9c299e007ba3f692e341b572e5496351ccc51bf2cfdea524a6c401471770415c

Analysis

max time kernel
140s
max time network
122s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
24/05/2024, 00:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9c299e007ba3f692e341b572e5496351ccc51bf2cfdea524a6c401471770415c.exe
Size

184KB
MD5

8b832d84aa6bf153d1d51c0d0cfcfab3
SHA1

7e884eb5cc96c3b82a654c4964f3d8ab881ab294
SHA256

9c299e007ba3f692e341b572e5496351ccc51bf2cfdea524a6c401471770415c
SHA512

18fe993740503bf0d21f118f4327c1d5bb4e7d3824bf99a174d0a8ba88abadd4f7d5d98d159091ea2d6414c086bc7177ff7827d617b765935af16d3b8bff0560
SSDEEP

3072:hr73qyoTG4OTdGnWelwLR7spAlnViF2i:hrnoQJGnEL5spAlnViF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2188	Unicorn-27353.exe
2540	Unicorn-37289.exe
2552	Unicorn-52426.exe
2788	Unicorn-41060.exe
2856	Unicorn-21194.exe
2816	Unicorn-41060.exe
2140	Unicorn-16936.exe
2516	Unicorn-14667.exe
2820	Unicorn-64683.exe
2624	Unicorn-44818.exe
1772	Unicorn-34533.exe
1964	Unicorn-229.exe
1596	Unicorn-60182.exe
1168	Unicorn-18543.exe
2280	Unicorn-39456.exe
632	Unicorn-19590.exe
2688	Unicorn-19590.exe
2888	Unicorn-4837.exe
908	Unicorn-17706.exe
1848	Unicorn-10585.exe
2488	Unicorn-21354.exe
2108	Unicorn-32406.exe
1568	Unicorn-54820.exe
1328	Unicorn-13081.exe
2084	Unicorn-55396.exe
1676	Unicorn-912.exe
2116	Unicorn-20778.exe
2920	Unicorn-37607.exe
1376	Unicorn-48660.exe
2960	Unicorn-20273.exe
3036	Unicorn-48731.exe
3004	Unicorn-38638.exe
2588	Unicorn-3251.exe
2700	Unicorn-35793.exe
2596	Unicorn-55659.exe
2536	Unicorn-37102.exe
2600	Unicorn-47387.exe
2168	Unicorn-34257.exe
2672	Unicorn-63656.exe
2764	Unicorn-26577.exe
2824	Unicorn-46443.exe
1936	Unicorn-9520.exe
2508	Unicorn-55192.exe
2336	Unicorn-42062.exe
2760	Unicorn-26542.exe
2772	Unicorn-26542.exe
1660	Unicorn-22386.exe
2756	Unicorn-50076.exe
704	Unicorn-43093.exe
1640	Unicorn-35113.exe
1348	Unicorn-16556.exe
888	Unicorn-31692.exe
1624	Unicorn-8299.exe
928	Unicorn-59939.exe
1524	Unicorn-24012.exe
1752	Unicorn-60899.exe
1512	Unicorn-21516.exe
1172	Unicorn-6763.exe
2208	Unicorn-6763.exe
2848	Unicorn-6763.exe
1408	Unicorn-6763.exe
2308	Unicorn-3919.exe
2708	Unicorn-57095.exe
2472	Unicorn-11423.exe

Loads dropped DLL 64 IoCs

pid	Process
1248	9c299e007ba3f692e341b572e5496351ccc51bf2cfdea524a6c401471770415c.exe
1248	9c299e007ba3f692e341b572e5496351ccc51bf2cfdea524a6c401471770415c.exe
2188	Unicorn-27353.exe
2188	Unicorn-27353.exe
1248	9c299e007ba3f692e341b572e5496351ccc51bf2cfdea524a6c401471770415c.exe
1248	9c299e007ba3f692e341b572e5496351ccc51bf2cfdea524a6c401471770415c.exe
2188	Unicorn-27353.exe
2552	Unicorn-52426.exe
2188	Unicorn-27353.exe
2552	Unicorn-52426.exe
2540	Unicorn-37289.exe
2540	Unicorn-37289.exe
2512	WerFault.exe
2512	WerFault.exe
2512	WerFault.exe
2512	WerFault.exe
2512	WerFault.exe
2788	Unicorn-41060.exe
2788	Unicorn-41060.exe
2552	Unicorn-52426.exe
2552	Unicorn-52426.exe
2540	Unicorn-37289.exe
2540	Unicorn-37289.exe
2816	Unicorn-41060.exe
2856	Unicorn-21194.exe
2816	Unicorn-41060.exe
2856	Unicorn-21194.exe
1216	WerFault.exe
1784	WerFault.exe
1216	WerFault.exe
1784	WerFault.exe
1216	WerFault.exe
1784	WerFault.exe
1784	WerFault.exe
1216	WerFault.exe
1216	WerFault.exe
1784	WerFault.exe
2140	Unicorn-16936.exe
2140	Unicorn-16936.exe
2788	Unicorn-41060.exe
2788	Unicorn-41060.exe
2820	Unicorn-64683.exe
2820	Unicorn-64683.exe
1772	Unicorn-34533.exe
1772	Unicorn-34533.exe
2856	Unicorn-21194.exe
2816	Unicorn-41060.exe
2856	Unicorn-21194.exe
2816	Unicorn-41060.exe
2624	Unicorn-44818.exe
2624	Unicorn-44818.exe
1104	WerFault.exe
1104	WerFault.exe
1104	WerFault.exe
1104	WerFault.exe
1104	WerFault.exe
580	WerFault.exe
580	WerFault.exe
580	WerFault.exe
580	WerFault.exe
580	WerFault.exe
1856	WerFault.exe
1856	WerFault.exe
1856	WerFault.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2860	1248	WerFault.exe	27
2512	2188	WerFault.exe	28
1784	2540	WerFault.exe	29
1216	2552	WerFault.exe	30
1104	2788	WerFault.exe	33
580	2856	WerFault.exe	32
1856	2816	WerFault.exe	34
2052	2140	WerFault.exe	36
1032	2516	WerFault.exe	37
3016	2820	WerFault.exe	39
1616	1772	WerFault.exe	40
3012	2624	WerFault.exe	38
1648	1964	WerFault.exe	43
1744	1596	WerFault.exe	44
2872	2280	WerFault.exe	46
536	2688	WerFault.exe	48
268	1168	WerFault.exe	45
476	632	WerFault.exe	47
872	2888	WerFault.exe	49
2036	908	WerFault.exe	53
1208	1848	WerFault.exe	54
400	2488	WerFault.exe	55
2016	2108	WerFault.exe	56
2324	1568	WerFault.exe	57
1520	1328	WerFault.exe	58
1864	2920	WerFault.exe	62
1556	2116	WerFault.exe	61
1800	2084	WerFault.exe	59
1732	1676	WerFault.exe	60
968	1376	WerFault.exe	63
2944	2960	WerFault.exe	67
844	3036	WerFault.exe	69
1136	2588	WerFault.exe	72
2172	2600	WerFault.exe	76
2448	3004	WerFault.exe	71
1012	2824	WerFault.exe	80
892	2700	WerFault.exe	73
2880	2760	WerFault.exe	85
3200	2672	WerFault.exe	78
3228	2336	WerFault.exe	83
3236	2764	WerFault.exe	79
3244	2772	WerFault.exe	84
3252	2596	WerFault.exe	74
3260	2508	WerFault.exe	82
3284	2536	WerFault.exe	75
3312	2168	WerFault.exe	77
3336	1936	WerFault.exe	81
3564	1660	WerFault.exe	88
3580	2756	WerFault.exe	89
3688	704	WerFault.exe	95
3864	2628	WerFault.exe	167
4084	1640	WerFault.exe	96
3812	2472	WerFault.exe	110
3908	928	WerFault.exe	100
4032	1524	WerFault.exe	101
4008	1624	WerFault.exe	99
3132	1408	WerFault.exe	106
3308	1348	WerFault.exe	97
3556	2848	WerFault.exe	104
3752	1172	WerFault.exe	105
3796	888	WerFault.exe	98
4100	2208	WerFault.exe	107
4224	2620	WerFault.exe	113
4256	2948	WerFault.exe	115

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1248	9c299e007ba3f692e341b572e5496351ccc51bf2cfdea524a6c401471770415c.exe
2188	Unicorn-27353.exe
2540	Unicorn-37289.exe
2552	Unicorn-52426.exe
2856	Unicorn-21194.exe
2788	Unicorn-41060.exe
2816	Unicorn-41060.exe
2140	Unicorn-16936.exe
2820	Unicorn-64683.exe
2516	Unicorn-14667.exe
1772	Unicorn-34533.exe
2624	Unicorn-44818.exe
1964	Unicorn-229.exe
1596	Unicorn-60182.exe
2280	Unicorn-39456.exe
2888	Unicorn-4837.exe
632	Unicorn-19590.exe
2688	Unicorn-19590.exe
1168	Unicorn-18543.exe
908	Unicorn-17706.exe
1848	Unicorn-10585.exe
2488	Unicorn-21354.exe
2108	Unicorn-32406.exe
1568	Unicorn-54820.exe
1328	Unicorn-13081.exe
2084	Unicorn-55396.exe
2116	Unicorn-20778.exe
1676	Unicorn-912.exe
2920	Unicorn-37607.exe
1376	Unicorn-48660.exe
2960	Unicorn-20273.exe
3036	Unicorn-48731.exe
3004	Unicorn-38638.exe
2588	Unicorn-3251.exe
2700	Unicorn-35793.exe
2596	Unicorn-55659.exe
2536	Unicorn-37102.exe
2600	Unicorn-47387.exe
2168	Unicorn-34257.exe
2764	Unicorn-26577.exe
1936	Unicorn-9520.exe
2672	Unicorn-63656.exe
2824	Unicorn-46443.exe
2336	Unicorn-42062.exe
2508	Unicorn-55192.exe
2760	Unicorn-26542.exe
2772	Unicorn-26542.exe
1660	Unicorn-22386.exe
2756	Unicorn-50076.exe
704	Unicorn-43093.exe
1640	Unicorn-35113.exe
1348	Unicorn-16556.exe
888	Unicorn-31692.exe
1624	Unicorn-8299.exe
928	Unicorn-59939.exe
1524	Unicorn-24012.exe
1752	Unicorn-60899.exe
1512	Unicorn-21516.exe
2208	Unicorn-6763.exe
1172	Unicorn-6763.exe
1408	Unicorn-6763.exe
2848	Unicorn-6763.exe
2472	Unicorn-11423.exe
2308	Unicorn-3919.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1248 wrote to memory of 2188	1248	9c299e007ba3f692e341b572e5496351ccc51bf2cfdea524a6c401471770415c.exe	28
PID 1248 wrote to memory of 2188	1248	9c299e007ba3f692e341b572e5496351ccc51bf2cfdea524a6c401471770415c.exe	28
PID 1248 wrote to memory of 2188	1248	9c299e007ba3f692e341b572e5496351ccc51bf2cfdea524a6c401471770415c.exe	28
PID 1248 wrote to memory of 2188	1248	9c299e007ba3f692e341b572e5496351ccc51bf2cfdea524a6c401471770415c.exe	28
PID 2188 wrote to memory of 2540	2188	Unicorn-27353.exe	29
PID 2188 wrote to memory of 2540	2188	Unicorn-27353.exe	29
PID 2188 wrote to memory of 2540	2188	Unicorn-27353.exe	29
PID 2188 wrote to memory of 2540	2188	Unicorn-27353.exe	29
PID 1248 wrote to memory of 2552	1248	9c299e007ba3f692e341b572e5496351ccc51bf2cfdea524a6c401471770415c.exe	30
PID 1248 wrote to memory of 2552	1248	9c299e007ba3f692e341b572e5496351ccc51bf2cfdea524a6c401471770415c.exe	30
PID 1248 wrote to memory of 2552	1248	9c299e007ba3f692e341b572e5496351ccc51bf2cfdea524a6c401471770415c.exe	30
PID 1248 wrote to memory of 2552	1248	9c299e007ba3f692e341b572e5496351ccc51bf2cfdea524a6c401471770415c.exe	30
PID 1248 wrote to memory of 2860	1248	9c299e007ba3f692e341b572e5496351ccc51bf2cfdea524a6c401471770415c.exe	31
PID 1248 wrote to memory of 2860	1248	9c299e007ba3f692e341b572e5496351ccc51bf2cfdea524a6c401471770415c.exe	31
PID 1248 wrote to memory of 2860	1248	9c299e007ba3f692e341b572e5496351ccc51bf2cfdea524a6c401471770415c.exe	31
PID 1248 wrote to memory of 2860	1248	9c299e007ba3f692e341b572e5496351ccc51bf2cfdea524a6c401471770415c.exe	31
PID 2188 wrote to memory of 2856	2188	Unicorn-27353.exe	32
PID 2188 wrote to memory of 2856	2188	Unicorn-27353.exe	32
PID 2188 wrote to memory of 2856	2188	Unicorn-27353.exe	32
PID 2188 wrote to memory of 2856	2188	Unicorn-27353.exe	32
PID 2552 wrote to memory of 2788	2552	Unicorn-52426.exe	33
PID 2552 wrote to memory of 2788	2552	Unicorn-52426.exe	33
PID 2552 wrote to memory of 2788	2552	Unicorn-52426.exe	33
PID 2552 wrote to memory of 2788	2552	Unicorn-52426.exe	33
PID 2540 wrote to memory of 2816	2540	Unicorn-37289.exe	34
PID 2540 wrote to memory of 2816	2540	Unicorn-37289.exe	34
PID 2540 wrote to memory of 2816	2540	Unicorn-37289.exe	34
PID 2540 wrote to memory of 2816	2540	Unicorn-37289.exe	34
PID 2188 wrote to memory of 2512	2188	Unicorn-27353.exe	35
PID 2188 wrote to memory of 2512	2188	Unicorn-27353.exe	35
PID 2188 wrote to memory of 2512	2188	Unicorn-27353.exe	35
PID 2188 wrote to memory of 2512	2188	Unicorn-27353.exe	35
PID 2788 wrote to memory of 2140	2788	Unicorn-41060.exe	36
PID 2788 wrote to memory of 2140	2788	Unicorn-41060.exe	36
PID 2788 wrote to memory of 2140	2788	Unicorn-41060.exe	36
PID 2788 wrote to memory of 2140	2788	Unicorn-41060.exe	36
PID 2552 wrote to memory of 2516	2552	Unicorn-52426.exe	37
PID 2552 wrote to memory of 2516	2552	Unicorn-52426.exe	37
PID 2552 wrote to memory of 2516	2552	Unicorn-52426.exe	37
PID 2552 wrote to memory of 2516	2552	Unicorn-52426.exe	37
PID 2540 wrote to memory of 2624	2540	Unicorn-37289.exe	38
PID 2540 wrote to memory of 2624	2540	Unicorn-37289.exe	38
PID 2540 wrote to memory of 2624	2540	Unicorn-37289.exe	38
PID 2540 wrote to memory of 2624	2540	Unicorn-37289.exe	38
PID 2816 wrote to memory of 2820	2816	Unicorn-41060.exe	39
PID 2816 wrote to memory of 2820	2816	Unicorn-41060.exe	39
PID 2816 wrote to memory of 2820	2816	Unicorn-41060.exe	39
PID 2816 wrote to memory of 2820	2816	Unicorn-41060.exe	39
PID 2856 wrote to memory of 1772	2856	Unicorn-21194.exe	40
PID 2856 wrote to memory of 1772	2856	Unicorn-21194.exe	40
PID 2856 wrote to memory of 1772	2856	Unicorn-21194.exe	40
PID 2856 wrote to memory of 1772	2856	Unicorn-21194.exe	40
PID 2552 wrote to memory of 1216	2552	Unicorn-52426.exe	41
PID 2552 wrote to memory of 1216	2552	Unicorn-52426.exe	41
PID 2552 wrote to memory of 1216	2552	Unicorn-52426.exe	41
PID 2552 wrote to memory of 1216	2552	Unicorn-52426.exe	41
PID 2540 wrote to memory of 1784	2540	Unicorn-37289.exe	42
PID 2540 wrote to memory of 1784	2540	Unicorn-37289.exe	42
PID 2540 wrote to memory of 1784	2540	Unicorn-37289.exe	42
PID 2540 wrote to memory of 1784	2540	Unicorn-37289.exe	42
PID 2140 wrote to memory of 1964	2140	Unicorn-16936.exe	43
PID 2140 wrote to memory of 1964	2140	Unicorn-16936.exe	43
PID 2140 wrote to memory of 1964	2140	Unicorn-16936.exe	43
PID 2140 wrote to memory of 1964	2140	Unicorn-16936.exe	43

C:\Users\Admin\AppData\Local\Temp\9c299e007ba3f692e341b572e5496351ccc51bf2cfdea524a6c401471770415c.exe
"C:\Users\Admin\AppData\Local\Temp\9c299e007ba3f692e341b572e5496351ccc51bf2cfdea524a6c401471770415c.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1248
- C:\Users\Admin\AppData\Local\Temp\Unicorn-27353.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-27353.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2188
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37289.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37289.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41060.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41060.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64683.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18543.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20778.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46443.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20121.exe
        9⤵
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43950.exe
        10⤵
        
        PID:3604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1165.exe
        11⤵
        
        PID:4384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56117.exe
        12⤵
        
        PID:6464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42532.exe
        13⤵
        
        PID:10184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-608.exe
        14⤵
        
        PID:12936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10184 -s 216
        14⤵
        
        PID:13740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6464 -s 216
        13⤵
        
        PID:1392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4384 -s 236
        12⤵
        
        PID:7920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3604 -s 236
        11⤵
        
        PID:5332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18414.exe
        10⤵
        
        PID:4468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29112.exe
        11⤵
        
        PID:6524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32011.exe
        12⤵
        
        PID:9820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21082.exe
        13⤵
        
        PID:12148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52173.exe
        14⤵
        
        PID:8992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9820 -s 216
        13⤵
        
        PID:13052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6524 -s 216
        12⤵
        
        PID:10728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4468 -s 216
        11⤵
        
        PID:7952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2476 -s 240
        10⤵
        
        PID:5356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2824 -s 216
        9⤵
        Program crash
        
        PID:1012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2116 -s 236
        8⤵
        Program crash
        
        PID:1556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55192.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11423.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55262.exe
        9⤵
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5787.exe
        10⤵
        
        PID:3188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14262.exe
        11⤵
        
        PID:5520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16726.exe
        12⤵
        
        PID:7972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14796.exe
        13⤵
        
        PID:10876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26031.exe
        14⤵
        
        PID:13996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10876 -s 216
        14⤵
        
        PID:7596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7972 -s 236
        13⤵
        
        PID:12248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5520 -s 216
        12⤵
        
        PID:8352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3188 -s 216
        11⤵
        
        PID:6156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2000 -s 216
        10⤵
        
        PID:4668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2472 -s 236
        9⤵
        Program crash
        
        PID:3812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19335.exe
        8⤵
        
        PID:1816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47897.exe
        9⤵
        
        PID:3632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40102.exe
        10⤵
        
        PID:4164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23492.exe
        11⤵
        
        PID:6764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38134.exe
        12⤵
        
        PID:9632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38383.exe
        13⤵
        
        PID:12008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33793.exe
        14⤵
        
        PID:9116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9632 -s 216
        13⤵
        
        PID:12900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6764 -s 216
        12⤵
        
        PID:10564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4164 -s 216
        11⤵
        
        PID:8184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3632 -s 216
        10⤵
        
        PID:6044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1816 -s 236
        9⤵
        
        PID:5068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2508 -s 240
        8⤵
        Program crash
        
        PID:3260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1168 -s 240
        7⤵
        Program crash
        
        PID:268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-912.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26542.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20121.exe
        8⤵
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45294.exe
        9⤵
        
        PID:3668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40102.exe
        10⤵
        
        PID:4140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35350.exe
        11⤵
        
        PID:6580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10716.exe
        12⤵
        
        PID:9584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49487.exe
        13⤵
        
        PID:12768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9584 -s 216
        13⤵
        
        PID:13600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6580 -s 216
        12⤵
        
        PID:11196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4140 -s 216
        11⤵
        
        PID:8252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3668 -s 216
        10⤵
        
        PID:6436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2496 -s 216
        9⤵
        
        PID:4492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2760 -s 216
        8⤵
        Program crash
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24012.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18952.exe
        8⤵
        
        PID:3872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34077.exe
        9⤵
        
        PID:4908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26969.exe
        10⤵
        
        PID:7160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19821.exe
        11⤵
        
        PID:9604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54688.exe
        12⤵
        
        PID:12256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35329.exe
        13⤵
        
        PID:9100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9604 -s 216
        12⤵
        
        PID:13076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7160 -s 236
        11⤵
        
        PID:10492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4908 -s 220
        10⤵
        
        PID:7184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3872 -s 236
        9⤵
        
        PID:6096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1524 -s 216
        8⤵
        Program crash
        
        PID:4032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1676 -s 220
        7⤵
        Program crash
        
        PID:1732
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2820 -s 240
        6⤵
        Program crash
        
        PID:3016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19590.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55396.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9520.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24361.exe
        8⤵
        
        PID:1960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3622.exe
        9⤵
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58579.exe
        10⤵
        
        PID:3344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10091.exe
        11⤵
        
        PID:4544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49055.exe
        12⤵
        
        PID:6544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26363.exe
        13⤵
        
        PID:9816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9816 -s 208
        14⤵
        
        PID:12740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6544 -s 220
        13⤵
        
        PID:10460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4544 -s 216
        12⤵
        
        PID:8244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3344 -s 216
        11⤵
        
        PID:6444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2724 -s 236
        10⤵
        
        PID:5016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28223.exe
        9⤵
        
        PID:3548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52484.exe
        10⤵
        
        PID:5092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52127.exe
        11⤵
        
        PID:6804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51308.exe
        12⤵
        
        PID:9356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45745.exe
        13⤵
        
        PID:12420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9356 -s 216
        13⤵
        
        PID:6724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6804 -s 216
        12⤵
        
        PID:11096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5092 -s 216
        11⤵
        
        PID:8308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3548 -s 216
        10⤵
        
        PID:7068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1960 -s 220
        9⤵
        
        PID:4356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19335.exe
        8⤵
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5787.exe
        9⤵
        
        PID:3196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22313.exe
        10⤵
        
        PID:3612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54986.exe
        11⤵
        
        PID:6836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6227.exe
        12⤵
        
        PID:10028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6902.exe
        13⤵
        
        PID:12488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10028 -s 216
        13⤵
        
        PID:13340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6836 -s 220
        12⤵
        
        PID:10832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3612 -s 216
        11⤵
        
        PID:7508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3196 -s 216
        10⤵
        
        PID:6060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2776 -s 216
        9⤵
        
        PID:4980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1936 -s 240
        8⤵
        Program crash
        
        PID:3336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39497.exe
        7⤵
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56798.exe
        8⤵
        
        PID:1144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2907.exe
        9⤵
        
        PID:3964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42598.exe
        10⤵
        
        PID:4648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32802.exe
        11⤵
        
        PID:6928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44152.exe
        12⤵
        
        PID:9788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33862.exe
        13⤵
        
        PID:12716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9788 -s 216
        13⤵
        
        PID:13548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6928 -s 220
        12⤵
        
        PID:10340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4648 -s 216
        11⤵
        
        PID:8440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3964 -s 216
        10⤵
        
        PID:6996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1144 -s 236
        9⤵
        
        PID:4936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4671.exe
        8⤵
        
        PID:3992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62904.exe
        9⤵
        
        PID:4340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14820.exe
        10⤵
        
        PID:6888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5148.exe
        11⤵
        
        PID:9436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43231.exe
        12⤵
        
        PID:13196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9436 -s 220
        12⤵
        
        PID:13900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6888 -s 216
        11⤵
        
        PID:11108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4340 -s 216
        10⤵
        
        PID:8432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3992 -s 216
        9⤵
        
        PID:6860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2948 -s 240
        8⤵
        Program crash
        
        PID:4256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2084 -s 240
        7⤵
        Program crash
        
        PID:1800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42062.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6763.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22756.exe
        8⤵
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56031.exe
        9⤵
        
        PID:4088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59982.exe
        10⤵
        
        PID:4656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32589.exe
        11⤵
        
        PID:6752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29899.exe
        12⤵
        
        PID:9860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24147.exe
        13⤵
        
        PID:12348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9860 -s 216
        13⤵
        
        PID:936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6752 -s 216
        12⤵
        
        PID:10720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4656 -s 216
        11⤵
        
        PID:8152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4088 -s 216
        10⤵
        
        PID:5872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27511.exe
        9⤵
        
        PID:4760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57939.exe
        10⤵
        
        PID:6912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65184.exe
        11⤵
        
        PID:10188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4221.exe
        12⤵
        
        PID:11748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20081.exe
        13⤵
        
        PID:7592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10188 -s 216
        12⤵
        
        PID:13116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6912 -s 216
        11⤵
        
        PID:11036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4760 -s 216
        10⤵
        
        PID:8144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2232 -s 240
        9⤵
        
        PID:5712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53187.exe
        8⤵
        
        PID:3116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41638.exe
        9⤵
        
        PID:5080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65500.exe
        10⤵
        
        PID:6460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61993.exe
        11⤵
        
        PID:9616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43231.exe
        12⤵
        
        PID:13204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9616 -s 220
        12⤵
        
        PID:13892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6460 -s 216
        11⤵
        
        PID:11216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5080 -s 216
        10⤵
        
        PID:8028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3116 -s 216
        9⤵
        
