923b1113b9c6fa1e7060c887aa7b8de805ef5c17916a60e8a27955e79ce4d368

Analysis

max time kernel
150s
max time network
120s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
28/05/2024, 23:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

923b1113b9c6fa1e7060c887aa7b8de805ef5c17916a60e8a27955e79ce4d368.exe
Size

184KB
MD5

29e08557de292515bcca3787ef1dbb3e
SHA1

8656ae0574af272e5a7add90f24de9cebe4fd981
SHA256

923b1113b9c6fa1e7060c887aa7b8de805ef5c17916a60e8a27955e79ce4d368
SHA512

5fe64d0c6a6904e53cba8cb17feebd865d7186b949e715c41aa63ee94819a50611afba15d4b24cb583519bafa15e9a6d44dab542e130803bb1d39d1eed7940fc
SSDEEP

3072:OKH3JkoT2k4TbG4We/nLRbs+hs2ViFgnd:OKyoC/G4dLZs+hs2ViFg

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2416	Unicorn-54889.exe
2076	Unicorn-36306.exe
2744	Unicorn-4188.exe
2700	Unicorn-53794.exe
496	Unicorn-6731.exe
2564	Unicorn-52403.exe
2816	Unicorn-15174.exe
2780	Unicorn-64930.exe
1620	Unicorn-45901.exe
1828	Unicorn-11645.exe
1964	Unicorn-31511.exe
1520	Unicorn-50068.exe
2340	Unicorn-34286.exe
2920	Unicorn-23426.exe
2952	Unicorn-5527.exe
320	Unicorn-38946.exe
748	Unicorn-62896.exe
1316	Unicorn-32170.exe
988	Unicorn-63451.exe
1548	Unicorn-21034.exe
1536	Unicorn-52315.exe
1880	Unicorn-64012.exe
884	Unicorn-38116.exe
1132	Unicorn-7390.exe
2976	Unicorn-39508.exe
2004	Unicorn-23726.exe
1092	Unicorn-43592.exe
2684	Unicorn-47759.exe
2736	Unicorn-17033.exe
2732	Unicorn-62704.exe
2572	Unicorn-64287.exe
2560	Unicorn-48506.exe
2616	Unicorn-58065.exe
2660	Unicorn-27339.exe
2428	Unicorn-59819.exe
2876	Unicorn-9227.exe
1700	Unicorn-47567.exe
2152	Unicorn-31785.exe
1668	Unicorn-51651.exe
2804	Unicorn-46965.exe
624	Unicorn-44505.exe
2324	Unicorn-17308.exe
2036	Unicorn-62979.exe
3068	Unicorn-45896.exe
1500	Unicorn-57956.exe
1488	Unicorn-7364.exe
1788	Unicorn-19062.exe
2168	Unicorn-34006.exe
1612	Unicorn-3280.exe
1348	Unicorn-53872.exe
992	Unicorn-17116.exe
2432	Unicorn-41620.exe
1568	Unicorn-56565.exe
2728	Unicorn-45704.exe
2100	Unicorn-60649.exe
2828	Unicorn-33452.exe
2708	Unicorn-48397.exe
1628	Unicorn-57354.exe
1832	Unicorn-49741.exe
1928	Unicorn-55600.exe
1032	Unicorn-22928.exe
1816	Unicorn-27566.exe
1088	Unicorn-16706.exe
1056	Unicorn-51324.exe

Loads dropped DLL 64 IoCs

pid	Process
2164	923b1113b9c6fa1e7060c887aa7b8de805ef5c17916a60e8a27955e79ce4d368.exe
2164	923b1113b9c6fa1e7060c887aa7b8de805ef5c17916a60e8a27955e79ce4d368.exe
2416	Unicorn-54889.exe
2416	Unicorn-54889.exe
2164	923b1113b9c6fa1e7060c887aa7b8de805ef5c17916a60e8a27955e79ce4d368.exe
2164	923b1113b9c6fa1e7060c887aa7b8de805ef5c17916a60e8a27955e79ce4d368.exe
2076	Unicorn-36306.exe
2416	Unicorn-54889.exe
2076	Unicorn-36306.exe
2416	Unicorn-54889.exe
2744	Unicorn-4188.exe
2744	Unicorn-4188.exe
1156	WerFault.exe
1156	WerFault.exe
1156	WerFault.exe
1156	WerFault.exe
1156	WerFault.exe
2700	Unicorn-53794.exe
2700	Unicorn-53794.exe
2076	Unicorn-36306.exe
2076	Unicorn-36306.exe
496	Unicorn-6731.exe
496	Unicorn-6731.exe
2564	Unicorn-52403.exe
2744	Unicorn-4188.exe
2744	Unicorn-4188.exe
2564	Unicorn-52403.exe
1552	WerFault.exe
1552	WerFault.exe
1552	WerFault.exe
1552	WerFault.exe
2776	WerFault.exe
2776	WerFault.exe
2776	WerFault.exe
2776	WerFault.exe
1552	WerFault.exe
2776	WerFault.exe
2816	Unicorn-15174.exe
2816	Unicorn-15174.exe
2700	Unicorn-53794.exe
2700	Unicorn-53794.exe
2780	Unicorn-64930.exe
2780	Unicorn-64930.exe
1620	Unicorn-45901.exe
1620	Unicorn-45901.exe
496	Unicorn-6731.exe
496	Unicorn-6731.exe
1828	Unicorn-11645.exe
1828	Unicorn-11645.exe
1964	Unicorn-31511.exe
1964	Unicorn-31511.exe
2564	Unicorn-52403.exe
2564	Unicorn-52403.exe
608	WerFault.exe
608	WerFault.exe
608	WerFault.exe
608	WerFault.exe
608	WerFault.exe
408	WerFault.exe
408	WerFault.exe
408	WerFault.exe
408	WerFault.exe
408	WerFault.exe
1292	WerFault.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2672	2164	WerFault.exe	27
1156	2416	WerFault.exe	28
1552	2076	WerFault.exe	29
2776	2744	WerFault.exe	30
608	2700	WerFault.exe	32
408	496	WerFault.exe	34
1292	2564	WerFault.exe	33
2496	2340	WerFault.exe	44
1836	2920	WerFault.exe	45
236	748	WerFault.exe	48
1764	1316	WerFault.exe	49
2072	1828	WerFault.exe	40
1720	2816	WerFault.exe	36
2096	2780	WerFault.exe	37
380	1620	WerFault.exe	38
3000	1964	WerFault.exe	39
2508	1520	WerFault.exe	43
1404	2952	WerFault.exe	46
2016	320	WerFault.exe	47
2252	988	WerFault.exe	50
1872	2616	WerFault.exe	76
684	1500	WerFault.exe	92
2648	1700	WerFault.exe	80
2552	1548	WerFault.exe	55
2884	1536	WerFault.exe	56
3036	1880	WerFault.exe	57
1952	884	WerFault.exe	59
276	1132	WerFault.exe	60
2156	2976	WerFault.exe	63
2276	2004	WerFault.exe	64
1416	1092	WerFault.exe	66
2656	992	WerFault.exe	100
2916	2876	WerFault.exe	79
1752	1568	WerFault.exe	102
2756	2736	WerFault.exe	72
2580	2684	WerFault.exe	71
2772	2732	WerFault.exe	73
2636	2560	WerFault.exe	75
1048	2660	WerFault.exe	77
2504	2428	WerFault.exe	78
2092	2152	WerFault.exe	81
2224	1668	WerFault.exe	82
3164	2800	WerFault.exe	136
3304	2592	WerFault.exe	131
3580	2632	WerFault.exe	127
3812	2804	WerFault.exe	85
4012	2036	WerFault.exe	89
332	2324	WerFault.exe	88
3112	624	WerFault.exe	86
3184	1636	WerFault.exe	155
3156	1612	WerFault.exe	97
3188	3068	WerFault.exe	91
3244	1788	WerFault.exe	95
3332	1348	WerFault.exe	98
3408	1488	WerFault.exe	93
3996	2572	WerFault.exe	74
3140	2708	WerFault.exe	107
3288	2168	WerFault.exe	96
3892	2728	WerFault.exe	104
3928	2100	WerFault.exe	105
3944	2432	WerFault.exe	101
3436	3604	WerFault.exe	185
3300	2828	WerFault.exe	106
3884	1832	WerFault.exe	114

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2164	923b1113b9c6fa1e7060c887aa7b8de805ef5c17916a60e8a27955e79ce4d368.exe
2416	Unicorn-54889.exe
2076	Unicorn-36306.exe
2744	Unicorn-4188.exe
2700	Unicorn-53794.exe
496	Unicorn-6731.exe
2564	Unicorn-52403.exe
2816	Unicorn-15174.exe
2780	Unicorn-64930.exe
1620	Unicorn-45901.exe
1964	Unicorn-31511.exe
1828	Unicorn-11645.exe
1520	Unicorn-50068.exe
2340	Unicorn-34286.exe
2920	Unicorn-23426.exe
2952	Unicorn-5527.exe
320	Unicorn-38946.exe
748	Unicorn-62896.exe
1316	Unicorn-32170.exe
988	Unicorn-63451.exe
1548	Unicorn-21034.exe
1536	Unicorn-52315.exe
1880	Unicorn-64012.exe
884	Unicorn-38116.exe
1132	Unicorn-7390.exe
2976	Unicorn-39508.exe
2004	Unicorn-23726.exe
1092	Unicorn-43592.exe
2684	Unicorn-47759.exe
2736	Unicorn-17033.exe
2732	Unicorn-62704.exe
2572	Unicorn-64287.exe
2560	Unicorn-48506.exe
2616	Unicorn-58065.exe
2660	Unicorn-27339.exe
2428	Unicorn-59819.exe
2876	Unicorn-9227.exe
1700	Unicorn-47567.exe
2152	Unicorn-31785.exe
1668	Unicorn-51651.exe
2804	Unicorn-46965.exe
624	Unicorn-44505.exe
2036	Unicorn-62979.exe
2324	Unicorn-17308.exe
3068	Unicorn-45896.exe
1500	Unicorn-57956.exe
1488	Unicorn-7364.exe
2168	Unicorn-34006.exe
1788	Unicorn-19062.exe
1612	Unicorn-3280.exe
1348	Unicorn-53872.exe
992	Unicorn-17116.exe
1568	Unicorn-56565.exe
2432	Unicorn-41620.exe
2828	Unicorn-33452.exe
2728	Unicorn-45704.exe
2100	Unicorn-60649.exe
2708	Unicorn-48397.exe
1628	Unicorn-57354.exe
1832	Unicorn-49741.exe
1928	Unicorn-55600.exe
1032	Unicorn-22928.exe
1816	Unicorn-27566.exe
1088	Unicorn-16706.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2164 wrote to memory of 2416	2164	923b1113b9c6fa1e7060c887aa7b8de805ef5c17916a60e8a27955e79ce4d368.exe	28
PID 2164 wrote to memory of 2416	2164	923b1113b9c6fa1e7060c887aa7b8de805ef5c17916a60e8a27955e79ce4d368.exe	28
PID 2164 wrote to memory of 2416	2164	923b1113b9c6fa1e7060c887aa7b8de805ef5c17916a60e8a27955e79ce4d368.exe	28
PID 2164 wrote to memory of 2416	2164	923b1113b9c6fa1e7060c887aa7b8de805ef5c17916a60e8a27955e79ce4d368.exe	28
PID 2416 wrote to memory of 2076	2416	Unicorn-54889.exe	29
PID 2416 wrote to memory of 2076	2416	Unicorn-54889.exe	29
PID 2416 wrote to memory of 2076	2416	Unicorn-54889.exe	29
PID 2416 wrote to memory of 2076	2416	Unicorn-54889.exe	29
PID 2164 wrote to memory of 2744	2164	923b1113b9c6fa1e7060c887aa7b8de805ef5c17916a60e8a27955e79ce4d368.exe	30
PID 2164 wrote to memory of 2744	2164	923b1113b9c6fa1e7060c887aa7b8de805ef5c17916a60e8a27955e79ce4d368.exe	30
PID 2164 wrote to memory of 2744	2164	923b1113b9c6fa1e7060c887aa7b8de805ef5c17916a60e8a27955e79ce4d368.exe	30
PID 2164 wrote to memory of 2744	2164	923b1113b9c6fa1e7060c887aa7b8de805ef5c17916a60e8a27955e79ce4d368.exe	30
PID 2164 wrote to memory of 2672	2164	923b1113b9c6fa1e7060c887aa7b8de805ef5c17916a60e8a27955e79ce4d368.exe	31
PID 2164 wrote to memory of 2672	2164	923b1113b9c6fa1e7060c887aa7b8de805ef5c17916a60e8a27955e79ce4d368.exe	31
PID 2164 wrote to memory of 2672	2164	923b1113b9c6fa1e7060c887aa7b8de805ef5c17916a60e8a27955e79ce4d368.exe	31
PID 2164 wrote to memory of 2672	2164	923b1113b9c6fa1e7060c887aa7b8de805ef5c17916a60e8a27955e79ce4d368.exe	31
PID 2076 wrote to memory of 2700	2076	Unicorn-36306.exe	32
PID 2076 wrote to memory of 2700	2076	Unicorn-36306.exe	32
PID 2076 wrote to memory of 2700	2076	Unicorn-36306.exe	32
PID 2076 wrote to memory of 2700	2076	Unicorn-36306.exe	32
PID 2416 wrote to memory of 2564	2416	Unicorn-54889.exe	33
PID 2416 wrote to memory of 2564	2416	Unicorn-54889.exe	33
PID 2416 wrote to memory of 2564	2416	Unicorn-54889.exe	33
PID 2416 wrote to memory of 2564	2416	Unicorn-54889.exe	33
PID 2744 wrote to memory of 496	2744	Unicorn-4188.exe	34
PID 2744 wrote to memory of 496	2744	Unicorn-4188.exe	34
PID 2744 wrote to memory of 496	2744	Unicorn-4188.exe	34
PID 2744 wrote to memory of 496	2744	Unicorn-4188.exe	34
PID 2416 wrote to memory of 1156	2416	Unicorn-54889.exe	35
PID 2416 wrote to memory of 1156	2416	Unicorn-54889.exe	35
PID 2416 wrote to memory of 1156	2416	Unicorn-54889.exe	35
PID 2416 wrote to memory of 1156	2416	Unicorn-54889.exe	35
PID 2700 wrote to memory of 2816	2700	Unicorn-53794.exe	36
PID 2700 wrote to memory of 2816	2700	Unicorn-53794.exe	36
PID 2700 wrote to memory of 2816	2700	Unicorn-53794.exe	36
PID 2700 wrote to memory of 2816	2700	Unicorn-53794.exe	36
PID 2076 wrote to memory of 2780	2076	Unicorn-36306.exe	37
PID 2076 wrote to memory of 2780	2076	Unicorn-36306.exe	37
PID 2076 wrote to memory of 2780	2076	Unicorn-36306.exe	37
PID 2076 wrote to memory of 2780	2076	Unicorn-36306.exe	37
PID 496 wrote to memory of 1620	496	Unicorn-6731.exe	38
PID 496 wrote to memory of 1620	496	Unicorn-6731.exe	38
PID 496 wrote to memory of 1620	496	Unicorn-6731.exe	38
PID 496 wrote to memory of 1620	496	Unicorn-6731.exe	38
PID 2744 wrote to memory of 1828	2744	Unicorn-4188.exe	40
PID 2744 wrote to memory of 1828	2744	Unicorn-4188.exe	40
PID 2744 wrote to memory of 1828	2744	Unicorn-4188.exe	40
PID 2744 wrote to memory of 1828	2744	Unicorn-4188.exe	40
PID 2564 wrote to memory of 1964	2564	Unicorn-52403.exe	39
PID 2564 wrote to memory of 1964	2564	Unicorn-52403.exe	39
PID 2564 wrote to memory of 1964	2564	Unicorn-52403.exe	39
PID 2564 wrote to memory of 1964	2564	Unicorn-52403.exe	39
PID 2076 wrote to memory of 1552	2076	Unicorn-36306.exe	41
PID 2076 wrote to memory of 1552	2076	Unicorn-36306.exe	41
PID 2076 wrote to memory of 1552	2076	Unicorn-36306.exe	41
PID 2076 wrote to memory of 1552	2076	Unicorn-36306.exe	41
PID 2744 wrote to memory of 2776	2744	Unicorn-4188.exe	42
PID 2744 wrote to memory of 2776	2744	Unicorn-4188.exe	42
PID 2744 wrote to memory of 2776	2744	Unicorn-4188.exe	42
PID 2744 wrote to memory of 2776	2744	Unicorn-4188.exe	42
PID 2816 wrote to memory of 1520	2816	Unicorn-15174.exe	43
PID 2816 wrote to memory of 1520	2816	Unicorn-15174.exe	43
PID 2816 wrote to memory of 1520	2816	Unicorn-15174.exe	43
PID 2816 wrote to memory of 1520	2816	Unicorn-15174.exe	43

C:\Users\Admin\AppData\Local\Temp\923b1113b9c6fa1e7060c887aa7b8de805ef5c17916a60e8a27955e79ce4d368.exe
"C:\Users\Admin\AppData\Local\Temp\923b1113b9c6fa1e7060c887aa7b8de805ef5c17916a60e8a27955e79ce4d368.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2164
- C:\Users\Admin\AppData\Local\Temp\Unicorn-54889.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-54889.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2416
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36306.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36306.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53794.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53794.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15174.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50068.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21034.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47759.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17308.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22928.exe
        10⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-452.exe
        11⤵
        
        PID:1636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1636 -s 240
        12⤵
        Program crash
        
        PID:3184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60369.exe
        11⤵
        
        PID:3276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39150.exe
        12⤵
        
        PID:4592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57344.exe
        13⤵
        
        PID:6700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30074.exe
        14⤵
        
        PID:7860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40984.exe
        15⤵
        
        PID:9628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9817.exe
        16⤵
        
        PID:10788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26464.exe
        17⤵
        
        PID:7000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10788 -s 216
        17⤵
        
        PID:2104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9628 -s 216
        16⤵
        
        PID:11396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7860 -s 216
        15⤵
        
        PID:9564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6700 -s 216
        14⤵
        
        PID:8848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4592 -s 216
        13⤵
        
        PID:7480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1032 -s 240
        11⤵
        
        PID:4960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33871.exe
        10⤵
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61760.exe
        11⤵
        
        PID:3392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25253.exe
        12⤵
        
        PID:4128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34210.exe
        13⤵
        
        PID:6456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5486.exe
        14⤵
        
        PID:6976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28080.exe
        15⤵
        
        PID:9532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24065.exe
        16⤵
        
        PID:11504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32561.exe
        17⤵
        
        PID:8916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9532 -s 216
        16⤵
        
        PID:11572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6976 -s 216
        15⤵
        
        PID:10256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6456 -s 236
        14⤵
        
        PID:8224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4128 -s 216
        13⤵
        
        PID:6596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3392 -s 216
        12⤵
        
        PID:6116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2584 -s 236
        11⤵
        
        PID:4624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2324 -s 240
        10⤵
        Program crash
        
        PID:332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27566.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12512.exe
        10⤵
        
        PID:1868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37256.exe
        11⤵
        
        PID:3612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21361.exe
        12⤵
        
        PID:4696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20697.exe
        13⤵
        
        PID:6220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12284.exe
        14⤵
        
        PID:7552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58389.exe
        15⤵
        
        PID:9700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49234.exe
        16⤵
        
        PID:11296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36979.exe
        17⤵
        
        PID:8024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9700 -s 216
        16⤵
        
        PID:11420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7552 -s 216
        15⤵
        
        PID:10348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6220 -s 236
        14⤵
        
        PID:8656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4696 -s 216
        13⤵
        
        PID:6636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3612 -s 216
        12⤵
        
        PID:5660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1868 -s 236
        11⤵
        
        PID:4500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39948.exe
        10⤵
        
        PID:3672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36628.exe
        11⤵
        
        PID:4668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4668 -s 220
        12⤵
        
        PID:6560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3672 -s 216
        11⤵
        
        PID:5652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1816 -s 240
        10⤵
        
        PID:4752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2684 -s 240
        9⤵
        Program crash
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62979.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55600.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63851.exe
        10⤵
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55922.exe
        11⤵
        
        PID:4076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44796.exe
        12⤵
        
        PID:5064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13789.exe
        13⤵
        
        PID:6412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47826.exe
        14⤵
        
        PID:7784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30169.exe
        15⤵
        
        PID:8760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8760 -s 224
        16⤵
        
        PID:10664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7784 -s 236
        15⤵
        
        PID:9368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6412 -s 216
        14⤵
        
        PID:9100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5064 -s 216
        13⤵
        
        PID:8144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4076 -s 216
        12⤵
        
        PID:5900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2116 -s 236
        11⤵
        
        PID:4572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23804.exe
        10⤵
        
        PID:3084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36628.exe
        11⤵
        
        PID:4692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20012.exe
        12⤵
        
        PID:6572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34612.exe
        13⤵
        
        PID:7448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3625.exe
        14⤵
        
        PID:10000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38769.exe
        15⤵
        
        PID:11668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6356.exe
        16⤵
        
        PID:9040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10000 -s 216
        15⤵
        
        PID:11704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7448 -s 216
        14⤵
        
        PID:10504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6572 -s 216
        13⤵
        
        PID:8436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4692 -s 216
        12⤵
        
        PID:7364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3084 -s 216
        11⤵
        
        PID:5632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1928 -s 240
        10⤵
        
        PID:4760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43986.exe
        9⤵
        
        PID:1376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21112.exe
        10⤵
        
        PID:4048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45481.exe
        11⤵
        
        PID:4596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41309.exe
        12⤵
        
        PID:6152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48465.exe
        13⤵
        
        PID:6940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7733.exe
        14⤵
        
        PID:9504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37771.exe
        15⤵
        
        PID:10648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60498.exe
        16⤵
        
        PID:6876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10648 -s 236
        16⤵
        
        PID:6388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9504 -s 236
        15⤵
        
        PID:10612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6940 -s 216
        14⤵
        
        PID:9436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6152 -s 216
        13⤵
        
        PID:7196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4596 -s 216
        12⤵
        
        PID:6164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4048 -s 216
        11⤵
        
        PID:5388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1376 -s 236
        10⤵
        
        PID:4480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2036 -s 240
        9⤵
        Program crash
        
        PID:4012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1548 -s 240
        8⤵
        Program crash
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62704.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45896.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20598.exe
        9⤵
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25341.exe
        10⤵
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56306.exe
        11⤵
        
        PID:4044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28652.exe
        12⤵
        
        PID:4800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45777.exe
        13⤵
        
        PID:6368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50219.exe
        14⤵
        
        PID:6620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17237.exe
        15⤵
        
        PID:9588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7399.exe
        16⤵
        
        PID:10556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10556 -s 224
        17⤵
        
        PID:1304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9588 -s 216
        16⤵
        
        PID:12268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6620 -s 216
        15⤵
        
        PID:10284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6368 -s 216
        14⤵
        
        PID:8248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4800 -s 216
        13⤵
        
        PID:6536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4044 -s 216
        12⤵
        
        PID:5832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2516 -s 236
        11⤵
        
        PID:4644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58999.exe
        10⤵
        
        PID:3088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47427.exe
        11⤵
        
        PID:4492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57645.exe
        12⤵
        
        PID:5804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35672.exe
        13⤵
        
        PID:7660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23500.exe
        14⤵
        
        PID:10136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47270.exe
        15⤵
        
        PID:10816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10816 -s 240
        16⤵
        
        PID:7048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10136 -s 236
        15⤵
        
        PID:11384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39451.exe
        14⤵
        
        PID:10900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30840.exe
        15⤵
        
        PID:6680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10900 -s 236
        15⤵
        
        PID:2088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7660 -s 240
        14⤵
        
        PID:11440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5804 -s 216
        13⤵
        
        PID:9820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4492 -s 236
        12⤵
        
        PID:7808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3088 -s 236
        11⤵
        
        PID:6008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1748 -s 240
        10⤵
        
        PID:4440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48646.exe
        9⤵
        
        PID:1320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37832.exe
        10⤵
        
        PID:3196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3196 -s 240
        11⤵
        
        PID:4736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1320 -s 236
        10⤵
        
        PID:4984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3068 -s 240
        9⤵
        Program crash
        
        PID:3188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25236.exe
        8⤵
        
        PID:2040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23395.exe
        9⤵
        
        PID:3124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45808.exe
        10⤵
        
        PID:3628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10561.exe
        11⤵
        
        PID:4352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26426.exe
        12⤵
        
        PID:6860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1485.exe
        13⤵
        
        PID:7968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2988.exe
        14⤵
        
        PID:9952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8840.exe
        15⤵
        
        PID:11088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57323.exe
        16⤵
        
        PID:7072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11088 -s 216
        16⤵
        
        PID:9116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9952 -s 216
        15⤵
        
        PID:11656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7968 -s 216
        14⤵
        
        PID:10540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6860 -s 216
        13⤵
        
        PID:8884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4352 -s 216
        12⤵
        
        PID:7800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3628 -s 216
        11⤵
        
        PID:6284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3124 -s 236
        10⤵
        
        PID:5100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15636.exe
        9⤵
        
        PID:3684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42658.exe
        10⤵
        
        PID:4220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52684.exe
        11⤵
        
        PID:6484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35424.exe
        12⤵
        
        PID:8700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50666.exe
        13⤵
        
        PID:9756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59511.exe
        14⤵
        
        PID:11852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9756 -s 236
        14⤵
        
        PID:12256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8700 -s 236
        13⤵
        
        PID:11212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6484 -s 216
        12⤵
        
        PID:9468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4220 -s 216
        11⤵
        
        PID:7200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3684 -s 216
        10⤵
        
        PID:5460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2040 -s 240
        9⤵
        
        PID:4616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2732 -s 240
        8⤵
        Program crash
        
        PID:2772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1520 -s 240
        7⤵
        Program crash
        
        PID:2508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52315.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17033.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46965.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57354.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16213.exe
        10⤵
        
        PID:1516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13244.exe
        11⤵
        
        PID:3840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31283.exe
        12⤵
        
        PID:5040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34703.exe
        13⤵
        
        PID:6040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32429.exe
        14⤵
        
        PID:8036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34818.exe
        15⤵
        
        PID:9968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33036.exe
        16⤵
        
        PID:11984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9968 -s 236
        16⤵
        
        PID:5488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8036 -s 236
        15⤵
        
        PID:10668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6040 -s 216
        14⤵
        
        PID:9232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5040 -s 216
        13⤵
        
        PID:7576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3840 -s 216
        12⤵
        
        PID:5848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1516 -s 236
        11⤵
        
        PID:4224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31396.exe
        10⤵
        
        PID:3868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65517.exe
        11⤵
        
        PID:4812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53561.exe
        12⤵
        
        PID:5696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5696 -s 224
        13⤵
        
        PID:7756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4812 -s 216
        12⤵
        
        PID:6996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3868 -s 236
        11⤵
        
        PID:5984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1628 -s 240
        10⤵
        
        PID:4064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14821.exe
        9⤵
        
        PID:568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12367.exe
        10⤵
        
        PID:3904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24485.exe
        11⤵
        
        PID:4856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57645.exe
        12⤵
        
        PID:5476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15639.exe
        13⤵
        
        PID:7352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18148.exe
        14⤵
        
        PID:9784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19629.exe
        15⤵
        
        PID:12156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9784 -s 236
        15⤵
        
        PID:5780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5476 -s 216
        13⤵
        
        PID:9244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4856 -s 216
        12⤵
        
        PID:7816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3904 -s 236
        11⤵
        
        PID:6044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 568 -s 236
        10⤵
        
        PID:4280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2804 -s 240
        9⤵
        Program crash
        
        PID:3812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49741.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3960.exe
        9⤵
        
        PID:1028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47178.exe
        10⤵
        
        PID:3936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51703.exe
        11⤵
        
        PID:5072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10582.exe
        12⤵
        
        PID:5552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5552 -s 224
        13⤵
        
        PID:7716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5072 -s 216
        12⤵
        
        PID:6896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3936 -s 236
        11⤵
        
        PID:6136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1028 -s 236
        10⤵
        
        PID:4296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30327.exe
        9⤵
        
        PID:3952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22731.exe
        10⤵
        
        PID:4716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5922.exe
        11⤵
        
        PID:6060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22953.exe
        12⤵
        
        PID:8184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38146.exe
        13⤵
        
        PID:10028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38177.exe
        14⤵
        
        PID:10896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62716.exe
        15⤵
        
        PID:11632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10896 -s 236
        15⤵
        
        PID:7084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10028 -s 216
        14⤵
        
        PID:12124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8184 -s 216
        13⤵
        
        PID:10548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6060 -s 216
        12⤵
        
        PID:9012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4716 -s 236
        11⤵
        
        PID:7840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3952 -s 216
        10⤵
        
        PID:5932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1832 -s 240
        9⤵
        Program crash
        
        PID:3884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2736 -s 240
        8⤵
        Program crash
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44505.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16706.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16597.exe
        9⤵
        
        PID:2144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8667.exe
        10⤵
        
        PID:3468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61132.exe
        11⤵
        
        PID:4304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4304 -s 224
        12⤵
        
        PID:6492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3468 -s 216
        11⤵
        
        PID:6124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2144 -s 236
        10⤵
        
        PID:4652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13306.exe
        9⤵
        
        PID:3596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55102.exe
        10⤵
        
        PID:4536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11843.exe
        11⤵
        
        PID:6504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46197.exe
        12⤵
        
        PID:8748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33765.exe
        13⤵
        
        PID:10168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14021.exe
        14⤵
        
        PID:960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10168 -s 216
        14⤵
        
        PID:2444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8748 -s 236
        13⤵
        
        PID:10336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6504 -s 216
        12⤵
        
        PID:9520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4536 -s 216
        11⤵
        
        PID:7284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3596 -s 216
        10⤵
        
        PID:5516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1088 -s 240
        9⤵
        
        PID:4684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15205.exe
        8⤵
        
        PID:1988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12751.exe
        9⤵
        
        PID:3516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40712.exe
        10⤵
        
        PID:4732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54822.exe
        11⤵
        
        PID:6600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9954.exe
        12⤵
        
        PID:7356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7356 -s 220
        13⤵
        
        PID:9840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6600 -s 236
        12⤵
        
        PID:8516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4732 -s 216
        11⤵
        
        PID:6696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3516 -s 216
        10⤵
        
        PID:5520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1988 -s 236
        9⤵
        
        PID:4792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 624 -s 240
        8⤵
        Program crash
        
        PID:3112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1536 -s 240
        7⤵
        Program crash
        
        PID:2884
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2816 -s 240
        6⤵
        Program crash
        
        PID:1720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34286.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2340
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2340 -s 240
        6⤵
        Program crash
        
        PID:2496
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2700 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64930.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64930.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23426.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2920
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2920 -s 244
        6⤵
        Program crash
        
        PID:1836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7390.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27339.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53872.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19529.exe
        8⤵
        
        PID:2632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2632 -s 244
        9⤵
        Program crash
        
        PID:3580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11505.exe
        8⤵
        
        PID:3604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3604 -s 224
        9⤵
        Program crash
        
        PID:3436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1348 -s 220
        8⤵
        Program crash
        
        PID:3332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59170.exe
        7⤵
        
        PID:2592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2592 -s 240
        8⤵
        Program crash
        
        PID:3304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2660 -s 240
        7⤵
        Program crash
        
        PID:1048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3280.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51324.exe
        7⤵
        Executes dropped EXE
        
        PID:1056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28849.exe
        8⤵
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59814.exe
        9⤵
        
        PID:3692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51511.exe
        10⤵
        
        PID:4372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-276.exe
        11⤵
        
        PID:5380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62663.exe
        12⤵
        
        PID:6748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41872.exe
        13⤵
        
        PID:9308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40749.exe
        14⤵
        
        PID:11516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11516 -s 224
        15⤵
        
        PID:7460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9308 -s 216
        14⤵
        
        PID:11560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6748 -s 216
        13⤵
        
        PID:9964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5380 -s 236
        12⤵
        
        PID:8320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4372 -s 216
        11⤵
        
        PID:7140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3692 -s 216
        10⤵
        
        PID:5940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2264 -s 236
        9⤵
        
        PID:4508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44033.exe
        8⤵
        
        PID:3740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10862.exe
        9⤵
        
        PID:4188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28481.exe
        10⤵
        
        PID:5716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43805.exe
        11⤵
        
        PID:6736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13562.exe
        12⤵
        
        PID:9388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28259.exe
        13⤵
        
        PID:10516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16125.exe
        14⤵
        
        PID:12140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10516 -s 216
        14⤵
        
        PID:7192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9388 -s 236
        13⤵
        
        PID:10620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6736 -s 236
        12⤵
        
        PID:9296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5716 -s 236
        11⤵
        
        PID:8012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4188 -s 236
        10⤵
        
        PID:7016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3740 -s 236
        9⤵
        
        PID:5892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1056 -s 240
        8⤵
        
        PID:4268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13067.exe
        7⤵
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63898.exe
        8⤵
        
        PID:3768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32544.exe
        9⤵
        
        PID:4948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14365.exe
        10⤵
        
        PID:6628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1786.exe
        11⤵
        
        PID:7268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50040.exe
        12⤵
        
        PID:9440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9440 -s 224
        13⤵
        
        PID:10856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7268 -s 216
        12⤵
        
        PID:9752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6628 -s 236
        11⤵
        
        PID:8460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4948 -s 216
        10⤵
        
        PID:6712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3768 -s 216
        9⤵
        
        PID:5976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2964 -s 236
        8⤵
        
        PID:4844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1612 -s 240
        7⤵
        Program crash
        
        PID:3156
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1132 -s 240
        6⤵
        Program crash
        
        PID:276
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2780 -s 240
        5⤵
        Program crash
        
        PID:2096
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2076 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1552
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52403.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52403.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31511.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31511.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32170.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1316
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1316 -s 220
        6⤵
        Program crash
        
        PID:1764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23726.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47567.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1700 -s 220
        7⤵
        Program crash
        
        PID:2648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60649.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43156.exe
        7⤵
        
        PID:2800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2800 -s 220
        8⤵
        Program crash
        
        PID:3164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13451.exe
        7⤵
        
        PID:3252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13602.exe
        8⤵
        
        PID:4356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13898.exe
        9⤵
        
        PID:5708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24003.exe
        10⤵
        
        PID:7172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11104.exe
        11⤵
        
        PID:9420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20550.exe
        12⤵
        
        PID:11052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53714.exe
        13⤵
        
        PID:7732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11052 -s 236
        13⤵
        
        PID:6384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9420 -s 216
        12⤵
        
        PID:11584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7172 -s 216
        11⤵
        
        PID:10884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5708 -s 216
        10⤵
        
        PID:8288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4356 -s 236
        9⤵
        
        PID:7236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3252 -s 216
        8⤵
        
        PID:5524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2100 -s 240
        7⤵
        Program crash
        
        PID:3928
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2004 -s 240
        6⤵
        Program crash
        
        PID:2276
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1964 -s 240
        5⤵
        Program crash
        
        PID:3000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63451.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63451.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43592.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51651.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33452.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29835.exe
        8⤵
        
        PID:1104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45761.exe
        9⤵
        
        PID:3340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36353.exe
        10⤵
        
        PID:4116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50271.exe
        11⤵
        
        PID:6108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51070.exe
        12⤵
        
        PID:8096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63828.exe
        13⤵
        
        PID:9476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60388.exe
        14⤵
        
        PID:10324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-363.exe
        15⤵
        
        PID:7856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10324 -s 216
        15⤵
        
        PID:8720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9476 -s 216
        14⤵
        
        PID:11928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8096 -s 216
        13⤵
        
        PID:10244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6108 -s 216
        12⤵
        
        PID:8956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4116 -s 216
        11⤵
        
        PID:6268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3340 -s 236
        10⤵
        
        PID:5312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1104 -s 236
        9⤵
        
        PID:3700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17727.exe
        8⤵
        
        PID:3476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51319.exe
        9⤵
        
        PID:4584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55315.exe
        10⤵
        
        PID:5136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62234.exe
        11⤵
        
        PID:7916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21071.exe
        12⤵
        
        PID:9636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1289.exe
        13⤵
        
        PID:11844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3549.exe
        14⤵
        
        PID:8672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9636 -s 236
        13⤵
        
        PID:12028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7916 -s 236
        12⤵
        
        PID:11020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5136 -s 216
        11⤵
        
        PID:9112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4584 -s 216
        10⤵
        
        PID:7532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3476 -s 216
        9⤵
        
        PID:5884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2828 -s 240
        8⤵
        Program crash
        
        PID:3300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63254.exe
        7⤵
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62097.exe
        8⤵
        
        PID:3572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9902.exe
        9⤵
        
        PID:4520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12144.exe
        10⤵
        
        PID:5968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52541.exe
        11⤵
        
        PID:7668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36611.exe
        12⤵
        
        PID:9744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7637.exe
        13⤵
        
        PID:11100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11465.exe
        14⤵
        
        PID:8412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9744 -s 236
        13⤵
        
        PID:11328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7668 -s 216
        12⤵
        
        PID:11128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5968 -s 216
        11⤵
        
        PID:8732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4520 -s 216
        10⤵
        
        PID:7520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3572 -s 236
        9⤵
        
        PID:5856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1696 -s 216
        8⤵
        
        PID:4008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1668 -s 240
        7⤵
        Program crash
        
        PID:2224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48397.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39072.exe
        7⤵
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2782.exe
        8⤵
        
        PID:3444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52990.exe
        9⤵
        
        PID:3136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58584.exe
        10⤵
        
        PID:5420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13462.exe
        11⤵
        
        PID:6476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54942.exe
        12⤵
        
        PID:9728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63414.exe
        13⤵
        
        PID:10772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10772 -s 244
        14⤵
        
        PID:7604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9728 -s 216
        13⤵
        
        PID:12040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6476 -s 220
        12⤵
        
        PID:10356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5420 -s 236
        11⤵
        
        PID:8336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3136 -s 216
        10⤵
        
        PID:7132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3444 -s 216
        9⤵
        
        PID:4640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-68.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-68.exe
        8⤵
        
        PID:3640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34080.exe
        9⤵
        
        PID:5644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9378.exe
        10⤵
        
        PID:7176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47963.exe
        11⤵
        
        PID:9772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17746.exe
        12⤵
        
        PID:10588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60345.exe
        13⤵
        
        PID:7500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10588 -s 216
        13⤵
        
        PID:9096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9772 -s 216
        12⤵
        
        PID:12008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7176 -s 220
        11⤵
        
        PID:10496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5644 -s 236
        10⤵
        
        PID:8396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3640 -s 216
        9⤵
        
        PID:6260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1564 -s 240
        8⤵
        
        PID:5140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52538.exe
        7⤵
        
        PID:3528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62912.exe
        8⤵
        
        PID:3976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36602.exe
        9⤵
        
        PID:5748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63047.exe
        10⤵
        
        PID:7436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54931.exe
        11⤵
        
        PID:9280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52926.exe
        12⤵
        
        PID:10372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50429.exe
        13⤵
        
        PID:8056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10372 -s 216
        13⤵
        
        PID:8280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9280 -s 216
        12⤵
        
        PID:11940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7436 -s 216
        11⤵
        
        PID:9832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5748 -s 236
        10⤵
        
        PID:8596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3976 -s 216
        9⤵
        
        PID:6432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3528 -s 236
        8⤵
        
        PID:5212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2708 -s 240
        7⤵
        Program crash
        
        PID:3140
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1092 -s 240
        6⤵
        Program crash
        
        PID:1416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31785.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45704.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36057.exe
        7⤵
        
        PID:1212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25149.exe
        8⤵
        
        PID:3316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36161.exe
        9⤵
        
        PID:4244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34319.exe
        10⤵
        
        PID:5532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10146.exe
        11⤵
        
        PID:7768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48508.exe
        12⤵
        
        PID:8788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12723.exe
        13⤵
        
        PID:11200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63511.exe
        14⤵
        
        PID:7880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11200 -s 216
        14⤵
        
        PID:8576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8788 -s 216
        13⤵
        
        PID:11824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7768 -s 216
        12⤵
        
        PID:9544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5532 -s 236
        11⤵
        
        PID:8804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4244 -s 236
        10⤵
        
        PID:6772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3316 -s 236
        9⤵
        
        PID:5408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1212 -s 216
        8⤵
        
        PID:3664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48454.exe
        7⤵
        
        PID:3420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21963.exe
        8⤵
        
        PID:4156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35881.exe
        9⤵
        
        PID:5340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36488.exe
        10⤵
        
        PID:7420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18278.exe
        11⤵
        
        PID:10120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65232.exe
        12⤵
        
        PID:11144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4748.exe
        13⤵
        
        PID:7332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11144 -s 216
        13⤵
        
        PID:9064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 236
        12⤵
        
        PID:11800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7420 -s 236
        11⤵
        
        PID:10632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5340 -s 216
        10⤵
        
        PID:9048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4156 -s 236
        9⤵
        
        PID:6720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3420 -s 236
        8⤵
        
        PID:5328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2728 -s 220
        7⤵
        Program crash
        
        PID:3892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23290.exe
        6⤵
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29233.exe
        7⤵
        
        PID:3216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22264.exe
        8⤵
        
        PID:3296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48470.exe
        9⤵
        
        PID:5572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15793.exe
        10⤵
        
        PID:7396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17237.exe
        11⤵
        
        PID:9580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7396 -s 216
        11⤵
        
        PID:9596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5572 -s 216
        10⤵
        
        PID:8564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3296 -s 216
        9⤵
        
        PID:6208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3216 -s 216
        8⤵
        
        PID:4788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22626.exe
        7⤵
        
        PID:3712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3353.exe
        8⤵
        
        PID:5676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44573.exe
        9⤵
        
        PID:7492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61921.exe
        10⤵
        
        PID:9608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10976.exe
        11⤵
        
        PID:11336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19850.exe
        12⤵
        
        PID:8556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9608 -s 216
        11⤵
        
        PID:11448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7492 -s 216
        10⤵
        
        PID:10292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5676 -s 216
        9⤵
        
        PID:8620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3712 -s 216
        8⤵
        
        PID:6324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1584 -s 240
        7⤵
        
        PID:5156
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2152 -s 240
        6⤵
        Program crash
        
        PID:2092
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 988 -s 240
        5⤵
        Program crash
        
        PID:2252
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2564 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1292
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2416 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:1156
- C:\Users\Admin\AppData\Local\Temp\Unicorn-4188.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-4188.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2744
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6731.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6731.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45901.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45901.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5527.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64012.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64287.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57956.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1500 -s 188
        9⤵
        Program crash
        
        PID:684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2572 -s 236
        8⤵
        Program crash
        
        PID:3996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7364.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18652.exe
        8⤵
        
        PID:1860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25149.exe
        9⤵
        
        PID:3324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7380.exe
        10⤵
        
        PID:4192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60961.exe
        11⤵
        
        PID:5432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48465.exe
        12⤵
        
        PID:6952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36383.exe
        13⤵
        
        PID:9352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45344.exe
        14⤵
        
        PID:11048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16919.exe
        15⤵
        
        PID:7992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9352 -s 236
        14⤵
        
        PID:12168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6952 -s 216
        13⤵
        
        PID:10008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5432 -s 216
        12⤵
        
        PID:7976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4192 -s 236
        11⤵
        
        PID:7092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3324 -s 216
        10⤵
        
        PID:5352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1860 -s 216
        9⤵
        
        PID:3616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29979.exe
        8⤵
        
        PID:3380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57074.exe
        9⤵
        
        PID:3428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25912.exe
        10⤵
        
        PID:5536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15985.exe
        11⤵
        
        PID:7220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38464.exe
        12⤵
        
        PID:9252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24065.exe
        13⤵
        
        PID:11496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1984.exe
        14⤵
        
        PID:7548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9252 -s 216
        13⤵
        
        PID:11580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7220 -s 216
        12⤵
        
        PID:9736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5536 -s 236
        11⤵
        
        PID:8420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3428 -s 216
        10⤵
        
        PID:6180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3380 -s 236
        9⤵
        
        PID:4568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1488 -s 240
        8⤵
        Program crash
        
        PID:3408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1880 -s 240
        7⤵
        Program crash
        
        PID:3036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48506.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19062.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10291.exe
        8⤵
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43815.exe
        9⤵
        
        PID:964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46000.exe
        10⤵
        
        PID:3860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18538.exe
        11⤵
        
        PID:5084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14557.exe
        12⤵
        
        PID:6960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63322.exe
        13⤵
        
        PID:8176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52104.exe
        14⤵
        
        PID:10076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13035.exe
        15⤵
        
        PID:11728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26987.exe
        16⤵
        
        PID:9068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10076 -s 216
        15⤵
        
        PID:11752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8176 -s 216
        14⤵
        
        PID:10572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6960 -s 216
        13⤵
        
        PID:8996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5084 -s 216
        12⤵
        
        PID:8068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3860 -s 216
        11⤵
        
        PID:6336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 964 -s 236
        10⤵
        
        PID:4164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60945.exe
        9⤵
        
        PID:3876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1817.exe
        10⤵
        
        PID:5116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49176.exe
        11⤵
        
        PID:6644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36789.exe
        12⤵
        
        PID:7748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16947.exe
        13⤵
        
        PID:9852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6000.exe
        14⤵
        
        PID:11596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37029.exe
        15⤵
        
        PID:8428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9852 -s 216
        14⤵
        
        PID:11608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7748 -s 216
        13⤵
        
        PID:10384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6644 -s 216
        12⤵
        
        PID:8772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5116 -s 216
        11⤵
        
        PID:6920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3876 -s 216
        10⤵
        
        PID:5732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9559.exe
        8⤵
        
        PID:1492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27526.exe
        9⤵
        
        PID:3948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57624.exe
        10⤵
        
        PID:4204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4204 -s 244
        11⤵
        
        PID:6652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3948 -s 216
        10⤵
        
        PID:6028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1492 -s 236
        9⤵
        
        PID:4904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1788 -s 240
        8⤵
        Program crash
        
        PID:3244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47795.exe
        7⤵
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54121.exe
        8⤵
        
        PID:3092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41724.exe
        9⤵
        
        PID:3496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51594.exe
        10⤵
        
        PID:4200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65320.exe
        11⤵
        
        PID:6808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6808 -s 220
        12⤵
        
        PID:8040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4200 -s 216
        11⤵
        
        PID:7588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3496 -s 216
        10⤵
        
        PID:6276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3092 -s 236
        9⤵
        
        PID:5024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25942.exe
        8⤵
        
        PID:3540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53348.exe
        9⤵
        
        PID:4580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22918.exe
        10⤵
        
        PID:6928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2045.exe
        11⤵
        
        PID:7884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64583.exe
        12⤵
        
        PID:10196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27564.exe
        13⤵
        
        PID:10656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30581.exe
        14⤵
        
        PID:8168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10196 -s 216
        13⤵
        
        PID:12260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7884 -s 236
        12⤵
        
        PID:10840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6928 -s 216
        11⤵
        
        PID:9132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4580 -s 216
        10⤵
        
        PID:7672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3540 -s 216
        9⤵
        
        PID:6316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2680 -s 220
        8⤵
        
        PID:4112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2560 -s 240
        7⤵
        Program crash
        
        PID:2636
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2952 -s 220
        6⤵
        Program crash
        
        PID:1404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38116.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58065.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2616 -s 240
        7⤵
        Program crash
        
        PID:1872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34006.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6207.exe
        7⤵
        
        PID:2304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37593.exe
        8⤵
        
        PID:3488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63488.exe
        9⤵
        
        PID:3100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31449.exe
        10⤵
        
        PID:5812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6254.exe
        11⤵
        
        PID:7644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7644 -s 212
        12⤵
        
        PID:9716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5812 -s 236
        11⤵
        
        PID:8684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3100 -s 236
        10⤵
        
        PID:6580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3488 -s 236
        9⤵
        
        PID:5236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15911.exe
        8⤵
        
        PID:3804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64469.exe
        9⤵
        
        PID:6020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42518.exe
        10⤵
        
        PID:7908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52104.exe
        11⤵
        
        PID:10084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6518.exe
        12⤵
        
        PID:11096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6787.exe
        13⤵
        
        PID:7824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10084 -s 216
        12⤵
        
        PID:11292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7908 -s 216
        11⤵
        
        PID:10560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6020 -s 216
        10⤵
        
        PID:8864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3804 -s 236
        9⤵
        
        PID:6888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2304 -s 240
        8⤵
        
        PID:5280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42231.exe
        7⤵
        
        PID:3544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13218.exe
        8⤵
        
        PID:3900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40157.exe
        9⤵
        
        PID:5952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38735.exe
        10⤵
        
        PID:7708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2726.exe
        11⤵
        
        PID:9660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11557.exe
        12⤵
        
        PID:11228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7276.exe
        13⤵
        
        PID:8116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11228 -s 216
        13⤵
        
        PID:8528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9660 -s 216
        12⤵
        
        PID:11832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7708 -s 216
        11⤵
        
        PID:10312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5952 -s 216
        10⤵
        
        PID:8736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3900 -s 236
        9⤵
        
        PID:6848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3544 -s 216
        8⤵
        
        PID:5264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2168 -s 220
        7⤵
        Program crash
        
        PID:3288
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 884 -s 240
        6⤵
        Program crash
        
        PID:1952
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1620 -s 240
        5⤵
        Program crash
        
        PID:380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38946.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38946.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39508.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59819.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41620.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17583.exe
        8⤵
        
        PID:1780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-644.exe
        9⤵
        
        PID:3632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21771.exe
        10⤵
        
        PID:4320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28289.exe
        11⤵
        
        PID:5600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11931.exe
        12⤵
        
        PID:7964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63514.exe
        13⤵
        
        PID:9316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2000.exe
        14⤵
        
        PID:11624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11624 -s 224
        15⤵
        
        PID:8480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9316 -s 216
        14⤵
        
        PID:11604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7964 -s 236
        13⤵
        
        PID:10876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5600 -s 216
        12⤵
        
        PID:9164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4320 -s 236
        11⤵
        
        PID:7204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3632 -s 236
        10⤵
        
        PID:5468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1780 -s 236
        9⤵
        
        PID:3272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64790.exe
        8⤵
        
        PID:3648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3648 -s 240
        9⤵
        
        PID:4380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2432 -s 240
        8⤵
        Program crash
        
        PID:3944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19206.exe
        7⤵
        
        PID:912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59959.exe
        8⤵
        
        PID:3176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1651.exe
        9⤵
        
        PID:3980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52746.exe
        10⤵
        
        PID:5372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7240.exe
        11⤵
        
        PID:6816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6816 -s 224
        12⤵
        
        PID:9616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5372 -s 236
        11⤵
        
        PID:8296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3980 -s 236
        10⤵
        
        PID:7108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3176 -s 236
        9⤵
        
        PID:4544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8428.exe
        8⤵
        
        PID:4072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36026.exe
        9⤵
        
        PID:5500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5500 -s 224
        10⤵
        
        PID:7228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4072 -s 216
        9⤵
        
        PID:7164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 912 -s 220
        8⤵
        
        PID:4152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2428 -s 240
        7⤵
        Program crash
        
        PID:2504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56565.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1568 -s 244
        7⤵
        Program crash
        
        PID:1752
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2976 -s 240
        6⤵
        Program crash
        
        PID:2156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9227.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17116.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 992 -s 244
        7⤵
        Program crash
        
        PID:2656
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2876 -s 248
        6⤵
        Program crash
        
        PID:2916
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 320 -s 220
        5⤵
        Program crash
        
        PID:2016
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 496 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:408
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11645.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11645.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62896.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62896.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:748
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 748 -s 240
        5⤵
        Program crash
        
        PID:236
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1828 -s 248
      4⤵
      Program crash
      PID:2072
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2744 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2776
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2164 -s 240
  2⤵
  - Program crash
  PID:2672

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-36488.exe

Filesize
184KB

MD5
272f0f15b4c6401897ce5d07706aa3c9

SHA1
17186359dea19066d82f2f1412924a144407d2a9

SHA256
6ca6b1a5c1fb5952e56372109be100a9a722f9990b267a026775d58ddcb40fbd

SHA512
ab22938c5c053cb3d718a0a8211c5bffe99fb1d4b568315dc9d06a4833a5bad2c611ce12a05a241fd64c09e98fbd02847f71adecb6bc33c97b59350eece8c1dc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37256.exe

Filesize
184KB

MD5
e5b0ee64390050d9fc3026232ff1519e

SHA1
e8b6599d3d52b5b6e3edde4c9d82671de2191898

SHA256
91d6f2f8da90b6d47def537a9abddf97790934a733216b6ce70de1fcd2681fe6

SHA512
b3183c1435f9b4581dad0fa0449c189445653263aa85e852f60a331442c7e2753e36ec29ba2267a583445cd0d980700afe028342a2cb19fc812b6c6cce52a688

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37593.exe

Filesize
184KB

MD5
51818eb5376cd7f478618850ff1f20d8

SHA1
c1fa96fc88499d30f82ce36d08ff93030835b78b

SHA256
0e8b43b81a1d111b2e52f439c6a78f29a059e4b820414d5a3de175fd28ae7af6

SHA512
cb50dd68262235faa707450a2a6ea4a1906d8483f46c61239bdd3b2a168ae03c76b7f0ba1ec21dffe21fae07754092b8e503c32a8402af41ce439082e87d85e8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39948.exe

Filesize
184KB

MD5
547fd369c2bfcb6756e73c090b4c2e3d

SHA1
42fa850e910ac04426b443cde2b0b4a41f39ac51

SHA256
800fb1a6ad18e8b44ee0b0aef1d774bff64651a8eb826538f3365f672d6d3687

SHA512
7833d3f535be676eaf8f380b21233147387b608856b7c577f104f721fc6c1303d527f035e73cfb418ab5b11a24f716fd3da568ded422c37496f52533ccc3a776

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47826.exe

Filesize
184KB

MD5
796f474acfd06f822909f87a689d2205

SHA1
f9701fada4b65eea9c1fd0c19fdf0ba8bc6c3a22

SHA256
84b2f8f9fd7a050709ccbeb2599547c3d3563f5394494bda31ff31e9f627e37d

SHA512
92873b6f5b46a778130cacd35c9c881ac4cf83e224186eefef0073684373d5b895f5ba8ab58f6b0c6c407f2e3351350e532d748aada5ce804dc31c0a4958750d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5527.exe

Filesize
184KB

MD5
4e7ce2ec79af3568a987ddbc3ee832f0

SHA1
a463d92134b028d910ef4a3c284fb1308327987f

SHA256
a2cf601a244eb95afeecae32003bb6c3bb11c08f8384dc7715d468da8505d8d9

SHA512
c2ca397f5d185dfdddfad8ffa8f00d8510b4410bddd76d79c8d7b14c2db3b4c27a7c4ec81b8a05376a821954a4c3a121332b9bf0b62671e28a7f06902dc9c617

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6731.exe

Filesize
184KB

MD5
5dd16f975c756a0730d81838500540c6

SHA1
7ac37194bdb8d6106f10b5645c589a707c807553

SHA256
ecdc13e68346b478cdc4666c8bd69c990d8346af32ab78f41b976d6fc67f2942

SHA512
bda9994426d0ec3674027feae0cf295dd382c9a2c51d6174a4cab8c395542d361f56e0539d6435f0377f32ede2d125b37440d46c3d1ec28f6e615038ed31eb20

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-11645.exe

Filesize
184KB

MD5
027bda46bd103e1e571ea5765b79ca83

SHA1
e496e227b90fefab77bc04ad1918b53a80710533

SHA256
15eb6c3e2ae5017c1858aae588bcaaf1c9d0313287e8f8ad7fb70052dcadaa14

SHA512
ef1daeede29cc7ccb454cf0fd73aa1da110fd2aa4e889bd5c9ce98b13542229f519bca6ef49e81540de06f71ccac8f663e0053637494299559c04897fb4d7445

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-15174.exe

Filesize
184KB

MD5
bc9c1d853f6883605948a27fab70121a

SHA1
f3aea9acffbe3f94edca12db1fc21f2a44f88f7b

SHA256
d0fc281c5341518ef5df243cef4781a7356fbe33b1305da5f7aa473bd56d673a

SHA512
33c4a76b116d4ecc96828139bd2354840bae279ea99379fdba39218c5c0e5b686adbb6b46afa052c98b17f667abffbfce2f641cf73b43cbc1121fed88b021740

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-23426.exe

Filesize
184KB

MD5
6348744c8fff47b444f60a575ba5f64d

SHA1
d87bb8d40ad6753b1b8c1a7108fc9061f5c36d67

SHA256
b2893afc9db3dbd10d4b9a641d4d2c1d5b1114c542569a551c9c4c82b0ff7294

SHA512
b14500e8ced3b80ad3ea299f9049fc49b89f97590c7215cffa05ac0dd0df62ffd65944aa30e5a6989e57a54efdc4c677493000aba4440c3d906de34659d28ada

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-31511.exe

Filesize
184KB

MD5
990f457d33ea0b993164439a3a59fd36

SHA1
364392e7f5f89f99e5e1b1df2121294975dce77b

SHA256
fecc9d3dc4e73231ae5d6f87d70a0dc73460bec019a77bd35cf28914cb3391a3

SHA512
b18fe6b92209c350e8b38a100f5aedb445a041b07f1ab6187c150341db50738f171f0464ece5868457bab40f41b5251faaddb360728b63af30a99a50705960a4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-34286.exe

Filesize
184KB

MD5
bb5e926e223cccc4ddd0d4394a3edb25

SHA1
c30f2db9da37a8ec50c3deb6427eb525c993cbcd

SHA256
965831b1d0fdbc86bd3999fb5a1909468f8b2a0f8ac7630ae30e6dc2869627b7

SHA512
89f46597027abb89e97f4c2e4a6ac1b99c71d6e45d832378b4e7071b44da3855350de19c6d3f2a01170419c4e91f19dcadea7b7162e65e957e08565025599c8d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-36306.exe

Filesize
184KB

MD5
bf9444b322e97a589cc4ccb1f2669cf4

SHA1
c4c7ad0457e44725265ea90f11270d7de1bf0569

SHA256
6c280ed287f2ad549c556f3541e82e21f34447a48640cbbf8d65dcca9278515c

SHA512
e52650417e19c2e172b3aecdb065eca5167e877403883d5dc303bd5391e8346f522a608b341fbed5afa3b8382429df7e096185c1bc5ebfb7d237962858fa1f6b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-4188.exe

Filesize
184KB

MD5
2d9773ad52592791c03ac24ceb126362

SHA1
1a6d058f1f2c7b65e9379203a26665ec570f0061

SHA256
f7607c0e2ca9a526936ac7c4653edcec284e6862158b1eb72a49e935e3d3ac07

SHA512
802500a216dfe40ef2b4bd3ea306e7da9a70db214e631f952f156e34bf6dba7e02db5d64888a3585ff4412dc83b4732e34d8ce16c4125830e985fe9ad538a2cb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-45901.exe

Filesize
184KB

MD5
e58598918e28540e554bd6d8b1882db1

SHA1
df4054e053ce9e7781ed9d500b7336763cd8489a

SHA256
25a62102ad0ac49c13ee42a67c3dfc02d9a1fb96da2ab5e5fc01fcec63ce7f28

SHA512
b33f3b86a54df196ad79cc50972929596993798c2504d6530ad802504f6e113a4b3dfd6e4db41db579775a606054abb75967c59a90a0dc7d87f4716ee20f6d6b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-50068.exe

Filesize
184KB

MD5
679383fa9b98da801f110bec0780694d

SHA1
a387949af19825da7ab99dbce2f11a3f8336d710

SHA256
a1a3cf9ecfdb9c442e33e2002cba9157dc5f948ff0b117521ea1cd9a751e1436

SHA512
e97979f3a88aae08592f44321c5347b191f267611cb9d6a50c8f6d53e8487fa38b96b23d0884906752ae168f3ed9db5e0bf3c4ba41be94e3ff91440952ed41d6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-52403.exe

Filesize
184KB

MD5
b8cbeb7b8b75fb95d433b60149e334ac

SHA1
20e25192f96f3301f2ada623e919b1eaec38a47f

SHA256
2fe76ebfd5232bd45be33b8763dfde65bcf47dd9780dc492af3fe7a503fdb2a4

SHA512
d46ff6e7ef2b26ef908b3dcf480edac78c1f07f1db50da69780bf28681f59c64ffc9ecd644f8ea770ed0e3a6cbec0e219c78424da0c70c7b47b28904f0941060

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-53794.exe

Filesize
184KB

MD5
b33ea757189acd9a869a8de95096a8c2

SHA1
439c01209b35a5f03173043a12120fe92aa3e61d

SHA256
3977e5e10af2d5f8d71f88ad0818f607f958c29ed436710e83a7bf7978b345cc

SHA512
13eb1adfd0fe85ff56d141efa36804459f383959b1e5dd5240e4b40cdc430171517f6106ce7481b5e9a674f84979380cdd5504e3f79a3abae72e01f9a553a153

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-54889.exe

Filesize
184KB

MD5
4805cbbc91da6f675cdf8418647849df

SHA1
bc7a28499a2c629833c89ed950ed3124c05802aa

SHA256
985a4b6bbcd0415306c4985c44e92fb02b3b3eea9a264b98244c188db3604e74

SHA512
608112df7c5609e06529b987a7e8a84e90d424143b10c8853f50dd42ecaefdce6f60061a3f68b5849dabbefbed87825a7cab1bcb5aa8c11d3243f9639d371d6b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-64930.exe

Filesize
184KB

MD5
515aec7bd048d25cd4a3b4a381aba645

SHA1
be2c1396f9fa5da143486f685f09094255c7d883

SHA256
7e4417434f15f840c356021736607269ef29d2057ca93d04a739b1c2edfd94ae

SHA512
40bc2f719c412aa800c8ff384c2c07933bf8eee1b4099553b68f20bbce573e65bd3b979e8d8eb02a583539b6c2980b13553090a858a2dba0dfc39c3bd7a9ad9c

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads