
        PID:1572
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2540 -s 240
        5⤵
        Program crash
        
        PID:1424
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2684 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1744
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34315.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34315.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59116.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59116.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11067.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15042.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41768.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14295.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5032.exe
        9⤵
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32033.exe
        10⤵
        
        PID:3612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2658.exe
        11⤵
        
        PID:5600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54843.exe
        12⤵
        
        PID:7520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5881.exe
        13⤵
        
        PID:11140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25545.exe
        14⤵
        
        PID:6104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11140 -s 216
        14⤵
        
        PID:8668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7520 -s 216
        13⤵
        
        PID:11436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5600 -s 216
        12⤵
        
        PID:9120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3612 -s 216
        11⤵
        
        PID:6252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2752 -s 236
        10⤵
        
        PID:5124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1852 -s 236
        9⤵
        Program crash
        
        PID:3656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24061.exe
        8⤵
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12105.exe
        9⤵
        
        PID:4036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15705.exe
        10⤵
        
        PID:5356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15757.exe
        11⤵
        
        PID:7256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60868.exe
        12⤵
        
        PID:9496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64610.exe
        13⤵
        
        PID:6396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9496 -s 216
        13⤵
        
        PID:12208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7256 -s 216
        12⤵
        
        PID:10400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5356 -s 216
        11⤵
        
        PID:8884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4036 -s 216
        10⤵
        
        PID:6712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2244 -s 236
        9⤵
        
        PID:4956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2844 -s 240
        8⤵
        Program crash
        
        PID:3384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29240.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11062.exe
        8⤵
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32609.exe
        9⤵
        
        PID:4872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54791.exe
        10⤵
        
        PID:5152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29379.exe
        11⤵
        
        PID:8044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40173.exe
        12⤵
        
        PID:9160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40791.exe
        13⤵
        
        PID:12252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9160 -s 236
        13⤵
        
        PID:7744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8044 -s 236
        12⤵
        
        PID:9984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5152 -s 216
        11⤵
        
        PID:8660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4872 -s 216
        10⤵
        
        PID:6600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2340 -s 216
        9⤵
        
        PID:4848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2180 -s 216
        8⤵
        Program crash
        
        PID:3128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1464 -s 240
        7⤵
        Program crash
        
        PID:2740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56713.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10211.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21561.exe
        8⤵
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58400.exe
        9⤵
        
        PID:3564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51083.exe
        10⤵
        
        PID:4644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17843.exe
        11⤵
        
        PID:5228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2736.exe
        12⤵
        
        PID:8100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35596.exe
        13⤵
        
        PID:8284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5980.exe
        14⤵
        
        PID:12220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8284 -s 216
        14⤵
        
        PID:7724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8100 -s 216
        13⤵
        
        PID:10032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5228 -s 216
        12⤵
        
        PID:8676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4644 -s 236
        11⤵
        
        PID:6632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3564 -s 216
        10⤵
        
        PID:4832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20911.exe
        9⤵
        
        PID:4748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3260.exe
        10⤵
        
        PID:5424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30784.exe
        11⤵
        
        PID:7288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12980.exe
        12⤵
        
        PID:11192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37558.exe
        13⤵
        
        PID:11688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11192 -s 216
        13⤵
        
        PID:8324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5424 -s 216
        11⤵
        
        PID:9304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4748 -s 216
        10⤵
        
        PID:6768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2848 -s 240
        9⤵
        
        PID:4980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46703.exe
        8⤵
        
        PID:3592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-320.exe
        9⤵
        
        PID:4144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64277.exe
        10⤵
        
        PID:6432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2840.exe
        11⤵
        
        PID:8520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17465.exe
        12⤵
        
        PID:11968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8520 -s 236
        12⤵
        
        PID:7288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4144 -s 216
        10⤵
        
        PID:7920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3592 -s 216
        9⤵
        
        PID:5204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1664 -s 240
        8⤵
        
        PID:4132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9863.exe
        7⤵
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64814.exe
        8⤵
        
        PID:3860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3860 -s 220
        9⤵
        
        PID:5708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2308 -s 236
        8⤵
        
        PID:4616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2608 -s 240
        7⤵
        Program crash
        
        PID:2576
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2216 -s 240
        6⤵
        Program crash
        
        PID:1408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56630.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19978.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13610.exe
        7⤵
        
        PID:328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9116.exe
        8⤵
        
        PID:1152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25811.exe
        9⤵
        
        PID:3664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63151.exe
        10⤵
        
        PID:5712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3312.exe
        11⤵
        
        PID:7544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46307.exe
        12⤵
        
        PID:9408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39914.exe
        13⤵
        
        PID:11924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9408 -s 236
        13⤵
        
        PID:11516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7544 -s 216
        12⤵
        
        PID:10688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5712 -s 220
        11⤵
        
        PID:8976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3664 -s 216
        10⤵
        
        PID:6980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1152 -s 216
        9⤵
        
        PID:4852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 328 -s 236
        8⤵
        Program crash
        
        PID:3580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28145.exe
        7⤵
        
        PID:2108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48561.exe
        8⤵
        
        PID:4304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17049.exe
        9⤵
        
        PID:5824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35876.exe
        10⤵
        
        PID:8076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44916.exe
        11⤵
        
        PID:9568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19494.exe
        12⤵
        
        PID:11888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9568 -s 216
        12⤵
        
        PID:7412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8076 -s 216
        11⤵
        
        PID:10280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5824 -s 220
        10⤵
        
        PID:8272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4304 -s 216
        9⤵
        
        PID:6324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2108 -s 236
        8⤵
        
        PID:5760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 864 -s 240
        7⤵
        Program crash
        
        PID:3944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24471.exe
        6⤵
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13200.exe
        7⤵
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22303.exe
        8⤵
        
        PID:4092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33795.exe
        9⤵
        
        PID:4664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6628.exe
        10⤵
        
        PID:7564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48232.exe
        11⤵
        
        PID:8620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54989.exe
        12⤵
        
        PID:11464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8620 -s 216
        12⤵
        
        PID:7860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7564 -s 236
        11⤵
        
        PID:9584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4664 -s 216
        10⤵
        
        PID:8492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4092 -s 216
        9⤵
        
        PID:6524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1936 -s 236
        8⤵
        
        PID:4128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2812 -s 236
        7⤵
        Program crash
        
        PID:3740
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 236 -s 240
        6⤵
        Program crash
        
        PID:2620
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1500 -s 240
        5⤵
        Program crash
        
        PID:2148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3454.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3454.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10958.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40398.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48421.exe
        7⤵
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31182.exe
        8⤵
        
        PID:880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30663.exe
        9⤵
        
        PID:4708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4708 -s 220
        10⤵
        
        PID:6412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 880 -s 216
        9⤵
        
        PID:5160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2004 -s 236
        8⤵
        
        PID:3684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4217.exe
        7⤵
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1690.exe
        8⤵
        
        PID:3472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30671.exe
        9⤵
        
        PID:5312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60873.exe
        10⤵
        
        PID:7788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62290.exe
        11⤵
        
        PID:10916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51839.exe
        12⤵
        
        PID:11372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10916 -s 236
        12⤵
        
        PID:9112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7788 -s 216
        11⤵
        
        PID:4520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5312 -s 216
        10⤵
        
        PID:8408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1724 -s 216
        8⤵
        
        PID:5544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2932 -s 220
        7⤵
        Program crash
        
        PID:3716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24471.exe
        6⤵
        
        PID:1924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62401.exe
        7⤵
        
        PID:1996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28333.exe
        8⤵
        
        PID:3280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18419.exe
        9⤵
        
        PID:5432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20033.exe
        10⤵
        
        PID:7580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54750.exe
        11⤵
        
        PID:10120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4501.exe
        12⤵
        
        PID:5924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 216
        12⤵
        
        PID:7612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7580 -s 216
        11⤵
        
        PID:11260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5432 -s 216
        10⤵
        
        PID:9140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3280 -s 216
        9⤵
        
        PID:6332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1996 -s 216
        8⤵
        
        PID:5552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1924 -s 236
        7⤵
        Program crash
        
        PID:3952
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 900 -s 240
        6⤵
        Program crash
        
        PID:2476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30838.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60865.exe
        6⤵
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5670.exe
        7⤵
        
        PID:3636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6350.exe
        8⤵
        
        PID:4196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23354.exe
        9⤵
        
        PID:6188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59249.exe
        10⤵
        
        PID:8224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28762.exe
        11⤵
        
        PID:11168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1891.exe
        12⤵
        
        PID:7396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8224 -s 236
        11⤵
        
        PID:11700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6188 -s 216
        10⤵
        
        PID:9924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4196 -s 216
        9⤵
        
        PID:7436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3636 -s 236
        8⤵
        
        PID:5840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2456 -s 216
        7⤵
        
        PID:4160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17839.exe
        6⤵
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31936.exe
        7⤵
        
        PID:4416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38258.exe
        8⤵
        
        PID:6168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8761.exe
        9⤵
        
        PID:1412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57127.exe
        10⤵
        
        PID:11312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1412 -s 216
        10⤵
        
        PID:7796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6168 -s 236
        9⤵
        
        PID:6432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4416 -s 216
        8⤵
        
        PID:7572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2864 -s 216
        7⤵
        
        PID:5752
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2192 -s 240
        6⤵
        Program crash
        
        PID:3540
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 664 -s 240
        5⤵
        Program crash
        
        PID:560
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2472 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1140
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2564 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:1552
- C:\Users\Admin\AppData\Local\Temp\Unicorn-37283.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-37283.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2596
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50097.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50097.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5831.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5831.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40485.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21540.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63496.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61633.exe
        8⤵
        
        PID:2988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27482.exe
        9⤵
        
        PID:2484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8021.exe
        10⤵
        
        PID:4064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32617.exe
        11⤵
        
        PID:5484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21211.exe
        12⤵
        
        PID:8136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50474.exe
        13⤵
        
        PID:9412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56826.exe
        14⤵
        
        PID:6988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9412 -s 216
        14⤵
        
        PID:7780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8136 -s 216
        13⤵
        
        PID:10980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5484 -s 216
        12⤵
        
        PID:8828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4064 -s 216
        11⤵
        
        PID:6816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2484 -s 236
        10⤵
        
        PID:4100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14606.exe
        9⤵
        
        PID:3088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65289.exe
        10⤵
        
        PID:5636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29955.exe
        11⤵
        
        PID:7480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39353.exe
        12⤵
        
        PID:10112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22400.exe
        13⤵
        
        PID:12104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10112 -s 236
        13⤵
        
        PID:7616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7480 -s 216
        12⤵
        
        PID:10648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5636 -s 216
        11⤵
        
        PID:8940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3088 -s 216
        10⤵
        
        PID:6916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2988 -s 240
        9⤵
        
        PID:4344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46511.exe
        8⤵
        
        PID:3076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29895.exe
        9⤵
        
        PID:3980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53805.exe
        10⤵
        
        PID:6004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1558.exe
        11⤵
        
        PID:8184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26494.exe
        12⤵
        
        PID:11112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51263.exe
        13⤵
        
        PID:6860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11112 -s 216
        13⤵
        
        PID:8508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8184 -s 216
        12⤵
        
        PID:11364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6004 -s 216
        11⤵
        
        PID:8532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3980 -s 216
        10⤵
        
        PID:6420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3076 -s 236
        9⤵
        
        PID:5344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1156 -s 240
        8⤵
        Program crash
        
        PID:3796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51882.exe
        7⤵
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31566.exe
        8⤵
        
        PID:3152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57606.exe
        9⤵
        
        PID:3404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12388.exe
        10⤵
        
        PID:6080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56405.exe
        11⤵
        
        PID:7836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48419.exe
        12⤵
        
        PID:10312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4501.exe
        13⤵
        
        PID:5916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10312 -s 216
        13⤵
        
        PID:7912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7836 -s 216
        12⤵
        
        PID:10736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6080 -s 220
        11⤵
        
        PID:9104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3404 -s 216
        10⤵
        
        PID:7156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3152 -s 216
        9⤵
        
        PID:4696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12167.exe
        8⤵
        
        PID:3588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3836.exe
        9⤵
        
        PID:5612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5612 -s 212
        10⤵
        
        PID:7708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3588 -s 216
        9⤵
        
        PID:6880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2264 -s 240
        8⤵
        
        PID:4208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1528 -s 240
        7⤵
        Program crash
        
        PID:1276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43630.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-180.exe
        7⤵
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35650.exe
        8⤵
        
        PID:3104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34171.exe
        9⤵
        
        PID:3304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23873.exe
        10⤵
        
        PID:5396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19841.exe
        11⤵
        
        PID:7388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37786.exe
        12⤵
        
        PID:10868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12093.exe
        13⤵
        
        PID:12260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10868 -s 216
        13⤵
        
        PID:7208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7388 -s 216
        12⤵
        
        PID:5112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5396 -s 216
        11⤵
        
        PID:8932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3304 -s 216
        10⤵
        
        PID:6744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3104 -s 236
        9⤵
        
        PID:4960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32587.exe
        8⤵
        
        PID:3500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1540 -s 240
        8⤵
        
        PID:4480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11700.exe
        7⤵
        
        PID:3140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62567.exe
        8⤵
        
        PID:3548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20365.exe
        9⤵
        
        PID:5564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54075.exe
        10⤵
        
        PID:7980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50282.exe
        11⤵
        
        PID:9700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51263.exe
        12⤵
        
        PID:6932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9700 -s 216
        12⤵
        
        PID:8328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7980 -s 216
        11⤵
        
        PID:11100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5564 -s 216
        10⤵
        
        PID:8764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3548 -s 216
        9⤵
        
        PID:6848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3140 -s 216
        8⤵
        
        PID:4808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1832 -s 240
        7⤵
        Program crash
        
        PID:3772
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 408 -s 240
        6⤵
        Program crash
        
        PID:2432
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1028 -s 216
        5⤵
        Program crash
        
        PID:2964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3454.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3454.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23211.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58872.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40253.exe
        7⤵
        
        PID:620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58893.exe
        8⤵
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40777.exe
        9⤵
        
        PID:4784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7017.exe
        10⤵
        
        PID:6216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50889.exe
        11⤵
        
        PID:8276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24953.exe
        12⤵
        
        PID:11292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27958.exe
        13⤵
        
        PID:12072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8276 -s 216
        12⤵
        
        PID:11940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6216 -s 216
        11⤵
        
        PID:9968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4784 -s 216
        10⤵
        
        PID:7444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2884 -s 216
        9⤵
        
        PID:5164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 620 -s 236
        8⤵
        
        PID:4048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17538.exe
        7⤵
        
        PID:1144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28717.exe
        8⤵
        
        PID:4552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6742.exe
        9⤵
        
        PID:5728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32285.exe
        10⤵
        
        PID:8124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27864.exe
        11⤵
        
        PID:11068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18700.exe
        12⤵
        
        PID:11432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11068 -s 220
        12⤵
        
        PID:7648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8124 -s 216
        11⤵
        
        PID:11324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5728 -s 220
        10⤵
        
        PID:8372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4552 -s 216
        9⤵
        
        PID:6292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1144 -s 216
        8⤵
        
        PID:5940
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2220 -s 236
        6⤵
        Program crash
        
        PID:2544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8280.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42391.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58893.exe
        7⤵
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38639.exe
        8⤵
        
        PID:3644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63727.exe
        9⤵
        
        PID:5972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21595.exe
        10⤵
        
        PID:7816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52316.exe
        11⤵
        
        PID:9248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47698.exe
        12⤵
        
        PID:5800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9248 -s 216
        12⤵
        
        PID:6956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7816 -s 236
        11⤵
        
        PID:9592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5972 -s 220
        10⤵
        
        PID:9056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3644 -s 236
        9⤵
        
        PID:7068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1680 -s 236
        8⤵
        
        PID:4776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26941.exe
        7⤵
        
        PID:4004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63727.exe
        8⤵
        
        PID:5964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12056.exe
        9⤵
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38170.exe
        10⤵
        
        PID:11024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52187.exe
        11⤵
        
        PID:11684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11024 -s 216
        11⤵
        
        PID:9096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2056 -s 216
        10⤵
        
        PID:11280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5964 -s 216
        9⤵
        
        PID:9192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4004 -s 216
        8⤵
        
        PID:7076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2660 -s 240
        7⤵
        
        PID:4276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34943.exe
        6⤵
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20466.exe
        7⤵
        
        PID:3984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50323.exe
        8⤵
        
        PID:4404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25103.exe
        9⤵
        
        PID:7536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56421.exe
        10⤵
        
        PID:9552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33.exe
        11⤵
        
        PID:11624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9552 -s 216
        11⤵
        
        PID:8248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7536 -s 216
        10⤵
        
        PID:10728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4404 -s 216
        9⤵
        
        PID:8476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3984 -s 216
        8⤵
        
        PID:6488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2044 -s 236
        7⤵
        
        PID:4596
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1356 -s 240
        6⤵
        Program crash
        
        PID:3296
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 776 -s 220
        5⤵
        Program crash
        
        PID:1488
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2640 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:2316
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51503.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51503.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23320.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23320.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45769.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9671.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11856.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9692.exe
        8⤵
        
        PID:1320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31239.exe
        9⤵
        
        PID:5020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5020 -s 220
        10⤵
        
        PID:5376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1320 -s 236
        9⤵
        
        PID:5688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1208 -s 236
        8⤵
        
        PID:3292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51280.exe
        7⤵
        
        PID:800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1498.exe
        8⤵
        
        PID:4372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3452.exe
        9⤵
        
        PID:5188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17319.exe
        10⤵
        
        PID:7892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26520.exe
        11⤵
        
        PID:10612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35119.exe
        12⤵
        
        PID:12172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10612 -s 216
        12⤵
        
        PID:8820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7892 -s 216
        11⤵
        
        PID:10276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5188 -s 216
        10⤵
        
        PID:8708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4372 -s 236
        9⤵
        
        PID:6616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 800 -s 236
        8⤵
        
        PID:4804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2536 -s 240
        7⤵
        Program crash
        
        PID:3964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10465.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6978.exe
        7⤵
        
        PID:2060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58628.exe
        8⤵
        
        PID:4280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58491.exe
        9⤵
        
        PID:4496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31133.exe
        10⤵
        
        PID:7624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3328.exe
        11⤵
        
        PID:9492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3925.exe
        12⤵
        
        PID:12212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9492 -s 216
        12⤵
        
        PID:8144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7624 -s 216
        11⤵
        
        PID:10704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4496 -s 216
        10⤵
        
        PID:8552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4280 -s 216
        9⤵
        
        PID:6500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2060 -s 216
        8⤵
        
        PID:4572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2668 -s 236
        7⤵
        Program crash
        
        PID:1448
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 908 -s 240
        6⤵
        Program crash
        
        PID:2412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51259.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30139.exe
        6⤵
        Executes dropped EXE
        
        PID:2156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-948.exe
        7⤵
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51083.exe
        8⤵
        
        PID:4652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24724.exe
        9⤵
        
        PID:5380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65232.exe
        10⤵
        
        PID:8148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8148 -s 200
        11⤵
        
        PID:9956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5380 -s 216
        10⤵
        
        PID:9668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4652 -s 216
        9⤵
        
        PID:7200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2172 -s 216
        8⤵
        
        PID:6112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2156 -s 236
        7⤵
        Program crash
        
        PID:3920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42535.exe
        6⤵
        
        PID:812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38447.exe
        7⤵
        
        PID:4104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22503.exe
        8⤵
        
        PID:5528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48813.exe
        9⤵
        
        PID:8040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22654.exe
        10⤵
        
        PID:9828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12752.exe
        11⤵
        
        PID:12060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9828 -s 216
        11⤵
        
        PID:8760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8040 -s 216
        10⤵
        
        PID:9516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5528 -s 220
        9⤵
        
        PID:8240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 812 -s 236
        7⤵
        
        PID:5672
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2928 -s 240
        6⤵
        Program crash
        
        PID:3748
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 712 -s 240
        5⤵
        Program crash
        
        PID:1136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64798.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64798.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46620.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1358.exe
        6⤵
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51026.exe
        7⤵
        
        PID:1416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51781.exe
        8⤵
        
        PID:4380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3748.exe
        9⤵
        
        PID:7112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56509.exe
        10⤵
        
        PID:9124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3458.exe
        11⤵
        
        PID:12052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9124 -s 216
        11⤵
        
        PID:6376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7112 -s 236
        10⤵
        
        PID:9896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4380 -s 236
        9⤵
        
        PID:8176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1416 -s 216
        8⤵
        
        PID:5300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2184 -s 236
        7⤵
        Program crash
        
        PID:3432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9671.exe
        6⤵
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24249.exe
        7⤵
        
        PID:3572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26478.exe
        8⤵
        
        PID:6056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46566.exe
        9⤵
        
        PID:7468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5829.exe
        10⤵
        
        PID:9692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3266.exe
        11⤵
        
        PID:12160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9692 -s 236
        11⤵
        
        PID:7720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7468 -s 236
        10⤵
        
        PID:10336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6056 -s 216
        9⤵
        
        PID:9324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3572 -s 220
        8⤵
        
        PID:3472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1608 -s 216
        7⤵
        
        PID:5604
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1584 -s 240
        6⤵
        Program crash
        
        PID:3708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59282.exe
        5⤵
        
        PID:2368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15146.exe
        6⤵
        
        PID:1496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30279.exe
        7⤵
        
        PID:4244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14417.exe
        8⤵
        
        PID:5584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37376.exe
        9⤵
        
        PID:7552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52446.exe
        10⤵
        
        PID:11664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7552 -s 216
        10⤵
        
        PID:12168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5584 -s 236
        9⤵
        
        PID:9820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4244 -s 216
        8⤵
        
        PID:7240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1496 -s 236
        7⤵
        
        PID:5740
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2368 -s 236
        6⤵
        Program crash
        
        PID:3116
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2256 -s 240
        5⤵
        Program crash
        
        PID:2692
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 748 -s 240
      4⤵
      Program crash
      PID:1532
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2596 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:316
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2252 -s 240
  2⤵
  - Program crash
  PID:2572

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-11067.exe

Filesize
184KB

MD5
6130174e63a0b55f9e35b486c665b5d0

SHA1
8938f460d13ff8e722a76ed5c12d9299b3d29c1f

SHA256
50ea0bb18b0e266d20e15e7b7477428231a509f3c3e9860d0efdc772e067acf3

SHA512
298697944333d7bc745a6241673b66f43ebf8ae6dc9cf2fa759b246906a038fa8918696f6f5681c68211bbc4ed0a456e24297f4fecc18e0085d7506e4ba3a97e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-17740.exe

Filesize
184KB

MD5
994dffb05af3d337b31abff74076a2bc

SHA1
24a7f5b9804d16fbd4fe5b99354ca9b97bee3d65

SHA256
6e7fb79d45dfa0801e48d3bb777d1c3f50776c8812f38a91dcd976d07c74586c

SHA512
65be019b117784095ca334a0b8fea4aceed74e095fa3f4f075a37ecee93417185458847a2b3a256575f6b5cfcd081710fd640d0f1fd7a29b6595a03334d1a52e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22654.exe

Filesize
184KB

MD5
c573e620df3603e559c41f022cf8d4aa

SHA1
2cf3944a1385bd6bcfe1721cb669e4cf035e7fb4

SHA256
19d18e484d84b8b64762536cb8bcb3e9b19290fbb0865d66293765d5d26ec441

SHA512
e8c88ea71bd9dbcba4531a42f71c44dd3ed464cf067132e2957dc1cf392099bfa23a2ef2299aa3eb0ba7ebf336bbfc0b2760ee924d1d4ca363ba828497a0718a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23320.exe

Filesize
184KB

MD5
623cdfd7ac757794069f3e838f204c26

SHA1
08e17d197b072e5d7b1dd2b79da8cef380a05178

SHA256
ee4144663ac038052053ea6c4d8d8b12911bc0cab30843db129907e75e54e6d4

SHA512
b2830a710aec2f66e7312fbafcb4a9feedd04b3ea7d7753c8a0bb32cfbc76c53571e9ab767393bb9a4d0091e1de1dbc700fb7c2ddc3f0a510f0d9a64bc406f55

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32285.exe

Filesize
184KB

MD5
d96b888b4063e67394f1e7421b7e3073

SHA1
ff81c724a388e4c52b2fc9597b1366d7ec7bf1f6

SHA256
32e034a6950ecfc1e5e3ab30d9a2e001f4da08e91601861cf0f5334c29d489ea

SHA512
26f0e4457856f912dab480cc2aec2598df2fc995dd6870c422ff22862bd8f6f5a9f62ae77668045cbc1eff55a37366bb95a1ace31b76451442edd0d995b8ddea

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33.exe

Filesize
184KB

MD5
f8bfbb4af91d8f1aa8ccb8d09eab83a8

SHA1
2015aa1a9714a96a6002d3bc7ae44ee67446a801

SHA256
a6705cad750d19f8bc962b27865ea6361ce86d9e20e82839e928bc4dfe3347cc

SHA512
bb5df324527caa33e025eff43c71ded7a2591169c7f04eeb9b65d8a231f6ab7dc986af6e374bffc2ed89e541e6659ffd2df617be425cfbc55b771815deebb99c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34315.exe

Filesize
184KB

MD5
4958cb72196f93ffa4e5b7069ef74a73

SHA1
c7ac7ca693e8490bc3f0c308dcafd94e048e6ba1

SHA256
e4d849a124d6cea89e5e505ac1f59ce176b95fa7204971cf15ef02c614622783

SHA512
970432977133ea20b792fd8f628802ec6bd39d4a1360cb430ffc21682869c4fdb5766b209419c51ef1ba0009de8020c335bad49616d72b33d4649d7fa92c803a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35572.exe

Filesize
184KB

MD5
15df1ffa41eb676beb27cff98632ec8e

SHA1
843426afc80e7b78a5d18dca9194faa751a4e59f

SHA256
cdf720f93dc830c332b8a49d2a56484e8c6f02680462529f744a420a25daeddf

SHA512
e3b2ee22e3fb3e3fe9cd26f1fa77064af1dd5e8ca616359783607e8d7b219a8280c8eebea8b3f6fe580e7183ab28c8ad4135c3ca2698b612997f5e411f4b6a05

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37376.exe

Filesize
184KB

MD5
4a036dc69d1ffbc2125b6a3dedcadca8

SHA1
135eac53c96975eec6caac2e8190b4af12bacd1b

SHA256
52c2f85b689129cf11a6a2a5c44dd50f3b9b7cea6cf03e5833e54b6fd405fe45

SHA512
4e13871b42a6a1e029e2dd9b425f1e021f0274204485ff13878c7c2be03899554bf3008bb3727d89278403e20f35314cce14172def1b3f4f22971a9823e58e45

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40485.exe

Filesize
184KB

MD5
967de6545881717040ab7aa3ffe4bca2

SHA1
3c6434e6ae44bf8801fdae167eadc52f7a913f81

SHA256
23f9afe7d92450be063b549e845da2126d903ef4a31c8bc1db222307d4305403

SHA512
788818c2dcea93b974d5d0ed048b600c9c2d9ba916b898cc6348792d4ee5fb870070424f5f4a6569c04298f3761c622c15fb6799c280ea18ea59ea5402ab477e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50097.exe

Filesize
184KB

MD5
d0987fbed6877a13d6e3b2f3cae2222a

SHA1
c06c6832f4b03cfb0e93c6462f052c3c4aa93902

SHA256
4c3fed20378f8b88d83968905a7e57fd0441c51afdc1d40d87f618a500f225bb

SHA512
a2fb57a0a09196cc3799205e895a360dac3bce6554294bc8dd93cf6dd98783b0a16cd2558c15ba84bf520b1b11f681b064545302d3bd6d1043809e3e6019f38b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56826.exe

Filesize
184KB

MD5
42e6083d0bae0dc45d292efcaac8ee80

SHA1
10efb6580f3fe3f2fe19a6eb259f55f8408d59f4

SHA256
7b01830f6f3bc98ca4368fb466655401bc503a05629acb0c1963fa5b4bc80622

SHA512
7cb73ea3a4599479c076d082d9f34be2b537ef19d7053b809ef1adc11b99338f4158476ee332ae78e6977b1a08af512c3c3efd9ad976bb64bb42bd161b246c01

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60868.exe

Filesize
184KB

MD5
1a4140f9ffc5ca41051c195f2868bf29

SHA1
d37dcdac70310e2b9c834b3da732d9de78991a71

SHA256
40e345163a832e7f5af4a95dec1498266206c1eb7d07ef79601f70141d22c244

SHA512
46014c88efb63fe3ef01bc3141b359e9830c277b34189d8ed04a6b1e2fb6683d4f33635102b4a5396481c797e31727d2be7a1593a58444157020c803ffaff7c0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6350.exe

Filesize
184KB

MD5
8282bbad52d1703a4bfd9b7b5d822d6a

SHA1
95145ee7f997ce95616e28520777095d78dff696

SHA256
62d55c48e69d9ab8691666d6e47d5748a5af8513d0058867185cb5795f84fc0c

SHA512
c857aa9a160f2e3da58397cd34492250e33a1caa92209b8721997d8a338a6bc47990988b9c43d3bdd46c9557e0333049683fc552098fca5eebb931eb0e231995

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-785.exe

Filesize
184KB

MD5
3969d82fe9c7258c8c0085db3ee462ae

SHA1
a420d21db6b6bb3fff06b0493f488061e8862734

SHA256
54f438cb271fa289455b94e9327e07988098cd17ffe56a751ee9b184a6383eeb

SHA512
925735e89e68ae32bb5f1a96b778db29a7a1979e5987a6ba2ab0827e5ba3ef2639b2d6ce1e875a69c8d9555398d6d1aaa3495f2648d401d8ac9bb735d2ca67fd

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-19371.exe

Filesize
184KB

MD5
bb09f533d7a14b358fc4527e3abb4f77

SHA1
ad6b6e793853c91920e5c9540d6df8e2581df7c5

SHA256
1a8638658dcd21df2a649132b9b6f21b2b17764b4506b470e8e8952627593737

SHA512
3e583c3e50956abd171b97501f65caf3446a44668f72562d668bb97a60866faf02127ec4434998ae3e6f1a37fa01a2bad09d46e3aab658e509a48e438ed4783a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-37283.exe

Filesize
184KB

MD5
d5be65fa2d46eaf54ffd9510a332daca

SHA1
383e732bb75e849ba9729831fa52573631612f5b

SHA256
1421ff50ac61bca53c380e6f4b7543a83c62d2e5939cf89aaf498b4715ed6e40

SHA512
7315e074da13de3a8a7a811933bfedddd39c86fb17efb545892e1927ea07cced810b9f0156221a8454e7405a136cd9e5a7ac51a745515ae860ae95852bbf9b35

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-51036.exe

Filesize
184KB

MD5
df38a867a7e35b853b81ae3c221c78d4

SHA1
04ea07c172f5513f9348de0ecbb486e454f24753

SHA256
bab9ad30e16ddcab95eb1599cb9ed69b4e9fc9cc3228cd17971ec9bcb1781971

SHA512
80f195ddeea37d7be33a6e845ce1647b505ce614030d33b2593d6d96f9ddf213c59fbecec698828c2b004d2feef3dad60a490ebc53526e315e5df9713e6fcc37

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-51503.exe

Filesize
184KB

MD5
6da9a3b773676d1e37d6036cda34051e

SHA1
46d19014406d7ae89009e9ea4b1489c5e84b1166

SHA256
1d63fc22ce41d892c7f05af167378419eaeefa352a739457420c196da4196a9d

SHA512
06266111347f79b78be8a940976788ec7002a024e339c58de69ae0945fd8701916940a6736fe89d22a62fb9f28aef758bb99a81720d8992621eccbc333e8b6fa

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-54601.exe

Filesize
184KB

MD5
c355ad040fe77f4a46b4102cbecc09e5

SHA1
3693ccc56b94151705abf2a09b14847dab83aa51

SHA256
d2877ac3a329fb38c1e00ad1d2af0d529c6aa46322ca4da18b241368c28731af

SHA512
e76735fbb18c6ab988d3583d6ed3a228d5434c5dc13bca676aaa689475a07e185943849db9b19efce6b75187ff537849d093824822a0f2be871445e593acafcc

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-5831.exe

Filesize
184KB

MD5
23407bb081f41ad4dee6e7cad38cc3d8

SHA1
23686ebbc5ec79f995b743356fcce787b2a8c1b5

SHA256
f5842b297a4015b66fdba7f6814a9a21781d1aa5b5556a77c0515dd8f0b07e88

SHA512
fa9ec48cbbd0e5390b9e3aa3ddbf5de0c7b7546041a770195d8172753b19abd2b0aa6eea7e6f68eff0aed3544b48093f64eb0e3e035148e0a0254ddf2a92a13b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-59116.exe

Filesize
184KB

MD5
f62afc2049cdb6944d482516478489ed

SHA1
94064f8814212155fab890f33a3596465d53a44a

SHA256
1086b4a753178cd5e91f249c104e82a1980351c5905b9680da8d73d26f849b1c

SHA512
462d08d51c219fc2da5355f01f702ad60583d33fe87ed725fcabb7f90381880d65be3d2d5f66814a3442e1b7ac4ec7686e760c230f2b2e340ccbdea189c242cb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-62214.exe

Filesize
184KB

MD5
bbefa7b85355deb6f2df566ec938dc28

SHA1
645587e1ec7f2c4e7f9a82fd3183fbfe05406369

SHA256
d8a25126d831af61011ac4cb01e7bfe07d993449fd6586dc91854ea7bca1344a

SHA512
13879d48c89572c4caa184f9fb6e3beea0b79b303cecd3c50f1e5923d0f2f99f1f90dd005b89a82ea48792f733a08ba833916908652c73372725e7e497b5c637

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-8524.exe

Filesize
184KB

MD5
254e89aa6e4143871ce18283227449b2

SHA1
63e9a5f5faf7a4045ecf5bf178cf9fd6ef377bc5

SHA256
d1946dd6f8dc90b8f2955c869fd29e5b202b61262d1142e0c7088604fceb3858

SHA512
6a3c637f4ca5855fcb2e3e8f32a731c7b8b9def60ec3fdef5a6dd234afbfad117242c45839194bcf42e1e9f28590f9eec9e1c542b849617c4797332d7e61415b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9017.exe

Filesize
184KB

MD5
d95fd70db8b4819bb99a12c740ae1766

SHA1
02868da652bd7cdc9d828d55ddfa70e88e8fd4fe

SHA256
52a72c05f860ed6917d2fde9a4bab56a18cdfadf079d0b589181c7264764a806

SHA512
7afe6a32e618c13050f3e01b9dc294f05a57084b70d76521fedf9e5f40c4d849dfc920730ffb8e025c7af934d30b780ef784b7bd3de85b30f3bb1e29a4acb652

Download Submit