        PID:6376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2848 -s 240
        8⤵
        Program crash
        
        PID:3556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18375.exe
        7⤵
        
        PID:2484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35152.exe
        8⤵
        
        PID:3720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5954.exe
        9⤵
        
        PID:5636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64686.exe
        10⤵
        
        PID:8356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7542.exe
        11⤵
        
        PID:11456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53727.exe
        12⤵
        
        PID:14176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11456 -s 216
        12⤵
        
        PID:14012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8356 -s 216
        11⤵
        
        PID:11504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5636 -s 216
        10⤵
        
        PID:9304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3720 -s 216
        9⤵
        
        PID:6892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2484 -s 236
        8⤵
        
        PID:4888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2336 -s 220
        7⤵
        Program crash
        
        PID:3228
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2688 -s 240
        6⤵
        Program crash
        
        PID:536
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2816 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:1856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44818.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44818.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4837.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37607.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63656.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60899.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56222.exe
        9⤵
        
        PID:596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55245.exe
        10⤵
        
        PID:3988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30279.exe
        11⤵
        
        PID:4952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23558.exe
        12⤵
        
        PID:6696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25521.exe
        13⤵
        
        PID:10020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40145.exe
        14⤵
        
        PID:13300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10020 -s 216
        14⤵
        
        PID:13984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6696 -s 236
        13⤵
        
        PID:11724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4952 -s 236
        12⤵
        
        PID:8796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3988 -s 236
        11⤵
        
        PID:6516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 596 -s 236
        10⤵
        
        PID:4168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48317.exe
        9⤵
        
        PID:4044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40507.exe
        10⤵
        
        PID:4928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62641.exe
        11⤵
        
        PID:6148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43192.exe
        12⤵
        
        PID:9928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21525.exe
        13⤵
        
        PID:12988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9928 -s 220
        13⤵
        
        PID:13764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6148 -s 216
        12⤵
        
        PID:10680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4928 -s 220
        11⤵
        
        PID:8516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4044 -s 236
        10⤵
        
        PID:7008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1752 -s 240
        9⤵
        
        PID:4332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22983.exe
        8⤵
        
        PID:408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55245.exe
        9⤵
        
        PID:4012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63864.exe
        10⤵
        
        PID:4612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45770.exe
        11⤵
        
        PID:6968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46676.exe
        12⤵
        
        PID:9944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14816.exe
        13⤵
        
        PID:12824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9944 -s 216
        13⤵
        
        PID:13636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6968 -s 216
        12⤵
        
        PID:10772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4612 -s 216
        11⤵
        
        PID:8012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4012 -s 216
        10⤵
        
        PID:5216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 408 -s 236
        9⤵
        
        PID:4196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2672 -s 240
        8⤵
        Program crash
        
        PID:3200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21516.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56798.exe
        8⤵
        
        PID:448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7323.exe
        9⤵
        
        PID:4024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58533.exe
        10⤵
        
        PID:5320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10707.exe
        11⤵
        
        PID:7668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41809.exe
        12⤵
        
        PID:10596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40417.exe
        13⤵
        
        PID:13564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10596 -s 216
        13⤵
        
        PID:7144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7668 -s 216
        12⤵
        
        PID:12088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5320 -s 216
        11⤵
        
        PID:8388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4024 -s 216
        10⤵
        
        PID:6800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 448 -s 236
        9⤵
        
        PID:5008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4479.exe
        8⤵
        
        PID:4052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27350.exe
        9⤵
        
        PID:4676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21062.exe
        10⤵
        
        PID:6224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23961.exe
        11⤵
        
        PID:10044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7383.exe
        12⤵
        
        PID:13120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10044 -s 216
        12⤵
        
        PID:13820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6224 -s 216
        11⤵
        
        PID:11572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4676 -s 216
        10⤵
        
        PID:8768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4052 -s 216
        9⤵
        
        PID:7136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1512 -s 220
        8⤵
        
        PID:5052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2920 -s 240
        7⤵
        Program crash
        
        PID:1864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26577.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6763.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39201.exe
        8⤵
        
        PID:1812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16595.exe
        9⤵
        
        PID:3856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2212.exe
        10⤵
        
        PID:5260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39057.exe
        11⤵
        
        PID:7524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7029.exe
        12⤵
        
        PID:10452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34636.exe
        13⤵
        
        PID:13400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10452 -s 236
        13⤵
        
        PID:14304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7524 -s 236
        12⤵
        
        PID:12016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5260 -s 216
        11⤵
        
        PID:9132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3856 -s 216
        10⤵
        
        PID:6876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1812 -s 236
        9⤵
        
        PID:4788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35379.exe
        8⤵
        
        PID:3976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36573.exe
        9⤵
        
        PID:4956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32589.exe
        10⤵
        
        PID:6744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22481.exe
        11⤵
        
        PID:10108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11091.exe
        12⤵
        
        PID:11980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9744.exe
        13⤵
        
        PID:8840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10108 -s 216
        12⤵
        
        PID:12592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6744 -s 220
        11⤵
        
        PID:10932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4956 -s 216
        10⤵
        
        PID:8112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3976 -s 216
        9⤵
        
        PID:5840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1408 -s 240
        8⤵
        Program crash
        
        PID:3132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1354.exe
        7⤵
        
        PID:1780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2645.exe
        8⤵
        
        PID:4072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15592.exe
        9⤵
        
        PID:5024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32802.exe
        10⤵
        
        PID:6936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26363.exe
        11⤵
        
        PID:9848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9848 -s 208
        12⤵
        
        PID:12924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6936 -s 220
        11⤵
        
        PID:10516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5024 -s 216
        10⤵
        
        PID:8448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4072 -s 236
        9⤵
        
        PID:6776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1780 -s 236
        8⤵
        
        PID:4216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2764 -s 240
        7⤵
        Program crash
        
        PID:3236
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2888 -s 240
        6⤵
        Program crash
        
        PID:872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48660.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26542.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6763.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42849.exe
        8⤵
        
        PID:1760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33424.exe
        9⤵
        
        PID:3792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47663.exe
        10⤵
        
        PID:4832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54986.exe
        11⤵
        
        PID:6828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32011.exe
        12⤵
        
        PID:10056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32005.exe
        13⤵
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31042.exe
        14⤵
        
        PID:8876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10056 -s 216
        13⤵
        
        PID:12584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6828 -s 216
        12⤵
        
        PID:10924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4832 -s 216
        11⤵
        
        PID:7520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3792 -s 216
        10⤵
        
        PID:6024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1760 -s 216
        9⤵
        
        PID:5116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45053.exe
        8⤵
        
        PID:3892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17705.exe
        9⤵
        
        PID:4900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16217.exe
        10⤵
        
        PID:6700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44152.exe
        11⤵
        
        PID:9512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9212.exe
        12⤵
        
        PID:12852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9512 -s 216
        12⤵
        
        PID:13692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6700 -s 220
        11⤵
        
        PID:884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4900 -s 216
        10⤵
        
        PID:8276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3892 -s 216
        9⤵
        
        PID:6392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2208 -s 240
        8⤵
        Program crash
        
        PID:4100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40004.exe
        7⤵
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10051.exe
        8⤵
        
        PID:3748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24480.exe
        9⤵
        
        PID:5860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29997.exe
        10⤵
        
        PID:9524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13084.exe
        11⤵
        
        PID:12060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35329.exe
        12⤵
        
        PID:9092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9524 -s 216
        11⤵
        
        PID:13000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5860 -s 236
        10⤵
        
        PID:10476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3748 -s 236
        9⤵
        
        PID:7744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2604 -s 216
        8⤵
        
        PID:6072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2772 -s 240
        7⤵
        Program crash
        
        PID:3244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57095.exe
        6⤵
        Executes dropped EXE
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40737.exe
        7⤵
        
        PID:1340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47897.exe
        8⤵
        
        PID:3648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44710.exe
        9⤵
        
        PID:4480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59214.exe
        10⤵
        
        PID:6980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47395.exe
        11⤵
        
        PID:10204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24147.exe
        12⤵
        
        PID:12336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10204 -s 216
        12⤵
        
        PID:13148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6980 -s 216
        11⤵
        
        PID:11044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4480 -s 220
        10⤵
        
        PID:8864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3648 -s 216
        9⤵
        
        PID:6844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1340 -s 216
        8⤵
        
        PID:5060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15286.exe
        7⤵
        
        PID:3684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13515.exe
        8⤵
        
        PID:5744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14292.exe
        9⤵
        
        PID:8648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47827.exe
        10⤵
        
        PID:10760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38444.exe
        11⤵
        
        PID:14040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10760 -s 216
        11⤵
        
        PID:7628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8648 -s 216
        10⤵
        
        PID:12240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5744 -s 216
        9⤵
        
        PID:9400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3684 -s 236
        8⤵
        
        PID:6292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2708 -s 220
        7⤵
        
        PID:5188
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1376 -s 240
        6⤵
        Program crash
        
        PID:968
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2624 -s 240
        5⤵
        Program crash
        
        PID:3012
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2540 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1784
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21194.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21194.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34533.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34533.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39456.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54820.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37102.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42342.exe
        8⤵
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25252.exe
        9⤵
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63574.exe
        10⤵
        
        PID:3840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41149.exe
        11⤵
        
        PID:5672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62958.exe
        12⤵
        
        PID:8204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16759.exe
        13⤵
        
        PID:11364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56013.exe
        14⤵
        
        PID:14216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11364 -s 236
        14⤵
        
        PID:14060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8204 -s 216
        13⤵
        
        PID:11384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5672 -s 216
        12⤵
        
        PID:9268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3840 -s 216
        11⤵
        
        PID:6904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2648 -s 216
        10⤵
        
        PID:4988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62074.exe
        9⤵
        
        PID:3940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50735.exe
        10⤵
        
        PID:5104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59475.exe
        11⤵
        
        PID:6228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44152.exe
        12⤵
        
        PID:9768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3306.exe
        13⤵
        
        PID:12640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9768 -s 220
        13⤵
        
        PID:13496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6228 -s 220
        12⤵
        
        PID:10392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5104 -s 216
        11⤵
        
        PID:7264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3940 -s 216
        10⤵
        
        PID:6352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2620 -s 240
        9⤵
        Program crash
        
        PID:4224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58562.exe
        8⤵
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53886.exe
        9⤵
        
        PID:3160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50385.exe
        10⤵
        
        PID:5696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41813.exe
        11⤵
        
        PID:9340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50754.exe
        12⤵
        
        PID:12072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6096.exe
        13⤵
        
        PID:8728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9340 -s 236
        12⤵
        
        PID:12652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5696 -s 236
        11⤵
        
        PID:10332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3160 -s 236
        10⤵
        
        PID:7724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2176 -s 216
        9⤵
        
        PID:5908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2536 -s 240
        8⤵
        Program crash
        
        PID:3284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22476.exe
        7⤵
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12314.exe
        8⤵
        
        PID:2120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2120 -s 240
        9⤵
        
        PID:5108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62074.exe
        8⤵
        
        PID:3932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15156.exe
        9⤵
        
        PID:4696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59356.exe
        10⤵
        
        PID:6960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4214.exe
        11⤵
        
        PID:9384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41426.exe
        12⤵
        
        PID:13092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9384 -s 220
        12⤵
        
        PID:13800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6960 -s 216
        11⤵
        
        PID:11300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4696 -s 216
        10⤵
        
        PID:8496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3932 -s 216
        9⤵
        
        PID:6868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2744 -s 220
        8⤵
        
        PID:4284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1568 -s 240
        7⤵
        Program crash
        
        PID:2324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34257.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42342.exe
        7⤵
        
        PID:1956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12890.exe
        8⤵
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40022.exe
        9⤵
        
        PID:3216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21189.exe
        10⤵
        
        PID:5200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7562.exe
        11⤵
        
        PID:7496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7029.exe
        12⤵
        
        PID:10444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41792.exe
        13⤵
        
        PID:13436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10444 -s 216
        13⤵
        
        PID:14312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7496 -s 216
        12⤵
        
        PID:12024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5200 -s 216
        11⤵
        
        PID:9124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3216 -s 236
        10⤵
        
        PID:6644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15747.exe
        9⤵
        
        PID:5028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37005.exe
        10⤵
        
        PID:6788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29463.exe
        11⤵
        
        PID:10000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15573.exe
        12⤵
        
        PID:12200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9897.exe
        13⤵
        
        PID:14192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10000 -s 216
        12⤵
        
        PID:12416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6788 -s 220
        11⤵
        
        PID:10804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5028 -s 216
        10⤵
        
        PID:6796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2008 -s 220
        9⤵
        
        PID:5980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38521.exe
        8⤵
        
        PID:3472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31860.exe
        9⤵
        
        PID:5548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2584.exe
        10⤵
        
        PID:8020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32282.exe
        11⤵
        
        PID:10880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58813.exe
        12⤵
        
        PID:13464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10880 -s 236
        12⤵
        
        PID:14328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8020 -s 216
        11⤵
        
        PID:12132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5548 -s 216
        10⤵
        
        PID:8964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3472 -s 216
        9⤵
        
        PID:6296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1956 -s 240
        8⤵
        
        PID:4644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2168 -s 236
        7⤵
        Program crash
        
        PID:3312
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2280 -s 240
        6⤵
        Program crash
        
        PID:2872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13081.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43093.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44595.exe
        7⤵
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15860.exe
        8⤵
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57778.exe
        9⤵
        
        PID:3320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48106.exe
        10⤵
        
        PID:6028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28545.exe
        11⤵
        
        PID:2328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2085.exe
        12⤵
        
        PID:12052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30725.exe
        13⤵
        
        PID:13704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 12052 -s 216
        13⤵
        
        PID:7584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2328 -s 216
        12⤵
        
        PID:12264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6028 -s 216
        11⤵
        
        PID:10212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3320 -s 216
        10⤵
        
        PID:7436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2532 -s 236
        9⤵
        
        PID:5476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40984.exe
        8⤵
        
        PID:3708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55667.exe
        9⤵
        
        PID:6136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46540.exe
        10⤵
        
        PID:9236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57474.exe
        11⤵
        
        PID:11836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48636.exe
        12⤵
        
        PID:7716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9236 -s 216
        11⤵
        
        PID:12524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6136 -s 216
        10⤵
        
        PID:10248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3708 -s 216
        9⤵
        
        PID:7468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2956 -s 240
        8⤵
        
        PID:5684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26144.exe
        7⤵
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27768.exe
        8⤵
        
        PID:3476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48106.exe
        9⤵
        
        PID:6052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43786.exe
        10⤵
        
        PID:2372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60627.exe
        11⤵
        
        PID:12184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1705.exe
        12⤵
        
        PID:13480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 12184 -s 216
        12⤵
        
        PID:13320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2372 -s 216
        11⤵
        
        PID:12472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6052 -s 216
        10⤵
        
        PID:9296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3476 -s 216
        9⤵
        
        PID:7428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2728 -s 236
        8⤵
        
        PID:5488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 704 -s 240
        7⤵
        Program crash
        
        PID:3688
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1328 -s 216
        6⤵
        Program crash
        
        PID:1520
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1772 -s 240
        5⤵
        Program crash
        
        PID:1616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19590.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19590.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47387.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8299.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27050.exe
        7⤵
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13991.exe
        8⤵
        
        PID:3700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48623.exe
        9⤵
        
        PID:4964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9999.exe
        10⤵
        
        PID:6940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5148.exe
        11⤵
        
        PID:9412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29254.exe
        12⤵
        
        PID:12784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9412 -s 216
        12⤵
        
        PID:13660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6940 -s 216
        11⤵
        
        PID:11116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4964 -s 216
        10⤵
        
        PID:7200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3700 -s 216
        9⤵
        
        PID:5136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2680 -s 236
        8⤵
        
        PID:4516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3467.exe
        7⤵
        
        PID:3732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34077.exe
        8⤵
        
        PID:4916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1094.exe
        9⤵
        
        PID:6656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8175.exe
        10⤵
        
        PID:9480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38383.exe
        11⤵
        
        PID:12004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12502.exe
        12⤵
        
        PID:14248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9480 -s 216
        11⤵
        
        PID:12848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6656 -s 216
        10⤵
        
        PID:10416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4916 -s 216
        9⤵
        
        PID:8076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3732 -s 216
        8⤵
        
        PID:5772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1624 -s 240
        7⤵
        Program crash
        
        PID:4008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4688.exe
        6⤵
        
        PID:1996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46830.exe
        7⤵
        
        PID:3456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8555.exe
        8⤵
        
        PID:4756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38209.exe
        9⤵
        
        PID:6608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27141.exe
        10⤵
        
        PID:10064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63534.exe
        11⤵
        
        PID:12392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10064 -s 216
        11⤵
        
        PID:6676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6608 -s 220
        10⤵
        
        PID:10852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4756 -s 216
        9⤵
        
        PID:8068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3456 -s 236
        8⤵
        
        PID:5764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1996 -s 236
        7⤵
        
        PID:4432
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2600 -s 220
        6⤵
        Program crash
        
        PID:2172
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 632 -s 236
        5⤵
        Program crash
        
        PID:476
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2856 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:580
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2188 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2512
- C:\Users\Admin\AppData\Local\Temp\Unicorn-52426.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-52426.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2552
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41060.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41060.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16936.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16936.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-229.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17706.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20273.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22386.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49727.exe
        9⤵
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44474.exe
        10⤵
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60798.exe
        11⤵
        
        PID:3728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10010.exe
        12⤵
        
        PID:5820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11094.exe
        13⤵
        
        PID:9052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7056.exe
        14⤵
        
        PID:11984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4310.exe
        15⤵
        
        PID:4244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11984 -s 216
        15⤵
        
        PID:6624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9052 -s 216
        14⤵
        
        PID:11916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5820 -s 236
        13⤵
        
        PID:9900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3728 -s 216
        12⤵
        
        PID:7192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2332 -s 236
        11⤵
        
        PID:5348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5546.exe
        10⤵
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42081.exe
        11⤵
        
        PID:5932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29816.exe
        12⤵
        
        PID:8272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62414.exe
        13⤵
        
        PID:11940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19028.exe
        14⤵
        
        PID:13372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11940 -s 216
        14⤵
        
        PID:8932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8272 -s 216
        13⤵
        
        PID:12080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5932 -s 216
        12⤵
        
        PID:9680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2424 -s 216
        11⤵
        
        PID:7380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1528 -s 240
        10⤵
        
        PID:5392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43165.exe
        9⤵
        
        PID:2924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15931.exe
        10⤵
        
        PID:3880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55866.exe
        11⤵
        
        PID:5584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62309.exe
        12⤵
        
        PID:8164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17994.exe
        13⤵
        
        PID:10912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34848.exe
        14⤵
        
        PID:14096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10912 -s 216
        14⤵
        
        PID:13852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8164 -s 236
        13⤵
        
        PID:11292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5584 -s 216
        12⤵
        
        PID:1320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3880 -s 216
        11⤵
        
        PID:6476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2924 -s 236
        10⤵
        
        PID:4536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1660 -s 240
        9⤵
        Program crash
        
        PID:3564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15964.exe
        8⤵
        
        PID:2132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10431.exe
        9⤵
        
        PID:2632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33912.exe
        10⤵
        
        PID:3816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50654.exe
        11⤵
        
        PID:5944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59826.exe
        12⤵
        
        PID:9212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1537.exe
        13⤵
        
        PID:11908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6837.exe
        14⤵
        
        PID:13416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11908 -s 216
        14⤵
        
        PID:8896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9212 -s 216
        13⤵
        
        PID:12048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5944 -s 216
        12⤵
        
        PID:9596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3816 -s 236
        11⤵
        
        PID:7388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2632 -s 216
        10⤵
        
        PID:5436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45541.exe
        9⤵
        
        PID:3920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3287.exe
        10⤵
        
        PID:5780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13569.exe
        11⤵
        
        PID:8952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9217.exe
        12⤵
        
        PID:11880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53101.exe
        13⤵
        
        PID:4420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11880 -s 216
        13⤵
        
        PID:8920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8952 -s 216
        12⤵
        
        PID:12140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5780 -s 236
        11⤵
        
        PID:9464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3920 -s 236
        10⤵
        
        PID:7172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2132 -s 240
        9⤵
        
        PID:5296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2960 -s 240
        8⤵
        Program crash
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50076.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35830.exe
        8⤵
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63031.exe
        9⤵
        
        PID:1332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33912.exe
        10⤵
        
        PID:3836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8474.exe
        11⤵
        
        PID:5852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65443.exe
        12⤵
        
        PID:9144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8641.exe
        13⤵
        
        PID:11852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13557.exe
        14⤵
        
        PID:6500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11852 -s 216
        14⤵
        
        PID:8640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9144 -s 236
        13⤵
        
        PID:11956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5852 -s 236
        12⤵
        
        PID:10120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3836 -s 216
        11⤵
        
        PID:7256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1332 -s 236
        10⤵
        
        PID:5376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31643.exe
        9⤵
        
        PID:4004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64359.exe
        10⤵
        
        PID:5956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60185.exe
        10⤵
        
        PID:6216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42047.exe
        11⤵
        
        PID:9712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11380.exe
        12⤵
        
        PID:12272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9712 -s 220
        12⤵
        
        PID:12328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6216 -s 216
        11⤵
        
        PID:10660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4004 -s 220
        10⤵
        
        PID:7816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2152 -s 240
        9⤵
        
        PID:5400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25952.exe
        8⤵
        
        PID:2628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2628 -s 220
        9⤵
        Program crash
        
        PID:3864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2756 -s 240
        8⤵
        Program crash
        
        PID:3580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 908 -s 240
        7⤵
        Program crash
        
        PID:2036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48731.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35113.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47667.exe
        8⤵
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64375.exe
        9⤵
        
        PID:2304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41757.exe
        10⤵
        
        PID:4840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26445.exe
        11⤵
        
        PID:7044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11128.exe
        12⤵
        
        PID:9672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9672 -s 224
        13⤵
        
        PID:11904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7044 -s 216
        12⤵
        
        PID:10636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4840 -s 216
        11⤵
        
        PID:8048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2304 -s 216
        10⤵
        
        PID:5920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1736 -s 236
        9⤵
        
        PID:4300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5527.exe
        8⤵
        
        PID:3108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47356.exe
        9⤵
        
        PID:4188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14513.exe
        10⤵
        
        PID:6232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6232 -s 220
        11⤵
        
        PID:9704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4188 -s 216
        10⤵
        
        PID:7824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3108 -s 236
        9⤵
        
        PID:5196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1640 -s 240
        8⤵
        Program crash
        
        PID:4084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13904.exe
        7⤵
        
        PID:1028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25393.exe
        8⤵
        
        PID:3096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10.exe
        9⤵
        
        PID:4112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4112 -s 244
        10⤵
        
        PID:6332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46642.exe
        8⤵
        
        PID:4156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62261.exe
        9⤵
        
        PID:6276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6276 -s 244
        10⤵
        
        PID:9488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4156 -s 236
        9⤵
        
        PID:7832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1028 -s 240
        8⤵
        
        PID:5220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3036 -s 240
        7⤵
        Program crash
        
        PID:844
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1964 -s 240
        6⤵
        Program crash
        
        PID:1648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10585.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38638.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3004 -s 220
        7⤵
        Program crash
        
        PID:2448
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1848 -s 236
        6⤵
        Program crash
        
        PID:1208
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2140 -s 240
        5⤵
        Program crash
        
        PID:2052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60182.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60182.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21354.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3251.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16556.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9068.exe
        8⤵
        
        PID:3008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56887.exe
        9⤵
        
        PID:3176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20104.exe
        10⤵
        
        PID:3268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54005.exe
        11⤵
        
        PID:6308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29899.exe
        12⤵
        
        PID:9872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11380.exe
        13⤵
        
        PID:11960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9872 -s 220
        13⤵
        
        PID:12324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6308 -s 220
        12⤵
        
        PID:10736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3268 -s 216
        11⤵
        
        PID:7844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3176 -s 236
        10⤵
        
        PID:5240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48178.exe
        9⤵
        
        PID:3156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50092.exe
        10⤵
        
        PID:4948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58590.exe
        11⤵
        
        PID:9416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25254.exe
        12⤵
        
        PID:11924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47550.exe
        13⤵
        
        PID:4292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9416 -s 216
        12⤵
        
        PID:12880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4948 -s 216
        11⤵
        
        PID:10356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3156 -s 236
        10⤵
        
        PID:7792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3008 -s 240
        9⤵
        
        PID:5160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22356.exe
        8⤵
        
        PID:3324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52826.exe
        9⤵
        
        PID:4992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32589.exe
        10⤵
        
        PID:6736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4214.exe
        11⤵
        
        PID:9336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45915.exe
        12⤵
        
        PID:13152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9336 -s 220
        12⤵
        
        PID:13844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6736 -s 216
        11⤵
        
        PID:11276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4992 -s 216
        10⤵
        
        PID:7400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3324 -s 216
        9⤵
        
        PID:5832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1348 -s 240
        8⤵
        Program crash
        
        PID:3308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20121.exe
        7⤵
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36270.exe
        8⤵
        
        PID:3756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11798.exe
        9⤵
        
        PID:4728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26445.exe
        10⤵
        
        PID:7036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10671.exe
        11⤵
        
        PID:9448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7495.exe
        12⤵
        
        PID:12212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-312.exe
        13⤵
        
        PID:5572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9448 -s 216
        12⤵
        
        PID:12780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7036 -s 236
        11⤵
        
        PID:10408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4728 -s 216
        10⤵
        
        PID:8124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3756 -s 216
        9⤵
        
        PID:5692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2612 -s 236
        8⤵
        
        PID:4552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2588 -s 240
        7⤵
        Program crash
        
        PID:1136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31692.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26090.exe
        7⤵
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26929.exe
        8⤵
        
        PID:3528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13770.exe
        9⤵
        
        PID:4624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59402.exe
        10⤵
        
        PID:6564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22338.exe
        11⤵
        
        PID:9916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45553.exe
        12⤵
        
        PID:12376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9916 -s 216
        12⤵
        
        PID:6672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6564 -s 216
        11⤵
        
        PID:10744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4624 -s 216
        10⤵
        
        PID:8032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3528 -s 216
        9⤵
        
        PID:5292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2520 -s 236
        8⤵
        
        PID:4456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59471.exe
        7⤵
        
        PID:3568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60963.exe
        8⤵
        
        PID:4392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18692.exe
        9⤵
        
        PID:6684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2150.exe
        10⤵
        
        PID:9376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33894.exe
        11⤵
        
        PID:11452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62791.exe
        12⤵
        
        PID:13620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9376 -s 216
        11⤵
        
        PID:12796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6684 -s 236
        10⤵
        
        PID:10348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4392 -s 216
        9⤵
        
        PID:8084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3568 -s 216
        8⤵
        
        PID:5816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 888 -s 240
        7⤵
        Program crash
        
        PID:3796
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2488 -s 240
        6⤵
        Program crash
        
        PID:400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35793.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59939.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25514.exe
        7⤵
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62507.exe
        8⤵
        
        PID:3640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26516.exe
        9⤵
        
        PID:4564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32589.exe
        10⤵
        
        PID:6712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47252.exe
        11⤵
        
        PID:9972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37328.exe
        12⤵
        
        PID:12300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9972 -s 216
        12⤵
        
        PID:12536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6712 -s 216
        11⤵
        
        PID:10788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4564 -s 216
        10⤵
        
        PID:8096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3640 -s 236
        9⤵
        
        PID:5796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1696 -s 236
        8⤵
        
        PID:4504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3467.exe
        7⤵
        
        PID:3740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11222.exe
        8⤵
        
        PID:4872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38209.exe
        9⤵
        
        PID:6616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31323.exe
        10⤵
        
        PID:10008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49487.exe
        11⤵
        
        PID:12756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10008 -s 216
        11⤵
        
        PID:13592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6616 -s 216
        10⤵
        
        PID:10984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4872 -s 216
        9⤵
        
        PID:8060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3740 -s 236
        8⤵
        
        PID:5664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 928 -s 240
        7⤵
        Program crash
        
        PID:3908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42762.exe
        6⤵
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23141.exe
        7⤵
        
        PID:3784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10262.exe
        8⤵
        
        PID:4804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51722.exe
        9⤵
        
        PID:6596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4214.exe
        10⤵
        
        PID:9352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40707.exe
        11⤵
        
        PID:12884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9352 -s 216
        11⤵
        
        PID:13716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6596 -s 216
        10⤵
        
        PID:11308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4804 -s 216
        9⤵
        
        PID:8052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3784 -s 236
        8⤵
        
        PID:5724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2264 -s 236
        7⤵
        
        PID:4588
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2700 -s 240
        6⤵
        Program crash
        
        PID:892
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1596 -s 240
        5⤵
        Program crash
        
        PID:1744
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2788 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1104
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14667.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14667.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32406.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32406.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55659.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6763.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51983.exe
        7⤵
        
        PID:3820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40102.exe
        8⤵
        
        PID:4124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17680.exe
        9⤵
        
        PID:6880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15324.exe
        10⤵
        
        PID:9292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56779.exe
        11⤵
        
        PID:12156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25377.exe
        12⤵
        
        PID:8108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9292 -s 216
        11⤵
        
        PID:12752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6880 -s 216
        10⤵
        
        PID:11084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4124 -s 216
        9⤵
        
        PID:7752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3820 -s 216
        8⤵
        
        PID:5384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1172 -s 216
        7⤵
        Program crash
        
        PID:3752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18375.exe
        6⤵
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22809.exe
        7⤵
        
        PID:3356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27158.exe
        8⤵
        
        PID:5148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28452.exe
        9⤵
        
        PID:7232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44846.exe
        10⤵
        
        PID:10024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39621.exe
        11⤵
        
        PID:12356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10024 -s 220
        11⤵
        
        PID:14064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7232 -s 216
        10⤵
        
        PID:11688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5148 -s 216
        9⤵
        
        PID:8908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3356 -s 216
        8⤵
        
        PID:7156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2864 -s 216
        7⤵
        
        PID:2144
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2596 -s 220
        6⤵
        Program crash
        
        PID:3252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3919.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3622.exe
        6⤵
        
        PID:2560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63227.exe
        7⤵
        
        PID:4036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44765.exe
        8⤵
        
        PID:6132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22317.exe
        9⤵
        
        PID:9572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28336.exe
        10⤵
        
        PID:11900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49243.exe
        11⤵
        
        PID:7452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9572 -s 216
        10⤵
        
        PID:12408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6132 -s 216
        9⤵
        
        PID:10484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4036 -s 236
        8⤵
        
        PID:7760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2560 -s 216
        7⤵
        
        PID:6116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62074.exe
        6⤵
        
        PID:3924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4928.exe
        7⤵
        
        PID:4448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7451.exe
        8⤵
        
        PID:6284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32559.exe
        9⤵
        
        PID:9548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1962.exe
        10⤵
        
        PID:12600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9548 -s 220
        10⤵
        
        PID:13488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6284 -s 216
        9⤵
        
        PID:11164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4448 -s 216
        8⤵
        
        PID:7540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3924 -s 216
        7⤵
        
        PID:6368
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2108 -s 240
        5⤵
        Program crash
        
        PID:2016
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2516 -s 216
      4⤵
      Program crash
      PID:1032
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2552 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:1216
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1248 -s 240
  2⤵
  - Program crash
  PID:2860

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-18543.exe

Filesize
184KB

MD5
c61a12f6ae76dfc270471d6975aa3787

SHA1
262eb769db79df358dc6446803fa69f26f628232

SHA256
6ce8da5b09108dfdb2f2309f8705899eb90c8d29ebd8da25464bbc9cb6a38f9c

SHA512
7ddc45c32392d1c43dd3f55ad81a5f1cc08a2c6409a89a099a14f0f68465dac9b4b593c29e76fdb62f53485ba3aa178ca0a6a627e38dc84b340dc32dcdb69c6b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22313.exe

Filesize
184KB

MD5
b9082d44a7b01774f579e102aa1300dd

SHA1
3a83c1f5c9da9868a797d1a2601b5926baaee9ba

SHA256
3cfb27197194b62d2ab2aff7fb1d4a602eae517aea455b330c44c9f2bd95f9c0

SHA512
28d7628a40caa4ea88b1bf113d77af52cad858c2ee8967f638d97ad4fdc873b3dfc27ade7d2d70927211b61116016d5b27d864a7aaac1b8ccc469f336e29edd1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22756.exe

Filesize
184KB

MD5
bddb398e6dba7873f9c3b36dc0981df0

SHA1
07e74fbbbf788fc15138280d6dd45ce4eeaf2671

SHA256
707cab6574a90eaf3ae6001fa4fbe2febe0386aa94ebe5d6d700218465324da9

SHA512
40af26492b0657213ac33b8d1534d16ad6cfb9e0fb075695fbe5f14cf50b34f60d46f3ffd9f88138715e99e1acb691d7281f5cc53bd3574c7b81e50dd118df57

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40004.exe

Filesize
184KB

MD5
6833d2c3653a422f6b0553af623e0f84

SHA1
ee1a6a360b143ef117dd46a5486aecaac8f69052

SHA256
fca41afe08592d762034c27da58645b6834e23f5bdc410308e9f3a63194c41cc

SHA512
9ee52bdc5c8236e389c67456fb55805301244358371bb6558d4d72d15d47dc85331108718de16d99e17051b30ef202a7fb12613a037df68a41a697487846ab49

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40417.exe

Filesize
184KB

MD5
5f07dedcff95fa4883a916c3f6b24476

SHA1
4e344601df939da4931e4f202db4f06e083a3874

SHA256
4a285d9c63e51c4009b8c03a9f1c1051ecda24323d252a5a9fda399a372c8178

SHA512
5f50aad952ad9ff8f8e4b046af5aeb334e4a4acd807634ef626f6ca66ec1eff7b45011471877f6490dceb2d2da7855c35801e0033b013aded6b06b16ec3dbc10

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40707.exe

Filesize
184KB

MD5
808e6a734d51e64c0a0df0795ad28808

SHA1
51991a94181f095bcf7bea5b802bf497570457f6

SHA256
04b8def774a78df5ba7415a3489500f59a7c14b31c536353a26e85793223ce03

SHA512
8d4a8f1b0bba445e7c8a903ea9ccf06d5d2c18ba3ee5ea76405215826431e2ae4385a23bafc00ed87efa8fbac416dd9c3e2d7df53754fdcc372bbff91e50aa96

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40984.exe

Filesize
184KB

MD5
a24d68dbbf0220c054e7ab38dff15c44

SHA1
72448e99179ace796d28ddf86cb5db8d35e06128

SHA256
ae091bb4d522a4fb7785580382756cce0bb9121bcc66b73dfee51e6b74895aba

SHA512
52ac933847aadf7d4ef97ba81d28e210e81bd8cba5249d31cae8e4d07d301080102379d5986f84e0de7dedceead3dbd922ea84b17beb783f90e1b997352b0d0e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44818.exe

Filesize
184KB

MD5
67cbe2a51102341f3f2427de6ad5c135

SHA1
90fa10f3293f48174fd27e3b396ea8c78a6b28de

SHA256
f1dcb08c25d97d8cc06de190248d5b7eb203f279d882718d0ee85929027d2627

SHA512
b2b770bd320ceb67eaa06d493362757182ea5e71154cfebf946d4950d08e9d5976bc13a237f16ff207c8f0f5d7befb1fb821ca87962213eb187fa835ddbdf356

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47252.exe

Filesize
184KB

MD5
319d2507f36436640264441e2d6208d6

SHA1
1defe3ccc51fa2d6c8539a70769a83ac04471241

SHA256
c1138fd9b7ba9c160ce58bc1ff62167a35f6b8492d8d72d2dd6979df532b0680

SHA512
b1e641836846616d7cd105cabeb5e5069b314a4fcfdbdf4a1da22e2dc667ee2545e0e19e5c050b2a0c7175ea3c3970773b0ffd013be8789575b82fd8cf4023ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58533.exe

Filesize
184KB

MD5
33e7007b2415ac67d2fa5911c146b584

SHA1
991d0162e1249e1cf6cbc73a230725156ee175e3

SHA256
b21c824030c795fc84c4055c54f862511a41bddd658844e413a7e2b3c03c506b

SHA512
ccfa7f327a3a8c67bcf55b314e1527711a682adb2e96d49aa794da1f52df0cf5e6816c304e1f18fa10e80172c51ee122f41e946a94c83fa031e1f1f2b5ceed1e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8641.exe

Filesize
184KB

MD5
3bf24852426398f8fcdcc53f83443682

SHA1
008e5fd0a616990d780d8ef38a64106445b6d946

SHA256
dfd58901f8865ce086082af558c6a795ca76362b6b2e441912394564c0df6f43

SHA512
4dcb278acb861fa8d376f5e18abae2abedb09d37eaaa4cee4231ecc844192d01ded801205b16a83124239cea9343e2e10406c3b9e6b7e6b7b001810a9c1bdde4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-14667.exe

Filesize
184KB

MD5
09bcb7a6606ba1181cc92ad108bb21f9

SHA1
03d7ac17b838e55b95af327a16aafe094bea3888

SHA256
832f83853c848d6b0a98e075ebfd01e78cc297ff0876ebde5a21758339841d82

SHA512
59c321b82ce3f81d61646c2ba2e602931c4e61068d67d559baa30b7dfd72ccd637b47ff44c27ed8ac51596539d534733c6136fa4ccf9cf6dd0c6f6b126914e2b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-16936.exe

Filesize
184KB

MD5
aab2261e732402fc10e64403a3536f67

SHA1
001e3c1eaa81163d606b9cc45ca38d82a12b8e40

SHA256
a91da28f03eb2fbaedb07e77fb548b320e39aa713288ed2672cb15b272c8f1ba

SHA512
c17f6da1c57a1de454ce096b2f762c3979ef049ff303c2b2a35eae0e45c397f6666d1d57db1fc46ef51447f500e4d73cfb425d679f40a05fac2108b9fab81d00

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-21194.exe

Filesize
184KB

MD5
eb44747db2eca6605af307d245c76e6a

SHA1
3de58d94dfbbae540fc1d18f08bf479606da06fc

SHA256
4d6ae05a3b82eada6f06e61e5820d1a76247e3c8b425cf88e1df1e88b7918352

SHA512
337efb65d524c5df2e77a6dbd44a535c24bb5be6fa8f4dd9b060d65abb280c007728e18a86578318668cbe2cb0f00fd39f16b8095b41352c1932ac647922de68

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-229.exe

Filesize
184KB

MD5
c376bee8861bb7f9757b57b38fce3b50

SHA1
bfcad42f03a7c3ea85e4ed32d9c1cef586cd67a4

SHA256
99d5d250978559b76246b9878d7fcf00bc1d10012f6a59b17d8b1c6da32d90d0

SHA512
967a463fc38507ed86dcd62a2942f3976b06f4e08dc0b147d7fda2f2e0aa06a3bb046fe4f6e1770076f79d3a98c0ac3a896f8722c0faea5f1e858977d2d61fca

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-27353.exe

Filesize
184KB

MD5
144824cff7c25366c4c40c94c01719a4

SHA1
e69ccc644632811e13c99a4159fe882b401fab28

SHA256
d6236858610d79503497bdb9c23c87ccb003e23c0ad06077e78aaf6b3507c1dc

SHA512
dccdfa86b342fcdefbe496aa68e9e362cf408188e5061955a245f2bde14efd65b04b27c5200002b41b5c151e8e0d201b8b0d0e09619b301750189c7ca4868813

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-34533.exe

Filesize
184KB

MD5
a62678e1487f9b4bad57490826af1680

SHA1
6cd1cbe977e4647d20327e238383d5e34daae420

SHA256
7a90e2fc8489afae3ac17cfdf9abc3aa2c76207350eaab765bde44e80d5e0fcc

SHA512
6a59a055276c722c004ce96803f7f880996e9590f923b0f4f948514afd0b208af4744c3b8232d6ac28dbc3b8cacc1caa359e69cb61a2ea1ea42be5cfca517e17

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-37289.exe

Filesize
184KB

MD5
7370d601f2a960ae77f063dcd3087a2f

SHA1
633a5ee6cfc5153a5765b78c124c4ed5bca58888

SHA256
75b7fab341344addafb8694b649c3002e2bfb7c9c510ebd8ae457bde88deb60a

SHA512
bda766e0bc6237c700ed6b700d1cfe4ced7ae418f1477bc98160a3999b37bd219697010209067755bf9a90f873b45c4b746416b943b61d8ffbe283197cc87a36

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-41060.exe

Filesize
184KB

MD5
1ae6a0d79e53b2d3a536fb2cb0cb3091

SHA1
09364fd1a249e162539ed62b6d56fbbfff612bda

SHA256
a22c05eff6b7e1b7e117c1979a303edfc4f76f12a2d064178aec9448db75f491

SHA512
9ddee9859bca7b15bf36075c41d8522ac74259a59a736cbf232efc1866f5a4467658b40c99a86f3986b6e570ea5d5710d9ef8337e3575787c119f073dac5614b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-52426.exe

Filesize
184KB

MD5
944bed4a2310b5cb702a1e94e12a626c

SHA1
838e16aac056546023b43136f05e3f7fbdcc35ea

SHA256
f4d594b7ea7f4af78b548f511936ed856ed44a958b6a59713391ec1b6e49a384

SHA512
d5a98809bb612c5948ea9ef1879abc9708ce45be8b4b9621017c3a2e8292a0fa8fd6f96fdf37dad25b0136984989fc99bab36f19e9650b2ec5bfab792f3db59e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60182.exe

Filesize
184KB

MD5
1c0a93eda33263773d43c9d73387ca2f

SHA1
c505150d7b47aed154e9dc8165f93fd1c905670c

SHA256
ecac8c2bb8123bda0480d0a19360ddae31ead37b30741b24b91091d0d4abd2b4

SHA512
e00a3d3b3bebda17335937f1357c0d5bf9d43a39ce8bb6c69e80f7f6593d5c2799675a39ded50f576a8e3a1df07570e229136af69df9b980026aa3ff167a3fd2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-64683.exe

Filesize
184KB

MD5
3627d14eb6074bef0ef58c41651c72db

SHA1
277c673fdb87a18f01d8c7e80fb3faa2c6bc800b

SHA256
4bc4df4eff8a0110689ba4b1f107dfa2212424de311757c64cfc4cc2b832fe95

SHA512
d83a102c0df8270d34680f5da7655d51f0d71a89b5231cb5b2e51a4f3b42d203a1949b73d88b857634c960776546a10ea9bd5e5cd505a351f18baf533ba8ffc3

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads