20d81adac1b588269fb8a90c367b5a64e6fc02eac305b6574d5ea7f95b11249a

Analysis

max time kernel
150s
max time network
128s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
28/05/2024, 19:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

20d81adac1b588269fb8a90c367b5a64e6fc02eac305b6574d5ea7f95b11249a.exe
Size

184KB
MD5

8bd9c58901a492f2d83692a23f37112c
SHA1

7abdd47b1663e6046296f8968a13537000935149
SHA256

20d81adac1b588269fb8a90c367b5a64e6fc02eac305b6574d5ea7f95b11249a
SHA512

0f6c9ae546d6ac45a41d62cf094c66e81976e3baa51b2d169dfaa31e62fd60bc997faf3047ec8bf876b4fa23954afa26421ea39e5651cec41b6339c134b12623
SSDEEP

3072:6ga3d8ofeRhsdBa71kwL/3sNhlnDiFFn3:6gzomYBaHLvsNhlnDiFF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2968	Unicorn-2740.exe
2240	Unicorn-3856.exe
2664	Unicorn-53612.exe
2876	Unicorn-22968.exe
2828	Unicorn-8023.exe
2516	Unicorn-42834.exe
1748	Unicorn-61391.exe
2880	Unicorn-10799.exe
2556	Unicorn-25211.exe
1272	Unicorn-58630.exe
1520	Unicorn-25211.exe
316	Unicorn-34531.exe
1296	Unicorn-46783.exe
2008	Unicorn-61728.exe
2228	Unicorn-50867.exe
1688	Unicorn-20695.exe
2088	Unicorn-9834.exe
2696	Unicorn-37546.exe
692	Unicorn-24779.exe
448	Unicorn-34614.exe
1348	Unicorn-49559.exe
1640	Unicorn-61811.exe
1548	Unicorn-16140.exe
2900	Unicorn-26254.exe
1828	Unicorn-30338.exe
2340	Unicorn-22724.exe
2060	Unicorn-57535.exe
1808	Unicorn-11863.exe
1920	Unicorn-65148.exe
884	Unicorn-49367.exe
2124	Unicorn-38506.exe
1588	Unicorn-24116.exe
2792	Unicorn-30577.exe
2672	Unicorn-45522.exe
2708	Unicorn-53135.exe
2536	Unicorn-50997.exe
796	Unicorn-18879.exe
2688	Unicorn-38745.exe
2620	Unicorn-24355.exe
2976	Unicorn-39299.exe
2996	Unicorn-14048.exe
2316	Unicorn-28993.exe
2720	Unicorn-61111.exe
1676	Unicorn-39321.exe
2504	Unicorn-43405.exe
1680	Unicorn-43960.exe
1388	Unicorn-2372.exe
1428	Unicorn-981.exe
2924	Unicorn-5065.exe
1220	Unicorn-55657.exe
532	Unicorn-39875.exe
2092	Unicorn-59741.exe
332	Unicorn-59741.exe
1564	Unicorn-5086.exe
2268	Unicorn-44536.exe
572	Unicorn-25507.exe
376	Unicorn-37759.exe
1052	Unicorn-62263.exe
3052	Unicorn-3503.exe
2288	Unicorn-38313.exe
2540	Unicorn-17915.exe
2528	Unicorn-64977.exe
2304	Unicorn-2133.exe
1868	Unicorn-26083.exe

Loads dropped DLL 64 IoCs

pid	Process
2188	20d81adac1b588269fb8a90c367b5a64e6fc02eac305b6574d5ea7f95b11249a.exe
2188	20d81adac1b588269fb8a90c367b5a64e6fc02eac305b6574d5ea7f95b11249a.exe
2968	Unicorn-2740.exe
2968	Unicorn-2740.exe
2188	20d81adac1b588269fb8a90c367b5a64e6fc02eac305b6574d5ea7f95b11249a.exe
2188	20d81adac1b588269fb8a90c367b5a64e6fc02eac305b6574d5ea7f95b11249a.exe
2240	Unicorn-3856.exe
2968	Unicorn-2740.exe
2968	Unicorn-2740.exe
2240	Unicorn-3856.exe
2664	Unicorn-53612.exe
2664	Unicorn-53612.exe
2564	WerFault.exe
2564	WerFault.exe
2564	WerFault.exe
2564	WerFault.exe
2564	WerFault.exe
2828	Unicorn-8023.exe
2828	Unicorn-8023.exe
2240	Unicorn-3856.exe
2240	Unicorn-3856.exe
2876	Unicorn-22968.exe
2516	Unicorn-42834.exe
2876	Unicorn-22968.exe
2516	Unicorn-42834.exe
2664	Unicorn-53612.exe
2664	Unicorn-53612.exe
2320	WerFault.exe
2320	WerFault.exe
2320	WerFault.exe
2320	WerFault.exe
1668	WerFault.exe
1668	WerFault.exe
1668	WerFault.exe
1668	WerFault.exe
2320	WerFault.exe
1668	WerFault.exe
2880	Unicorn-10799.exe
2880	Unicorn-10799.exe
1748	Unicorn-61391.exe
1748	Unicorn-61391.exe
2828	Unicorn-8023.exe
2828	Unicorn-8023.exe
1272	Unicorn-58630.exe
1272	Unicorn-58630.exe
2516	Unicorn-42834.exe
1520	Unicorn-25211.exe
2516	Unicorn-42834.exe
1520	Unicorn-25211.exe
2556	Unicorn-25211.exe
2556	Unicorn-25211.exe
2876	Unicorn-22968.exe
2876	Unicorn-22968.exe
1852	WerFault.exe
1852	WerFault.exe
1852	WerFault.exe
1852	WerFault.exe
1852	WerFault.exe
1620	WerFault.exe
1620	WerFault.exe
1620	WerFault.exe
1620	WerFault.exe
1856	WerFault.exe
1856	WerFault.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2668	2188	WerFault.exe	27
2564	2968	WerFault.exe	28
2320	2240	WerFault.exe	29
1668	2664	WerFault.exe	30
1852	2828	WerFault.exe	32
1620	2876	WerFault.exe	33
1856	2516	WerFault.exe	34
2444	2880	WerFault.exe	37
1932	1748	WerFault.exe	36
1904	1272	WerFault.exe	40
2628	1520	WerFault.exe	39
2768	2556	WerFault.exe	38
1076	316	WerFault.exe	43
2360	1296	WerFault.exe	44
684	2696	WerFault.exe	48
1048	2228	WerFault.exe	46
2212	2008	WerFault.exe	45
1704	2088	WerFault.exe	49
888	692	WerFault.exe	50
1792	1688	WerFault.exe	47
3028	448	WerFault.exe	54
1752	1348	WerFault.exe	55
1612	1640	WerFault.exe	56
2840	1548	WerFault.exe	57
1260	2900	WerFault.exe	58
476	1828	WerFault.exe	59
1532	2340	WerFault.exe	60
1596	2060	WerFault.exe	61
3064	1808	WerFault.exe	62
2752	1920	WerFault.exe	63
2632	1588	WerFault.exe	66
2276	2124	WerFault.exe	65
3040	884	WerFault.exe	64
3440	2792	WerFault.exe	72
3520	2672	WerFault.exe	73
3560	2708	WerFault.exe	74
3624	2536	WerFault.exe	75
3960	2620	WerFault.exe	78
3676	1388	WerFault.exe	86
3708	1220	WerFault.exe	89
3732	1428	WerFault.exe	87
3760	1676	WerFault.exe	83
3860	2268	WerFault.exe	97
3896	1680	WerFault.exe	85
3920	532	WerFault.exe	90
3928	2764	WerFault.exe	131
3948	2504	WerFault.exe	84
4000	1564	WerFault.exe	95
4060	2528	WerFault.exe	109
3076	796	WerFault.exe	76
3104	1820	WerFault.exe	126
3184	2084	WerFault.exe	120
3204	2012	WerFault.exe	129
3252	2712	WerFault.exe	113
3260	1252	WerFault.exe	115
3408	2836	WerFault.exe	116
3452	2844	WerFault.exe	123
3468	1992	WerFault.exe	128
3492	1972	WerFault.exe	125
3512	2932	WerFault.exe	119
3540	1592	WerFault.exe	130
3828	572	WerFault.exe	99
3644	1436	WerFault.exe	138
4120	1372	WerFault.exe	142

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2188	20d81adac1b588269fb8a90c367b5a64e6fc02eac305b6574d5ea7f95b11249a.exe
2968	Unicorn-2740.exe
2240	Unicorn-3856.exe
2664	Unicorn-53612.exe
2828	Unicorn-8023.exe
2876	Unicorn-22968.exe
2516	Unicorn-42834.exe
1748	Unicorn-61391.exe
2880	Unicorn-10799.exe
2556	Unicorn-25211.exe
1272	Unicorn-58630.exe
1520	Unicorn-25211.exe
316	Unicorn-34531.exe
1296	Unicorn-46783.exe
2008	Unicorn-61728.exe
2088	Unicorn-9834.exe
2696	Unicorn-37546.exe
2228	Unicorn-50867.exe
1688	Unicorn-20695.exe
692	Unicorn-24779.exe
448	Unicorn-34614.exe
1348	Unicorn-49559.exe
1640	Unicorn-61811.exe
1548	Unicorn-16140.exe
2900	Unicorn-26254.exe
1828	Unicorn-30338.exe
2340	Unicorn-22724.exe
2060	Unicorn-57535.exe
1808	Unicorn-11863.exe
1920	Unicorn-65148.exe
884	Unicorn-49367.exe
2124	Unicorn-38506.exe
1588	Unicorn-24116.exe
2792	Unicorn-30577.exe
2672	Unicorn-45522.exe
2708	Unicorn-53135.exe
2536	Unicorn-50997.exe
796	Unicorn-18879.exe
2688	Unicorn-38745.exe
2620	Unicorn-24355.exe
2316	Unicorn-28993.exe
2976	Unicorn-39299.exe
2996	Unicorn-14048.exe
2720	Unicorn-61111.exe
1676	Unicorn-39321.exe
2504	Unicorn-43405.exe
1680	Unicorn-43960.exe
1388	Unicorn-2372.exe
1428	Unicorn-981.exe
2924	Unicorn-5065.exe
1220	Unicorn-55657.exe
532	Unicorn-39875.exe
2092	Unicorn-59741.exe
332	Unicorn-59741.exe
1564	Unicorn-5086.exe
2268	Unicorn-44536.exe
572	Unicorn-25507.exe
376	Unicorn-37759.exe
1052	Unicorn-62263.exe
3052	Unicorn-3503.exe
2288	Unicorn-38313.exe
2540	Unicorn-17915.exe
2528	Unicorn-64977.exe
2304	Unicorn-2133.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2188 wrote to memory of 2968	2188	20d81adac1b588269fb8a90c367b5a64e6fc02eac305b6574d5ea7f95b11249a.exe	28
PID 2188 wrote to memory of 2968	2188	20d81adac1b588269fb8a90c367b5a64e6fc02eac305b6574d5ea7f95b11249a.exe	28
PID 2188 wrote to memory of 2968	2188	20d81adac1b588269fb8a90c367b5a64e6fc02eac305b6574d5ea7f95b11249a.exe	28
PID 2188 wrote to memory of 2968	2188	20d81adac1b588269fb8a90c367b5a64e6fc02eac305b6574d5ea7f95b11249a.exe	28
PID 2968 wrote to memory of 2240	2968	Unicorn-2740.exe	29
PID 2968 wrote to memory of 2240	2968	Unicorn-2740.exe	29
PID 2968 wrote to memory of 2240	2968	Unicorn-2740.exe	29
PID 2968 wrote to memory of 2240	2968	Unicorn-2740.exe	29
PID 2188 wrote to memory of 2664	2188	20d81adac1b588269fb8a90c367b5a64e6fc02eac305b6574d5ea7f95b11249a.exe	30
PID 2188 wrote to memory of 2664	2188	20d81adac1b588269fb8a90c367b5a64e6fc02eac305b6574d5ea7f95b11249a.exe	30
PID 2188 wrote to memory of 2664	2188	20d81adac1b588269fb8a90c367b5a64e6fc02eac305b6574d5ea7f95b11249a.exe	30
PID 2188 wrote to memory of 2664	2188	20d81adac1b588269fb8a90c367b5a64e6fc02eac305b6574d5ea7f95b11249a.exe	30
PID 2188 wrote to memory of 2668	2188	20d81adac1b588269fb8a90c367b5a64e6fc02eac305b6574d5ea7f95b11249a.exe	31
PID 2188 wrote to memory of 2668	2188	20d81adac1b588269fb8a90c367b5a64e6fc02eac305b6574d5ea7f95b11249a.exe	31
PID 2188 wrote to memory of 2668	2188	20d81adac1b588269fb8a90c367b5a64e6fc02eac305b6574d5ea7f95b11249a.exe	31
PID 2188 wrote to memory of 2668	2188	20d81adac1b588269fb8a90c367b5a64e6fc02eac305b6574d5ea7f95b11249a.exe	31
PID 2968 wrote to memory of 2876	2968	Unicorn-2740.exe	33
PID 2968 wrote to memory of 2876	2968	Unicorn-2740.exe	33
PID 2968 wrote to memory of 2876	2968	Unicorn-2740.exe	33
PID 2968 wrote to memory of 2876	2968	Unicorn-2740.exe	33
PID 2240 wrote to memory of 2828	2240	Unicorn-3856.exe	32
PID 2240 wrote to memory of 2828	2240	Unicorn-3856.exe	32
PID 2240 wrote to memory of 2828	2240	Unicorn-3856.exe	32
PID 2240 wrote to memory of 2828	2240	Unicorn-3856.exe	32
PID 2664 wrote to memory of 2516	2664	Unicorn-53612.exe	34
PID 2664 wrote to memory of 2516	2664	Unicorn-53612.exe	34
PID 2664 wrote to memory of 2516	2664	Unicorn-53612.exe	34
PID 2664 wrote to memory of 2516	2664	Unicorn-53612.exe	34
PID 2968 wrote to memory of 2564	2968	Unicorn-2740.exe	35
PID 2968 wrote to memory of 2564	2968	Unicorn-2740.exe	35
PID 2968 wrote to memory of 2564	2968	Unicorn-2740.exe	35
PID 2968 wrote to memory of 2564	2968	Unicorn-2740.exe	35
PID 2828 wrote to memory of 1748	2828	Unicorn-8023.exe	36
PID 2828 wrote to memory of 1748	2828	Unicorn-8023.exe	36
PID 2828 wrote to memory of 1748	2828	Unicorn-8023.exe	36
PID 2828 wrote to memory of 1748	2828	Unicorn-8023.exe	36
PID 2240 wrote to memory of 2880	2240	Unicorn-3856.exe	37
PID 2240 wrote to memory of 2880	2240	Unicorn-3856.exe	37
PID 2240 wrote to memory of 2880	2240	Unicorn-3856.exe	37
PID 2240 wrote to memory of 2880	2240	Unicorn-3856.exe	37
PID 2876 wrote to memory of 2556	2876	Unicorn-22968.exe	38
PID 2876 wrote to memory of 2556	2876	Unicorn-22968.exe	38
PID 2876 wrote to memory of 2556	2876	Unicorn-22968.exe	38
PID 2876 wrote to memory of 2556	2876	Unicorn-22968.exe	38
PID 2516 wrote to memory of 1520	2516	Unicorn-42834.exe	39
PID 2516 wrote to memory of 1520	2516	Unicorn-42834.exe	39
PID 2516 wrote to memory of 1520	2516	Unicorn-42834.exe	39
PID 2516 wrote to memory of 1520	2516	Unicorn-42834.exe	39
PID 2664 wrote to memory of 1272	2664	Unicorn-53612.exe	40
PID 2664 wrote to memory of 1272	2664	Unicorn-53612.exe	40
PID 2664 wrote to memory of 1272	2664	Unicorn-53612.exe	40
PID 2664 wrote to memory of 1272	2664	Unicorn-53612.exe	40
PID 2240 wrote to memory of 2320	2240	Unicorn-3856.exe	41
PID 2240 wrote to memory of 2320	2240	Unicorn-3856.exe	41
PID 2240 wrote to memory of 2320	2240	Unicorn-3856.exe	41
PID 2240 wrote to memory of 2320	2240	Unicorn-3856.exe	41
PID 2664 wrote to memory of 1668	2664	Unicorn-53612.exe	42
PID 2664 wrote to memory of 1668	2664	Unicorn-53612.exe	42
PID 2664 wrote to memory of 1668	2664	Unicorn-53612.exe	42
PID 2664 wrote to memory of 1668	2664	Unicorn-53612.exe	42
PID 2880 wrote to memory of 316	2880	Unicorn-10799.exe	43
PID 2880 wrote to memory of 316	2880	Unicorn-10799.exe	43
PID 2880 wrote to memory of 316	2880	Unicorn-10799.exe	43
PID 2880 wrote to memory of 316	2880	Unicorn-10799.exe	43

C:\Users\Admin\AppData\Local\Temp\20d81adac1b588269fb8a90c367b5a64e6fc02eac305b6574d5ea7f95b11249a.exe
"C:\Users\Admin\AppData\Local\Temp\20d81adac1b588269fb8a90c367b5a64e6fc02eac305b6574d5ea7f95b11249a.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2188
- C:\Users\Admin\AppData\Local\Temp\Unicorn-2740.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-2740.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2968
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3856.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3856.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8023.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8023.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61391.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46783.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16140.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38745.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64977.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38610.exe
        10⤵
        
        PID:1000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54090.exe
        11⤵
        
        PID:4276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63296.exe
        12⤵
        
        PID:7100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44573.exe
        13⤵
        
        PID:9400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34514.exe
        14⤵
        
        PID:5376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9400 -s 216
        14⤵
        
        PID:7780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4276 -s 216
        12⤵
        
        PID:8176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1000 -s 216
        11⤵
        
        PID:5932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2528 -s 236
        10⤵
        Program crash
        
        PID:4060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41302.exe
        9⤵
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24599.exe
        10⤵
        
        PID:4600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28159.exe
        11⤵
        
        PID:7316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16102.exe
        12⤵
        
        PID:9732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14664.exe
        13⤵
        
        PID:7444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7316 -s 216
        12⤵
        
        PID:10828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4600 -s 216
        11⤵
        
        PID:8928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3000 -s 216
        10⤵
        
        PID:6356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2688 -s 240
        9⤵
        
        PID:4704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2133.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27763.exe
        9⤵
        
        PID:3632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50530.exe
        10⤵
        
        PID:5256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2523.exe
        11⤵
        
        PID:7560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54280.exe
        12⤵
        
        PID:10536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7560 -s 236
        12⤵
        
        PID:11956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5256 -s 236
        11⤵
        
        PID:9344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3632 -s 216
        10⤵
        
        PID:6880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2304 -s 236
        9⤵
        
        PID:4744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1548 -s 240
        8⤵
        Program crash
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18879.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17915.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18190.exe
        9⤵
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-478.exe
        10⤵
        
        PID:5152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56254.exe
        11⤵
        
        PID:7484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64996.exe
        12⤵
        
        PID:10436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7484 -s 216
        12⤵
        
        PID:11732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5152 -s 216
        11⤵
        
        PID:9016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2236 -s 216
        10⤵
        
        PID:6492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2540 -s 236
        9⤵
        
        PID:4552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2408.exe
        8⤵
        
        PID:576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40084.exe
        9⤵
        
        PID:4844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32762.exe
        10⤵
        
        PID:6896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24345.exe
        11⤵
        
        PID:9236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9625.exe
        12⤵
        
        PID:11580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9236 -s 220
        12⤵
        
        PID:7408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6896 -s 220
        11⤵
        
        PID:9320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4844 -s 216
        10⤵
        
        PID:7964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 576 -s 236
        9⤵
        
        PID:5196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 796 -s 240
        8⤵
        Program crash
        
        PID:3076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1296 -s 240
        7⤵
        Program crash
        
        PID:2360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61811.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50997.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62263.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24604.exe
        9⤵
        
        PID:708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36939.exe
        10⤵
        
        PID:3268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28491.exe
        11⤵
        
        PID:4740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8916.exe
        12⤵
        
        PID:6624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28738.exe
        13⤵
        
        PID:9824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34182.exe
        14⤵
        
        PID:8348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6624 -s 236
        13⤵
        
        PID:10888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4740 -s 216
        12⤵
        
        PID:8564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3268 -s 216
        11⤵
        
        PID:5736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 708 -s 236
        10⤵
        
        PID:4440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51884.exe
        9⤵
        
        PID:3372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43483.exe
        10⤵
        
        PID:4272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32845.exe
        11⤵
        
        PID:6636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22700.exe
        12⤵
        
        PID:9172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3019.exe
        13⤵
        
        PID:11468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9172 -s 216
        13⤵
        
        PID:6208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6636 -s 216
        12⤵
        
        PID:10152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4272 -s 236
        11⤵
        
        PID:8152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3372 -s 216
        10⤵
        
        PID:5720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1052 -s 240
        9⤵
        
        PID:4500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37410.exe
        8⤵
        
        PID:400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34801.exe
        9⤵
        
        PID:3436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59025.exe
        10⤵
        
        PID:4952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1324.exe
        11⤵
        
        PID:7132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41841.exe
        12⤵
        
        PID:10416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7132 -s 216
        12⤵
        
        PID:10544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4952 -s 216
        11⤵
        
        PID:8692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3436 -s 216
        10⤵
        
        PID:6240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 400 -s 236
        9⤵
        
        PID:4908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2536 -s 240
        8⤵
        Program crash
        
        PID:3624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38313.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9637.exe
        8⤵
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34225.exe
        9⤵
        
        PID:3084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59819.exe
        10⤵
        
        PID:4372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39451.exe
        11⤵
        
        PID:7048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5870.exe
        12⤵
        
        PID:9276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30347.exe
        13⤵
        
        PID:12276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9276 -s 216
        13⤵
        
        PID:6912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7048 -s 220
        12⤵
        
        PID:9460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4372 -s 216
        11⤵
        
        PID:8296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3084 -s 236
        10⤵
        
        PID:5764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2732 -s 236
        9⤵
        
        PID:4712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18443.exe
        8⤵
        
        PID:3140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58942.exe
        9⤵
        
        PID:4156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17002.exe
        10⤵
        
        PID:6604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6555.exe
        11⤵
        
        PID:1480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32485.exe
        12⤵
        
        PID:12228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1480 -s 220
        12⤵
        
        PID:12196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6604 -s 216
        11⤵
        
        PID:10000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4156 -s 216
        10⤵
        
        PID:7192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3140 -s 216
        9⤵
        
        PID:5476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2288 -s 240
        8⤵
        
        PID:4252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1640 -s 240
        7⤵
        Program crash
        
        PID:1612
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1748 -s 240
        6⤵
        Program crash
        
        PID:1932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61728.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11863.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43405.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55548.exe
        8⤵
        
        PID:272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65252.exe
        9⤵
        
        PID:1284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22461.exe
        10⤵
        
        PID:5044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65107.exe
        11⤵
        
        PID:7268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16289.exe
        12⤵
        
        PID:11188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7268 -s 216
        12⤵
        
        PID:920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5044 -s 216
        11⤵
        
        PID:8848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1284 -s 216
        10⤵
        
        PID:6436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 272 -s 236
        9⤵
        
        PID:4672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49471.exe
        8⤵
        
        PID:548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40276.exe
        9⤵
        
        PID:4680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2419.exe
        10⤵
        
        PID:6568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51563.exe
        11⤵
        
        PID:9804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38214.exe
        12⤵
        
        PID:11664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9804 -s 204
        12⤵
        
        PID:7648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6568 -s 220
        11⤵
        
        PID:10328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4680 -s 216
        10⤵
        
        PID:7352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 548 -s 236
        9⤵
        
        PID:6060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2504 -s 240
        8⤵
        Program crash
        
        PID:3948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39766.exe
        7⤵
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36171.exe
        8⤵
        
        PID:3120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31148.exe
        9⤵
        
        PID:3336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45206.exe
        10⤵
        
        PID:6708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42544.exe
        11⤵
        
        PID:9124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38302.exe
        12⤵
        
        PID:11372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9124 -s 216
        12⤵
        
        PID:11680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6708 -s 216
        11⤵
        
        PID:9776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3336 -s 216
        10⤵
        
        PID:7832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3120 -s 236
        9⤵
        
        PID:5596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2012 -s 236
        8⤵
        Program crash
        
        PID:3204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1808 -s 240
        7⤵
        Program crash
        
        PID:3064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43960.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37074.exe
        7⤵
        
        PID:1820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11967.exe
        8⤵
        
        PID:584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10919.exe
        9⤵
        
        PID:4468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14671.exe
        10⤵
        
        PID:6716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35227.exe
        11⤵
        
        PID:9724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16699.exe
        12⤵
        
        PID:6660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9724 -s 216
        12⤵
        
        PID:1916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6716 -s 216
        11⤵
        
        PID:10288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4468 -s 216
        10⤵
        
        PID:7492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 584 -s 216
        9⤵
        
        PID:5992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1820 -s 236
        8⤵
        Program crash
        
        PID:3104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57639.exe
        7⤵
        
        PID:1384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33478.exe
        8⤵
        
        PID:4540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37038.exe
        9⤵
        
        PID:6868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25440.exe
        10⤵
        
        PID:8728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8728 -s 200
        11⤵
        
        PID:4336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6868 -s 216
        10⤵
        
        PID:9232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4540 -s 216
        9⤵
        
        PID:7608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1384 -s 216
        8⤵
        
        PID:6016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1680 -s 240
        7⤵
        Program crash
        
        PID:3896
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2008 -s 240
        6⤵
        Program crash
        
        PID:2212
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2828 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:1852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10799.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10799.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34531.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34614.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30577.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5086.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21506.exe
        9⤵
        
        PID:1436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52315.exe
        10⤵
        
        PID:3572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29394.exe
        11⤵
        
        PID:4404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2227.exe
        12⤵
        
        PID:6824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23359.exe
        13⤵
        
        PID:9880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40373.exe
        14⤵
        
        PID:5292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9880 -s 216
        14⤵
        
        PID:7716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6824 -s 220
        13⤵
        
        PID:10372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4404 -s 216
        12⤵
        
        PID:7576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3572 -s 216
        11⤵
        
        PID:5976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1436 -s 236
        10⤵
        Program crash
        
        PID:3644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32449.exe
        9⤵
        
        PID:3588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46306.exe
        10⤵
        
        PID:4776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2803.exe
        11⤵
        
        PID:7072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12860.exe
        12⤵
        
        PID:9984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33658.exe
        13⤵
        
        PID:11980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9984 -s 236
        13⤵
        
        PID:8320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7072 -s 216
        12⤵
        
        PID:10460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4776 -s 216
        11⤵
        
        PID:940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3588 -s 236
        10⤵
        
        PID:6124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1564 -s 240
        9⤵
        Program crash
        
        PID:4000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54925.exe
        8⤵
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33841.exe
        9⤵
        
        PID:3656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43400.exe
        10⤵
        
        PID:3128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49290.exe
        11⤵
        
        PID:6736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8501.exe
        12⤵
        
        PID:9188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41255.exe
        13⤵
        
        PID:11884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9188 -s 216
        13⤵
        
        PID:11660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6736 -s 216
        12⤵
        
        PID:10008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3128 -s 216
        11⤵
        
        PID:7872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3656 -s 216
        10⤵
        
        PID:5588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52123.exe
        9⤵
        
        PID:3412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6119.exe
        10⤵
        
        PID:6848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54002.exe
        11⤵
        
        PID:8684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5266.exe
        12⤵
        
        PID:12032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8684 -s 216
        12⤵
        
        PID:11788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6848 -s 220
        11⤵
        
        PID:9224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3412 -s 216
        10⤵
        
        PID:7948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2260 -s 240
        9⤵
        
        PID:5636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2792 -s 240
        8⤵
        Program crash
        
        PID:3440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44536.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3031.exe
        8⤵
        
        PID:1372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63197.exe
        9⤵
        
        PID:3808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-805.exe
        10⤵
        
        PID:4320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57842.exe
        11⤵
        
        PID:7120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53125.exe
        12⤵
        
        PID:9628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20700.exe
        13⤵
        
        PID:12124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9628 -s 216
        13⤵
        
        PID:7784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7120 -s 220
        12⤵
        
        PID:10076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4320 -s 216
        11⤵
        
        PID:7200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3808 -s 216
        10⤵
        
        PID:5940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1372 -s 236
        9⤵
        Program crash
        
        PID:4120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24857.exe
        8⤵
        
        PID:3900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25310.exe
        9⤵
        
        PID:4364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63296.exe
        10⤵
        
        PID:7092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24729.exe
        11⤵
        
        PID:9484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5650.exe
        12⤵
        
        PID:12116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9484 -s 216
        12⤵
        
        PID:6428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7092 -s 216
        11⤵
        
        PID:7012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4364 -s 216
        10⤵
        
        PID:8184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2268 -s 240
        8⤵
        Program crash
        
        PID:3860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 448 -s 240
        7⤵
        Program crash
        
        PID:3028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45522.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25507.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54178.exe
        8⤵
        
        PID:996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52891.exe
        9⤵
        
        PID:3844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1765.exe
        10⤵
        
        PID:5060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23224.exe
        11⤵
        
        PID:5320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19026.exe
        12⤵
        
        PID:8868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10445.exe
        13⤵
        
        PID:11556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8868 -s 220
        13⤵
        
        PID:6388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5320 -s 216
        12⤵
        
        PID:9472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5060 -s 216
        11⤵
        
        PID:7980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3844 -s 236
        10⤵
        
        PID:5416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 996 -s 236
        9⤵
        
        PID:4128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45278.exe
        8⤵
        
        PID:3936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40660.exe
        9⤵
        
        PID:5028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19716.exe
        10⤵
        
        PID:6984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12811.exe
        11⤵
        
        PID:10164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36948.exe
        12⤵
        
        PID:6760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10164 -s 236
        12⤵
        
        PID:8064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6984 -s 216
        11⤵
        
        PID:10528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5028 -s 216
        10⤵
        
        PID:7556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3936 -s 216
        9⤵
        
        PID:5396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 572 -s 240
        8⤵
        Program crash
        
        PID:3828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16606.exe
        7⤵
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36363.exe
        8⤵
        
        PID:4016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1827.exe
        9⤵
        
        PID:4412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25746.exe
        10⤵
        
        PID:7164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50144.exe
        11⤵
        
        PID:9292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26725.exe
        12⤵
        
        PID:7932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7164 -s 216
        11⤵
        
        PID:10572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4412 -s 216
        10⤵
        
        PID:7600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4016 -s 216
        9⤵
        
        PID:5500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2152 -s 236
        8⤵
        
        PID:4300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2672 -s 240
        7⤵
        Program crash
        
        PID:3520
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 316 -s 240
        6⤵
        Program crash
        
        PID:1076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49559.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53135.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37759.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52616.exe
        8⤵
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9720.exe
        9⤵
        
        PID:4052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30162.exe
        10⤵
        
        PID:4316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21662.exe
        11⤵
        
        PID:7080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27962.exe
        12⤵
        
        PID:8468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59729.exe
        13⤵
        
        PID:11840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8468 -s 216
        13⤵
        
        PID:6940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7080 -s 216
        12⤵
        
        PID:9892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4316 -s 216
        11⤵
        
        PID:7860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4052 -s 216
        10⤵
        
        PID:5680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2964 -s 236
        9⤵
        
        PID:4628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59476.exe
        8⤵
        
        PID:4080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13140.exe
        9⤵
        
        PID:4824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29145.exe
        10⤵
        
        PID:6312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20645.exe
        11⤵
        
        PID:9836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58634.exe
        12⤵
        
        PID:11328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9836 -s 216
        12⤵
        
        PID:6392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6312 -s 216
        11⤵
        
        PID:10336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4824 -s 236
        10⤵
        
        PID:8376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4080 -s 236
        9⤵
        
        PID:5488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 376 -s 240
        8⤵
        
        PID:5016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24582.exe
        7⤵
        
        PID:1124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38309.exe
        8⤵
        
        PID:3168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58942.exe
        9⤵
        
        PID:4160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58418.exe
        10⤵
        
        PID:6552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39939.exe
        11⤵
        
        PID:8556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22651.exe
        12⤵
        
        PID:10524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8556 -s 216
        12⤵
        
        PID:11408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6552 -s 216
        11⤵
        
        PID:10032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4160 -s 216
        10⤵
        
        PID:8072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3168 -s 216
        9⤵
        
        PID:5524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1124 -s 236
        8⤵
        
        PID:4452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2708 -s 240
        7⤵
        Program crash
        
        PID:3560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3503.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5937.exe
        7⤵
        
        PID:912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65439.exe
        8⤵
        
        PID:4564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5408.exe
        9⤵
        
        PID:6220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64809.exe
        10⤵
        
        PID:10160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35983.exe
        11⤵
        
        PID:8664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6220 -s 216
        10⤵
        
        PID:11060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4564 -s 216
        9⤵
        
        PID:8668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 912 -s 216
        8⤵
        
        PID:5148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3052 -s 236
        7⤵
        
        PID:4460
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1348 -s 240
        6⤵
        Program crash
        
        PID:1752
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2880 -s 240
        5⤵
        Program crash
        
        PID:2444
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2240 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:2320
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22968.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22968.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25211.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25211.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9834.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65148.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2372.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20738.exe
        8⤵
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13612.exe
        9⤵
        
        PID:3320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21610.exe
        10⤵
        
        PID:4944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58205.exe
        11⤵
        
        PID:5480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27604.exe
        12⤵
        
        PID:7864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46688.exe
        13⤵
        
        PID:10852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7864 -s 236
        13⤵
        
        PID:12140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5480 -s 236
        12⤵
        
        PID:9496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4944 -s 216
        11⤵
        
        PID:6808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3320 -s 236
        10⤵
        
        PID:5712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2932 -s 216
        9⤵
        Program crash
        
        PID:3512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62299.exe
        8⤵
        
        PID:3344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39508.exe
        9⤵
        
        PID:3296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28294.exe
        10⤵
        
        PID:6544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41584.exe
        11⤵
        
        PID:8896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42926.exe
        12⤵
        
        PID:11684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8896 -s 216
        12⤵
        
        PID:12284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6544 -s 216
        11⤵
        
        PID:9492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3296 -s 216
        10⤵
        
        PID:7720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3344 -s 236
        9⤵
        
        PID:5536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1388 -s 240
        8⤵
        Program crash
        
        PID:3676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43851.exe
        7⤵
        
        PID:1316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16052.exe
        8⤵
        
        PID:620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44910.exe
        9⤵
        
        PID:5380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62476.exe
        10⤵
        
        PID:7452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53320.exe
        11⤵
        
        PID:10568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7452 -s 216
        11⤵
        
        PID:11740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5380 -s 216
        10⤵
        
        PID:9008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 620 -s 216
        9⤵
        
        PID:6688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1316 -s 216
        8⤵
        
        PID:4796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1920 -s 240
        7⤵
        Program crash
        
        PID:2752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-981.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12569.exe
        7⤵
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52507.exe
        8⤵
        
        PID:3228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29586.exe
        9⤵
        
        PID:4148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38792.exe
        10⤵
        
        PID:6960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56851.exe
        11⤵
        
        PID:8604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36740.exe
        12⤵
        
        PID:11456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8604 -s 216
        12⤵
        
        PID:11864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6960 -s 216
        11⤵
        
        PID:10108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4148 -s 216
        10⤵
        
        PID:8052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3228 -s 216
        9⤵
        
        PID:5840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2844 -s 236
        8⤵
        Program crash
        
        PID:3452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20389.exe
        7⤵
        
        PID:3244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4505.exe
        8⤵
        
        PID:3612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34708.exe
        9⤵
        
        PID:6932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38543.exe
        10⤵
        
        PID:9324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6117.exe
        11⤵
        
        PID:11756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9324 -s 216
        11⤵
        
        PID:11748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6932 -s 216
        10⤵
        
        PID:9748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3612 -s 216
        9⤵
        
        PID:8044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3244 -s 236
        8⤵
        
        PID:5620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1428 -s 240
        7⤵
        Program crash
        
        PID:3732
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2088 -s 240
        6⤵
        Program crash
        
        PID:1704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49367.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59741.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8485.exe
        7⤵
        
        PID:1472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36171.exe
        8⤵
        
        PID:3096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55709.exe
        9⤵
        
        PID:5232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37780.exe
        10⤵
        
        PID:7516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5232 -s 216
        10⤵
        
        PID:9044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3096 -s 216
        9⤵
        
        PID:6532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1472 -s 216
        8⤵
        
        PID:4936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32641.exe
        7⤵
        
        PID:3216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50940.exe
        8⤵
        
        PID:5492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2969.exe
        9⤵
        
        PID:7548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37072.exe
        10⤵
        
        PID:10488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7548 -s 216
        10⤵
        
        PID:10968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5492 -s 216
        9⤵
        
        PID:9056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3216 -s 216
        8⤵
        
        PID:6884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2092 -s 240
        7⤵
        
        PID:5004
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 884 -s 236
        6⤵
        Program crash
        
        PID:3040
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2556 -s 240
        5⤵
        Program crash
        
        PID:2768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24779.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24779.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38506.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59741.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20738.exe
        7⤵
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19835.exe
        8⤵
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63820.exe
        9⤵
        
        PID:3316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16234.exe
        10⤵
        
        PID:7028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34267.exe
        11⤵
        
        PID:9428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20700.exe
        12⤵
        
        PID:12092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7028 -s 216
        11⤵
        
        PID:9852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3316 -s 216
        10⤵
        
        PID:8128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2916 -s 236
        9⤵
        
        PID:5688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2084 -s 236
        8⤵
        Program crash
        
        PID:3184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9206.exe
        7⤵
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29067.exe
        8⤵
        
        PID:5220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5927.exe
        9⤵
        
        PID:7056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28237.exe
        10⤵
        
        PID:9516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3979.exe
        11⤵
        
        PID:11800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9516 -s 216
        11⤵
        
        PID:11848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7056 -s 216
        10⤵
        
        PID:9360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5220 -s 216
        9⤵
        
        PID:8136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2820 -s 216
        8⤵
        
        PID:6516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 332 -s 220
        7⤵
        
        PID:4892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43851.exe
        6⤵
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40255.exe
        7⤵
        
        PID:3308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6451.exe
        8⤵
        
        PID:3448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24594.exe
        9⤵
        
        PID:6812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39939.exe
        10⤵
        
        PID:8544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9521.exe
        11⤵
        
        PID:11400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8544 -s 216
        11⤵
        
        PID:11724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6812 -s 216
        10⤵
        
        PID:10040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3448 -s 216
        9⤵
        
        PID:7940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3308 -s 236
        8⤵
        
        PID:5644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1972 -s 236
        7⤵
        Program crash
        
        PID:3492
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2124 -s 240
        6⤵
        Program crash
        
        PID:2276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39875.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39212.exe
        6⤵
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56591.exe
        7⤵
        
        PID:3396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4562.exe
        8⤵
        
        PID:5180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4230.exe
        9⤵
        
        PID:7364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8504.exe
        10⤵
        
        PID:11260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7364 -s 216
        10⤵
        
        PID:11424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5180 -s 236
        9⤵
        
        PID:8936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3396 -s 216
        8⤵
        
        PID:6524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2496 -s 236
        7⤵
        
        PID:3464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5999.exe
        6⤵
        
        PID:3388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62834.exe
        7⤵
        
        PID:4588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58480.exe
        8⤵
        
        PID:5316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25440.exe
        9⤵
        
        PID:8736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8736 -s 200
        10⤵
        
        PID:11120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5316 -s 216
        9⤵
        
        PID:9248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4588 -s 216
        8⤵
        
        PID:8328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3388 -s 216
        7⤵
        
        PID:6032
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 532 -s 220
        6⤵
        Program crash
        
        PID:3920
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 692 -s 240
        5⤵
        Program crash
        
        PID:888
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2876 -s 220
      4⤵
      Loads dropped DLL
      Program crash
      PID:1620
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2968 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2564
- C:\Users\Admin\AppData\Local\Temp\Unicorn-53612.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-53612.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2664
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42834.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42834.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25211.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25211.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37546.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26254.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24355.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10623.exe
        8⤵
        
        PID:1252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36171.exe
        9⤵
        
        PID:3112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40276.exe
        10⤵
        
        PID:4648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20894.exe
        11⤵
        
        PID:6164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20837.exe
        12⤵
        
        PID:9760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45204.exe
        13⤵
        
        PID:6344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9760 -s 216
        13⤵
        
        PID:11940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6164 -s 220
        12⤵
        
        PID:10296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4648 -s 216
        11⤵
        
        PID:7288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3112 -s 216
        10⤵
        
        PID:6048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1252 -s 216
        9⤵
        Program crash
        
        PID:3260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2620 -s 236
        8⤵
        Program crash
        
        PID:3960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11178.exe
        7⤵
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45408.exe
        8⤵
        
        PID:3176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3176 -s 220
        9⤵
        
        PID:4392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2836 -s 236
        8⤵
        Program crash
        
        PID:3408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2900 -s 240
        7⤵
        Program crash
        
        PID:1260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39299.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52533.exe
        7⤵
        
        PID:1492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53000.exe
        8⤵
        
        PID:1760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12538.exe
        9⤵
        
        PID:4292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21553.exe
        10⤵
        
        PID:6856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63906.exe
        11⤵
        
        PID:10548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6856 -s 236
        11⤵
        
        PID:10432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4292 -s 216
        10⤵
        
        PID:8744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1760 -s 216
        9⤵
        
        PID:6264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1492 -s 236
        8⤵
        
        PID:4612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20882.exe
        7⤵
        
        PID:1028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55517.exe
        8⤵
        
        PID:4880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17469.exe
        9⤵
        
        PID:7052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60206.exe
        10⤵
        
        PID:10652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7052 -s 216
        10⤵
        
        PID:10520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4880 -s 216
        9⤵
        
        PID:8784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1028 -s 216
        8⤵
        
        PID:6280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2976 -s 240
        7⤵
        
        PID:4676
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2696 -s 240
        6⤵
        Program crash
        
        PID:684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22724.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61111.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26083.exe
        7⤵
        Executes dropped EXE
        
        PID:1868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49554.exe
        8⤵
        
        PID:3568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-561.exe
        9⤵
        
        PID:5660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58968.exe
        10⤵
        
        PID:7844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4887.exe
        11⤵
        
        PID:11200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7844 -s 216
        11⤵
        
        PID:11828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5660 -s 216
        10⤵
        
        PID:8960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3568 -s 216
        9⤵
        
        PID:7020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1868 -s 236
        8⤵
        
        PID:4420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35080.exe
        7⤵
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29067.exe
        8⤵
        
        PID:5208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22513.exe
        9⤵
        
        PID:7424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50606.exe
        10⤵
        
        PID:10500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7424 -s 236
        10⤵
        
        PID:11624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5208 -s 216
        9⤵
        
        PID:9000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2636 -s 216
        8⤵
        
        PID:6508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2720 -s 240
        7⤵
        
        PID:4784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16331.exe
        6⤵
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58729.exe
        7⤵
        
        PID:3148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33670.exe
        8⤵
        
        PID:4220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20318.exe
        9⤵
        
        PID:7004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44573.exe
        10⤵
        
        PID:9408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9625.exe
        11⤵
        
        PID:11576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9408 -s 204
        11⤵
        
        PID:6996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7004 -s 216
        10⤵
        
        PID:9848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4220 -s 216
        9⤵
        
        PID:8104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3148 -s 236
        8⤵
        
        PID:5908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2712 -s 216
        7⤵
        Program crash
        
        PID:3252
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2340 -s 240
        6⤵
        Program crash
        
        PID:1532
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1520 -s 240
        5⤵
        Program crash
        
        PID:2628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20695.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20695.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24116.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55657.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28906.exe
        7⤵
        
        PID:1592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13612.exe
        8⤵
        
        PID:3328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62450.exe
        9⤵
        
        PID:3340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20318.exe
        10⤵
        
        PID:7012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15819.exe
        11⤵
        
        PID:8636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51239.exe
        12⤵
        
        PID:3800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8636 -s 216
        12⤵
        
        PID:11416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3340 -s 216
        10⤵
        
        PID:8096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3328 -s 236
        9⤵
        
        PID:5744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1592 -s 236
        8⤵
        Program crash
        
        PID:3540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62299.exe
        7⤵
        
        PID:3352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51760.exe
        8⤵
        
        PID:3604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4173.exe
        9⤵
        
        PID:6764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43312.exe
        10⤵
        
        PID:8600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55370.exe
        11⤵
        
        PID:11636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8600 -s 216
        11⤵
        
        PID:11360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6764 -s 216
        10⤵
        
        PID:10012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3604 -s 216
        9⤵
        
        PID:7880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3352 -s 236
        8⤵
        
        PID:5564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1220 -s 240
        7⤵
        Program crash
        
        PID:3708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33544.exe
        6⤵
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1853.exe
        7⤵
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59409.exe
        8⤵
        
        PID:4972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52855.exe
        9⤵
        
        PID:7184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9298.exe
        10⤵
        
        PID:10972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7184 -s 216
        10⤵
        
        PID:11100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4972 -s 216
        9⤵
        
        PID:8840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2936 -s 216
        8⤵
        
        PID:6380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2808 -s 236
        7⤵
        
        PID:4484
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1588 -s 240
        6⤵
        Program crash
        
        PID:2632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5065.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49326.exe
        6⤵
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42886.exe
        7⤵
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64204.exe
        8⤵
        
        PID:4512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24978.exe
        9⤵
        
        PID:6248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30759.exe
        10⤵
        
        PID:9556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25360.exe
        11⤵
        
        PID:6432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9556 -s 216
        11⤵
        
        PID:11836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6248 -s 216
        10⤵
        
        PID:9536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4512 -s 216
        9⤵
        
        PID:7304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2832 -s 216
        8⤵
        
        PID:6008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2764 -s 236
        7⤵
        Program crash
        
        PID:3928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27104.exe
        6⤵
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11879.exe
        7⤵
        
        PID:5112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31968.exe
        8⤵
        
        PID:6976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10255.exe
        9⤵
        
        PID:8612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5266.exe
        10⤵
        
        PID:12024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8612 -s 216
        10⤵
        
        PID:11764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6976 -s 216
        9⤵
        
        PID:9904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5112 -s 216
        8⤵
        
        PID:7620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2380 -s 216
        7⤵
        
        PID:5452
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2924 -s 240
        6⤵
        
        PID:4188
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1688 -s 240
        5⤵
        Program crash
        
        PID:1792
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2516 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1856
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58630.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58630.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50867.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50867.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30338.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14048.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29098.exe
        7⤵
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63306.exe
        8⤵
        
        PID:2200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28875.exe
        9⤵
        
        PID:4528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63161.exe
        10⤵
        
        PID:6556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50331.exe
        11⤵
        
        PID:10928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6556 -s 216
        11⤵
        
        PID:10564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4528 -s 216
        10⤵
        
        PID:8832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2200 -s 216
        9⤵
        
        PID:6288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2984 -s 236
        8⤵
        
        PID:4532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63861.exe
        7⤵
        
        PID:2204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29669.exe
        8⤵
        
        PID:4576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39835.exe
        9⤵
        
        PID:7064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34192.exe
        10⤵
        
        PID:9540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12993.exe
        11⤵
        
        PID:8264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7064 -s 216
        10⤵
        
        PID:10636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4576 -s 216
        9⤵
        
        PID:8508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2204 -s 216
        8⤵
        
        PID:3900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2996 -s 240
        7⤵
        
        PID:4924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52211.exe
        6⤵
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33156.exe
        7⤵
        
        PID:280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57162.exe
        8⤵
        
        PID:5456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9544.exe
        9⤵
        
        PID:6184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37417.exe
        10⤵
        
        PID:8456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20513.exe
        11⤵
        
        PID:5264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8456 -s 236
        11⤵
        
        PID:11420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6184 -s 236
        10⤵
        
        PID:9936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5456 -s 216
        9⤵
        
        PID:7244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 280 -s 216
        8⤵
        
        PID:5440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1664 -s 236
        7⤵
        
        PID:4720
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1828 -s 240
        6⤵
        Program crash
        
        PID:476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28993.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26960.exe
        6⤵
        
        PID:1996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24988.exe
        7⤵
        
        PID:2484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26078.exe
        8⤵
        
        PID:4240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40136.exe
        9⤵
        
        PID:6860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54137.exe
        10⤵
        
        PID:8576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46963.exe
        11⤵
        
        PID:11272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8576 -s 216
        11⤵
        
        PID:11532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6860 -s 216
        10⤵
        
        PID:10068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4240 -s 216
        9⤵
        
        PID:7728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2484 -s 216
        8⤵
        
        PID:5676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1996 -s 216
        7⤵
        
        PID:4492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29626.exe
        6⤵
        
        PID:3032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55517.exe
        7⤵
        
        PID:4868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38465.exe
        8⤵
        
        PID:7220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38271.exe
        9⤵
        
        PID:11136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7220 -s 216
        9⤵
        
        PID:2128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4868 -s 216
        8⤵
        
        PID:8856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3032 -s 216
        7⤵
        
        PID:6304
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2316 -s 240
        6⤵
        
        PID:4436
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2228 -s 240
        5⤵
        Program crash
        
        PID:1048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57535.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57535.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39321.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24822.exe
        6⤵
        
        PID:1992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40255.exe
        7⤵
        
        PID:3300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25694.exe
        8⤵
        
        PID:4896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58034.exe
        9⤵
        
        PID:6196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15133.exe
        10⤵
        
        PID:8760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38686.exe
        11⤵
        
        PID:11492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8760 -s 216
        11⤵
        
        PID:11908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6196 -s 216
        10⤵
        
        PID:9256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4896 -s 216
        9⤵
        
        PID:8000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3300 -s 236
        8⤵
        
        PID:5228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1992 -s 236
        7⤵
        Program crash
        
        PID:3468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20389.exe
        6⤵
        
        PID:3272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58366.exe
        7⤵
        
        PID:3740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30240.exe
        8⤵
        
        PID:6628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50712.exe
        9⤵
        
        PID:9088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56330.exe
        10⤵
        
        PID:11768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9088 -s 216
        10⤵
        
        PID:6584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6628 -s 216
        9⤵
        
        PID:2144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3740 -s 216
        8⤵
        
        PID:7816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3272 -s 216
        7⤵
        
        PID:5728
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1676 -s 240
        6⤵
        Program crash
        
        PID:3760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29460.exe
        5⤵
        
        PID:2780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20328.exe
        6⤵
        
        PID:2192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42969.exe
        7⤵
        
        PID:3476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36742.exe
        8⤵
        
        PID:5420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58200.exe
        9⤵
        
        PID:7580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19797.exe
        10⤵
        
        PID:11108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7580 -s 216
        10⤵
        
        PID:10380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5420 -s 236
        9⤵
        
        PID:9068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3476 -s 216
        8⤵
        
        PID:6788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2192 -s 236
        7⤵
        
        PID:4764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33217.exe
        6⤵
        
        PID:3516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20982.exe
        7⤵
        
        PID:5792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-193.exe
        8⤵
        
        PID:7984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7984 -s 220
        9⤵
        
        PID:9820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5792 -s 216
        8⤵
        
        PID:9116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3516 -s 216
        7⤵
        
        PID:7144
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2780 -s 240
        6⤵
        
        PID:5080
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2060 -s 240
        5⤵
        Program crash
        
        PID:1596
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1272 -s 240
      4⤵
      Program crash
      PID:1904
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2664 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:1668
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2188 -s 240
  2⤵
  - Program crash
  PID:2668

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-19835.exe

Filesize
184KB

MD5
5318ad0fc906db812c6c047b71ecb4dd

SHA1
497f4a7154ed9bd964c72debff544f0d98e8f263

SHA256
dcd56ef415e578459c9adb733b323d789fc3372835dfd53908fa56a646c829ee

SHA512
642b105378dcb1c0a0039f4c0e026d89c30e57f9d19b588ba24b450d1de39535178ae5d17ef325ab524910e0de5fe271982d91686241fc82c137712d39bce209

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2227.exe

Filesize
184KB

MD5
b54df558add3a0ab804a961e98719391

SHA1
bfcb45cd9b4866d1c5f3561bcdd993c4f73a5f90

SHA256
756277dd7c4e25a9dd1b058606ee239cb4df369a992f2aca560d603958fc1019

SHA512
0c5b07fade66fca4ad3ff54ab551e771d032b3de5b16f77beade1c0d100aa52739cf25264640170aed7f9372d2c2a2e542e2ce75dbd4cdad38460c28792c09ad

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2419.exe

Filesize
184KB

MD5
43eeffbe58ba785d0bca3ff5fcc0116d

SHA1
fd0ac2c67380361276594095f3180ff2a856b3bf

SHA256
498fec16474f1022cf801bd196cc914493e586d5429dce1ff3ee20d47788e0fe

SHA512
ab4c83ba1ea96d894568fb9fc687178f0087f6cb67d3377f5662ef7b626de91ba61454c80d8f7019124f9ece6af6e1fe9aa00499032a0f437e0d32d74e61e236

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2740.exe

Filesize
184KB

MD5
ec32656d04133682fd38214b8bb87360

SHA1
ccb2ac2a87011eefe105851fa331373f9c0d3ffb

SHA256
01259c921411b5301b7497cfb5090cd1e233fcb839547e8fa5dd5378b6267fba

SHA512
56b8449df02ce9838fc8ef52b13f4a6eecb7e6b275ddc039703c49683e4e544558a0401ec88e5f7f49a93efd84a45134bc590987e01a0fcd80100f732bfba28c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32485.exe

Filesize
184KB

MD5
a5b32b96721032b0d8761e8bb0e54b0b

SHA1
5705644cc8c125d5c4720bc6b8056bc81636a670

SHA256
efa7f7d732d0e696ff013e4fd2e5b7a95e8a7a8989160a72bf240d40e6f80fcd

SHA512
74755c2e103d38eb7cf24de70619e4ae495117a8d248e359a271f9fca55513b0f8435a18147a7f177faf77c0ac5fe8b842ee8d8daee3e4d2099981b5129133c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37072.exe

Filesize
184KB

MD5
906840f4faf7520df76479849091407e

SHA1
19f47358f5599c22c9109bcff135f148a4ec5a41

SHA256
2865f174ddcbd0e21f7ce478dabc0a511afa7aecafb89350cabd62536e9531ea

SHA512
f3144ccdefb8ed9dd1363996eb0f7741fcc97c2a14cf9301c781b57ff054a4f68fc601810786ac47332abb20e80dba7c10becaa66706befc0a8e32836be6f404

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39875.exe

Filesize
184KB

MD5
8dde6b0734604f6edb9a9d5b8bb0f206

SHA1
f279c3cc70092ed4a21fb2bfded5881af8300d39

SHA256
1c7b2016fb9cb6e7847c21dcdddc9a0a77a41a6a4b190f5e8e12f23cb680fdc1

SHA512
f86c60fc301a84b0a2d10d663bf23b39f09c610aac9d4aaf0192a63a5ffa4358bf2994e1a9a28dc2697b648451b6ba16eab2e1941dc8b6bb9f5a37e6a17a0ab1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46783.exe

Filesize
184KB

MD5
57a711c4b319226cfd0d0ad5c8b71ae7

SHA1
e5c1f0711135d7d004627f6292ded686d5bffbdb

SHA256
ea9bec2b8d64e38d958a959a549290b24f49fa607f3fd4a38791291a6f9f1f1b

SHA512
fd3bf20ac774451ed97bc2423dcd52f7999f9e6f5fc2e2558c8cacfa037f8d92f9e5f993a4f719ef0cb8f061de904686fc610f8b197ac39b9175192b3659063a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5937.exe

Filesize
184KB

MD5
ddd1f65337c8145882938d9d753f5006

SHA1
20c01cd7d24bc4c0e4c4882178cdf89f5ce3202e

SHA256
95229397daa22570b883961354c92a235607fd011318de7276e0c80175b7453c

SHA512
78b37b7b1c3be5b4e6dd1aa219e6f39ff16b7bc24879b88af46a5d85d774fb61e3707b825375a7d953cc2bce554884ce2e23cded7a86e6a70638114e4e633f75

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5999.exe

Filesize
184KB

MD5
0ea634fd52b66575af24994475931826

SHA1
0d8cbf76c60dcc1edc6ea5fcae233a9002edcdf5

SHA256
015ee60293903ab9779ec37cea23b495e988cf84be3e7ce4bb08ed96260e3084

SHA512
d4ce8fa54948d2270a38870372ad557705dea6e31d0276c11898806c6e7d6139e6c720b14eccba175c4ed406a212109f44782c6d0e7b0e327f83520ef4dadbd4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-10799.exe

Filesize
184KB

MD5
f07d0f4f36aea9fd6fda8598ddf33e44

SHA1
0521c3a5b58f3b83571a86cb3611af37536cfa87

SHA256
079a39aa7a77d5f46521b4f86835d6ae3194b28af4e4aa36d630f65cd6964884

SHA512
2521a1a5b27a4f2dc044a8f7581618058e92eb7442292de49b81aa63f10b03505d36b69da354eb105007d6162c5da7c6df36b35a611c53211d45467a1da30df3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-22968.exe

Filesize
184KB

MD5
1472ee740bbf3426fe1512de90e68f61

SHA1
b6e2dcafbf28e2f79eef82dd82716e23e64ac95c

SHA256
a3f72ec56d6c08e489a1239a974dae35c343109d48f28ccc55729ab63c1c06a6

SHA512
c32e18939773bdcc96604456ec55d71bcb919ef453cc9e0b2d6a8254029389a29f25ef619e8d5309db91d5ec88ac54b0e15901031f9d7259f761a72a8262e4b9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-25211.exe

Filesize
184KB

MD5
6bab179b903675cc86434bb727ac9cc5

SHA1
9d632e1ca217bad2a1a34aac2aa1fa729ad1a1ae

SHA256
2037e0374ab9b745a640e865ff8ba7b2f61845907ce3facffc793d41045043ab

SHA512
c84257fbcc4a6da5100f1e572586578381139eca73229182eb6eda665f1cc734b4d9596daf54f12be7623da5a6502ea7641894fb5b83fda3a0facaf4b74e146a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-34531.exe

Filesize
184KB

MD5
a783b4058f6efeb7ec07710b8417b6dd

SHA1
f186e52eeafdbc9d70d1e0bafaa98486fec3a5f1

SHA256
556735f2241d794d4fe930edf14478d6b364cfff14ed75f5caf57f3d74de6958

SHA512
2fa8ecd9212d9ec841f9e3b5d6426b616d78df744dce94edf524ea9a9493acddb80bc31937c51be3f66ab5107497616f18de7793ae42b6ed7b98f6d5f4dbf64b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3856.exe

Filesize
184KB

MD5
d44e660f692ba4ab714975e821def109

SHA1
eac3e2fd8104fffcb7e12fac2478f7e153880c4e

SHA256
cc5547759366a8c26f923c25fc918b6561416d03c54333c387334d55347ca72f

SHA512
65777f83ac44c814f36986bd82efd04d962eec35e1a19ffb3baa415b932f634604d2802272d78472c8e5e45d4a3cd27a3d25391b8b40f5b3591edf3c6ad1ac02

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-42834.exe

Filesize
184KB

MD5
b2eb18eee7c35f13266a745317efe331

SHA1
fa13d201a8731a88af2bfbb0b10998ea9b759195

SHA256
d3dac2e3a6b8bbbd522aa2c987e103ad7b774b20fbaa08e2da23caab85968f98

SHA512
44901fab35d2fc7e528c451c2ae05b3711551627c29e3966a877ef34fe5eae527d198ed875f25a3ebc547832e33467f3bba3e409b8962ac053710f4c2074cc32

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-53612.exe

Filesize
184KB

MD5
d6fca9397a79229960798c6f41004f94

SHA1
9f099082aa93da8eeafc2dc600eef179683f17d6

SHA256
030b4d196560e2b023688388ea9cf70db22f9c3ac61583649b815529e42be4de

SHA512
5eb3e5971e247dd12e61668239533a26a1326da20e1414f6ec819296f98caa0bd45d3934d1b020938fb1912f6008f5f2d7f5aba7b79f2d7ca7533b7d336ec081

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-58630.exe

Filesize
184KB

MD5
9476b0ab0e367f12a19c67fae591d174

SHA1
cbca241ecab72925f8d677128ee769fef3bf728d

SHA256
55347ac4bc30cc3918827fba7cfa9cabd5fbdc4869ea884a517a4c7bb5b20efb

SHA512
c602a35479f06a3d4c92c5499d912f2950777397cf111396237a8c82415e204363623c80ec44ff60a3d532735c5f7e0403d185acfa55c5293eb6cae9e583733e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-61391.exe

Filesize
184KB

MD5
7fff5185340340bd31203bb1721dbe0d

SHA1
901f7e5b1e99fe196c555ed075871a6e598cf2c5

SHA256
72642588508bae0f1063472e3aebe328b9e6bf5ea88f267272c8b2696c150a73

SHA512
51f3d8a9709cabbf51cdf134581480e06aac5cea3cff91392332729f683177b4ccf4cf662584dad94390acfdaa971d48b247c35983aaa149ed97f86aaf21ca4e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-61728.exe

Filesize
184KB

MD5
51d596cfc744d56aee20647d8a7ba014

SHA1
c3ce57780008d00c29abea88e8b3fbccbb3919af

SHA256
de1e611c08df19fb968c50ea833abc7ff4d49dd251d0f4e631682f7be770e07c

SHA512
f4da291f03841edb7e5560d05c4869a35e0fb3498ecfe0c3f0aadff1db834324dc57c763e6b855b45c21b6de1606d6bd0e58bb9e7cb5ab6696d45230e0fc7a49

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-8023.exe

Filesize
184KB

MD5
30d5a05509b299344f438c01ec95c2cd

SHA1
1463147c970aea0f1dd50b6881e03a797d5b766d

SHA256
430d620db25f710f6e2edf4f229fbf9d5b59d16caa92f8de8edcfafba452435f

SHA512
b6ef179e06817b0f7026796228552269fad75c31969a10226961b5f37105f86eb4c119371f919fb6d8b4711ad44c741308c238c6347cf233df9d8edda8b20a07

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads