c0ebacb367dc5ce9246bba31cdd5d6bfd65c1c79f9d03e77a82115c761b6a84d

Analysis

max time kernel
150s
max time network
118s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
29-05-2024 01:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c0ebacb367dc5ce9246bba31cdd5d6bfd65c1c79f9d03e77a82115c761b6a84d.exe
Size

184KB
MD5

6a1215538081d9ff78276e4e5a15bb51
SHA1

bc5b9eca1f6843eb3b7cfed8c304967500185b43
SHA256

c0ebacb367dc5ce9246bba31cdd5d6bfd65c1c79f9d03e77a82115c761b6a84d
SHA512

3c7366f534386207d98feaeecf080cda4fe1ef0f449719d5269cd8b384d2512e9c4341c082b2aa1d7d7faf34a31bc35f1807a79a770342140ab3c0d4c95b9056
SSDEEP

3072:trtQkNoPuFa2dZ2Aej6LpdNCIh4Dw1+IetBIq5EFbr5UlnVOFBrl:tr7oZCZ2yLbNCIDGILUlnVOFBr

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2252	Unicorn-5465.exe
2140	Unicorn-11882.exe
1668	Unicorn-57746.exe
2736	Unicorn-17846.exe
2624	Unicorn-13631.exe
3056	Unicorn-48214.exe
1620	Unicorn-18106.exe
2812	Unicorn-36772.exe
2972	Unicorn-31488.exe
2932	Unicorn-9657.exe
2768	Unicorn-55329.exe
1420	Unicorn-13194.exe
1392	Unicorn-26385.exe
2528	Unicorn-63682.exe
2060	Unicorn-43817.exe
1788	Unicorn-61736.exe
2412	Unicorn-11658.exe
784	Unicorn-57522.exe
1472	Unicorn-11850.exe
1840	Unicorn-34041.exe
2208	Unicorn-33910.exe
1512	Unicorn-53968.exe
820	Unicorn-34975.exe
620	Unicorn-2302.exe
320	Unicorn-47974.exe
2340	Unicorn-48166.exe
2940	Unicorn-22230.exe
2368	Unicorn-54902.exe
1192	Unicorn-35228.exe
816	Unicorn-55094.exe
1556	Unicorn-12997.exe
2172	Unicorn-32863.exe
2576	Unicorn-19623.exe
2704	Unicorn-32813.exe
2592	Unicorn-52871.exe
2456	Unicorn-52357.exe
2984	Unicorn-55403.exe
2976	Unicorn-9731.exe
2996	Unicorn-42596.exe
3012	Unicorn-19907.exe
2828	Unicorn-4220.exe
2664	Unicorn-62653.exe
2636	Unicorn-42979.exe
1940	Unicorn-62845.exe
2396	Unicorn-60577.exe
860	Unicorn-30557.exe
1128	Unicorn-30557.exe
1404	Unicorn-45082.exe
2072	Unicorn-25539.exe
1780	Unicorn-25408.exe
1796	Unicorn-40675.exe
1380	Unicorn-13665.exe
1784	Unicorn-7505.exe
700	Unicorn-44034.exe
2916	Unicorn-58507.exe
2924	Unicorn-58699.exe
3052	Unicorn-47215.exe
1568	Unicorn-50059.exe
2128	Unicorn-17387.exe
2240	Unicorn-17579.exe
2212	Unicorn-17579.exe
1224	Unicorn-30961.exe
1100	Unicorn-35368.exe
2156	Unicorn-31153.exe

Loads dropped DLL 64 IoCs

pid	Process
2344	c0ebacb367dc5ce9246bba31cdd5d6bfd65c1c79f9d03e77a82115c761b6a84d.exe
2344	c0ebacb367dc5ce9246bba31cdd5d6bfd65c1c79f9d03e77a82115c761b6a84d.exe
2252	Unicorn-5465.exe
2252	Unicorn-5465.exe
2344	c0ebacb367dc5ce9246bba31cdd5d6bfd65c1c79f9d03e77a82115c761b6a84d.exe
2344	c0ebacb367dc5ce9246bba31cdd5d6bfd65c1c79f9d03e77a82115c761b6a84d.exe
2140	Unicorn-11882.exe
2140	Unicorn-11882.exe
2252	Unicorn-5465.exe
2252	Unicorn-5465.exe
1668	Unicorn-57746.exe
1668	Unicorn-57746.exe
2504	WerFault.exe
2504	WerFault.exe
2504	WerFault.exe
2504	WerFault.exe
2504	WerFault.exe
2624	Unicorn-13631.exe
2624	Unicorn-13631.exe
2736	Unicorn-17846.exe
2736	Unicorn-17846.exe
2140	Unicorn-11882.exe
2140	Unicorn-11882.exe
3056	Unicorn-48214.exe
1668	Unicorn-57746.exe
3056	Unicorn-48214.exe
1668	Unicorn-57746.exe
1644	WerFault.exe
1644	WerFault.exe
1644	WerFault.exe
1644	WerFault.exe
2652	WerFault.exe
2652	WerFault.exe
2652	WerFault.exe
2652	WerFault.exe
2652	WerFault.exe
1644	WerFault.exe
1620	Unicorn-18106.exe
1620	Unicorn-18106.exe
2624	Unicorn-13631.exe
2624	Unicorn-13631.exe
3056	Unicorn-48214.exe
2932	Unicorn-9657.exe
2932	Unicorn-9657.exe
3056	Unicorn-48214.exe
2768	Unicorn-55329.exe
2768	Unicorn-55329.exe
2812	Unicorn-36772.exe
2812	Unicorn-36772.exe
2736	Unicorn-17846.exe
2736	Unicorn-17846.exe
2972	Unicorn-31488.exe
2972	Unicorn-31488.exe
1808	WerFault.exe
1808	WerFault.exe
1808	WerFault.exe
1808	WerFault.exe
1808	WerFault.exe
920	WerFault.exe
920	WerFault.exe
920	WerFault.exe
920	WerFault.exe
920	WerFault.exe
1096	WerFault.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2692	2344	WerFault.exe	27
2504	2252	WerFault.exe	28
1644	2140	WerFault.exe	29
2652	1668	WerFault.exe	30
1808	2624	WerFault.exe	33
920	2736	WerFault.exe	32
1096	3056	WerFault.exe	34
1124	2208	WerFault.exe	55
1708	2932	WerFault.exe	39
2620	2768	WerFault.exe	40
3032	2812	WerFault.exe	37
2584	2972	WerFault.exe	38
580	1420	WerFault.exe	43
2124	1392	WerFault.exe	44
604	1788	WerFault.exe	48
412	2528	WerFault.exe	45
1880	2060	WerFault.exe	46
1980	1472	WerFault.exe	50
1540	2412	WerFault.exe	47
2360	1840	WerFault.exe	54
1544	1512	WerFault.exe	56
2248	820	WerFault.exe	58
2244	620	WerFault.exe	59
2092	320	WerFault.exe	60
360	2940	WerFault.exe	62
2960	816	WerFault.exe	65
2968	1556	WerFault.exe	66
2836	2340	WerFault.exe	61
2848	2172	WerFault.exe	67
2648	2368	WerFault.exe	63
1752	1620	WerFault.exe	36
916	2576	WerFault.exe	71
2928	2704	WerFault.exe	72
2004	2592	WerFault.exe	74
3156	2996	WerFault.exe	78
3580	2984	WerFault.exe	77
3680	1316	WerFault.exe	142
3844	1940	WerFault.exe	83
3880	2976	WerFault.exe	76
3904	1380	WerFault.exe	96
3964	2820	WerFault.exe	150
3992	1784	WerFault.exe	99
4028	2664	WerFault.exe	81
4064	3012	WerFault.exe	79
4072	2636	WerFault.exe	82
3116	2156	WerFault.exe	110
3320	2924	WerFault.exe	102
3340	2456	WerFault.exe	75
3360	3052	WerFault.exe	103
3420	1100	WerFault.exe	109
3436	2240	WerFault.exe	106
3568	2828	WerFault.exe	80
3764	1792	WerFault.exe	122
3780	1796	WerFault.exe	90
3676	2916	WerFault.exe	101
4036	636	WerFault.exe	119
3140	2500	WerFault.exe	117
3100	2764	WerFault.exe	116
3596	1404	WerFault.exe	87
3668	2808	WerFault.exe	131
3732	2832	WerFault.exe	132
3252	1848	WerFault.exe	123
3716	844	WerFault.exe	125
3316	1692	WerFault.exe	120

