3f1409b76789abd1353e63f37c47afb54503282cbc82261b6744fe9194af919a

Analysis

max time kernel
150s
max time network
118s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 20:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3f1409b76789abd1353e63f37c47afb54503282cbc82261b6744fe9194af919a.exe
Size

184KB
MD5

631d90c0de816da03c4e5cfeeaa5da75
SHA1

8c5e6bc8a6eb334c10adc8642d44307b20e83a21
SHA256

3f1409b76789abd1353e63f37c47afb54503282cbc82261b6744fe9194af919a
SHA512

ff0307e8975c253622dc94f01b3f2c36c1c001865a63ae34f6b0f15d0424a48a37bd3a799bf29b08acf04b22cdb173a1b3c2925731de3a82540da15f1d578da8
SSDEEP

3072:oZefS8osYLlodFzWe8/LRqgIhlnViFDnp:oZYozUFzQLkgIhlnViFD

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-3351.exeUnicorn-5380.exeUnicorn-51052.exeUnicorn-16839.exeUnicorn-20923.exeUnicorn-7087.exeUnicorn-49594.exeUnicorn-64539.exeUnicorn-33258.exeUnicorn-63984.exeUnicorn-48203.exeUnicorn-12920.exeUnicorn-23781.exeUnicorn-55899.exeUnicorn-42795.exeUnicorn-7985.exeUnicorn-62661.exeUnicorn-34073.exeUnicorn-44763.exeUnicorn-59729.exeUnicorn-5053.exeUnicorn-43948.exeUnicorn-63813.exeUnicorn-49423.exeUnicorn-22781.exeUnicorn-53507.exeUnicorn-26865.exeUnicorn-37725.exeUnicorn-8665.exeUnicorn-19526.exeUnicorn-47560.exeUnicorn-42084.exeUnicorn-31224.exeUnicorn-2443.exeUnicorn-21472.exeUnicorn-41338.exeUnicorn-29086.exeUnicorn-13304.exeUnicorn-4389.exeUnicorn-54145.exeUnicorn-39200.exeUnicorn-58229.exeUnicorn-43284.exeUnicorn-43284.exeUnicorn-62313.exeUnicorn-48390.exeUnicorn-10886.exeUnicorn-39475.exeUnicorn-58504.exeUnicorn-53673.exeUnicorn-18863.exeUnicorn-57757.exeUnicorn-52282.exeUnicorn-25639.exeUnicorn-25639.exeUnicorn-20809.exeUnicorn-63787.exeUnicorn-35199.exeUnicorn-54228.exeUnicorn-43367.exeUnicorn-16725.exeUnicorn-34383.exeUnicorn-19439.exeUnicorn-38467.exe

pid	process
1928	Unicorn-3351.exe
2688	Unicorn-5380.exe
2616	Unicorn-51052.exe
2636	Unicorn-16839.exe
2916	Unicorn-20923.exe
2624	Unicorn-7087.exe
1084	Unicorn-49594.exe
2896	Unicorn-64539.exe
2104	Unicorn-33258.exe
2756	Unicorn-63984.exe
2308	Unicorn-48203.exe
1232	Unicorn-12920.exe
2144	Unicorn-23781.exe
1680	Unicorn-55899.exe
2464	Unicorn-42795.exe
2064	Unicorn-7985.exe
3024	Unicorn-62661.exe
536	Unicorn-34073.exe
2124	Unicorn-44763.exe
816	Unicorn-59729.exe
548	Unicorn-5053.exe
1284	Unicorn-43948.exe
1548	Unicorn-63813.exe
1980	Unicorn-49423.exe
1960	Unicorn-22781.exe
1452	Unicorn-53507.exe
2040	Unicorn-26865.exe
3036	Unicorn-37725.exe
3040	Unicorn-8665.exe
912	Unicorn-19526.exe
2392	Unicorn-47560.exe
2384	Unicorn-42084.exe
2324	Unicorn-31224.exe
2712	Unicorn-2443.exe
2672	Unicorn-21472.exe
2820	Unicorn-41338.exe
2504	Unicorn-29086.exe
2632	Unicorn-13304.exe
2152	Unicorn-4389.exe
2940	Unicorn-54145.exe
2952	Unicorn-39200.exe
3064	Unicorn-58229.exe
2776	Unicorn-43284.exe
2840	Unicorn-43284.exe
2568	Unicorn-62313.exe
2608	Unicorn-48390.exe
2456	Unicorn-10886.exe
1100	Unicorn-39475.exe
1404	Unicorn-58504.exe
2472	Unicorn-53673.exe
836	Unicorn-18863.exe
1628	Unicorn-57757.exe
3032	Unicorn-52282.exe
736	Unicorn-25639.exe
868	Unicorn-25639.exe
1764	Unicorn-20809.exe
1396	Unicorn-63787.exe
1508	Unicorn-35199.exe
1608	Unicorn-54228.exe
1736	Unicorn-43367.exe
2300	Unicorn-16725.exe
2620	Unicorn-34383.exe
2656	Unicorn-19439.exe
2876	Unicorn-38467.exe

Loads dropped DLL 64 IoCs

Processes:

3f1409b76789abd1353e63f37c47afb54503282cbc82261b6744fe9194af919a.exeUnicorn-3351.exeUnicorn-51052.exeUnicorn-5380.exeWerFault.exeUnicorn-16839.exeUnicorn-7087.exeUnicorn-20923.exeWerFault.exeWerFault.exeUnicorn-49594.exeUnicorn-64539.exeUnicorn-33258.exeUnicorn-48203.exeWerFault.exeWerFault.exeWerFault.exe

pid	process
2220	3f1409b76789abd1353e63f37c47afb54503282cbc82261b6744fe9194af919a.exe
2220	3f1409b76789abd1353e63f37c47afb54503282cbc82261b6744fe9194af919a.exe
1928	Unicorn-3351.exe
1928	Unicorn-3351.exe
2220	3f1409b76789abd1353e63f37c47afb54503282cbc82261b6744fe9194af919a.exe
2220	3f1409b76789abd1353e63f37c47afb54503282cbc82261b6744fe9194af919a.exe
2616	Unicorn-51052.exe
2616	Unicorn-51052.exe
2688	Unicorn-5380.exe
2688	Unicorn-5380.exe
1928	Unicorn-3351.exe
1928	Unicorn-3351.exe
2240	WerFault.exe
2240	WerFault.exe
2240	WerFault.exe
2240	WerFault.exe
2240	WerFault.exe
2636	Unicorn-16839.exe
2636	Unicorn-16839.exe
2616	Unicorn-51052.exe
2616	Unicorn-51052.exe
2624	Unicorn-7087.exe
2624	Unicorn-7087.exe
2916	Unicorn-20923.exe
2916	Unicorn-20923.exe
2688	Unicorn-5380.exe
2688	Unicorn-5380.exe
2744	WerFault.exe
2744	WerFault.exe
2744	WerFault.exe
2744	WerFault.exe
2848	WerFault.exe
2848	WerFault.exe
2848	WerFault.exe
2848	WerFault.exe
2744	WerFault.exe
2848	WerFault.exe
1084	Unicorn-49594.exe
2636	Unicorn-16839.exe
1084	Unicorn-49594.exe
2636	Unicorn-16839.exe
2896	Unicorn-64539.exe
2896	Unicorn-64539.exe
2916	Unicorn-20923.exe
2104	Unicorn-33258.exe
2916	Unicorn-20923.exe
2104	Unicorn-33258.exe
2624	Unicorn-7087.exe
2624	Unicorn-7087.exe
2308	Unicorn-48203.exe
2308	Unicorn-48203.exe
2000	WerFault.exe
2000	WerFault.exe
2000	WerFault.exe
2000	WerFault.exe
2000	WerFault.exe
1140	WerFault.exe
1140	WerFault.exe
1140	WerFault.exe
1140	WerFault.exe
1140	WerFault.exe
1132	WerFault.exe
1132	WerFault.exe
1132	WerFault.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2716	2220	WerFault.exe	3f1409b76789abd1353e63f37c47afb54503282cbc82261b6744fe9194af919a.exe
2240	1928	WerFault.exe	Unicorn-3351.exe
2744	2616	WerFault.exe	Unicorn-51052.exe
2848	2688	WerFault.exe	Unicorn-5380.exe
2000	2636	WerFault.exe	Unicorn-16839.exe
1140	2624	WerFault.exe	Unicorn-7087.exe
1132	2916	WerFault.exe	Unicorn-20923.exe
2416	1084	WerFault.exe	Unicorn-49594.exe
1312	2896	WerFault.exe	Unicorn-64539.exe
1920	2104	WerFault.exe	Unicorn-33258.exe
2824	2308	WerFault.exe	Unicorn-48203.exe
2596	2144	WerFault.exe	Unicorn-23781.exe
2868	1232	WerFault.exe	Unicorn-12920.exe
812	1680	WerFault.exe	Unicorn-55899.exe
2164	2064	WerFault.exe	Unicorn-7985.exe
2404	2464	WerFault.exe	Unicorn-42795.exe
2492	536	WerFault.exe	Unicorn-34073.exe
3016	3024	WerFault.exe	Unicorn-62661.exe
2920	2124	WerFault.exe	Unicorn-44763.exe
1820	816	WerFault.exe	Unicorn-59729.exe
304	548	WerFault.exe	Unicorn-5053.exe
1308	1548	WerFault.exe	Unicorn-63813.exe
2540	1284	WerFault.exe	Unicorn-43948.exe
2900	2892	WerFault.exe	Unicorn-33013.exe
328	1980	WerFault.exe	Unicorn-49423.exe
1776	1960	WerFault.exe	Unicorn-22781.exe
2132	1452	WerFault.exe	Unicorn-53507.exe
1944	3036	WerFault.exe	Unicorn-37725.exe
1956	2040	WerFault.exe	Unicorn-26865.exe
2484	912	WerFault.exe	Unicorn-19526.exe
1480	2392	WerFault.exe	Unicorn-47560.exe
2192	2324	WerFault.exe	Unicorn-31224.exe
792	2712	WerFault.exe	Unicorn-2443.exe
2320	2820	WerFault.exe	Unicorn-41338.exe
3028	2672	WerFault.exe	Unicorn-21472.exe
1196	2384	WerFault.exe	Unicorn-42084.exe
2788	2840	WerFault.exe	Unicorn-43284.exe
2560	2940	WerFault.exe	Unicorn-54145.exe
2964	2568	WerFault.exe	Unicorn-62313.exe
2332	2632	WerFault.exe	Unicorn-13304.exe
1588	3064	WerFault.exe	Unicorn-58229.exe
1072	2952	WerFault.exe	Unicorn-39200.exe
1748	2776	WerFault.exe	Unicorn-43284.exe
3104	2504	WerFault.exe	Unicorn-29086.exe
3120	2152	WerFault.exe	Unicorn-4389.exe
3624	1584	WerFault.exe	Unicorn-37529.exe
3724	2608	WerFault.exe	Unicorn-48390.exe
3128	1100	WerFault.exe	Unicorn-39475.exe
3480	868	WerFault.exe	Unicorn-25639.exe
3516	2456	WerFault.exe	Unicorn-10886.exe
3548	1396	WerFault.exe	Unicorn-63787.exe
3696	1736	WerFault.exe	Unicorn-43367.exe
3836	1552	WerFault.exe	Unicorn-23523.exe
3744	2512	WerFault.exe	Unicorn-42551.exe
3792	1508	WerFault.exe	Unicorn-35199.exe
3808	1608	WerFault.exe	Unicorn-54228.exe
4076	2876	WerFault.exe	Unicorn-38467.exe
3380	1404	WerFault.exe	Unicorn-58504.exe
3444	2300	WerFault.exe	Unicorn-16725.exe
3452	2620	WerFault.exe	Unicorn-34383.exe
3960	736	WerFault.exe	Unicorn-25639.exe
3616	1764	WerFault.exe	Unicorn-20809.exe
3676	3040	WerFault.exe	Unicorn-8665.exe
4148	1652	WerFault.exe	Unicorn-9023.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

3f1409b76789abd1353e63f37c47afb54503282cbc82261b6744fe9194af919a.exeUnicorn-3351.exeUnicorn-51052.exeUnicorn-5380.exeUnicorn-16839.exeUnicorn-7087.exeUnicorn-20923.exeUnicorn-49594.exeUnicorn-64539.exeUnicorn-33258.exeUnicorn-63984.exeUnicorn-48203.exeUnicorn-23781.exeUnicorn-12920.exeUnicorn-55899.exeUnicorn-7985.exeUnicorn-42795.exeUnicorn-62661.exeUnicorn-34073.exeUnicorn-44763.exeUnicorn-59729.exeUnicorn-43948.exeUnicorn-5053.exeUnicorn-63813.exeUnicorn-49423.exeUnicorn-22781.exeUnicorn-53507.exeUnicorn-26865.exeUnicorn-37725.exeUnicorn-19526.exeUnicorn-47560.exeUnicorn-42084.exeUnicorn-2443.exeUnicorn-41338.exeUnicorn-31224.exeUnicorn-21472.exeUnicorn-29086.exeUnicorn-13304.exeUnicorn-4389.exeUnicorn-54145.exeUnicorn-39200.exeUnicorn-58229.exeUnicorn-43284.exeUnicorn-43284.exeUnicorn-62313.exeUnicorn-37529.exeUnicorn-48390.exeUnicorn-10886.exeUnicorn-39475.exeUnicorn-58504.exeUnicorn-53673.exeUnicorn-18863.exeUnicorn-57757.exeUnicorn-52282.exeUnicorn-25639.exeUnicorn-25639.exeUnicorn-20809.exeUnicorn-63787.exeUnicorn-35199.exeUnicorn-54228.exeUnicorn-43367.exeUnicorn-16725.exeUnicorn-34383.exeUnicorn-19439.exe

pid	process
2220	3f1409b76789abd1353e63f37c47afb54503282cbc82261b6744fe9194af919a.exe
1928	Unicorn-3351.exe
2616	Unicorn-51052.exe
2688	Unicorn-5380.exe
2636	Unicorn-16839.exe
2624	Unicorn-7087.exe
2916	Unicorn-20923.exe
1084	Unicorn-49594.exe
2896	Unicorn-64539.exe
2104	Unicorn-33258.exe
2756	Unicorn-63984.exe
2308	Unicorn-48203.exe
2144	Unicorn-23781.exe
1232	Unicorn-12920.exe
1680	Unicorn-55899.exe
2064	Unicorn-7985.exe
2464	Unicorn-42795.exe
3024	Unicorn-62661.exe
536	Unicorn-34073.exe
2124	Unicorn-44763.exe
816	Unicorn-59729.exe
1284	Unicorn-43948.exe
548	Unicorn-5053.exe
1548	Unicorn-63813.exe
1980	Unicorn-49423.exe
1960	Unicorn-22781.exe
1452	Unicorn-53507.exe
2040	Unicorn-26865.exe
3036	Unicorn-37725.exe
912	Unicorn-19526.exe
2392	Unicorn-47560.exe
2384	Unicorn-42084.exe
2712	Unicorn-2443.exe
2820	Unicorn-41338.exe
2324	Unicorn-31224.exe
2672	Unicorn-21472.exe
2504	Unicorn-29086.exe
2632	Unicorn-13304.exe
2152	Unicorn-4389.exe
2940	Unicorn-54145.exe
2952	Unicorn-39200.exe
3064	Unicorn-58229.exe
2776	Unicorn-43284.exe
2840	Unicorn-43284.exe
2568	Unicorn-62313.exe
1584	Unicorn-37529.exe
2608	Unicorn-48390.exe
2456	Unicorn-10886.exe
1100	Unicorn-39475.exe
1404	Unicorn-58504.exe
2472	Unicorn-53673.exe
836	Unicorn-18863.exe
1628	Unicorn-57757.exe
3032	Unicorn-52282.exe
736	Unicorn-25639.exe
868	Unicorn-25639.exe
1764	Unicorn-20809.exe
1396	Unicorn-63787.exe
1508	Unicorn-35199.exe
1608	Unicorn-54228.exe
1736	Unicorn-43367.exe
2300	Unicorn-16725.exe
2620	Unicorn-34383.exe
2656	Unicorn-19439.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

3f1409b76789abd1353e63f37c47afb54503282cbc82261b6744fe9194af919a.exeUnicorn-3351.exeUnicorn-51052.exeUnicorn-5380.exeUnicorn-16839.exeUnicorn-7087.exeUnicorn-20923.exeUnicorn-49594.exe

description	pid	process	target process
PID 2220 wrote to memory of 1928	2220	3f1409b76789abd1353e63f37c47afb54503282cbc82261b6744fe9194af919a.exe	Unicorn-3351.exe
PID 2220 wrote to memory of 1928	2220	3f1409b76789abd1353e63f37c47afb54503282cbc82261b6744fe9194af919a.exe	Unicorn-3351.exe
PID 2220 wrote to memory of 1928	2220	3f1409b76789abd1353e63f37c47afb54503282cbc82261b6744fe9194af919a.exe	Unicorn-3351.exe
PID 2220 wrote to memory of 1928	2220	3f1409b76789abd1353e63f37c47afb54503282cbc82261b6744fe9194af919a.exe	Unicorn-3351.exe
PID 1928 wrote to memory of 2688	1928	Unicorn-3351.exe	Unicorn-5380.exe
PID 1928 wrote to memory of 2688	1928	Unicorn-3351.exe	Unicorn-5380.exe
PID 1928 wrote to memory of 2688	1928	Unicorn-3351.exe	Unicorn-5380.exe
PID 1928 wrote to memory of 2688	1928	Unicorn-3351.exe	Unicorn-5380.exe
PID 2220 wrote to memory of 2616	2220	3f1409b76789abd1353e63f37c47afb54503282cbc82261b6744fe9194af919a.exe	Unicorn-51052.exe
PID 2220 wrote to memory of 2616	2220	3f1409b76789abd1353e63f37c47afb54503282cbc82261b6744fe9194af919a.exe	Unicorn-51052.exe
PID 2220 wrote to memory of 2616	2220	3f1409b76789abd1353e63f37c47afb54503282cbc82261b6744fe9194af919a.exe	Unicorn-51052.exe
PID 2220 wrote to memory of 2616	2220	3f1409b76789abd1353e63f37c47afb54503282cbc82261b6744fe9194af919a.exe	Unicorn-51052.exe
PID 2220 wrote to memory of 2716	2220	3f1409b76789abd1353e63f37c47afb54503282cbc82261b6744fe9194af919a.exe	WerFault.exe
PID 2220 wrote to memory of 2716	2220	3f1409b76789abd1353e63f37c47afb54503282cbc82261b6744fe9194af919a.exe	WerFault.exe
PID 2220 wrote to memory of 2716	2220	3f1409b76789abd1353e63f37c47afb54503282cbc82261b6744fe9194af919a.exe	WerFault.exe
PID 2220 wrote to memory of 2716	2220	3f1409b76789abd1353e63f37c47afb54503282cbc82261b6744fe9194af919a.exe	WerFault.exe
PID 2616 wrote to memory of 2636	2616	Unicorn-51052.exe	Unicorn-16839.exe
PID 2616 wrote to memory of 2636	2616	Unicorn-51052.exe	Unicorn-16839.exe
PID 2616 wrote to memory of 2636	2616	Unicorn-51052.exe	Unicorn-16839.exe
PID 2616 wrote to memory of 2636	2616	Unicorn-51052.exe	Unicorn-16839.exe
PID 2688 wrote to memory of 2916	2688	Unicorn-5380.exe	Unicorn-20923.exe
PID 2688 wrote to memory of 2916	2688	Unicorn-5380.exe	Unicorn-20923.exe
PID 2688 wrote to memory of 2916	2688	Unicorn-5380.exe	Unicorn-20923.exe
PID 2688 wrote to memory of 2916	2688	Unicorn-5380.exe	Unicorn-20923.exe
PID 1928 wrote to memory of 2624	1928	Unicorn-3351.exe	Unicorn-7087.exe
PID 1928 wrote to memory of 2624	1928	Unicorn-3351.exe	Unicorn-7087.exe
PID 1928 wrote to memory of 2624	1928	Unicorn-3351.exe	Unicorn-7087.exe
PID 1928 wrote to memory of 2624	1928	Unicorn-3351.exe	Unicorn-7087.exe
PID 1928 wrote to memory of 2240	1928	Unicorn-3351.exe	WerFault.exe
PID 1928 wrote to memory of 2240	1928	Unicorn-3351.exe	WerFault.exe
PID 1928 wrote to memory of 2240	1928	Unicorn-3351.exe	WerFault.exe
PID 1928 wrote to memory of 2240	1928	Unicorn-3351.exe	WerFault.exe
PID 2636 wrote to memory of 1084	2636	Unicorn-16839.exe	Unicorn-49594.exe
PID 2636 wrote to memory of 1084	2636	Unicorn-16839.exe	Unicorn-49594.exe
PID 2636 wrote to memory of 1084	2636	Unicorn-16839.exe	Unicorn-49594.exe
PID 2636 wrote to memory of 1084	2636	Unicorn-16839.exe	Unicorn-49594.exe
PID 2616 wrote to memory of 2896	2616	Unicorn-51052.exe	Unicorn-64539.exe
PID 2616 wrote to memory of 2896	2616	Unicorn-51052.exe	Unicorn-64539.exe
PID 2616 wrote to memory of 2896	2616	Unicorn-51052.exe	Unicorn-64539.exe
PID 2616 wrote to memory of 2896	2616	Unicorn-51052.exe	Unicorn-64539.exe
PID 2624 wrote to memory of 2104	2624	Unicorn-7087.exe	Unicorn-33258.exe
PID 2624 wrote to memory of 2104	2624	Unicorn-7087.exe	Unicorn-33258.exe
PID 2624 wrote to memory of 2104	2624	Unicorn-7087.exe	Unicorn-33258.exe
PID 2624 wrote to memory of 2104	2624	Unicorn-7087.exe	Unicorn-33258.exe
PID 2916 wrote to memory of 2756	2916	Unicorn-20923.exe	Unicorn-63984.exe
PID 2916 wrote to memory of 2756	2916	Unicorn-20923.exe	Unicorn-63984.exe
PID 2916 wrote to memory of 2756	2916	Unicorn-20923.exe	Unicorn-63984.exe
PID 2916 wrote to memory of 2756	2916	Unicorn-20923.exe	Unicorn-63984.exe
PID 2688 wrote to memory of 2308	2688	Unicorn-5380.exe	Unicorn-48203.exe
PID 2688 wrote to memory of 2308	2688	Unicorn-5380.exe	Unicorn-48203.exe
PID 2688 wrote to memory of 2308	2688	Unicorn-5380.exe	Unicorn-48203.exe
PID 2688 wrote to memory of 2308	2688	Unicorn-5380.exe	Unicorn-48203.exe
PID 2616 wrote to memory of 2744	2616	Unicorn-51052.exe	WerFault.exe
PID 2616 wrote to memory of 2744	2616	Unicorn-51052.exe	WerFault.exe
PID 2616 wrote to memory of 2744	2616	Unicorn-51052.exe	WerFault.exe
PID 2616 wrote to memory of 2744	2616	Unicorn-51052.exe	WerFault.exe
PID 2688 wrote to memory of 2848	2688	Unicorn-5380.exe	WerFault.exe
PID 2688 wrote to memory of 2848	2688	Unicorn-5380.exe	WerFault.exe
PID 2688 wrote to memory of 2848	2688	Unicorn-5380.exe	WerFault.exe
PID 2688 wrote to memory of 2848	2688	Unicorn-5380.exe	WerFault.exe
PID 1084 wrote to memory of 1232	1084	Unicorn-49594.exe	Unicorn-12920.exe
PID 1084 wrote to memory of 1232	1084	Unicorn-49594.exe	Unicorn-12920.exe
PID 1084 wrote to memory of 1232	1084	Unicorn-49594.exe	Unicorn-12920.exe
PID 1084 wrote to memory of 1232	1084	Unicorn-49594.exe	Unicorn-12920.exe

C:\Users\Admin\AppData\Local\Temp\3f1409b76789abd1353e63f37c47afb54503282cbc82261b6744fe9194af919a.exe
"C:\Users\Admin\AppData\Local\Temp\3f1409b76789abd1353e63f37c47afb54503282cbc82261b6744fe9194af919a.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2220
- C:\Users\Admin\AppData\Local\Temp\Unicorn-3351.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-3351.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1928
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5380.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5380.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20923.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20923.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63984.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42795.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22781.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4389.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23523.exe
        8⤵
        
        PID:1552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43558.exe
        9⤵
        
        PID:3404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15074.exe
        10⤵
        
        PID:3428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35983.exe
        11⤵
        
        PID:5324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10269.exe
        12⤵
        
        PID:7572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57296.exe
        13⤵
        
        PID:10960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10960 -s 220
        14⤵
        
        PID:7488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7572 -s 216
        13⤵
        
        PID:11796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5324 -s 236
        12⤵
        
        PID:9376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3428 -s 216
        11⤵
        
        PID:7132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3404 -s 236
        10⤵
        
        PID:5600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1552 -s 236
        9⤵
        Program crash
        
        PID:3836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54695.exe
        8⤵
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27052.exe
        9⤵
        
        PID:3860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22724.exe
        10⤵
        
        PID:4888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60243.exe
        11⤵
        
        PID:7092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53435.exe
        12⤵
        
        PID:10040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32281.exe
        13⤵
        
        PID:12004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10040 -s 216
        13⤵
        
        PID:12420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7092 -s 216
        12⤵
        
        PID:10608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4888 -s 216
        11⤵
        
        PID:7328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3860 -s 216
        10⤵
        
        PID:6576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2352 -s 236
        9⤵
        
        PID:4684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2152 -s 240
        8⤵
        Program crash
        
        PID:3120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42551.exe
        7⤵
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64446.exe
        8⤵
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24181.exe
        9⤵
        
        PID:3592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13891.exe
        10⤵
        
        PID:6176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56429.exe
        11⤵
        
        PID:9000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8103.exe
        12⤵
        
        PID:11808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9000 -s 216
        12⤵
        
        PID:12092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6176 -s 216
        11⤵
        
        PID:10120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3592 -s 236
        10⤵
        
        PID:7876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2972 -s 236
        9⤵
        
        PID:4456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17876.exe
        8⤵
        
        PID:3780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35962.exe
        9⤵
        
        PID:4500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27554.exe
        9⤵
        
        PID:4744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38946.exe
        10⤵
        
        PID:6188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46227.exe
        11⤵
        
        PID:9364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16713.exe
        12⤵
        
        PID:10268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9364 -s 216
        12⤵
        
        PID:12800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6188 -s 216
        11⤵
        
        PID:10952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4744 -s 216
        10⤵
        
        PID:8400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3780 -s 240
        9⤵
        
        PID:6516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2512 -s 240
        8⤵
        Program crash
        
        PID:3744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1960 -s 240
        7⤵
        Program crash
        
        PID:1776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54145.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63787.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1047.exe
        8⤵
        
        PID:3060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45697.exe
        8⤵
        
        PID:3336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30835.exe
        9⤵
        
        PID:3188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37581.exe
        10⤵
        
        PID:6088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45573.exe
        11⤵
        
        PID:7588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22870.exe
        12⤵
        
        PID:11160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57927.exe
        13⤵
        
        PID:8340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7588 -s 216
        12⤵
        
        PID:12028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6088 -s 236
        11⤵
        
        PID:9304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3188 -s 216
        10⤵
        
        PID:3828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3336 -s 236
        9⤵
        
        PID:5416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1396 -s 240
        8⤵
        Program crash
        
        PID:3548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17938.exe
        7⤵
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22968.exe
        8⤵
        
        PID:4028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1727.exe
        9⤵
        
        PID:4384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27654.exe
        10⤵
        
        PID:7540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37400.exe
        11⤵
        
        PID:9680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15477.exe
        12⤵
        
        PID:11704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9680 -s 216
        12⤵
        
        PID:6872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7540 -s 216
        11⤵
        
        PID:10428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4384 -s 216
        10⤵
        
        PID:8552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4028 -s 236
        9⤵
        
        PID:6348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2468 -s 236
        8⤵
        
        PID:4540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2940 -s 240
        7⤵
        Program crash
        
        PID:2560
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2464 -s 240
        6⤵
        Program crash
        
        PID:2404
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2916 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:1132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48203.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48203.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34073.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53507.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39200.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16725.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9023.exe
        9⤵
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29190.exe
        10⤵
        
        PID:3596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65126.exe
        11⤵
        
        PID:4868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26611.exe
        12⤵
        
        PID:7020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7020 -s 220
        13⤵
        
        PID:9996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4868 -s 216
        12⤵
        
        PID:7956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3596 -s 236
        11⤵
        
        PID:5340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1652 -s 236
        10⤵
        Program crash
        
        PID:4148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44135.exe
        9⤵
        
        PID:3656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56958.exe
        10⤵
        
        PID:4964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2381.exe
        11⤵
        
        PID:7000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30171.exe
        12⤵
        
        PID:8468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61772.exe
        13⤵
        
        PID:11992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8468 -s 216
        13⤵
        
        PID:4220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7000 -s 216
        12⤵
        
        PID:9272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4964 -s 216
        11⤵
        
        PID:7844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3656 -s 216
        10⤵
        
        PID:5396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2300 -s 240
        9⤵
        Program crash
        
        PID:3444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28052.exe
        8⤵
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47664.exe
        9⤵
        
        PID:3760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30124.exe
        10⤵
        
        PID:5072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43222.exe
        11⤵
        
        PID:6860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43513.exe
        12⤵
        
        PID:9368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34803.exe
        13⤵
        
        PID:11884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9368 -s 216
        13⤵
        
        PID:12640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6860 -s 216
        12⤵
        
        PID:10860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5072 -s 216
        11⤵
        
        PID:8292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3760 -s 216
        10⤵
        
        PID:5956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2640 -s 236
        9⤵
        
        PID:4188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2952 -s 240
        8⤵
        Program crash
        
        PID:1072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34383.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2993.exe
        8⤵
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41826.exe
        9⤵
        
        PID:3840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21572.exe
        10⤵
        
        PID:4736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27571.exe
        11⤵
        
        PID:3556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49543.exe
        12⤵
        
        PID:9936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15176.exe
        13⤵
        
        PID:11944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9936 -s 216
        13⤵
        
        PID:12400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4736 -s 216
        11⤵
        
        PID:8104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3840 -s 236
        10⤵
        
        PID:6124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2548 -s 236
        9⤵
        
        PID:4492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28182.exe
        8⤵
        
        PID:4000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4000 -s 240
        9⤵
        
        PID:5896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2620 -s 240
        8⤵
        Program crash
        
        PID:3452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1452 -s 240
        7⤵
        Program crash
        
        PID:2132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58229.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43367.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51125.exe
        8⤵
        
        PID:1272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4493.exe
        9⤵
        
        PID:3908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26315.exe
        10⤵
        
        PID:4944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53720.exe
        11⤵
        
        PID:7444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13450.exe
        12⤵
        
        PID:9068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18986.exe
        13⤵
        
        PID:11928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9068 -s 236
        13⤵
        
        PID:12240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7444 -s 216
        12⤵
        
        PID:10188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4944 -s 216
        11⤵
        
        PID:8504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3908 -s 236
        10⤵
        
        PID:6656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1272 -s 236
        9⤵
        
        PID:4916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1736 -s 236
        8⤵
        Program crash
        
        PID:3696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50611.exe
        7⤵
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64384.exe
        8⤵
        
        PID:3748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18064.exe
        9⤵
        
        PID:4908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11618.exe
        10⤵
        
        PID:6936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63549.exe
        11⤵
        
        PID:10076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54839.exe
        12⤵
        
        PID:3320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10076 -s 216
        12⤵
        
        PID:12584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6936 -s 216
        11⤵
        
        PID:10616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3748 -s 236
        9⤵
        
        PID:5344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2056 -s 236
        8⤵
        
        PID:4464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3064 -s 220
        7⤵
        Program crash
        
        PID:1588
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 536 -s 240
        6⤵
        Program crash
        
        PID:2492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37725.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43284.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51296.exe
        7⤵
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51556.exe
        8⤵
        
        PID:3312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58712.exe
        9⤵
        
        PID:4564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4564 -s 224
        10⤵
        
        PID:7440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3312 -s 236
        9⤵
        
        PID:6156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2804 -s 216
        8⤵
        
        PID:4308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2840 -s 216
        7⤵
        Program crash
        
        PID:2788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54228.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4939.exe
        7⤵
        
        PID:596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11291.exe
        8⤵
        
        PID:3556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61317.exe
        9⤵
        
        PID:5380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42475.exe
        10⤵
        
        PID:8188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-290.exe
        11⤵
        
        PID:10664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34881.exe
        12⤵
        
        PID:13116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10664 -s 236
        12⤵
        
        PID:8148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8188 -s 216
        11⤵
        
        PID:11296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5380 -s 216
        10⤵
        
        PID:9052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 596 -s 236
        8⤵
        
        PID:4980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34404.exe
        7⤵
        
        PID:3604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23710.exe
        8⤵
        
        PID:4592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10912.exe
        9⤵
        
        PID:7136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5194.exe
        10⤵
        
        PID:9524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41025.exe
        11⤵
        
        PID:5460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9524 -s 216
        11⤵
        
        PID:12672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7136 -s 216
        10⤵
        
        PID:10936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4592 -s 216
        9⤵
        
        PID:8344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3604 -s 236
        8⤵
        
        PID:6040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1608 -s 220
        7⤵
        Program crash
        
        PID:3808
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3036 -s 220
        6⤵
        Program crash
        
        PID:1944
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2308 -s 240
        5⤵
        Program crash
        
        PID:2824
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2688 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:2848
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7087.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7087.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33258.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33258.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62661.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26865.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43284.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2776 -s 220
        8⤵
        Program crash
        
        PID:1748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2040 -s 236
        7⤵
        Program crash
        
        PID:1956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62313.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35199.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19330.exe
        8⤵
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13237.exe
        9⤵
        
        PID:3852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25848.exe
        10⤵
        
        PID:4436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42755.exe
        11⤵
        
        PID:6784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20332.exe
        12⤵
        
        PID:8528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45820.exe
        13⤵
        
        PID:12200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8528 -s 216
        13⤵
        
        PID:11924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6784 -s 236
        12⤵
        
        PID:10184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4436 -s 236
        11⤵
        
        PID:7400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3852 -s 236
        10⤵
        
        PID:5996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2684 -s 216
        9⤵
        
        PID:4532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49672.exe
        8⤵
        
        PID:3936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23710.exe
        9⤵
        
        PID:4568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37877.exe
        10⤵
        
        PID:6492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31069.exe
        11⤵
        
        PID:9904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58731.exe
        12⤵
        
        PID:12080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9904 -s 216
        12⤵
        
        PID:12468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6492 -s 216
        11⤵
        
        PID:10560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4568 -s 216
        10⤵
        
        PID:7744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3936 -s 216
        9⤵
        
        PID:6032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1508 -s 220
        8⤵
        Program crash
        
        PID:3792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53818.exe
        7⤵
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23544.exe
        8⤵
        
        PID:3704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37908.exe
        9⤵
        
        PID:4656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11068.exe
        10⤵
        
        PID:6388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20633.exe
        11⤵
        
        PID:8796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31046.exe
        12⤵
        
        PID:11976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8796 -s 216
        12⤵
        
        PID:5856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6388 -s 216
        11⤵
        
        PID:9420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4656 -s 216
        10⤵
        
        PID:8016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3704 -s 236
        9⤵
        
        PID:6056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2948 -s 216
        8⤵
        
        PID:4404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2568 -s 240
        7⤵
        Program crash
        
        PID:2964
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3024 -s 240
        6⤵
        Program crash
        
        PID:3016
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2104 -s 236
        5⤵
        Program crash
        
        PID:1920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7985.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7985.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49423.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29086.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19439.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19330.exe
        8⤵
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16746.exe
        9⤵
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51203.exe
        10⤵
        
        PID:5248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54919.exe
        11⤵
        
        PID:8108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39185.exe
        12⤵
        
        PID:10688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6100.exe
        13⤵
        
        PID:13144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10688 -s 216
        13⤵
        
        PID:7664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8108 -s 216
        12⤵
        
        PID:11312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5248 -s 216
        11⤵
        
        PID:9060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2604 -s 216
        10⤵
        
        PID:6844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2340 -s 236
        9⤵
        
        PID:4664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5048.exe
        8⤵
        
        PID:3328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30783.exe
        9⤵
        
        PID:5304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59148.exe
        10⤵
        
        PID:7852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35594.exe
        11⤵
        
        PID:10388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26438.exe
        12⤵
        
        PID:12944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10388 -s 216
        12⤵
        
        PID:12756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7852 -s 216
        11⤵
        
        PID:10660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5304 -s 216
        10⤵
        
        PID:8808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3328 -s 216
        9⤵
        
        PID:6896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2656 -s 240
        8⤵
        
        PID:4332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53818.exe
        7⤵
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59724.exe
        8⤵
        
        PID:4064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38676.exe
        9⤵
        
        PID:5116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57036.exe
        10⤵
        
        PID:6408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55573.exe
        11⤵
        
        PID:10000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46287.exe
        12⤵
        
        PID:12264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10000 -s 216
        12⤵
        
        PID:12512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6408 -s 220
        11⤵
        
        PID:10588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5116 -s 216
        10⤵
        
        PID:7928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4064 -s 216
        9⤵
        
        PID:6300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2932 -s 236
        8⤵
        
        PID:4372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2504 -s 240
        7⤵
        Program crash
        
        PID:3104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38467.exe
        6⤵
        Executes dropped EXE
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50056.exe
        7⤵
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16938.exe
        8⤵
        
        PID:3728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36730.exe
        9⤵
        
        PID:4864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47690.exe
        10⤵
        
        PID:7332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6180.exe
        11⤵
        
        PID:10132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41601.exe
        12⤵
        
        PID:12024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10132 -s 216
        12⤵
        
        PID:12732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7332 -s 216
        11⤵
        
        PID:10808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4864 -s 216
        10⤵
        
        PID:8448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3728 -s 236
        9⤵
        
        PID:6224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2528 -s 236
        8⤵
        
        PID:4284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31882.exe
        7⤵
        
        PID:3796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54244.exe
        8⤵
        
        PID:4800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3751.exe
        9⤵
        
        PID:6548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51297.exe
        10⤵
        
        PID:10144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60677.exe
        11⤵
        
        PID:12164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10144 -s 216
        11⤵
        
        PID:12484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6548 -s 216
        10⤵
        
        PID:10744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4800 -s 216
        9⤵
        
        PID:7992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3796 -s 236
        8⤵
        
        PID:5228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2876 -s 240
        7⤵
        Program crash
        
        PID:4076
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1980 -s 240
        6⤵
        Program crash
        
        PID:328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13304.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63548.exe
        6⤵
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51748.exe
        7⤵
        
        PID:3824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62796.exe
        8⤵
        
        PID:4340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38929.exe
        8⤵
        
        PID:5012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37000.exe
        9⤵
        
        PID:6992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16871.exe
        10⤵
        
        PID:9448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31295.exe
        11⤵
        
        PID:12160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9448 -s 220
        11⤵
        
        PID:12780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6992 -s 216
        10⤵
        
        PID:10900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5012 -s 216
        9⤵
        
        PID:8284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2960 -s 236
        7⤵
        
        PID:4180
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2632 -s 216
        6⤵
        Program crash
        
        PID:2332
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2064 -s 240
        5⤵
        Program crash
        
        PID:2164
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2624 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1140
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1928 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2240
- C:\Users\Admin\AppData\Local\Temp\Unicorn-51052.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-51052.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2616
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16839.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16839.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49594.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49594.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12920.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59729.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47560.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39475.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3678.exe
        9⤵
        
        PID:1536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40866.exe
        10⤵
        
        PID:3436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49885.exe
        11⤵
        
        PID:3508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40067.exe
        12⤵
        
        PID:5388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16584.exe
        12⤵
        
        PID:5608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54483.exe
        13⤵
        
        PID:8948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16464.exe
        14⤵
        
        PID:11772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8948 -s 236
        14⤵
        
        PID:12096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5608 -s 216
        13⤵
        
        PID:10096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3508 -s 220
        12⤵
        
        PID:7800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3436 -s 236
        11⤵
        
        PID:5616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64830.exe
        10⤵
        
        PID:3720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21593.exe
        11⤵
        
        PID:5476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24769.exe
        12⤵
        
        PID:7888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17743.exe
        13⤵
        
        PID:11144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24165.exe
        14⤵
        
        PID:7612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7888 -s 216
        13⤵
        
        PID:11528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5476 -s 216
        12⤵
        
        PID:9080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3720 -s 216
        11⤵
        
        PID:6248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1536 -s 240
        10⤵
        
        PID:5632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54441.exe
        9⤵
        
        PID:3488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64275.exe
        10⤵
        
        PID:3884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35791.exe
        11⤵
        
        PID:5524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29429.exe
        12⤵
        
        PID:7260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16840.exe
        13⤵
        
        PID:10376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10376 -s 220
        14⤵
        
        PID:7176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7260 -s 216
        13⤵
        
        PID:11840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5524 -s 236
        12⤵
        
        PID:9164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3884 -s 216
        11⤵
        
        PID:6664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3488 -s 236
        10⤵
        
        PID:5672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1100 -s 240
        9⤵
        Program crash
        
        PID:3128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53434.exe
        8⤵
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41250.exe
        9⤵
        
        PID:3076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55588.exe
        10⤵
        
        PID:4904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41961.exe
        11⤵
        
        PID:6324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21256.exe
        12⤵
        
        PID:9816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40558.exe
        13⤵
        
        PID:920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9816 -s 236
        13⤵
        
        PID:12300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6324 -s 216
        12⤵
        
        PID:10536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4904 -s 216
        11⤵
        
        PID:2200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3076 -s 216
        10⤵
        
        PID:6508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2172 -s 236
        9⤵
        
        PID:5100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2392 -s 240
        8⤵
        Program crash
        
        PID:1480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58504.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7762.exe
        8⤵
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33274.exe
        9⤵
        
        PID:3628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26869.exe
        10⤵
        
        PID:4940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25215.exe
        11⤵
        
        PID:7932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19943.exe
        12⤵
        
        PID:10484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6785.exe
        13⤵
        
        PID:13040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10484 -s 236
        13⤵
        
        PID:7324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7932 -s 216
        12⤵
        
        PID:10596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4940 -s 216
        11⤵
        
        PID:8848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3628 -s 216
        10⤵
        
        PID:6700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1612 -s 236
        9⤵
        
        PID:4156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48219.exe
        8⤵
        
        PID:3684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56958.exe
        9⤵
        
        PID:4956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2106.exe
        10⤵
        
        PID:6976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41100.exe
        11⤵
        
        PID:9404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11585.exe
        12⤵
        
        PID:12228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9404 -s 216
        12⤵
        
        PID:12208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6976 -s 216
        11⤵
        
        PID:10272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4956 -s 216
        10⤵
        
        PID:7820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3684 -s 236
        9⤵
        
        PID:5404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1404 -s 240
        8⤵
        Program crash
        
        PID:3380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 816 -s 240
        7⤵
        Program crash
        
        PID:1820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42084.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20809.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37804.exe
        8⤵
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34727.exe
        9⤵
        
        PID:3984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17488.exe
        10⤵
        
        PID:4704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37685.exe
        11⤵
        
        PID:6164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2096.exe
        12⤵
        
        PID:10104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5446.exe
        13⤵
        
        PID:12224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10104 -s 216
        13⤵
        
        PID:12504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6164 -s 220
        12⤵
        
        PID:10672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4704 -s 216
        11⤵
        
        PID:7464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3984 -s 216
        10⤵
        
        PID:6104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2212 -s 236
        9⤵
        
        PID:4548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14861.exe
        8⤵
        
        PID:3992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28178.exe
        9⤵
        
        PID:5016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27104.exe
        10⤵
        
        PID:6436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38723.exe
        11⤵
        
        PID:9084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25592.exe
        12⤵
        
        PID:12084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9084 -s 216
        12⤵
        
        PID:6764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6436 -s 216
        11⤵
        
        PID:9804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5016 -s 216
        10⤵
        
        PID:8044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3992 -s 216
        9⤵
        
        PID:5220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1764 -s 240
        8⤵
        Program crash
        
        PID:3616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60917.exe
        7⤵
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58354.exe
        8⤵
        
        PID:3664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38676.exe
        9⤵
        
        PID:5108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64602.exe
        10⤵
        
        PID:7472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36668.exe
        11⤵
        
        PID:9252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38228.exe
        12⤵
        
        PID:12212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9252 -s 216
        12⤵
        
        PID:5804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7472 -s 236
        11⤵
        
        PID:9912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5108 -s 216
        10⤵
        
        PID:8520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3664 -s 216
        9⤵
        
        PID:6312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 236
        8⤵
        
        PID:4396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2384 -s 240
        7⤵
        Program crash
        
        PID:1196
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1232 -s 240
        6⤵
        Program crash
        
        PID:2868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5053.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31224.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-149.exe
        7⤵
        
        PID:1868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13683.exe
        8⤵
        
        PID:3820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41857.exe
        9⤵
        
        PID:5932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32937.exe
        10⤵
        
        PID:7756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11603.exe
        11⤵
        
        PID:10256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32416.exe
        12⤵
        
        PID:12540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7756 -s 216
        11⤵
        
        PID:11624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5932 -s 216
        10⤵
        
        PID:9008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3820 -s 216
        9⤵
        
        PID:6220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1868 -s 236
        8⤵
        
        PID:5168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2324 -s 216
        7⤵
        Program crash
        
        PID:2192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52282.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36927.exe
        7⤵
        
        PID:988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20830.exe
        8⤵
        
        PID:3252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26808.exe
        9⤵
        
        PID:4992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10139.exe
        10⤵
        
        PID:7824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16736.exe
        11⤵
        
        PID:10084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42307.exe
        12⤵
        
        PID:12444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10084 -s 216
        12⤵
        
        PID:7660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7824 -s 216
        11⤵
        
        PID:11040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4992 -s 216
        10⤵
        
        PID:8780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3252 -s 216
        9⤵
        
        PID:6588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 988 -s 216
        8⤵
        
        PID:4608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7762.exe
        7⤵
        
        PID:3360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55287.exe
        8⤵
        
        PID:5272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54919.exe
        9⤵
        
        PID:8120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34442.exe
        10⤵
        
        PID:9860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50044.exe
        11⤵
        
        PID:936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9860 -s 216
        11⤵
        
        PID:13168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8120 -s 216
        10⤵
        
        PID:10352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5272 -s 216
        9⤵
        
        PID:9028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3360 -s 216
        8⤵
        
        PID:6864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3032 -s 240
        7⤵
        
        PID:4672
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 548 -s 240
        6⤵
        Program crash
        
        PID:304
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1084 -s 240
        5⤵
        Program crash
        
        PID:2416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23781.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23781.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44763.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8665.exe
        6⤵
        Executes dropped EXE
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37529.exe
        7⤵
        Suspicious use of SetWindowsHookEx
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16123.exe
        8⤵
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54908.exe
        9⤵
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18583.exe
        10⤵
        
        PID:3588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20477.exe
        11⤵
        
        PID:5212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11701.exe
        12⤵
        
        PID:7736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42610.exe
        13⤵
        
        PID:10008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55965.exe
        14⤵
        
        PID:6964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10008 -s 216
        14⤵
        
        PID:13304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7736 -s 216
        13⤵
        
        PID:10544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5212 -s 216
        12⤵
        
        PID:8688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3588 -s 216
        11⤵
        
        PID:6836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1668 -s 236
        10⤵
        
        PID:4588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9023.exe
        9⤵
        
        PID:3636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15214.exe
        10⤵
        
        PID:5788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37213.exe
        11⤵
        
        PID:7504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31448.exe
        12⤵
        
        PID:11248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18566.exe
        13⤵
        
        PID:8052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7504 -s 216
        12⤵
        
        PID:11596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5788 -s 216
        11⤵
        
        PID:9024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3636 -s 216
        10⤵
        
        PID:6192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2856 -s 240
        9⤵
        
        PID:5156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54057.exe
        8⤵
        
        PID:3180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37057.exe
        9⤵
        
        PID:3716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45365.exe
        10⤵
        
        PID:5708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19725.exe
        11⤵
        
        PID:7968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34878.exe
        12⤵
        
        PID:9528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21700.exe
        13⤵
        
        PID:11504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9528 -s 216
        13⤵
        
        PID:6504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7968 -s 216
        12⤵
        
        PID:10296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5708 -s 236
        11⤵
        
        PID:8872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3716 -s 216
        10⤵
        
        PID:7124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3180 -s 236
        9⤵
        
        PID:4748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1584 -s 240
        8⤵
        Program crash
        
        PID:3624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33013.exe
        7⤵
        
        PID:2892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2892 -s 188
        8⤵
        Program crash
        
        PID:2900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3040 -s 240
        7⤵
        Program crash
        
        PID:3676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48390.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26237.exe
        7⤵
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57586.exe
        8⤵
        
        PID:3224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41141.exe
        9⤵
        
        PID:3772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43803.exe
        10⤵
        
        PID:6020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51987.exe
        11⤵
        
        PID:8172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37260.exe
        12⤵
        
        PID:10880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64149.exe
        13⤵
        
        PID:8236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8172 -s 236
        12⤵
        
        PID:11868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6020 -s 216
        11⤵
        
        PID:8708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3772 -s 216
        10⤵
        
        PID:6448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3224 -s 236
        9⤵
        
        PID:5256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58032.exe
        8⤵
        
        PID:3880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45749.exe
        9⤵
        
        PID:6116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24638.exe
        10⤵
        
        PID:7764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6533.exe
        11⤵
        
        PID:10684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26817.exe
        12⤵
        
        PID:13056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7764 -s 216
        11⤵
        
        PID:11876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6116 -s 216
        10⤵
        
        PID:9316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3880 -s 216
        9⤵
        
        PID:6820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2884 -s 220
        8⤵
        
        PID:5436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43750.exe
        7⤵
        
        PID:3256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20529.exe
        8⤵
        
        PID:4044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50373.exe
        9⤵
        
        PID:5192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37597.exe
        10⤵
        
        PID:8100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12755.exe
        11⤵
        
        PID:11260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51897.exe
        12⤵
        
        PID:8208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8100 -s 216
        11⤵
        
        PID:11848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5192 -s 216
        10⤵
        
        PID:1492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4044 -s 216
        9⤵
        
        PID:3568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3256 -s 236
        8⤵
        
        PID:5548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2608 -s 240
        7⤵
        Program crash
        
        PID:3724
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2124 -s 240
        6⤵
        Program crash
        
        PID:2920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19526.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10886.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5816.exe
        7⤵
        
        PID:480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10907.exe
        8⤵
        
        PID:3524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17021.exe
        9⤵
        
        PID:4092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56595.exe
        10⤵
        
        PID:5280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14654.exe
        11⤵
        
        PID:7676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57488.exe
        12⤵
        
        PID:10824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31586.exe
        13⤵
        
        PID:7312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7676 -s 216
        12⤵
        
        PID:11712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5280 -s 216
        11⤵
        
        PID:8940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4092 -s 216
        10⤵
        
        PID:6808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3524 -s 236
        9⤵
        
        PID:5576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42271.exe
        8⤵
        
        PID:4016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31214.exe
        9⤵
        
        PID:5920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55386.exe
        10⤵
        
        PID:7984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56995.exe
        11⤵
        
        PID:10888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-558.exe
        12⤵
        
        PID:13204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7984 -s 216
        11⤵
        
        PID:12140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5920 -s 216
        10⤵
        
        PID:9328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4016 -s 216
        9⤵
        
        PID:7216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 480 -s 240
        8⤵
        
        PID:5772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64747.exe
        7⤵
        
        PID:3560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21873.exe
        8⤵
        
        PID:3416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41494.exe
        9⤵
        
        PID:6484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57197.exe
        10⤵
        
        PID:9128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47958.exe
        11⤵
        
        PID:12152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9128 -s 216
        11⤵
        
        PID:11856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6484 -s 216
        10⤵
        
        PID:9700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3416 -s 216
        9⤵
        
        PID:8060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3560 -s 216
        8⤵
        
        PID:5704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2456 -s 240
        7⤵
        Program crash
        
        PID:3516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55572.exe
        6⤵
        
        PID:1096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59340.exe
        7⤵
        
        PID:3372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45801.exe
        8⤵
        
        PID:3284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64223.exe
        9⤵
        
        PID:6060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55687.exe
        10⤵
        
        PID:7556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7711.exe
        11⤵
        
        PID:10644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-366.exe
        12⤵
        
        PID:12996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7556 -s 216
        11⤵
        
        PID:11696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6060 -s 216
        10⤵
        
        PID:8712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3284 -s 216
        9⤵
        
        PID:6804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3372 -s 236
        8⤵
        
        PID:5364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56662.exe
        7⤵
        
        PID:3276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21593.exe
        8⤵
        
        PID:5500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-72.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-72.exe
        9⤵
        
        PID:7960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59242.exe
        10⤵
        
        PID:11164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63765.exe
        11⤵
        
        PID:7524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7960 -s 216
        10⤵
        
        PID:11832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5500 -s 216
        9⤵
        
        PID:9112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3276 -s 216
        8⤵
        
        PID:6396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1096 -s 220
        7⤵
        
        PID:5640
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 912 -s 240
        6⤵
        Program crash
        
        PID:2484
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2144 -s 240
        5⤵
        Program crash
        
        PID:2596
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2636 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:2000
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64539.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64539.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55899.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55899.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63813.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2443.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18863.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5624.exe
        8⤵
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4493.exe
        9⤵
        
        PID:3916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14555.exe
        10⤵
        
        PID:4340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43331.exe
        11⤵
        
        PID:7152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27286.exe
        12⤵
        
        PID:9596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3225.exe
        13⤵
        
        PID:11344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9596 -s 216
        13⤵
        
        PID:6472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7152 -s 216
        12⤵
        
        PID:10356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4340 -s 216
        11⤵
        
        PID:7432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3916 -s 216
        10⤵
        
        PID:6536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2556 -s 216
        9⤵
        
        PID:4620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29744.exe
        8⤵
        
        PID:3952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12417.exe
        9⤵
        
        PID:5032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1203.exe
        10⤵
        
        PID:7772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55630.exe
        11⤵
        
        PID:1352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1352 -s 220
        12⤵
        
        PID:12624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7772 -s 216
        11⤵
        
        PID:10636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5032 -s 216
        10⤵
        
        PID:8756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3952 -s 216
        9⤵
        
        PID:6524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 836 -s 240
        8⤵
        
        PID:4504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59464.exe
        7⤵
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9153.exe
        8⤵
        
        PID:3496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57534.exe
        9⤵
        
        PID:4896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51966.exe
        10⤵
        
        PID:7244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27561.exe
        11⤵
        
        PID:9732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49193.exe
        12⤵
        
        PID:5716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9732 -s 216
        12⤵
        
        PID:12632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7244 -s 216
        11⤵
        
        PID:11012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4896 -s 216
        10⤵
        
        PID:8384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3496 -s 216
        9⤵
        
        PID:6552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1692 -s 236
        8⤵
        
        PID:4512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2712 -s 220
        7⤵
        Program crash
        
        PID:792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25639.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34789.exe
        7⤵
        
        PID:908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41826.exe
        8⤵
        
        PID:3844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64934.exe
        9⤵
        
        PID:5044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41276.exe
        10⤵
        
        PID:7052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10840.exe
        11⤵
        
        PID:9288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19043.exe
        12⤵
        
        PID:11964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9288 -s 216
        12⤵
        
        PID:12656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7052 -s 216
        11⤵
        
        PID:10844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5044 -s 216
        10⤵
        
        PID:8216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3844 -s 216
        9⤵
        
        PID:5540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 908 -s 236
        8⤵
        
        PID:4524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49672.exe
        7⤵
        
        PID:3976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56958.exe
        8⤵
        
        PID:4972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61421.exe
        9⤵
        
        PID:7004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63658.exe
        10⤵
        
        PID:9476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45820.exe
        11⤵
        
        PID:12192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9476 -s 216
        11⤵
        
        PID:12176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7004 -s 216
        10⤵
        
        PID:10288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4972 -s 216
        9⤵
        
        PID:7872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3976 -s 216
        8⤵
        
        PID:5372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 736 -s 240
        7⤵
        Program crash
        
        PID:3960
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1548 -s 240
        6⤵
        Program crash
        
        PID:1308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21472.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53673.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2116.exe
        7⤵
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-985.exe
        8⤵
        
        PID:3396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51203.exe
        9⤵
        
        PID:5240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3580.exe
        10⤵
        
        PID:8132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51629.exe
        11⤵
        
        PID:10628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62099.exe
        12⤵
        
        PID:13180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10628 -s 216
        12⤵
        
        PID:7300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8132 -s 216
        11⤵
        
        PID:11284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5240 -s 216
        10⤵
        
        PID:9044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3396 -s 216
        9⤵
        
        PID:6852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1752 -s 236
        8⤵
        
        PID:4580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54825.exe
        7⤵
        
        PID:3472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53258.exe
        8⤵
        
        PID:4720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43907.exe
        9⤵
        
        PID:6624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30829.exe
        10⤵
        
        PID:9944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16796.exe
        11⤵
        
        PID:11912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9944 -s 236
        11⤵
        
        PID:12976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6624 -s 216
        10⤵
        
        PID:11076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4720 -s 216
        9⤵
        
        PID:7784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3472 -s 216
        8⤵
        
        PID:6212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2472 -s 240
        7⤵
        
        PID:4196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2671.exe
        6⤵
        
        PID:1060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49610.exe
        7⤵
        
        PID:3968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32070.exe
        8⤵
        
        PID:4172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36917.exe
        9⤵
        
        PID:6940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22626.exe
        10⤵
        
        PID:9440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27922.exe
        11⤵
        
        PID:11280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9440 -s 216
        11⤵
        
        PID:6456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6940 -s 216
        10⤵
        
        PID:10280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4172 -s 216
        9⤵
        
        PID:7792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3968 -s 216
        8⤵
        
        PID:5624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1060 -s 236
        7⤵
        
        PID:4252
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2672 -s 220
        6⤵
        Program crash
        
        PID:3028
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1680 -s 240
        5⤵
        Program crash
        
        PID:812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43948.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43948.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41338.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57757.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56771.exe
        7⤵
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51556.exe
        8⤵
        
        PID:3304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51120.exe
        9⤵
        
        PID:5000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18910.exe
        10⤵
        
        PID:7412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1494.exe
        11⤵
        
        PID:9896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31103.exe
        12⤵
        
        PID:4224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9896 -s 216
        12⤵
        
        PID:12824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7412 -s 216
        11⤵
        
        PID:11056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5000 -s 216
        10⤵
        
        PID:8496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3304 -s 236
        9⤵
        
        PID:6272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2516 -s 236
        8⤵
        
        PID:4324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46657.exe
        7⤵
        
        PID:3388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49065.exe
        8⤵
        
        PID:5332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34307.exe
        9⤵
        
        PID:8160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39185.exe
        10⤵
        
        PID:10700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33319.exe
        11⤵
        
        PID:13220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10700 -s 216
        11⤵
        
        PID:13096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8160 -s 216
        10⤵
        
        PID:11304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5332 -s 216
        9⤵
        
        PID:9036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3388 -s 216
        8⤵
        
        PID:6908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1628 -s 240
        7⤵
        
        PID:4236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45074.exe
        6⤵
        
        PID:2108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4493.exe
        7⤵
        
        PID:3924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20394.exe
        8⤵
        
        PID:4952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61888.exe
        9⤵
        
        PID:7384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64317.exe
        10⤵
        
        PID:9824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1829.exe
        11⤵
        
        PID:5656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9824 -s 216
        11⤵
        
        PID:12912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7384 -s 216
        10⤵
        
        PID:11020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4952 -s 216
        9⤵
        
        PID:8472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3924 -s 216
        8⤵
        
        PID:6260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2108 -s 216
        7⤵
        
        PID:4316
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2820 -s 240
        6⤵
        Program crash
        
        PID:2320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25639.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23330.exe
        6⤵
        
        PID:3296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12360.exe
        7⤵
        
        PID:3944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17161.exe
        8⤵
        
        PID:5960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21863.exe
        9⤵
        
        PID:7360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58043.exe
        10⤵
        
        PID:10872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2976.exe
        11⤵
        
        PID:13268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10872 -s 216
        11⤵
        
        PID:13280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7360 -s 236
        10⤵
        
        PID:11440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5960 -s 216
        9⤵
        
        PID:9208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3944 -s 216
        8⤵
        
        PID:6200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3296 -s 236
        7⤵
        
        PID:5176
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 868 -s 236
        6⤵
        Program crash
        
        PID:3480
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1284 -s 240
        5⤵
        Program crash
        
        PID:2540
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2896 -s 240
      4⤵
      Program crash
      PID:1312
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2616 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2744
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2220 -s 240
  2⤵
  - Program crash
  PID:2716

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-16839.exe

Filesize
184KB

MD5
e64f5ea56d9c7602dc4e6525461b7607

SHA1
60c34ce804ee34fdeb5060ecdd4e2c2e55833c8c

SHA256
c4430f6cfe282faba6307a423d2bbfce3b47327f06b81ae255c6774fb29fe156

SHA512
534006ee3abe09e42f12e3a9ccbd61e89a5307b382917121c5a04a628cb895556afeec037675641c3112014fa095448f446586bccc261499ba46d733d1a9ad58

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2381.exe

Filesize
184KB

MD5
bfacd8688979e6abf58b81eec2432380

SHA1
6c7b2af5d8f1df8fb33aaa93f4321b3a54c3f5ee

SHA256
90d494e6433c8f2e83acb3468cd8820691d429f68c4106afe550206703776d57

SHA512
7eabde4a7dcd0c442b593d9bd0966d0d127c78f65499f766e71490e01ec25c06cbe355c41556263d63ce38895f7096693a7625085cc2bef9c9824ba08ab694aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30829.exe

Filesize
184KB

MD5
3de3098f81084f003f324d126b221400

SHA1
e6ccaa4893a76597fc6424215dacfccf10595651

SHA256
9508d6096a539b60fec4a474678e16b12a6f9452f6a64e022963ae61c3400a35

SHA512
7baa5cd22a6cf6bfb1e0b713db91fd3cfacf20e5804b494688e5d4e6ef3939abb309775fccf0c38f4bd0bb016d1f8ef3bb5ee9ebbf03ff8eff7c37381a5cad60

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51052.exe

Filesize
184KB

MD5
7df9bf9f84cba67c553e4fb5c015a109

SHA1
0cee5dbea3e10cc174fcbd33d08ae6a744e20ad5

SHA256
6d5f26e76c71a4f0ad2c8f8ad08597faa87c086c9b90827fb03b0d65b6a47c53

SHA512
a1a839be4de8e1c120eb1c0d880acc6adfe4bc72354636fdc7ccacd5f78d2baf13a964238000117ff9ca6658d3e9844625908f4bfc57a5954d8f587514a19cff

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5624.exe

Filesize
184KB

MD5
c76a3a613158dec2e5e0fcaaca0c2472

SHA1
385026d4208f42808b3ec0595eb92c0322fef41d

SHA256
872225e29b696296411cdfb0b5f27f2ab2027eb93fa5e7e2151ac7eb29ceadb4

SHA512
32215a2b146639388c10f7b1a19f9ff69630b6c89a11e907c0cc70c25f72461cc1919f6edf43196bf1f06d40642bcd1d234dd37260ac806f87dddfd790f6911f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56995.exe

Filesize
184KB

MD5
47074c24cf9c0126c811808fb65e9855

SHA1
729e0f3833c0f27f829a17e6c13a86418af4fc2e

SHA256
82fbc60bd1125d9d9e60d99cff2045a08969221ff67896024333a54f6949d842

SHA512
26a6bdd9678b172ad3115f88bcb67f85104e7e8a8ea29c02c783543bc33ebac4f3e705f30475cb1b74b05f15e3e51443eec68dec6cd0f749dce87c19e8cc2291

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5816.exe

Filesize
184KB

MD5
2d1bf83e9c719c72109fef01bcfea033

SHA1
3112f49745d3dd7d38e19a98eae606779fcc5cc6

SHA256
39b19af38aec248df17b5982403dc0f1336c4c2204edc2350201c54ee3d1e89c

SHA512
4441a6889f025228f75f14713e0fbb6f64182fac0545984dbd003c8cf78d03f8d59172b63cf9e3bcfe1750deeba13dee0d676a2597dca528171e6461dfeaf0c5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63658.exe

Filesize
184KB

MD5
deda16fb434e4d33907a0cc18bdc3c76

SHA1
65ad1e04328d01b2ae5a3a4784c758080bc8966f

SHA256
bca95e85f704aaba105f7d0179671bdf52f7e7b566853842103f1c7326ef25ae

SHA512
e6823d4cdfeea4d6a1f29454f4a15c296f9d2a7f50c9ec76b845e3882c5f4108714fe478b0e015bd951d4bc1c802faaed85e9a7f7ad5eeeb2ec4941e207e99e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64539.exe

Filesize
184KB

MD5
2005eed07a5f77ec3fce1dd510249a02

SHA1
53ef456244bef4800f99206033f9575b415d7040

SHA256
5b364236e78e94a22aed81326f1289b4e75d49379d43d8618bf0569b96a51c27

SHA512
03c48d853d3f1533cdb5fce99972c3e2ae4215c9c1be52d7d42d382bd17dfac343e3d42b5165728889edc9ff0589365410ba327767abcf83b8b5ce50818e57ba

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-12920.exe

Filesize
184KB

MD5
fb0d71a597862746e981dbdd814c7c75

SHA1
e069f2075556a1c012432d066053af5de29f23be

SHA256
f1378a5de369fcb8fe5534d8bf299d2f227b0a060c1da44aabe99e343f5987b3

SHA512
900f60ac251e38655dd88862c9a801d393617f3bba487a7992cacdaa685c9f18a9591bb783d314c854ceed7df83abb72f7420fdabd20d1cde7a80e510bc6b78c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-20923.exe

Filesize
184KB

MD5
b9ec55b3c72ec561b43147f17f5f3dfc

SHA1
bf56d50867519f44887b84f265e9c7a47aaf8194

SHA256
71f2d27ec1f68768fa5f82ea8854046cde8e16cde43d5ed21f88739a1bbcd742

SHA512
6ceba6e74873edc84dc59cdd36cdcf095dda4d00e2a36f33592043e087a7ee239ee0019b6c0ae19c111daaf5550dcb5ea1065bd713befb1a12b40ea5e0050ff0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-23781.exe

Filesize
184KB

MD5
aed1d7179293cbd87dae851db6e879ee

SHA1
686a269b4e0057da2e98c0cb10416efdadb7c477

SHA256
bedcc4c4b87adf91d7492736dc1d59e588e33c854a3e4856f94b8d72434e905b

SHA512
954eefc01db6be4f4af3bd6f35478206962ee63999dd43fe6734c4220025864cb3e6de6db65f29a4d0815fa2dbe53fa493e74a1481bbe53e3d8bc0030d9338e2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-33258.exe

Filesize
184KB

MD5
7ffe7be892a2a759374e01fd2fd46811

SHA1
d2d1d2d5e2c245f57908f695f5141d6dd3f03e00

SHA256
99b0c6327e1656325d140e415ad1c60bb5deefad747e31c0cd23a0bce9cf6be5

SHA512
a554b09eebbe3d562e52c7e2c7d3d037c8366c398550ef63492595ae89a4efda51822b00ab521552c5b3301d157e404304741f798f153c35790dd6e1f40871cf

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3351.exe

Filesize
184KB

MD5
4a4a22cf34ffa22f228091d9da102422

SHA1
c15270766cde031a3daa8a301875bc671ab98022

SHA256
3515f5457facfbf957d6a20259fbbd8a106fb261a78d3c44f3ca19a3c072adda

SHA512
1036ee2b25077e84c13778766eea8215f5e825513bf3b83b09a4b63a7a5fa7f2fa79ee2b1ee00eb3dd1f006f56a35180555684375a92853497b3fb18d85f3477

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48203.exe

Filesize
184KB

MD5
67567b22e95b916a2172b0be349d6a5c

SHA1
c376980cb7bd4b0ae699c08dbe3aede0bee25db0

SHA256
ff40e7dcbded84ebccaf1e0a7efe85f53e0a419adc01d02a253b85a53f9a0719

SHA512
cce0ab4bedf4a85c1ded753b0e17543895a74fa39214e629486c1aa3177d38953e9690c5991a046d283657308727e5ac1bf39f7c7e04a083f1ff73bb9ef9c289

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49594.exe

Filesize
184KB

MD5
9f2fea09d6f369b088aabebefb066c4b

SHA1
3860171324bdd5c19a57e875b74641e423c2f6e1

SHA256
ff95139c32eb4704fe90abec87f170a6615f320d5248acb6dc100bee980fc3c0

SHA512
2305f10a2ab5b81d6ceabfc70f96847f855acb34a88fc2e92db546109fa05cf764ae64cd9d68ca00ce31d390ba385d54df04a3ad2129522a0cb864c76269b01f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-5380.exe

Filesize
184KB

MD5
08a7c7b676c60e047728de5cf9bf0142

SHA1
4041bf27f0b6d2590a39f6054a8dae9bcc1e9750

SHA256
8eaf78a64b597b900e5544797a998cafe077f5297939d03e1c80816d120447a1

SHA512
b41c22592dd960ecf41153aab29caa246e3dc562bf0ed1d05d7438b1af528677dc5d3e377f69145e6551e29378694750acb999de998db4bbce378bad74ff8972

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55899.exe

Filesize
184KB

MD5
527789bcd982b75f4ef339b1d7ddf89e

SHA1
69473cff6eac092ac539202509226f7b3d13ae69

SHA256
f82bbe8f1a400f0676dc4143b2e7f4430533741e8dfccb091df00489a4d36303

SHA512
643c825b849cb99dcf879ddb59c62ee038bbbef677d08f89b378684a00a87da766ab9ea4f5d0dad710c8ebe35ccde865cc86ebcd3a2cfe4534b5e6b4f1e7f6be

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-63984.exe

Filesize
184KB

MD5
7f52f81712d7a4b73a3a4e6e18fa881e

SHA1
c1aa50fe7d22a37daa3f001092d1a8e455197be0

SHA256
6698c0e501557ae921fc3017ac104ccd86f3f091569034803645c5f3a781e8c5

SHA512
410a7a2bda34c6e72ab77ac96d0a77b12645d568289d472e03a0b79c29d62864d7928264636e86fd261e357d9c4472e238bb64a00f7eb5a0be86c085a5ddb6d5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-7087.exe

Filesize
184KB

MD5
9fafcf260c538573a6f35c982801cb4e

SHA1
4d57841b3226450c622f3065ed0b5e19070dda43

SHA256
75a6e33a31c003b4b3fbde3df91e84db23eda57d116b576ab91e934cda112f65

SHA512
157b409bc9bac5a49654a09aa5db3428ff053c873bf4cfc6efcacd5dff61a677e5d0caf8e18a06e83d410bfe20d6367212b222787e89b8398826d5ff719666d9

Download Submit