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2344	c0ebacb367dc5ce9246bba31cdd5d6bfd65c1c79f9d03e77a82115c761b6a84d.exe
2252	Unicorn-5465.exe
2140	Unicorn-11882.exe
1668	Unicorn-57746.exe
2624	Unicorn-13631.exe
2736	Unicorn-17846.exe
3056	Unicorn-48214.exe
1620	Unicorn-18106.exe
2812	Unicorn-36772.exe
2768	Unicorn-55329.exe
2932	Unicorn-9657.exe
2972	Unicorn-31488.exe
1420	Unicorn-13194.exe
1392	Unicorn-26385.exe
2528	Unicorn-63682.exe
2060	Unicorn-43817.exe
1788	Unicorn-61736.exe
2412	Unicorn-11658.exe
784	Unicorn-57522.exe
1472	Unicorn-11850.exe
1840	Unicorn-34041.exe
2208	Unicorn-33910.exe
1512	Unicorn-53968.exe
820	Unicorn-34975.exe
620	Unicorn-2302.exe
320	Unicorn-47974.exe
2368	Unicorn-54902.exe
2940	Unicorn-22230.exe
2340	Unicorn-48166.exe
816	Unicorn-55094.exe
1556	Unicorn-12997.exe
2172	Unicorn-32863.exe
2576	Unicorn-19623.exe
2704	Unicorn-32813.exe
2592	Unicorn-52871.exe
2456	Unicorn-52357.exe
2984	Unicorn-55403.exe
2976	Unicorn-9731.exe
3012	Unicorn-19907.exe
2996	Unicorn-42596.exe
2828	Unicorn-4220.exe
2636	Unicorn-42979.exe
2664	Unicorn-62653.exe
1128	Unicorn-30557.exe
1940	Unicorn-62845.exe
2396	Unicorn-60577.exe
860	Unicorn-30557.exe
2072	Unicorn-25539.exe
1404	Unicorn-45082.exe
1796	Unicorn-40675.exe
1780	Unicorn-25408.exe
1380	Unicorn-13665.exe
1784	Unicorn-7505.exe
700	Unicorn-44034.exe
2916	Unicorn-58507.exe
2924	Unicorn-58699.exe
3052	Unicorn-47215.exe
1568	Unicorn-50059.exe
2128	Unicorn-17387.exe
2240	Unicorn-17579.exe
2212	Unicorn-17579.exe
1224	Unicorn-30961.exe
1100	Unicorn-35368.exe
2156	Unicorn-31153.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2344 wrote to memory of 2252	2344	c0ebacb367dc5ce9246bba31cdd5d6bfd65c1c79f9d03e77a82115c761b6a84d.exe	28
PID 2344 wrote to memory of 2252	2344	c0ebacb367dc5ce9246bba31cdd5d6bfd65c1c79f9d03e77a82115c761b6a84d.exe	28
PID 2344 wrote to memory of 2252	2344	c0ebacb367dc5ce9246bba31cdd5d6bfd65c1c79f9d03e77a82115c761b6a84d.exe	28
PID 2344 wrote to memory of 2252	2344	c0ebacb367dc5ce9246bba31cdd5d6bfd65c1c79f9d03e77a82115c761b6a84d.exe	28
PID 2252 wrote to memory of 2140	2252	Unicorn-5465.exe	29
PID 2252 wrote to memory of 2140	2252	Unicorn-5465.exe	29
PID 2252 wrote to memory of 2140	2252	Unicorn-5465.exe	29
PID 2252 wrote to memory of 2140	2252	Unicorn-5465.exe	29
PID 2344 wrote to memory of 1668	2344	c0ebacb367dc5ce9246bba31cdd5d6bfd65c1c79f9d03e77a82115c761b6a84d.exe	30
PID 2344 wrote to memory of 1668	2344	c0ebacb367dc5ce9246bba31cdd5d6bfd65c1c79f9d03e77a82115c761b6a84d.exe	30
PID 2344 wrote to memory of 1668	2344	c0ebacb367dc5ce9246bba31cdd5d6bfd65c1c79f9d03e77a82115c761b6a84d.exe	30
PID 2344 wrote to memory of 1668	2344	c0ebacb367dc5ce9246bba31cdd5d6bfd65c1c79f9d03e77a82115c761b6a84d.exe	30
PID 2344 wrote to memory of 2692	2344	c0ebacb367dc5ce9246bba31cdd5d6bfd65c1c79f9d03e77a82115c761b6a84d.exe	31
PID 2344 wrote to memory of 2692	2344	c0ebacb367dc5ce9246bba31cdd5d6bfd65c1c79f9d03e77a82115c761b6a84d.exe	31
PID 2344 wrote to memory of 2692	2344	c0ebacb367dc5ce9246bba31cdd5d6bfd65c1c79f9d03e77a82115c761b6a84d.exe	31
PID 2344 wrote to memory of 2692	2344	c0ebacb367dc5ce9246bba31cdd5d6bfd65c1c79f9d03e77a82115c761b6a84d.exe	31
PID 2140 wrote to memory of 2736	2140	Unicorn-11882.exe	32
PID 2140 wrote to memory of 2736	2140	Unicorn-11882.exe	32
PID 2140 wrote to memory of 2736	2140	Unicorn-11882.exe	32
PID 2140 wrote to memory of 2736	2140	Unicorn-11882.exe	32
PID 2252 wrote to memory of 2624	2252	Unicorn-5465.exe	33
PID 2252 wrote to memory of 2624	2252	Unicorn-5465.exe	33
PID 2252 wrote to memory of 2624	2252	Unicorn-5465.exe	33
PID 2252 wrote to memory of 2624	2252	Unicorn-5465.exe	33
PID 1668 wrote to memory of 3056	1668	Unicorn-57746.exe	34
PID 1668 wrote to memory of 3056	1668	Unicorn-57746.exe	34
PID 1668 wrote to memory of 3056	1668	Unicorn-57746.exe	34
PID 1668 wrote to memory of 3056	1668	Unicorn-57746.exe	34
PID 2252 wrote to memory of 2504	2252	Unicorn-5465.exe	35
PID 2252 wrote to memory of 2504	2252	Unicorn-5465.exe	35
PID 2252 wrote to memory of 2504	2252	Unicorn-5465.exe	35
PID 2252 wrote to memory of 2504	2252	Unicorn-5465.exe	35
PID 2624 wrote to memory of 1620	2624	Unicorn-13631.exe	36
PID 2624 wrote to memory of 1620	2624	Unicorn-13631.exe	36
PID 2624 wrote to memory of 1620	2624	Unicorn-13631.exe	36
PID 2624 wrote to memory of 1620	2624	Unicorn-13631.exe	36
PID 2736 wrote to memory of 2812	2736	Unicorn-17846.exe	37
PID 2736 wrote to memory of 2812	2736	Unicorn-17846.exe	37
PID 2736 wrote to memory of 2812	2736	Unicorn-17846.exe	37
PID 2736 wrote to memory of 2812	2736	Unicorn-17846.exe	37
PID 2140 wrote to memory of 2972	2140	Unicorn-11882.exe	38
PID 2140 wrote to memory of 2972	2140	Unicorn-11882.exe	38
PID 2140 wrote to memory of 2972	2140	Unicorn-11882.exe	38
PID 2140 wrote to memory of 2972	2140	Unicorn-11882.exe	38
PID 3056 wrote to memory of 2932	3056	Unicorn-48214.exe	39
PID 3056 wrote to memory of 2932	3056	Unicorn-48214.exe	39
PID 3056 wrote to memory of 2932	3056	Unicorn-48214.exe	39
PID 3056 wrote to memory of 2932	3056	Unicorn-48214.exe	39
PID 1668 wrote to memory of 2768	1668	Unicorn-57746.exe	40
PID 1668 wrote to memory of 2768	1668	Unicorn-57746.exe	40
PID 1668 wrote to memory of 2768	1668	Unicorn-57746.exe	40
PID 1668 wrote to memory of 2768	1668	Unicorn-57746.exe	40
PID 2140 wrote to memory of 1644	2140	Unicorn-11882.exe	41
PID 2140 wrote to memory of 1644	2140	Unicorn-11882.exe	41
PID 2140 wrote to memory of 1644	2140	Unicorn-11882.exe	41
PID 2140 wrote to memory of 1644	2140	Unicorn-11882.exe	41
PID 1668 wrote to memory of 2652	1668	Unicorn-57746.exe	42
PID 1668 wrote to memory of 2652	1668	Unicorn-57746.exe	42
PID 1668 wrote to memory of 2652	1668	Unicorn-57746.exe	42
PID 1668 wrote to memory of 2652	1668	Unicorn-57746.exe	42
PID 1620 wrote to memory of 1420	1620	Unicorn-18106.exe	43
PID 1620 wrote to memory of 1420	1620	Unicorn-18106.exe	43
PID 1620 wrote to memory of 1420	1620	Unicorn-18106.exe	43
PID 1620 wrote to memory of 1420	1620	Unicorn-18106.exe	43

C:\Users\Admin\AppData\Local\Temp\c0ebacb367dc5ce9246bba31cdd5d6bfd65c1c79f9d03e77a82115c761b6a84d.exe
"C:\Users\Admin\AppData\Local\Temp\c0ebacb367dc5ce9246bba31cdd5d6bfd65c1c79f9d03e77a82115c761b6a84d.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2344
- C:\Users\Admin\AppData\Local\Temp\Unicorn-5465.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-5465.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2252
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11882.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11882.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17846.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17846.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36772.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61736.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34975.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9731.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17579.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10394.exe
        10⤵
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1301.exe
        11⤵
        
        PID:3392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41789.exe
        12⤵
        
        PID:6132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57514.exe
        13⤵
        
        PID:8380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18250.exe
        14⤵
        
        PID:10772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6132 -s 216
        13⤵
        
        PID:9220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3392 -s 216
        12⤵
        
        PID:7104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1764 -s 216
        11⤵
        
        PID:5332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2240 -s 216
        10⤵
        Program crash
        
        PID:3436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56642.exe
        9⤵
        
        PID:1324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45066.exe
        10⤵
        
        PID:3552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54549.exe
        11⤵
        
        PID:5764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20747.exe
        12⤵
        
        PID:7736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12026.exe
        13⤵
        
        PID:10648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7736 -s 216
        13⤵
        
        PID:4952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5764 -s 220
        12⤵
        
        PID:9188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3552 -s 216
        11⤵
        
        PID:7140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1324 -s 236
        10⤵
        
        PID:3544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2976 -s 240
        9⤵
        Program crash
        
        PID:3880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 820 -s 236
        8⤵
        Program crash
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55403.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17387.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46741.exe
        9⤵
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46114.exe
        10⤵
        
        PID:3924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16921.exe
        11⤵
        
        PID:5396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15432.exe
        12⤵
        
        PID:7540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49385.exe
        13⤵
        
        PID:10676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7540 -s 216
        13⤵
        
        PID:11220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5396 -s 216
        12⤵
        
        PID:8572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3924 -s 236
        11⤵
        
        PID:6920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2196 -s 236
        10⤵
        
        PID:4760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30088.exe
        9⤵
        
        PID:3956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10615.exe
        10⤵
        
        PID:5480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39184.exe
        11⤵
        
        PID:8296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19786.exe
        12⤵
        
        PID:10720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8296 -s 220
        12⤵
        
        PID:11440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5480 -s 216
        11⤵
        
        PID:8580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3956 -s 236
        10⤵
        
        PID:6972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2128 -s 240
        9⤵
        
        PID:5112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25313.exe
        8⤵
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6695.exe
        9⤵
        
        PID:3272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36210.exe
        10⤵
        
        PID:5604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49195.exe
        11⤵
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24684.exe
        12⤵
        
        PID:10816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2748 -s 216
        12⤵
        
        PID:10440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5604 -s 216
        11⤵
        
        PID:9080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3272 -s 216
        10⤵
        
        PID:7040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2544 -s 236
        9⤵
        
        PID:4496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2984 -s 240
        8⤵
        Program crash
        
        PID:3580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1788 -s 240
        7⤵
        Program crash
        
        PID:604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47974.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4220.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35368.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10394.exe
        9⤵
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48115.exe
        10⤵
        
        PID:3504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45027.exe
        11⤵
        
        PID:5592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3632.exe
        12⤵
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52546.exe
        13⤵
        
        PID:11128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2008 -s 204
        13⤵
        
        PID:5228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5592 -s 220
        12⤵
        
        PID:9040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3504 -s 216
        11⤵
        
        PID:6848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2884 -s 236
        10⤵
        
        PID:5192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1100 -s 216
        9⤵
        Program crash
        
        PID:3420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56642.exe
        8⤵
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42495.exe
        9⤵
        
        PID:4260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41981.exe
        10⤵
        
        PID:5352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47571.exe
        11⤵
        
        PID:8240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4824.exe
        12⤵
        
        PID:10476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8240 -s 216
        12⤵
        
        PID:11296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5352 -s 216
        11⤵
        
        PID:8736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4260 -s 216
        10⤵
        
        PID:7156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1584 -s 236
        9⤵
        
        PID:5584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2828 -s 240
        8⤵
        Program crash
        
        PID:3568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31153.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29279.exe
        8⤵
        
        PID:1772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51194.exe
        9⤵
        
        PID:3492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19799.exe
        10⤵
        
        PID:3532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38151.exe
        11⤵
        
        PID:5860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40674.exe
        12⤵
        
        PID:7864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7688.exe
        13⤵
        
        PID:10888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7864 -s 216
        13⤵
        
        PID:10528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5860 -s 216
        12⤵
        
        PID:9196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3532 -s 216
        11⤵
        
        PID:6224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3492 -s 236
        10⤵
        
        PID:4748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41178.exe
        9⤵
        
        PID:3588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32676.exe
        10⤵
        
        PID:5724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35266.exe
        11⤵
        
        PID:8800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22721.exe
        12⤵
        
        PID:11084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8800 -s 220
        12⤵
        
        PID:11644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5724 -s 216
        11⤵
        
        PID:9560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3588 -s 216
        10⤵
        
        PID:7112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1772 -s 240
        9⤵
        
        PID:4920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45034.exe
        8⤵
        
        PID:3520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28237.exe
        9⤵
        
        PID:3952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62878.exe
        10⤵
        
        PID:6108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30960.exe
        11⤵
        
        PID:7704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54196.exe
        12⤵
        
        PID:11040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7704 -s 216
        12⤵
        
        PID:5448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6108 -s 220
        11⤵
        
        PID:8952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3952 -s 236
        10⤵
        
        PID:6524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3520 -s 236
        9⤵
        
        PID:4280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2156 -s 240
        8⤵
        Program crash
        
        PID:3116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 320 -s 240
        7⤵
        Program crash
        
        PID:2092
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2812 -s 240
        6⤵
        Program crash
        
        PID:3032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57522.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32863.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45082.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58990.exe
        8⤵
        
        PID:1792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1728.exe
        9⤵
        
        PID:1268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38416.exe
        10⤵
        
        PID:4080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12800.exe
        11⤵
        
        PID:6080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53902.exe
        12⤵
        
        PID:8076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22946.exe
        13⤵
        
        PID:11156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8076 -s 216
        13⤵
        
        PID:6244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6080 -s 220
        12⤵
        
        PID:8972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4080 -s 216
        11⤵
        
        PID:6484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1268 -s 216
        10⤵
        
        PID:5304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1792 -s 236
        9⤵
        Program crash
        
        PID:3764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31582.exe
        8⤵
        
        PID:1952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46133.exe
        9⤵
        
        PID:4464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52588.exe
        10⤵
        
        PID:5980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12044.exe
        11⤵
        
        PID:8776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22887.exe
        12⤵
        
        PID:11256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8776 -s 216
        12⤵
        
        PID:11680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5980 -s 216
        11⤵
        
        PID:9504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4464 -s 216
        10⤵
        
        PID:7084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1952 -s 216
        9⤵
        
        PID:5836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1404 -s 240
        8⤵
        Program crash
        
        PID:3596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39316.exe
        7⤵
        
        PID:1848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53752.exe
        8⤵
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31250.exe
        9⤵
        
        PID:4520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44651.exe
        10⤵
        
        PID:5620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22268.exe
        11⤵
        
        PID:8832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37796.exe
        12⤵
        
        PID:11092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8832 -s 220
        12⤵
        
        PID:11636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5620 -s 216
        11⤵
        
        PID:9436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4520 -s 216
        10⤵
        
        PID:7356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1596 -s 216
        9⤵
        
        PID:5820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1848 -s 236
        8⤵
        Program crash
        
        PID:3252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2172 -s 240
        7⤵
        Program crash
        
        PID:2848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25408.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49841.exe
        7⤵
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1920.exe
        8⤵
        
        PID:2428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36289.exe
        9⤵
        
        PID:4768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2098.exe
        10⤵
        
        PID:6452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5063.exe
        11⤵
        
        PID:8488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7210.exe
        12⤵
        
        PID:6248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8488 -s 216
        12⤵
        
        PID:12116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6452 -s 216
        11⤵
        
        PID:9364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4768 -s 216
        10⤵
        
        PID:7812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2428 -s 216
        9⤵
        
        PID:5500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2776 -s 236
        8⤵
        
        PID:4172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12039.exe
        7⤵
        
        PID:1712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12547.exe
        8⤵
        
        PID:5096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50905.exe
        9⤵
        
        PID:6808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56846.exe
        10⤵
        
        PID:8220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28572.exe
        11⤵
        
        PID:12080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8220 -s 216
        11⤵
        
        PID:11724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6808 -s 236
        10⤵
        
        PID:9396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5096 -s 216
        9⤵
        
        PID:8060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1780 -s 240
        7⤵
        
        PID:4564
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2736 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31488.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31488.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11850.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54902.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25539.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59182.exe
        8⤵
        
        PID:1768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35963.exe
        9⤵
        
        PID:1280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65225.exe
        10⤵
        
        PID:4340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38866.exe
        11⤵
        
        PID:6896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21283.exe
        12⤵
        
        PID:9776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9823.exe
        13⤵
        
        PID:1936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6896 -s 216
        12⤵
        
        PID:10360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4340 -s 216
        11⤵
        
        PID:8144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1280 -s 216
        10⤵
        
        PID:5440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1768 -s 236
        9⤵
        
        PID:4864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14151.exe
        8⤵
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43933.exe
        9⤵
        
        PID:4972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23007.exe
        10⤵
        
        PID:6736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16273.exe
        11⤵
        
        PID:9096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47375.exe
        12⤵
        
        PID:11776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9096 -s 236
        12⤵
        
        PID:11500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6736 -s 216
        11⤵
        
        PID:1348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4972 -s 216
        10⤵
        
        PID:8004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2512 -s 216
        9⤵
        
        PID:6016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2072 -s 240
        8⤵
        
        PID:4476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7220.exe
        7⤵
        
        PID:844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31905.exe
        8⤵
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34104.exe
        9⤵
        
        PID:4616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32041.exe
        10⤵
        
        PID:5392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22460.exe
        11⤵
        
        PID:8824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40100.exe
        12⤵
        
        PID:11196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8824 -s 216
        12⤵
        
        PID:11660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5392 -s 216
        11⤵
        
        PID:9444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4616 -s 216
        10⤵
        
        PID:7284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2732 -s 216
        9⤵
        
        PID:5932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 844 -s 236
        8⤵
        Program crash
        
        PID:3716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2368 -s 240
        7⤵
        Program crash
        
        PID:2648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40675.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17745.exe
        7⤵
        
        PID:2120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52792.exe
        8⤵
        
        PID:1468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46465.exe
        9⤵
        
        PID:4728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48372.exe
        10⤵
        
        PID:6212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25255.exe
        11⤵
        
        PID:9028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6353.exe
        12⤵
        
        PID:10512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9028 -s 220
        12⤵
        
        PID:11708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6212 -s 216
        11⤵
        
        PID:9540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4728 -s 216
        10⤵
        
        PID:7524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1468 -s 216
        9⤵
        
        PID:6140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2120 -s 216
        8⤵
        
        PID:3516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16097.exe
        7⤵
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28188.exe
        8⤵
        
        PID:4308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42557.exe
        9⤵
        
        PID:5616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25226.exe
        10⤵
        
        PID:8396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3288.exe
        11⤵
        
        PID:10552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8396 -s 216
        11⤵
        
        PID:11352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5616 -s 216
        10⤵
        
        PID:8228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4308 -s 216
        9⤵
        
        PID:6340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1604 -s 216
        8⤵
        
        PID:5596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1796 -s 240
        7⤵
        Program crash
        
        PID:3780
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1472 -s 240
        6⤵
        Program crash
        
        PID:1980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35228.exe
        5⤵
        Executes dropped EXE
        
        PID:1192
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2972 -s 240
        5⤵
        Program crash
        
        PID:2584
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2140 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1644
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13631.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13631.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18106.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18106.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13194.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34041.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19623.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13665.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13240.exe
        9⤵
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42564.exe
        10⤵
        
        PID:956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36906.exe
        11⤵
        
        PID:3856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44129.exe
        12⤵
        
        PID:5280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62288.exe
        13⤵
        
        PID:7600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36869.exe
        14⤵
        
        PID:11228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7600 -s 216
        14⤵
        
        PID:6856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5280 -s 220
        13⤵
        
        PID:8284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3856 -s 216
        12⤵
        
        PID:6664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 956 -s 236
        11⤵
        
        PID:5140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2808 -s 236
        10⤵
        Program crash
        
        PID:3668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57701.exe
        9⤵
        
        PID:3084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18323.exe
        10⤵
        
        PID:3364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62816.exe
        11⤵
        
        PID:5752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3632.exe
        12⤵
        
        PID:7656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7984.exe
        13⤵
        
        PID:11008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7656 -s 216
        13⤵
        
        PID:6276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5752 -s 220
        12⤵
        
        PID:9060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3364 -s 216
        11⤵
        
        PID:6960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3084 -s 216
        10⤵
        
        PID:5148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1380 -s 240
        9⤵
        Program crash
        
        PID:3904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17599.exe
        8⤵
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10083.exe
        9⤵
        
        PID:3132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35126.exe
        10⤵
        
        PID:3832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40253.exe
        11⤵
        
        PID:5772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27530.exe
        12⤵
        
        PID:8332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51114.exe
        13⤵
        
        PID:10824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8332 -s 220
        13⤵
        
        PID:11512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5772 -s 216
        12⤵
        
        PID:8724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3832 -s 216
        11⤵
        
        PID:6508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3132 -s 216
        10⤵
        
        PID:5384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2832 -s 236
        9⤵
        Program crash
        
        PID:3732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2576 -s 240
        8⤵
        Program crash
        
        PID:916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7505.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6494.exe
        8⤵
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14115.exe
        9⤵
        
        PID:3260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24279.exe
        10⤵
        
        PID:4272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49134.exe
        11⤵
        
        PID:7500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35593.exe
        12⤵
        
        PID:10388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7500 -s 216
        12⤵
        
        PID:11100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4272 -s 236
        11⤵
        
        PID:8320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3260 -s 216
        10⤵
        
        PID:6408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2840 -s 236
        9⤵
        
        PID:3624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21027.exe
        8⤵
        
        PID:3288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44023.exe
        9⤵
        
        PID:3704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5670.exe
        10⤵
        
        PID:5956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35266.exe
        11⤵
        
        PID:8792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55411.exe
        12⤵
        
        PID:10856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8792 -s 216
        12⤵
        
        PID:11532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5956 -s 216
        11⤵
        
        PID:9484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3704 -s 216
        10⤵
        
        PID:6332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3288 -s 236
        9⤵
        
        PID:4968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1784 -s 240
        8⤵
        Program crash
        
        PID:3992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1840 -s 240
        7⤵
        Program crash
        
        PID:2360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32813.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44034.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36863.exe
        8⤵
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8796.exe
        9⤵
        
        PID:3324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34219.exe
        10⤵
        
        PID:4888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16171.exe
        11⤵
        
        PID:7200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32610.exe
        11⤵
        
        PID:7708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54353.exe
        12⤵
        
        PID:10536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7708 -s 236
        12⤵
        
        PID:10656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4888 -s 220
        11⤵
        
        PID:8672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3324 -s 216
        10⤵
        
        PID:6296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2264 -s 236
        9⤵
        
        PID:4288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6528.exe
        8⤵
        
        PID:3352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11452.exe
        9⤵
        
        PID:5008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53567.exe
        10⤵
        
        PID:6676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1825.exe
        11⤵
        
        PID:8956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-395.exe
        12⤵
        
        PID:11732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8956 -s 216
        12⤵
        
        PID:11484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6676 -s 236
        11⤵
        
        PID:10228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5008 -s 216
        10⤵
        
        PID:7948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3352 -s 216
        9⤵
        
        PID:6020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 700 -s 240
        8⤵
        
        PID:4452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34786.exe
        7⤵
        
        PID:1316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33405.exe
        8⤵
        
        PID:3460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40302.exe
        9⤵
        
        PID:3380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24036.exe
        10⤵
        
        PID:5792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18635.exe
        11⤵
        
        PID:7928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7984.exe
        12⤵
        
        PID:11016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7928 -s 216
        12⤵
        
        PID:11080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5792 -s 216
        11⤵
        
        PID:9020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3380 -s 236
        10⤵
        
        PID:7124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3460 -s 236
        9⤵
        
        PID:4660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1316 -s 236
        8⤵
        Program crash
        
        PID:3680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 240
        7⤵
        Program crash
        
        PID:2928
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1420 -s 240
        6⤵
        Program crash
        
        PID:580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33910.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2208
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2208 -s 200
        6⤵
        Program crash
        
        PID:1124
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1620 -s 240
        5⤵
        Program crash
        
        PID:1752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26385.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26385.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53968.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52871.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58699.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59922.exe
        8⤵
        
        PID:756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63363.exe
        9⤵
        
        PID:3604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28188.exe
        10⤵
        
        PID:4316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33408.exe
        11⤵
        
        PID:5800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17203.exe
        12⤵
        
        PID:7732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4824.exe
        13⤵
        
        PID:10472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7732 -s 216
        13⤵
        
        PID:11288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5800 -s 216
        12⤵
        
        PID:2936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4316 -s 216
        11⤵
        
        PID:6928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3604 -s 216
        10⤵
        
        PID:5640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 756 -s 236
        9⤵
        
        PID:4184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11017.exe
        8⤵
        
        PID:3616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40191.exe
        9⤵
        
        PID:4100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5966.exe
        10⤵
        
        PID:6128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40493.exe
        11⤵
        
        PID:8416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36921.exe
        12⤵
        
        PID:10408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8416 -s 216
        12⤵
        
        PID:11384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6128 -s 216
        11⤵
        
        PID:8640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4100 -s 216
        10⤵
        
        PID:6556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3616 -s 236
        9⤵
        
        PID:5432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2924 -s 240
        8⤵
        Program crash
        
        PID:3320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11608.exe
        7⤵
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22985.exe
        8⤵
        
        PID:3748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59909.exe
        9⤵
        
        PID:5004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28304.exe
        10⤵
        
        PID:7604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16834.exe
        11⤵
        
        PID:10452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7604 -s 216
        11⤵
        
        PID:11260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5004 -s 216
        10⤵
        
        PID:8524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3748 -s 216
        9⤵
        
        PID:6356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2516 -s 236
        8⤵
        
        PID:4488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2592 -s 240
        7⤵
        Program crash
        
        PID:2004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47215.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32434.exe
        7⤵
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58771.exe
        8⤵
        
        PID:3644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44321.exe
        9⤵
        
        PID:5416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53326.exe
        10⤵
        
        PID:2076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39121.exe
        11⤵
        
        PID:11072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2076 -s 216
        11⤵
        
        PID:6236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5416 -s 220
        10⤵
        
        PID:8948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3644 -s 236
        9⤵
        
        PID:6672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2284 -s 216
        8⤵
        
        PID:4472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3052 -s 236
        7⤵
        Program crash
        
        PID:3360
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1512 -s 240
        6⤵
        Program crash
        
        PID:1544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52357.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58507.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52792.exe
        7⤵
        
        PID:1928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28380.exe
        8⤵
        
        PID:4328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47718.exe
        9⤵
        
        PID:5912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29375.exe
        10⤵
        
        PID:8784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25619.exe
        11⤵
        
        PID:10960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8784 -s 216
        11⤵
        
        PID:11592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5912 -s 236
        10⤵
        
        PID:9408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4328 -s 216
        9⤵
        
        PID:7312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1928 -s 236
        8⤵
        
        PID:5628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2916 -s 236
        7⤵
        Program crash
        
        PID:3676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16097.exe
        6⤵
        
        PID:1032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55676.exe
        7⤵
        
        PID:4140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23756.exe
        8⤵
        
        PID:5420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57514.exe
        9⤵
        
        PID:8372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52406.exe
        10⤵
        
        PID:10496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8372 -s 216
        10⤵
        
        PID:11304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5420 -s 216
        9⤵
        
        PID:9228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4140 -s 216
        8⤵
        
        PID:7184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1032 -s 236
        7⤵
        
        PID:5544
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2456 -s 240
        6⤵
        Program crash
        
        PID:3340
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1392 -s 240
        5⤵
        Program crash
        
        PID:2124
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2624 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1808
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2252 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2504
- C:\Users\Admin\AppData\Local\Temp\Unicorn-57746.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-57746.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1668
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48214.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48214.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9657.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9657.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63682.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2302.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42596.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17579.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54844.exe
        9⤵
        
        PID:660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17946.exe
        10⤵
        
        PID:3396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29581.exe
        11⤵
        
        PID:3300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6246.exe
        12⤵
        
        PID:6000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21349.exe
        13⤵
        
        PID:7176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34694.exe
        14⤵
        
        PID:10748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7176 -s 216
        14⤵
        
        PID:10260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6000 -s 216
        13⤵
        
        PID:8424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3300 -s 216
        12⤵
        
        PID:6400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3396 -s 236
        11⤵
        
        PID:4364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57489.exe
        10⤵
        
        PID:3468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62878.exe
        11⤵
        
        PID:6100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44037.exe
        12⤵
        
        PID:7676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41513.exe
        13⤵
        
        PID:10780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7676 -s 216
        13⤵
        
        PID:10400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6100 -s 216
        12⤵
        
        PID:8856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3468 -s 216
        11⤵
        
        PID:6540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 660 -s 240
        10⤵
        
        PID:4896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63809.exe
        9⤵
        
        PID:3424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55588.exe
        10⤵
        
        PID:4940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14075.exe
        11⤵
        
        PID:6532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10273.exe
        12⤵
        
        PID:8848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50203.exe
        13⤵
        
        PID:11568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8848 -s 216
        13⤵
        
        PID:6880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6532 -s 216
        12⤵
        
        PID:10192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4940 -s 216
        11⤵
        
        PID:7856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3424 -s 216
        10⤵
        
        PID:6124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2212 -s 240
        9⤵
        
        PID:4408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35554.exe
        8⤵
        
        PID:784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2996 -s 220
        8⤵
        Program crash
        
        PID:3156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30961.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44048.exe
        8⤵
        
        PID:3692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22522.exe
        9⤵
        
        PID:4232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-739.exe
        10⤵
        
        PID:6944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45435.exe
        11⤵
        
        PID:1104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3989.exe
        12⤵
        
        PID:11980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1104 -s 216
        12⤵
        
        PID:11696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6944 -s 216
        11⤵
        
        PID:9480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4232 -s 216
        10⤵
        
        PID:8160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3692 -s 216
        9⤵
        
        PID:6060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1224 -s 236
        8⤵
        
        PID:4716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 620 -s 240
        7⤵
        Program crash
        
        PID:2244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19907.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50059.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64530.exe
        8⤵
        
        PID:2820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2820 -s 216
        9⤵
        Program crash
        
        PID:3964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26222.exe
        8⤵
        
        PID:4040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25691.exe
        9⤵
        
        PID:5456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34888.exe
        10⤵
        
        PID:7644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33926.exe
        11⤵
        
        PID:10704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7644 -s 216
        11⤵
        
        PID:11216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5456 -s 216
        10⤵
        
        PID:8696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4040 -s 216
        9⤵
        
        PID:6980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1568 -s 240
        8⤵
        
        PID:4116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58370.exe
        7⤵
        
        PID:1496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49075.exe
        8⤵
        
        PID:3808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36506.exe
        9⤵
        
        PID:5892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34442.exe
        10⤵
        
        PID:8268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42920.exe
        11⤵
        
        PID:10272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8268 -s 220
        11⤵
        
        PID:6792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5892 -s 216
        10⤵
        
        PID:8612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3808 -s 216
        9⤵
        
        PID:6892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1496 -s 216
        8⤵
        
        PID:5244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3012 -s 240
        7⤵
        Program crash
        
        PID:4064
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2528 -s 240
        6⤵
        Program crash
        
        PID:412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48166.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30557.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6582.exe
        7⤵
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35189.exe
        8⤵
        
        PID:3784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51048.exe
        9⤵
        
        PID:4960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20048.exe
        10⤵
        
        PID:7632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48162.exe
        11⤵
        
        PID:10484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7632 -s 216
        11⤵
        
        PID:10328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4960 -s 216
        10⤵
        
        PID:8544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3784 -s 216
        9⤵
        
        PID:6348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2000 -s 216
        8⤵
        
        PID:4388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12039.exe
        7⤵
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12355.exe
        8⤵
        
        PID:5064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20298.exe
        9⤵
        
        PID:6516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27461.exe
        10⤵
        
        PID:8616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20662.exe
        11⤵
        
        PID:10372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8616 -s 236
        11⤵
        
        PID:12128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6516 -s 216
        10⤵
        
        PID:10212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5064 -s 216
        9⤵
        
        PID:7872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2744 -s 216
        8⤵
        
        PID:5680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 860 -s 240
        7⤵
        
        PID:4572
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2340 -s 216
        6⤵
        Program crash
        
        PID:2836
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2932 -s 240
        5⤵
        Program crash
        
        PID:1708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43817.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43817.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22230.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62653.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34574.exe
        7⤵
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-192.exe
        8⤵
        
        PID:596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43238.exe
        9⤵
        
        PID:4632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12384.exe
        10⤵
        
        PID:7076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30599.exe
        11⤵
        
        PID:9472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43098.exe
        12⤵
        
        PID:12272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7076 -s 236
        11⤵
        
        PID:10340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4632 -s 216
        10⤵
        
        PID:7200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 596 -s 216
        9⤵
        
        PID:5560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2780 -s 236
        8⤵
        
        PID:5048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65407.exe
        7⤵
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34000.exe
        8⤵
        
        PID:3836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29568.exe
        9⤵
        
        PID:5688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61774.exe
        10⤵
        
        PID:7532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39121.exe
        11⤵
        
        PID:11060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7532 -s 216
        11⤵
        
        PID:4244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3836 -s 216
        9⤵
        
        PID:6820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3036 -s 216
        8⤵
        
        PID:5252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2664 -s 240
        7⤵
        Program crash
        
        PID:4028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28413.exe
        6⤵
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19518.exe
        7⤵
        
        PID:1296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1301.exe
        8⤵
        
        PID:3672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29568.exe
        9⤵
        
        PID:5636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28656.exe
        10⤵
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54196.exe
        11⤵
        
        PID:11048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2036 -s 216
        11⤵
        
        PID:6168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5636 -s 220
        10⤵
        
        PID:9180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3672 -s 216
        9⤵
        
        PID:6940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1296 -s 236
        8⤵
        
        PID:5328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2764 -s 236
        7⤵
        Program crash
        
        PID:3100
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2940 -s 240
        6⤵
        Program crash
        
        PID:360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42979.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19281.exe
        6⤵
        
        PID:1516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54302.exe
        7⤵
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26206.exe
        8⤵
        
        PID:4880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60365.exe
        9⤵
        
        PID:6612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19703.exe
        10⤵
        
        PID:8912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24391.exe
        11⤵
        
        PID:11476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8912 -s 216
        11⤵
        
        PID:12228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6612 -s 216
        10⤵
        
        PID:10200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4880 -s 216
        9⤵
        
        PID:7888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2656 -s 216
        8⤵
        
        PID:5888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1516 -s 236
        7⤵
        
        PID:4368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2148.exe
        6⤵
        
        PID:1816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1135.exe
        7⤵
        
        PID:3404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53512.exe
        7⤵
        
        PID:4836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60173.exe
        8⤵
        
        PID:6584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5639.exe
        9⤵
        
        PID:8408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40293.exe
        10⤵
        
        PID:4948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8408 -s 216
        10⤵
        
        PID:12092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6584 -s 216
        9⤵
        
        PID:10220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4836 -s 216
        8⤵
        
        PID:7880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1816 -s 240
        7⤵
        
        PID:6092
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2636 -s 240
        6⤵
        Program crash
        
        PID:4072
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2060 -s 240
        5⤵
        Program crash
        
        PID:1880
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3056 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1096
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55329.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55329.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11658.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11658.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55094.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62845.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48279.exe
        7⤵
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35527.exe
        8⤵
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1903.exe
        9⤵
        
        PID:3792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29568.exe
        10⤵
        
        PID:5656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1001.exe
        11⤵
        
        PID:8212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6500.exe
        12⤵
        
        PID:11200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8212 -s 216
        12⤵
        
        PID:6860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5656 -s 216
        11⤵
        
        PID:8236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3792 -s 216
        10⤵
        
        PID:6872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2596 -s 216
        9⤵
        
        PID:5104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2500 -s 236
        8⤵
        Program crash
        
        PID:3140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65189.exe
        7⤵
        
        PID:1552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41911.exe
        8⤵
        
        PID:3828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11840.exe
        9⤵
        
        PID:6036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12900.exe
        10⤵
        
        PID:7616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57740.exe
        11⤵
        
        PID:10844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7616 -s 216
        11⤵
        
        PID:5204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6036 -s 216
        10⤵
        
        PID:8864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3828 -s 216
        9⤵
        
        PID:4812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1552 -s 236
        8⤵
        
        PID:5072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1940 -s 240
        7⤵
        Program crash
        
        PID:3844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63416.exe
        6⤵
        
        PID:636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54302.exe
        7⤵
        
        PID:1272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23580.exe
        8⤵
        
        PID:4192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4430.exe
        9⤵
        
        PID:5784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57244.exe
        10⤵
        
        PID:8816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48862.exe
        11⤵
        
        PID:10944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8816 -s 216
        11⤵
        
        PID:11600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5784 -s 216
        10⤵
        
        PID:9416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4192 -s 216
        9⤵
        
        PID:7240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1272 -s 236
        8⤵
        
        PID:5532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 636 -s 236
        7⤵
        Program crash
        
        PID:4036
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 816 -s 240
        6⤵
        Program crash
        
        PID:2960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60577.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26126.exe
        6⤵
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18968.exe
        7⤵
        
        PID:2632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31800.exe
        8⤵
        
        PID:4652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14765.exe
        9⤵
        
        PID:6324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45530.exe
        10⤵
        
        PID:8208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38616.exe
        11⤵
        
        PID:10896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8208 -s 236
        11⤵
        
        PID:11912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6324 -s 236
        10⤵
        
        PID:9976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4652 -s 216
        9⤵
        
        PID:7688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2632 -s 236
        8⤵
        
        PID:6024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1692 -s 236
        7⤵
        Program crash
        
        PID:3316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45864.exe
        6⤵
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6372.exe
        7⤵
        
        PID:4668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35418.exe
        8⤵
        
        PID:6552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43010.exe
        9⤵
        
        PID:10100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8576.exe
        10⤵
        
        PID:11752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6552 -s 236
        9⤵
        
        PID:10520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4668 -s 216
        8⤵
        
        PID:7344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2892 -s 216
        7⤵
        
        PID:6160
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2396 -s 240
        6⤵
        
        PID:5040
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2412 -s 240
        5⤵
        Program crash
        
        PID:1540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12997.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12997.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30557.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1325.exe
        6⤵
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33077.exe
        7⤵
        
        PID:3820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6899.exe
        8⤵
        
        PID:5080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40805.exe
        9⤵
        
        PID:7392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29778.exe
        10⤵
        
        PID:10252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7392 -s 216
        10⤵
        
        PID:10792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5080 -s 216
        9⤵
        
        PID:8028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3820 -s 216
        8⤵
        
        PID:6384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2844 -s 216
        7⤵
        
        PID:4532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45864.exe
        6⤵
        
        PID:712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54270.exe
        7⤵
        
        PID:4796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2316.exe
        8⤵
        
        PID:6488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25157.exe
        9⤵
        
        PID:8504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61759.exe
        10⤵
        
        PID:6728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8504 -s 236
        10⤵
        
        PID:12160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6488 -s 216
        9⤵
        
        PID:10184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4796 -s 216
        8⤵
        
        PID:7840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 712 -s 216
        7⤵
        
        PID:5972
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1128 -s 240
        6⤵
        
        PID:4204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60510.exe
        5⤵
        
        PID:2796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37281.exe
        6⤵
        
        PID:1000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19607.exe
        7⤵
        
        PID:3488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65156.exe
        8⤵
        
        PID:5696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58484.exe
        9⤵
        
        PID:8808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56135.exe
        10⤵
        
        PID:10284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8808 -s 216
        10⤵
        
        PID:11688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5696 -s 216
        9⤵
        
        PID:9424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3488 -s 216
        8⤵
        
        PID:7064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1000 -s 216
        7⤵
        
        PID:4432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41370.exe
        6⤵
        
        PID:3636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22692.exe
        7⤵
        
        PID:5896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44229.exe
        8⤵
        
        PID:7820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60044.exe
        9⤵
        
        PID:10928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7820 -s 236
        9⤵
        
        PID:5476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5896 -s 216
        8⤵
        
        PID:8916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3636 -s 216
        7⤵
        
        PID:6232
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2796 -s 240
        6⤵
        
        PID:4956
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1556 -s 240
        5⤵
        Program crash
        
        PID:2968
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 240
      4⤵
      Program crash
      PID:2620
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1668 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2652
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2344 -s 240
  2⤵
  - Program crash
  PID:2692

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-22460.exe

Filesize
184KB

MD5
cc03dcbd495915b6b914f34260399b4e

SHA1
6aff563fc129790d66624be8aab5016706ee7a11

SHA256
f4098152a7f434856f6e35352e650db1ae7353531e847fadb95ef3b09d3390cf

SHA512
6559e3a86ed421b82cd098e011d33d3bd6457e67b75192ebb1d4d4b30c57cc10ad7449315330ff48ffa758d82244406fec43a84996f93ee8187a7beaeed7124c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22692.exe

Filesize
184KB

MD5
5438791e7650cc5822d925328c22485a

SHA1
1f87c92fce7ec1cc85aef06808450a57ad551f23

SHA256
4b459f959f2fcd21cb7e1c740061fc443625770166b17db0d507daa165e27935

SHA512
468249eb77fa62d0ee1361c482bf328b06a82005b8478fe6c76e29c40afbc38ef17ea840430a73d9e0a48aafb927727985a027bd35b63eab47a5c6375eb7297d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22946.exe

Filesize
184KB

MD5
0e3da2a19f36b9371e366305d5a42d61

SHA1
b7bb649b43972b61abc87e5eeb1b76432b8bb611

SHA256
d3390a3f2297bd5f89c8565f5933992c3a0c2e879729f4329732913afd4f1b3b

SHA512
26be26abaf01a07071326f5aebedeb4c0adcb583504706029f60a65b86d6bac20ed4577cf1248f247b938bfcaf52c07558dd1c19d9f95cb101d7d833c0568cce

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36772.exe

Filesize
184KB

MD5
05bfbe06269eda402c8dd6c0800f9909

SHA1
7c45abeaafdd1b463564380668a33077905eb3dc

SHA256
764f187678f24a24ec1d0e7a8c4b6ca85da8f62b9f1982438aa0524b0f8eebd1

SHA512
9c6a1f5e5b17400b0f35076fbbbcca2bfaf3c2565dc88d887cada99d3654c2da427f9d1dd8373c6f574e5a9fb3087f5680b1ecd37411ea82932e930cec9c584e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40675.exe

Filesize
184KB

MD5
c39719ac1bab1434bab7621422d40cd9

SHA1
eea7ac760f26a50994e83c02563eaedc6d0550a0

SHA256
b74adfac265793895de9df027c65d44cc81ce0232310cbdacb6b0c07f4afc2c2

SHA512
aaa9d4e5b2972e366f2faab4a409a35557369a0dfba9e2a10eff06201dab0e704b11901756c8b37e93578d102a5280b1b680b2464060241ceae62815ea7784ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45435.exe

Filesize
184KB

MD5
f461d063cfc1c01e780ebc8293e44daa

SHA1
5f5b2b0de2106b5872299076a5eaf4c38c2d83c4

SHA256
3f66ba2a4eb12436bc3703c1d6cd769765caa7583c885505d31e060b41472430

SHA512
ba1e43ced6b2922a0d50e4004de81fb5e62bfc652e6b577db7e8702acb417529be4d1e854f3b154f78c8e2c1faab25ff9464331df80bfb8406e88ad96812bf86

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55329.exe

Filesize
184KB

MD5
f3170b2a54b22e3a47e5d1c5eee237db

SHA1
d6988b2608aae6b49d079f995576f2267fb4e0cb

SHA256
4f5bebffa7fc3900ee2c4a11fa13caad154481808e3a4c51e12e8ee9e9b6f815

SHA512
7b84006dbdf0f71a45497b97281a949fddfd97b187edb95c8d5afbb5dde05496aa11fdfcdae8dfced457865966d550c8c684718bad548482a29fd9d5e0bb56a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55676.exe

Filesize
184KB

MD5
88b9d1ee8ab67bcda34144cecd98160e

SHA1
80e1530ba083b88ad699e6ef81fd2caa25d49a8c

SHA256
b664fee8e9906f2ea104ff238a099651e25de435e359afdcb0461a464419faba

SHA512
ad26f1d5304157318d8d25e3f571b461f2671a589a96ab92b35bab4df89f1bd1bf9e0855ea50f2d84442bb349e6f23d507606d5f8ca576c421cac5fd0145845b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5639.exe

Filesize
184KB

MD5
b626f6e3dd3a219333b21b43c7c37aea

SHA1
3bb2ba8adcb9325585c8287e264ac758b910ee55

SHA256
0f7a4823bed8eb9ca1adb643b425123414b855bcaf01e2df47c04573168132dc

SHA512
4e9952ae53b1d31cf04c36e68eadc65597a715c969026b762f4550469eb262e16426eea07df4c7b13801354daa953875302f15e218c7b6e6318f7421d735bc6c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59909.exe

Filesize
184KB

MD5
7d749ec385f82c65f118dfecfd012fb4

SHA1
191a70f50a367213a906239f0e6f441b298f0786

SHA256
9dee0594309e0d2bd1302130abbdfe7b546155cca93def4d2468c63fa6693197

SHA512
e9d3ef2b556f506cf972e89c8411c2ffb280fd6619a646971390cf28075d22127fac2e92e1b099956b8d7a6cbaae0129b20e334f0a9e6f45f95f74d3c9bffb52

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60173.exe

Filesize
184KB

MD5
6be005e16ba6d68f4de9f953567081c9

SHA1
3cb4ce7bc8028bafe1d8aaf41458b804f652c317

SHA256
f29f65bc1a60efc2c58e1cf76d68a3b82eb608570c4c57d3c3229c14ca6ac8e7

SHA512
f8768e048dca9a471e3cae1d4037598718080ea7bd6cacc679941515e0de7f5f460af5e02f729ff520ca8e4d8d8290959f60c59779a77c2a8e75a4faebeb7d90

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6246.exe

Filesize
184KB

MD5
76e96840b42a1451687e7cd29e7ef147

SHA1
9d364e4fba0b4fffc961f35786e0b851aa2efc45

SHA256
d9096f9d6d160fe4ccbd2782dec8ec7f3106b07b49eed8a0e005c850bb1193b8

SHA512
4fadea3c04a8b9061576049b33d1a347489d59027424596203179443bb46e566504a7e924b2a3b6e7a7484109793ea4c6cd76bfa09d29643270eddfa9138875a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6353.exe

Filesize
184KB

MD5
b317027b6a789ee9d36eb62acc4777a7

SHA1
350e4ae6483ac7fbb607e0ac841ae9522b764625

SHA256
1397b416e71c4a60ffa3c00eaf1926b97b6b79e79223ad75942bbbcefaaaf25c

SHA512
3a2a1ea77fd91760dfa5630d5fbea8a9bf31fa395c6c5d95a2711a2fcdf721be16579e6463a0eaa6cecfc72a1d3b9a06fd40b3ee7cbfd88dbd6c18c8477bcac9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6372.exe

Filesize
184KB

MD5
66c770d8bd332d454e77b152134938c4

SHA1
d214320e256b7a83ef664f020bf28f7dfd4bda86

SHA256
6cf53d886349887886042543a28b2b358854738edbba44132373efd77973c11f

SHA512
3ae0e54664dce48596a39edbabc8e9d72a518fee47c5aeac834842de7108a34fec7a397feccbe1995dffd7869a1508919b607a34b97d2692d461c1319df63252

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6582.exe

Filesize
184KB

MD5
8072e465f7966bb08b94e12d1a8dacdf

SHA1
5ebc45f466f058d372267f5024a850216e4eb504

SHA256
23605c0d0a4a639364c0abf4093f18901264bd5659dafb155ade3351becdd122

SHA512
bc35f3cef8d3c9f6f7c84c01f39c9df0eb56d1ef0f33c4476cb26ea95d55483637ee5095c33b3524096af59d439a746030a93f78f6a76fa24c11dc886f42d179

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6695.exe

Filesize
184KB

MD5
15dd0bdfadc8e64a60e07c671d1c2645

SHA1
93eeb99aee045282df800e8e68eb2688e5303d7a

SHA256
86bec8fa5611652fd3e180e240c0c3f1d8632b0a3c7db87abadefe2b088668b6

SHA512
1d7431bec1d10c496ad7c5217136f146dc9a91f19bee3587415c0a8090e9935b756a6f94766ac9d694508b509b961efed7d7408897a5bf84310dbdbdf6995883

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-11882.exe

Filesize
184KB

MD5
54d47a381b74f3205676f7e89e5b9914

SHA1
de0fcf5a48e4bda13a9ea2bede78ca98a6cf5d1d

SHA256
218cf56dc8723405b65689ae5392fe510f28cc3e3f73fa1f4191ffa184e36f33

SHA512
8b3b9bcaa5e4a10c4fc011f24f2e893bd689139df8b05ddd8a78fa861404e7159a905cae07997560e685f283dce2e61039e11382b1bb3f0528d0b454f24f92b9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-13194.exe

Filesize
184KB

MD5
c201e20880da9b14401c6e27dcaa468f

SHA1
6193ed131c59bbe8881f455a1fb47239d445990a

SHA256
ab7afdefce9266933a7f385d851636eee4162b60710e2e51343696745a20ee2c

SHA512
96a387101766c1e13904894ec856c41474807010477f691b45811af242e0b98a3040d5f85724a7e1f5adc2e8f9d967f9d2c85c3bcb32fb42196ec341b5385140

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-13631.exe

Filesize
184KB

MD5
b28c9dd2d8df6d4b17ccd105df2ddd7e

SHA1
c19c43e2055815c7adc749dd0a5346a13cfbdcb0

SHA256
cf1f6eb8b4533bfd0099b177325ee69295d85195d8b7b857df88851d8a4415ab

SHA512
d9506019fbbbc9b42fbe9a3ac3b55bb79bde552e9af55e091623fede0b67e8e739f886eb748eb608e760abd38f0fe18774abc3087a22acb87b12c07405c13b3c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-17846.exe

Filesize
184KB

MD5
3b88d602b2a21f506c845404ac2853cb

SHA1
6670488f2c07453fe44373e64dba61696faf8934

SHA256
3e787d8e09d6bf81f82d4c66add52d15706dbdb5bb8b24432f1407dc486a21ed

SHA512
481469fe4961f077ecaddbc8f9da6df572e7bb19637fb94df0718f9846e24722acae4b5612b8d2b439851e5b0f2d8e5ef70c3ac608a1df8db0be5f8bf199c86b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-18106.exe

Filesize
184KB

MD5
6af42fa62567c9b78e97666d18af4ac9

SHA1
59526ce967e5bd47972e9cfb4f16e9c6f6d5fc37

SHA256
98efdbcd4f19502e47196289a6526b7977b5f353596db8a73b97b3da477b16f0

SHA512
d34e086452bb513236bc520f4ee218cbb358a027583e22d83851463bb7c406f4ccc4a6821559d0890961777591137448523d069fba4867cb230d809fafa763f9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26385.exe

Filesize
184KB

MD5
4211d19856de981092b4e24f8db33fb6

SHA1
9d345ac501b36f39036236a1fda23d399bd6f92e

SHA256
9734b6fb9246e9f58fa99fda9beafdf7dc3b2014b89c881bbc1d5a599d7df7ec

SHA512
31939010dedeb77949fca67ac2ce2573009f3255a8907e9cc3720c621341f83783a6d939c8322dc912d3ab50dcea7a8d885c8785e9f570a01401269f9b8b8762

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-31488.exe

Filesize
184KB

MD5
6244d7615d4bd681dc6a2e2084b11ac3

SHA1
e146ca42cc405f913037320e3ff3d4e85f39200c

SHA256
e02216f454d5fca32aef973d36d978620578e81ae959e66a6cd014ceab8dc7e0

SHA512
edd841544c944df17f907a506e5e548b7c378d02178b316a5f3e3007b3fc6d6ff215db725ef09d4eeed3da05ff89e1965030c7d645d25ace12e21102f803b72e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-43817.exe

Filesize
184KB

MD5
1f84d77579096209074a26880ceac05c

SHA1
619534b76015ea11dfc324ef11c67d4e2d508453

SHA256
10adf6e135e92a67c90b539dc0ba6e87d43258d8248ed31fdeaedb7970d911fd

SHA512
9bc306c826c8cdec814fc02157642764af12b2b4a529d2bfb9c882c6ac9f8cf98f97f8f535db0adbfe5bbf02dd644a07c68fabdf0ec0bd29a868f26221491e5b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48214.exe

Filesize
184KB

MD5
7e74c07cd3a2d6f971a307486d555f06

SHA1
e371ff59a98da5cdd2ad339bf179c73b694d9906

SHA256
ede15589fecc9f2f65b743344156282d05c7458d1449a34815b2fc255c778467

SHA512
4cb3acc733a99335ab5f0d09e0aa361691a94cbb11bc19c80118cb9287247518e8da3123cf93f7b6850d9cb6e3962f4ecd0815536d677a2f059463d51f3b6219

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-5465.exe

Filesize
184KB

MD5
3d62dc759c23314fdd597b381a27648b

SHA1
51ccf64e4dd6aed208d5bb13a8f65fafb9bea366

SHA256
4dec6149c175a9353c19a7c7517fcbe6c2c1a5ecfa698bf8eb726499493b61d1

SHA512
66b77e2278f3002c622e75a1c95e405dcc4a0ea34ca4771616d191cccdf0ae7b1d27483b15b19064b8b15e28431cbc43054149db9fae673146b1d85944359c13

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-57746.exe

Filesize
184KB

MD5
72f80ae0ef2af79e25fcdb80ad1deb61

SHA1
2bb6823aafe4116e5312df911e68d07ff43512eb

SHA256
9db370be46afb573e72ec45859aa53cff61fb99890798fbb3604d83c8e1b0d2e

SHA512
16e55ca96fcfabd5a6cf415f829528af5375ad9ea9b29f94d7198ec8a146bdd0ce4512e4301f93db5340b6cb0612ffb14451d8b2f8d05787c4484ebf00e3bc38

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-63682.exe

Filesize
184KB

MD5
5a1de9dd0d2c499212cebcb30ac570ed

SHA1
40d84e39229283fda710ccec7dc906f13aad56c9

SHA256
bc1ef980699f5b2289ab82917288fad05e1f6ae851555d65fa1a76c948104fc7

SHA512
26693ad3a6d8474e56574cd0caf4f78db89d354359dabf5ae61cbc6b392f1041c912615dcc338b7836594c1a1e2c630203c14fe590987798da08e69fa10e3898

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9657.exe

Filesize
184KB

MD5
4345a1e3ccd00b7ea795c62c66b05db9

SHA1
d0ed820179e877d04f220ef4a276a794207383b3

SHA256
855d07d7617d723df02472bc7f98de5b2c59f57a6d3e2ebbe20fbed8fb1dd733

SHA512
9b80792c55e7a700be1f78082e9360fd61f7c59d3e06729410eeaf47bf3e494c684996f3c5e86d03fa307716eec31434c52a02dbf67af71a029fef0b69d064bf

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads