f2bc155154a20821992c7a5c0f447d071433cc99732ee520739913643f45652e

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
29/05/2024, 04:00

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

f2bc155154a20821992c7a5c0f447d071433cc99732ee520739913643f45652e.exe
Size

184KB
MD5

7d28c1e473f85a36ba8adc73ce38e595
SHA1

9367b89f6b6a0bf44f744524b4f55b966a9552de
SHA256

f2bc155154a20821992c7a5c0f447d071433cc99732ee520739913643f45652e
SHA512

eb119e45077bbdf175354e6dfc8e0ff0627fb1287b4ef72421337a4800ffd13662297759608e06ff732c806080807c43e4f5a8720cf102bae95327108250e53f
SSDEEP

1536:e7r76z4luO3fotxZt0iA5fwMGMnyvhcllmdHqS8F2bzXtMhl5hj5nizpvk:4q/O3foT70iGdGIWWxS8Fs9MhlnViFM

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
1712	Unicorn-8304.exe
2128	Unicorn-41626.exe
2280	Unicorn-20883.exe
2500	Unicorn-47407.exe
2788	Unicorn-14734.exe
2520	Unicorn-60406.exe
2100	Unicorn-12311.exe
2584	Unicorn-61512.exe
2908	Unicorn-8782.exe
2596	Unicorn-57407.exe
496	Unicorn-11735.exe
1804	Unicorn-7916.exe
1332	Unicorn-40781.exe
3052	Unicorn-53780.exe
1924	Unicorn-8108.exe
2952	Unicorn-58378.exe
1984	Unicorn-38512.exe
1084	Unicorn-11909.exe
408	Unicorn-17878.exe
2288	Unicorn-11525.exe
1772	Unicorn-34406.exe
1068	Unicorn-59958.exe
1256	Unicorn-47151.exe
2104	Unicorn-31007.exe
2296	Unicorn-14156.exe
608	Unicorn-34022.exe
2576	Unicorn-46310.exe
2448	Unicorn-11562.exe
2160	Unicorn-29160.exe
2252	Unicorn-8417.exe
2692	Unicorn-41582.exe
1932	Unicorn-28776.exe
2856	Unicorn-41774.exe
2224	Unicorn-13866.exe
2220	Unicorn-15127.exe
2536	Unicorn-60223.exe
2240	Unicorn-47416.exe
2388	Unicorn-63752.exe
2836	Unicorn-14743.exe
1632	Unicorn-27742.exe
2468	Unicorn-14167.exe
1572	Unicorn-30504.exe
1752	Unicorn-27166.exe
824	Unicorn-22004.exe
1764	Unicorn-31987.exe
2024	Unicorn-2076.exe
2088	Unicorn-5283.exe
1488	Unicorn-31603.exe
848	Unicorn-37629.exe
1364	Unicorn-34291.exe
1868	Unicorn-23732.exe
1284	Unicorn-53581.exe
2976	Unicorn-53197.exe
1116	Unicorn-16419.exe
696	Unicorn-43213.exe
2428	Unicorn-10540.exe
1808	Unicorn-40944.exe
2368	Unicorn-39875.exe
2708	Unicorn-59741.exe
2628	Unicorn-26301.exe
2812	Unicorn-11033.exe
2608	Unicorn-56705.exe
2664	Unicorn-24032.exe
2376	Unicorn-43898.exe

Loads dropped DLL 64 IoCs

pid	Process
2320	f2bc155154a20821992c7a5c0f447d071433cc99732ee520739913643f45652e.exe
2320	f2bc155154a20821992c7a5c0f447d071433cc99732ee520739913643f45652e.exe
1712	Unicorn-8304.exe
2320	f2bc155154a20821992c7a5c0f447d071433cc99732ee520739913643f45652e.exe
1712	Unicorn-8304.exe
2320	f2bc155154a20821992c7a5c0f447d071433cc99732ee520739913643f45652e.exe
2128	Unicorn-41626.exe
2128	Unicorn-41626.exe
2280	Unicorn-20883.exe
2280	Unicorn-20883.exe
1712	Unicorn-8304.exe
1712	Unicorn-8304.exe
2568	WerFault.exe
2568	WerFault.exe
2568	WerFault.exe
2568	WerFault.exe
2568	WerFault.exe
2788	Unicorn-14734.exe
2788	Unicorn-14734.exe
2500	Unicorn-47407.exe
2500	Unicorn-47407.exe
2128	Unicorn-41626.exe
2128	Unicorn-41626.exe
2280	Unicorn-20883.exe
2280	Unicorn-20883.exe
2520	Unicorn-60406.exe
2520	Unicorn-60406.exe
1812	WerFault.exe
1812	WerFault.exe
1812	WerFault.exe
1812	WerFault.exe
1552	WerFault.exe
1552	WerFault.exe
1552	WerFault.exe
1552	WerFault.exe
1552	WerFault.exe
1812	WerFault.exe
2908	Unicorn-8782.exe
2908	Unicorn-8782.exe
2584	Unicorn-61512.exe
2584	Unicorn-61512.exe
2500	Unicorn-47407.exe
2500	Unicorn-47407.exe
2100	Unicorn-12311.exe
2100	Unicorn-12311.exe
2596	Unicorn-57407.exe
2596	Unicorn-57407.exe
2520	Unicorn-60406.exe
2520	Unicorn-60406.exe
1500	WerFault.exe
1500	WerFault.exe
1500	WerFault.exe
1500	WerFault.exe
1500	WerFault.exe
584	WerFault.exe
584	WerFault.exe
584	WerFault.exe
584	WerFault.exe
584	WerFault.exe
628	WerFault.exe
628	WerFault.exe
628	WerFault.exe
628	WerFault.exe
628	WerFault.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2792	2320	WerFault.exe	27
2568	1712	WerFault.exe	28
1812	2128	WerFault.exe	29
1552	2280	WerFault.exe	30
1500	2788	WerFault.exe	33
584	2500	WerFault.exe	32
628	2520	WerFault.exe	34
880	2908	WerFault.exe	39
1796	2584	WerFault.exe	37
2964	2100	WerFault.exe	36
2124	496	WerFault.exe	40
1592	2596	WerFault.exe	38
1200	1804	WerFault.exe	43
1000	1332	WerFault.exe	44
3068	3052	WerFault.exe	45
2264	1984	WerFault.exe	48
2304	2952	WerFault.exe	47
776	1924	WerFault.exe	46
3036	1084	WerFault.exe	52
2532	408	WerFault.exe	53
1012	1772	WerFault.exe	55
1388	1256	WerFault.exe	57
1976	2288	WerFault.exe	54
2152	2296	WerFault.exe	59
2456	2104	WerFault.exe	58
1228	2576	WerFault.exe	60
1076	608	WerFault.exe	61
1448	1364	WerFault.exe	95
468	2448	WerFault.exe	67
2052	2252	WerFault.exe	69
1744	2160	WerFault.exe	68
2764	1932	WerFault.exe	71
2476	2856	WerFault.exe	72
536	2692	WerFault.exe	70
2528	2224	WerFault.exe	73
1156	2388	WerFault.exe	77
2680	2536	WerFault.exe	75
2540	2220	WerFault.exe	74
3080	1752	WerFault.exe	82
3088	2836	WerFault.exe	78
3132	1572	WerFault.exe	81
3176	1632	WerFault.exe	79
3212	2468	WerFault.exe	80
3264	2240	WerFault.exe	76
3856	824	WerFault.exe	85
3632	1868	WerFault.exe	96
3660	1808	WerFault.exe	102
3692	2368	WerFault.exe	103
3800	2024	WerFault.exe	89
3944	2088	WerFault.exe	90
4016	768	WerFault.exe	117
4004	1296	WerFault.exe	116
4020	2872	WerFault.exe	110
4052	2072	WerFault.exe	121
4080	1764	WerFault.exe	86
4092	2228	WerFault.exe	119
3400	2976	WerFault.exe	98
3460	2812	WerFault.exe	106
3556	560	WerFault.exe	125
3620	1116	WerFault.exe	99
3656	2644	WerFault.exe	128
3908	2876	WerFault.exe	129
3476	1488	WerFault.exe	93
3536	2904	WerFault.exe	133

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2320	f2bc155154a20821992c7a5c0f447d071433cc99732ee520739913643f45652e.exe
1712	Unicorn-8304.exe
2128	Unicorn-41626.exe
2280	Unicorn-20883.exe
2500	Unicorn-47407.exe
2788	Unicorn-14734.exe
2520	Unicorn-60406.exe
2584	Unicorn-61512.exe
2596	Unicorn-57407.exe
2908	Unicorn-8782.exe
496	Unicorn-11735.exe
2100	Unicorn-12311.exe
1804	Unicorn-7916.exe
1332	Unicorn-40781.exe
1924	Unicorn-8108.exe
3052	Unicorn-53780.exe
2952	Unicorn-58378.exe
1984	Unicorn-38512.exe
1084	Unicorn-11909.exe
408	Unicorn-17878.exe
2288	Unicorn-11525.exe
1772	Unicorn-34406.exe
1068	Unicorn-59958.exe
1256	Unicorn-47151.exe
2104	Unicorn-31007.exe
2296	Unicorn-14156.exe
2576	Unicorn-46310.exe
608	Unicorn-34022.exe
2448	Unicorn-11562.exe
2252	Unicorn-8417.exe
2160	Unicorn-29160.exe
2692	Unicorn-41582.exe
1932	Unicorn-28776.exe
2856	Unicorn-41774.exe
2224	Unicorn-13866.exe
2220	Unicorn-15127.exe
2536	Unicorn-60223.exe
2388	Unicorn-63752.exe
2240	Unicorn-47416.exe
2836	Unicorn-14743.exe
1632	Unicorn-27742.exe
2468	Unicorn-14167.exe
1572	Unicorn-30504.exe
1752	Unicorn-27166.exe
824	Unicorn-22004.exe
1764	Unicorn-31987.exe
2024	Unicorn-2076.exe
2088	Unicorn-5283.exe
1488	Unicorn-31603.exe
848	Unicorn-37629.exe
1364	Unicorn-34291.exe
1868	Unicorn-23732.exe
1284	Unicorn-53581.exe
2976	Unicorn-53197.exe
1116	Unicorn-16419.exe
696	Unicorn-43213.exe
2428	Unicorn-10540.exe
1808	Unicorn-40944.exe
2708	Unicorn-59741.exe
2368	Unicorn-39875.exe
2628	Unicorn-26301.exe
2608	Unicorn-56705.exe
2664	Unicorn-24032.exe
2376	Unicorn-43898.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2320 wrote to memory of 1712	2320	f2bc155154a20821992c7a5c0f447d071433cc99732ee520739913643f45652e.exe	28
PID 2320 wrote to memory of 1712	2320	f2bc155154a20821992c7a5c0f447d071433cc99732ee520739913643f45652e.exe	28
PID 2320 wrote to memory of 1712	2320	f2bc155154a20821992c7a5c0f447d071433cc99732ee520739913643f45652e.exe	28
PID 2320 wrote to memory of 1712	2320	f2bc155154a20821992c7a5c0f447d071433cc99732ee520739913643f45652e.exe	28
PID 1712 wrote to memory of 2128	1712	Unicorn-8304.exe	29
PID 1712 wrote to memory of 2128	1712	Unicorn-8304.exe	29
PID 1712 wrote to memory of 2128	1712	Unicorn-8304.exe	29
PID 1712 wrote to memory of 2128	1712	Unicorn-8304.exe	29
PID 2320 wrote to memory of 2280	2320	f2bc155154a20821992c7a5c0f447d071433cc99732ee520739913643f45652e.exe	30
PID 2320 wrote to memory of 2280	2320	f2bc155154a20821992c7a5c0f447d071433cc99732ee520739913643f45652e.exe	30
PID 2320 wrote to memory of 2280	2320	f2bc155154a20821992c7a5c0f447d071433cc99732ee520739913643f45652e.exe	30
PID 2320 wrote to memory of 2280	2320	f2bc155154a20821992c7a5c0f447d071433cc99732ee520739913643f45652e.exe	30
PID 2320 wrote to memory of 2792	2320	f2bc155154a20821992c7a5c0f447d071433cc99732ee520739913643f45652e.exe	31
PID 2320 wrote to memory of 2792	2320	f2bc155154a20821992c7a5c0f447d071433cc99732ee520739913643f45652e.exe	31
PID 2320 wrote to memory of 2792	2320	f2bc155154a20821992c7a5c0f447d071433cc99732ee520739913643f45652e.exe	31
PID 2320 wrote to memory of 2792	2320	f2bc155154a20821992c7a5c0f447d071433cc99732ee520739913643f45652e.exe	31
PID 2128 wrote to memory of 2500	2128	Unicorn-41626.exe	32
PID 2128 wrote to memory of 2500	2128	Unicorn-41626.exe	32
PID 2128 wrote to memory of 2500	2128	Unicorn-41626.exe	32
PID 2128 wrote to memory of 2500	2128	Unicorn-41626.exe	32
PID 2280 wrote to memory of 2788	2280	Unicorn-20883.exe	33
PID 2280 wrote to memory of 2788	2280	Unicorn-20883.exe	33
PID 2280 wrote to memory of 2788	2280	Unicorn-20883.exe	33
PID 2280 wrote to memory of 2788	2280	Unicorn-20883.exe	33
PID 1712 wrote to memory of 2520	1712	Unicorn-8304.exe	34
PID 1712 wrote to memory of 2520	1712	Unicorn-8304.exe	34
PID 1712 wrote to memory of 2520	1712	Unicorn-8304.exe	34
PID 1712 wrote to memory of 2520	1712	Unicorn-8304.exe	34
PID 1712 wrote to memory of 2568	1712	Unicorn-8304.exe	35
PID 1712 wrote to memory of 2568	1712	Unicorn-8304.exe	35
PID 1712 wrote to memory of 2568	1712	Unicorn-8304.exe	35
PID 1712 wrote to memory of 2568	1712	Unicorn-8304.exe	35
PID 2788 wrote to memory of 2100	2788	Unicorn-14734.exe	36
PID 2788 wrote to memory of 2100	2788	Unicorn-14734.exe	36
PID 2788 wrote to memory of 2100	2788	Unicorn-14734.exe	36
PID 2788 wrote to memory of 2100	2788	Unicorn-14734.exe	36
PID 2500 wrote to memory of 2584	2500	Unicorn-47407.exe	37
PID 2500 wrote to memory of 2584	2500	Unicorn-47407.exe	37
PID 2500 wrote to memory of 2584	2500	Unicorn-47407.exe	37
PID 2500 wrote to memory of 2584	2500	Unicorn-47407.exe	37
PID 2128 wrote to memory of 2596	2128	Unicorn-41626.exe	38
PID 2128 wrote to memory of 2596	2128	Unicorn-41626.exe	38
PID 2128 wrote to memory of 2596	2128	Unicorn-41626.exe	38
PID 2128 wrote to memory of 2596	2128	Unicorn-41626.exe	38
PID 2280 wrote to memory of 2908	2280	Unicorn-20883.exe	39
PID 2280 wrote to memory of 2908	2280	Unicorn-20883.exe	39
PID 2280 wrote to memory of 2908	2280	Unicorn-20883.exe	39
PID 2280 wrote to memory of 2908	2280	Unicorn-20883.exe	39
PID 2520 wrote to memory of 496	2520	Unicorn-60406.exe	40
PID 2520 wrote to memory of 496	2520	Unicorn-60406.exe	40
PID 2520 wrote to memory of 496	2520	Unicorn-60406.exe	40
PID 2520 wrote to memory of 496	2520	Unicorn-60406.exe	40
PID 2128 wrote to memory of 1812	2128	Unicorn-41626.exe	41
PID 2128 wrote to memory of 1812	2128	Unicorn-41626.exe	41
PID 2128 wrote to memory of 1812	2128	Unicorn-41626.exe	41
PID 2128 wrote to memory of 1812	2128	Unicorn-41626.exe	41
PID 2280 wrote to memory of 1552	2280	Unicorn-20883.exe	42
PID 2280 wrote to memory of 1552	2280	Unicorn-20883.exe	42
PID 2280 wrote to memory of 1552	2280	Unicorn-20883.exe	42
PID 2280 wrote to memory of 1552	2280	Unicorn-20883.exe	42
PID 2908 wrote to memory of 1804	2908	Unicorn-8782.exe	43
PID 2908 wrote to memory of 1804	2908	Unicorn-8782.exe	43
PID 2908 wrote to memory of 1804	2908	Unicorn-8782.exe	43
PID 2908 wrote to memory of 1804	2908	Unicorn-8782.exe	43

C:\Users\Admin\AppData\Local\Temp\f2bc155154a20821992c7a5c0f447d071433cc99732ee520739913643f45652e.exe
"C:\Users\Admin\AppData\Local\Temp\f2bc155154a20821992c7a5c0f447d071433cc99732ee520739913643f45652e.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2320
- C:\Users\Admin\AppData\Local\Temp\Unicorn-8304.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-8304.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1712
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41626.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41626.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47407.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47407.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61512.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40781.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34406.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28776.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37629.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18102.exe
        10⤵
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15159.exe
        11⤵
        
        PID:3152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35391.exe
        12⤵
        
        PID:4548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49946.exe
        13⤵
        
        PID:7124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14086.exe
        14⤵
        
        PID:9980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42496.exe
        15⤵
        
        PID:11892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9980 -s 220
        15⤵
        
        PID:12644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7124 -s 216
        14⤵
        
        PID:10804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4548 -s 216
        13⤵
        
        PID:7424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3152 -s 236
        12⤵
        
        PID:5444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2644 -s 236
        11⤵
        Program crash
        
        PID:3656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43617.exe
        10⤵
        
        PID:3232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-679.exe
        11⤵
        
        PID:4160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33652.exe
        12⤵
        
        PID:7620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41070.exe
        13⤵
        
        PID:10732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33911.exe
        14⤵
        
        PID:12860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10732 -s 216
        14⤵
        
        PID:5360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7620 -s 216
        13⤵
        
        PID:11848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4160 -s 216
        12⤵
        
        PID:9184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3232 -s 216
        11⤵
        
        PID:6380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 848 -s 240
        10⤵
        
        PID:4116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47437.exe
        9⤵
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46379.exe
        10⤵
        
        PID:3288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53756.exe
        11⤵
        
        PID:4808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50413.exe
        12⤵
        
        PID:6644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53261.exe
        13⤵
        
        PID:8792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-897.exe
        14⤵
        
        PID:11360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8792 -s 216
        14⤵
        
        PID:12888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6644 -s 216
        13⤵
        
        PID:10084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4808 -s 216
        12⤵
        
        PID:7776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3288 -s 216
        11⤵
        
        PID:5740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2876 -s 236
        10⤵
        Program crash
        
        PID:3908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1932 -s 240
        9⤵
        Program crash
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34291.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1364 -s 240
        9⤵
        Program crash
        
        PID:1448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1772 -s 240
        8⤵
        Program crash
        
        PID:1012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41774.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23732.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42823.exe
        9⤵
        
        PID:3680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50383.exe
        10⤵
        
        PID:4212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42769.exe
        11⤵
        
        PID:6608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35026.exe
        12⤵
        
        PID:9564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29019.exe
        13⤵
        
        PID:11300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9564 -s 236
        13⤵
        
        PID:12836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6608 -s 236
        12⤵
        
        PID:10484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4212 -s 216
        11⤵
        
        PID:7912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3680 -s 236
        10⤵
        
        PID:6080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1868 -s 216
        9⤵
        Program crash
        
        PID:3632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16274.exe
        8⤵
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16504.exe
        9⤵
        
        PID:3828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3019.exe
        10⤵
        
        PID:4584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57216.exe
        11⤵
        
        PID:6808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19541.exe
        12⤵
        
        PID:9732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52615.exe
        13⤵
        
        PID:11764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9732 -s 236
        13⤵
        
        PID:13076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6808 -s 216
        12⤵
        
        PID:10568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4584 -s 216
        11⤵
        
        PID:8084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3828 -s 216
        10⤵
        
        PID:5496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2460 -s 236
        9⤵
        
        PID:4340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2856 -s 240
        8⤵
        Program crash
        
        PID:2476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1332 -s 240
        7⤵
        Program crash
        
        PID:1000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59958.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13866.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53197.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35071.exe
        9⤵
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33224.exe
        10⤵
        
        PID:3712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37804.exe
        11⤵
        
        PID:4756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6178.exe
        12⤵
        
        PID:6900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19157.exe
        13⤵
        
        PID:9772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63902.exe
        14⤵
        
        PID:11324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9772 -s 216
        14⤵
        
        PID:12464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6900 -s 216
        13⤵
        
        PID:10600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4756 -s 216
        12⤵
        
        PID:8164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3712 -s 216
        11⤵
        
        PID:5724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2008 -s 236
        10⤵
        
        PID:4268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45455.exe
        9⤵
        
        PID:3748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25765.exe
        10⤵
        
        PID:4276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29884.exe
        11⤵
        
        PID:7140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42019.exe
        12⤵
        
        PID:9976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24684.exe
        13⤵
        
        PID:12588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9976 -s 220
        13⤵
        
        PID:12772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7140 -s 216
        12⤵
        
        PID:11212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4276 -s 216
        11⤵
        
        PID:7996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3748 -s 216
        10⤵
        
        PID:5868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2976 -s 240
        9⤵
        Program crash
        
        PID:3400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2224 -s 236
        8⤵
        Program crash
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16419.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52092.exe
        8⤵
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16504.exe
        9⤵
        
        PID:3820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40503.exe
        10⤵
        
        PID:4540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34311.exe
        11⤵
        
        PID:7716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60561.exe
        12⤵
        
        PID:10864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41361.exe
        13⤵
        
        PID:7436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10864 -s 236
        13⤵
        
        PID:7604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7716 -s 216
        12⤵
        
        PID:11976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4540 -s 236
        11⤵
        
        PID:8272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3820 -s 216
        10⤵
        
        PID:7040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1564 -s 216
        9⤵
        
        PID:4980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28407.exe
        8⤵
        
        PID:3888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25381.exe
        9⤵
        
        PID:4396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57730.exe
        10⤵
        
        PID:7336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59611.exe
        11⤵
        
        PID:10320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13599.exe
        12⤵
        
        PID:12292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10320 -s 216
        12⤵
        
        PID:7612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7336 -s 236
        11⤵
        
        PID:11392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4396 -s 216
        10⤵
        
        PID:8932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3888 -s 236
        9⤵
        
        PID:5956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1116 -s 240
        8⤵
        Program crash
        
        PID:3620
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2584 -s 240
        6⤵
        Program crash
        
        PID:1796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53780.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47151.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15127.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10540.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29668.exe
        9⤵
        
        PID:3924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16663.exe
        10⤵
        
        PID:4788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57440.exe
        11⤵
        
        PID:7940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23878.exe
        12⤵
        
        PID:10704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14101.exe
        13⤵
        
        PID:8100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10704 -s 216
        13⤵
        
        PID:8424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7940 -s 216
        12⤵
        
        PID:12256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4788 -s 216
        11⤵
        
        PID:8700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3924 -s 216
        10⤵
        
        PID:6680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2428 -s 236
        9⤵
        
        PID:4836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51516.exe
        8⤵
        
        PID:1848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20295.exe
        9⤵
        
        PID:3572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32880.exe
        10⤵
        
        PID:5700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21704.exe
        11⤵
        
        PID:8648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47150.exe
        12⤵
        
        PID:11792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46515.exe
        13⤵
        
        PID:4424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8648 -s 216
        12⤵
        
        PID:12120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5700 -s 220
        11⤵
        
        PID:9392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3572 -s 216
        10⤵
        
        PID:6924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1848 -s 216
        9⤵
        
        PID:4864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2220 -s 220
        8⤵
        Program crash
        
        PID:2540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40944.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19036.exe
        8⤵
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2998.exe
        9⤵
        
        PID:3900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3403.exe
        10⤵
        
        PID:4492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1788.exe
        11⤵
        
        PID:6596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24318.exe
        12⤵
        
        PID:10120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21922.exe
        13⤵
        
        PID:12468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 220
        13⤵
        
        PID:6304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6596 -s 216
        12⤵
        
        PID:10948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4492 -s 216
        11⤵
        
        PID:7764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3900 -s 216
        10⤵
        
        PID:5128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31477.exe
        9⤵
        
        PID:4648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31773.exe
        10⤵
        
        PID:6344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6344 -s 220
        11⤵
        
        PID:9448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4648 -s 216
        10⤵
        
        PID:7592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1652 -s 240
        9⤵
        
        PID:5528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32525.exe
        8⤵
        
        PID:3936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4773.exe
        9⤵
        
        PID:4136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10096.exe
        10⤵
        
        PID:6636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22125.exe
        11⤵
        
        PID:8916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54805.exe
        12⤵
        
        PID:11520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8916 -s 216
        12⤵
        
        PID:12920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6636 -s 216
        11⤵
        
        PID:10200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4136 -s 216
        10⤵
        
        PID:7928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3936 -s 216
        9⤵
        
        PID:6060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1808 -s 240
        8⤵
        Program crash
        
        PID:3660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1256 -s 240
        7⤵
        Program crash
        
        PID:1388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60223.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43213.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42108.exe
        8⤵
        
        PID:1784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20295.exe
        9⤵
        
        PID:3540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14680.exe
        10⤵
        
        PID:5848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12186.exe
        11⤵
        
        PID:8864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9023.exe
        12⤵
        
        PID:11944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56925.exe
        13⤵
        
        PID:8856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8864 -s 220
        12⤵
        
        PID:11296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5848 -s 216
        11⤵
        
        PID:9936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3540 -s 216
        10⤵
        
        PID:6868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1784 -s 236
        9⤵
        
        PID:4776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-621.exe
        8⤵
        
        PID:3624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29097.exe
        9⤵
        
        PID:5768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56488.exe
        10⤵
        
        PID:8684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62225.exe
        11⤵
        
        PID:11820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2332.exe
        12⤵
        
        PID:7920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8684 -s 220
        11⤵
        
        PID:11800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3624 -s 216
        9⤵
        
        PID:6280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 696 -s 240
        8⤵
        
        PID:5112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5906.exe
        7⤵
        
        PID:752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37207.exe
        8⤵
        
        PID:3472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27628.exe
        9⤵
        
        PID:5028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49370.exe
        10⤵
        
        PID:6432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24318.exe
        11⤵
        
        PID:10128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42579.exe
        12⤵
        
        PID:11388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10128 -s 216
        12⤵
        
        PID:12568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5028 -s 216
        10⤵
        
        PID:7632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3472 -s 236
        9⤵
        
        PID:5940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 752 -s 216
        8⤵
        
        PID:4896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2536 -s 240
        7⤵
        Program crash
        
        PID:2680
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3052 -s 220
        6⤵
        Program crash
        
        PID:3068
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2500 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57407.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57407.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58378.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31007.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14743.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26301.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35372.exe
        9⤵
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17054.exe
        10⤵
        
        PID:3148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2142.exe
        11⤵
        
        PID:4612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50413.exe
        12⤵
        
        PID:6648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9133.exe
        13⤵
        
        PID:9292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59683.exe
        14⤵
        
        PID:4672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9292 -s 216
        14⤵
        
        PID:12500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6648 -s 216
        13⤵
        
        PID:11000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4612 -s 216
        12⤵
        
        PID:7708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3148 -s 236
        11⤵
        
        PID:5524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51571.exe
        10⤵
        
        PID:4700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50221.exe
        11⤵
        
        PID:6732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27473.exe
        12⤵
        
        PID:9460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36666.exe
        13⤵
        
        PID:11788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9460 -s 216
        13⤵
        
        PID:13072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6732 -s 216
        12⤵
        
        PID:11040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4700 -s 220
        11⤵
        
        PID:7844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2284 -s 240
        10⤵
        
        PID:5572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50014.exe
        9⤵
        
        PID:3376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9921.exe
        10⤵
        
        PID:4572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24673.exe
        11⤵
        
        PID:7368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35154.exe
        12⤵
        
        PID:10392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62307.exe
        13⤵
        
        PID:13284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10392 -s 216
        13⤵
        
        PID:7572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4572 -s 216
        11⤵
        
        PID:8940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3376 -s 236
        10⤵
        
        PID:6008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2628 -s 240
        9⤵
        
        PID:3704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64899.exe
        8⤵
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50110.exe
        9⤵
        
        PID:4044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46803.exe
        10⤵
        
        PID:5428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58569.exe
        11⤵
        
        PID:8292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43886.exe
        12⤵
        
        PID:11512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43204.exe
        13⤵
        
        PID:8852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8292 -s 216
        12⤵
        
        PID:11544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5428 -s 216
        11⤵
        
        PID:8756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4044 -s 236
        10⤵
        
        PID:7016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2780 -s 216
        9⤵
        
        PID:4112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2836 -s 240
        8⤵
        Program crash
        
        PID:3088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56705.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5844.exe
        8⤵
        
        PID:1536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63239.exe
        9⤵
        
        PID:3240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46912.exe
        10⤵
        
        PID:5548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11096.exe
        11⤵
        
        PID:8548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44846.exe
        12⤵
        
        PID:11716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2109.exe
        13⤵
        
        PID:8216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8548 -s 216
        12⤵
        
        PID:12224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5548 -s 216
        11⤵
        
        PID:9320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3240 -s 216
        10⤵
        
        PID:6356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1536 -s 216
        9⤵
        
        PID:4604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50014.exe
        8⤵
        
        PID:3372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46528.exe
        9⤵
        
        PID:5636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54760.exe
        10⤵
        
        PID:8616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45422.exe
        11⤵
        
        PID:11684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14226.exe
        12⤵
        
        PID:8096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8616 -s 216
        11⤵
        
        PID:12028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5636 -s 216
        10⤵
        
        PID:9428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3372 -s 216
        9⤵
        
        PID:6824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2608 -s 240
        8⤵
        
        PID:4716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2104 -s 240
        7⤵
        Program crash
        
        PID:2456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27742.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43898.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9051.exe
        8⤵
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37015.exe
        9⤵
        
        PID:3320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55394.exe
        10⤵
        
        PID:5832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54086.exe
        11⤵
        
        PID:8464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24245.exe
        12⤵
        
        PID:11568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8464 -s 236
        12⤵
        
        PID:12960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5832 -s 216
        11⤵
        
        PID:2420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3320 -s 236
        10⤵
        
        PID:7448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2292 -s 236
        9⤵
        
        PID:4944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1005.exe
        8⤵
        
        PID:3428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48640.exe
        9⤵
        
        PID:5788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7671.exe
        10⤵
        
        PID:8716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12832.exe
        11⤵
        
        PID:11868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17901.exe
        12⤵
        
        PID:7316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8716 -s 220
        11⤵
        
        PID:10756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5788 -s 220
        10⤵
        
        PID:9808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3428 -s 216
        9⤵
        
        PID:6412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2376 -s 240
        8⤵
        
        PID:4580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5522.exe
        7⤵
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53159.exe
        8⤵
        
        PID:3596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22605.exe
        9⤵
        
        PID:5252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-956.exe
        10⤵
        
        PID:7208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21634.exe
        11⤵
        
        PID:11312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44330.exe
        12⤵
        
        PID:8448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7208 -s 216
        11⤵
        
        PID:11832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5252 -s 216
        10⤵
        
        PID:9080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3596 -s 216
        9⤵
        
        PID:7104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2804 -s 216
        8⤵
        
        PID:4600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1632 -s 240
        7⤵
        Program crash
        
        PID:3176
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2952 -s 240
        6⤵
        Program crash
        
        PID:2304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14156.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63752.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17260.exe
        7⤵
        
        PID:3032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31304.exe
        8⤵
        
        PID:3380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16279.exe
        9⤵
        
        PID:4924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45930.exe
        10⤵
        
        PID:8044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27451.exe
        11⤵
        
        PID:10860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51320.exe
        12⤵
        
        PID:7656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10860 -s 216
        12⤵
        
        PID:9008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8044 -s 216
        11⤵
        
        PID:11412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4924 -s 236
        10⤵
        
        PID:8880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3380 -s 216
        9⤵
        
        PID:6668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3032 -s 236
        8⤵
        
        PID:4848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2388 -s 236
        7⤵
        Program crash
        
        PID:1156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39875.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19036.exe
        7⤵
        
        PID:1676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2998.exe
        8⤵
        
        PID:3884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2526.exe
        9⤵
        
        PID:4520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7055.exe
        10⤵
        
        PID:6712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-900.exe
        11⤵
        
        PID:9640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47649.exe
        12⤵
        
        PID:11804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9640 -s 220
        12⤵
        
        PID:12656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6712 -s 236
        11⤵
        
        PID:10548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4520 -s 216
        10⤵
        
        PID:8008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3884 -s 216
        9⤵
        
        PID:5448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31477.exe
        8⤵
        
        PID:4656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49645.exe
        9⤵
        
        PID:6776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58910.exe
        10⤵
        
        PID:10216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20221.exe
        11⤵
        
        PID:12252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10216 -s 216
        11⤵
        
        PID:3756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6776 -s 216
        10⤵
        
        PID:10976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4656 -s 220
        9⤵
        
        PID:7228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1676 -s 240
        8⤵
        
        PID:5540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48670.exe
        7⤵
        
        PID:3864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6833.exe
        8⤵
        
        PID:4928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11866.exe
        9⤵
        
        PID:7308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35922.exe
        10⤵
        
        PID:10364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16174.exe
        11⤵
        
        PID:13152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10364 -s 236
        11⤵
        
        PID:7544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7308 -s 216
        10⤵
        
        PID:11428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4928 -s 236
        9⤵
        
        PID:8980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3864 -s 216
        8⤵
        
        PID:6364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2368 -s 220
        7⤵
        Program crash
        
        PID:3692
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2296 -s 240
        6⤵
        Program crash
        
        PID:2152
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2596 -s 240
        5⤵
        Program crash
        
        PID:1592
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2128 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1812
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60406.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60406.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11735.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11735.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11909.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11562.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22004.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31833.exe
        8⤵
        
        PID:1296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25227.exe
        9⤵
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29329.exe
        10⤵
        
        PID:5012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20709.exe
        11⤵
        
        PID:6228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44102.exe
        12⤵
        
        PID:8724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36388.exe
        13⤵
        
        PID:11844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8724 -s 236
        13⤵
        
        PID:13104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6228 -s 216
        12⤵
        
        PID:10252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5012 -s 216
        11⤵
        
        PID:7700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2752 -s 236
        10⤵
        
        PID:6132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1296 -s 236
        9⤵
        Program crash
        
        PID:4004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8568.exe
        8⤵
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55188.exe
        9⤵
        
        PID:3108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57524.exe
        10⤵
        
        PID:5040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64028.exe
        11⤵
        
        PID:7376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3268.exe
        12⤵
        
        PID:11364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48663.exe
        13⤵
        
        PID:8148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7376 -s 236
        12⤵
        
        PID:11940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5040 -s 236
        11⤵
        
        PID:9148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3108 -s 216
        10⤵
        
        PID:6976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1628 -s 236
        9⤵
        
        PID:5068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 824 -s 240
        8⤵
        Program crash
        
        PID:3856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45709.exe
        7⤵
        
        PID:768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44578.exe
        8⤵
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39044.exe
        9⤵
        
        PID:3192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35967.exe
        10⤵
        
        PID:4400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56640.exe
        11⤵
        
        PID:6844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52021.exe
        12⤵
        
        PID:9784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14509.exe
        13⤵
        
        PID:12284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9784 -s 216
        13⤵
        
        PID:5996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6844 -s 216
        12⤵
        
        PID:10616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4400 -s 216
        11⤵
        
        PID:8104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3192 -s 216
        10⤵
        
        PID:5216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32053.exe
        9⤵
        
        PID:4456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55571.exe
        10⤵
        
        PID:6944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52021.exe
        11⤵
        
        PID:9792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63902.exe
        12⤵
        
        PID:4568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9792 -s 216
        12⤵
        
        PID:12392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6944 -s 216
        11⤵
        
        PID:10608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4456 -s 216
        10⤵
        
        PID:8172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2808 -s 240
        9⤵
        
        PID:5296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35130.exe
        8⤵
        
        PID:3520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36870.exe
        9⤵
        
        PID:4328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54912.exe
        10⤵
        
        PID:6764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25363.exe
        11⤵
        
        PID:8640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28744.exe
        12⤵
        
        PID:11268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8640 -s 236
        12⤵
        
        PID:12820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6764 -s 236
        11⤵
        
        PID:9816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4328 -s 216
        10⤵
        
        PID:8024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3520 -s 236
        9⤵
        
        PID:6112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 768 -s 240
        8⤵
        Program crash
        
        PID:4016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2448 -s 240
        7⤵
        Program crash
        
        PID:468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31987.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15496.exe
        7⤵
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8122.exe
        8⤵
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60684.exe
        9⤵
        
        PID:4884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30460.exe
        10⤵
        
        PID:6952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42849.exe
        11⤵
        
        PID:9520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24053.exe
        12⤵
        
        PID:11644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9520 -s 216
        12⤵
        
        PID:13004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6952 -s 216
        11⤵
        
        PID:11048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4884 -s 216
        10⤵
        
        PID:7236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1664 -s 216
        9⤵
        
        PID:5800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2228 -s 236
        8⤵
        Program crash
        
        PID:4092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37457.exe
        7⤵
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40757.exe
        8⤵
        
        PID:4988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16236.exe
        9⤵
        
        PID:6708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48817.exe
        10⤵
        
        PID:9924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9924 -s 212
        11⤵
        
        PID:12752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6708 -s 216
        10⤵
        
        PID:11136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4988 -s 220
        9⤵
        
        PID:1864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2932 -s 236
        8⤵
        
        PID:5924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1764 -s 240
        7⤵
        Program crash
        
        PID:4080
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1084 -s 240
        6⤵
        Program crash
        
        PID:3036
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 496 -s 236
        5⤵
        Program crash
        
        PID:2124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38512.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38512.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41582.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53581.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49871.exe
        7⤵
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63099.exe
        8⤵
        
        PID:3352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37638.exe
        9⤵
        
        PID:4164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61523.exe
        10⤵
        
        PID:6760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60768.exe
        11⤵
        
        PID:9828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47055.exe
        12⤵
        
        PID:2400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9828 -s 220
        12⤵
        
        PID:6940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6760 -s 216
        11⤵
        
        PID:11156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4164 -s 216
        10⤵
        
        PID:8200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3352 -s 236
        9⤵
        
        PID:6072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2904 -s 236
        8⤵
        Program crash
        
        PID:3536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43534.exe
        7⤵
        
        PID:3416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33544.exe
        8⤵
        
        PID:4256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49988.exe
        9⤵
        
        PID:7584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35154.exe
        10⤵
        
        PID:10400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40154.exe
        11⤵
        
        PID:6308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10400 -s 216
        11⤵
        
        PID:8036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7584 -s 216
        10⤵
        
        PID:11440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4256 -s 216
        9⤵
        
        PID:9176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3416 -s 216
        8⤵
        
        PID:6388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1284 -s 240
        7⤵
        
        PID:4144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46726.exe
        6⤵
        
        PID:828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63592.exe
        7⤵
        
        PID:3512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11483.exe
        8⤵
        
        PID:4856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2473.exe
        9⤵
        
        PID:6664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46619.exe
        10⤵
        
        PID:9472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9472 -s 220
        11⤵
        
        PID:12076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6664 -s 216
        10⤵
        
        PID:10452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4856 -s 216
        9⤵
        
        PID:7812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3512 -s 216
        8⤵
        
        PID:5760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 828 -s 236
        7⤵
        
        PID:4104
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2692 -s 240
        6⤵
        Program crash
        
        PID:536
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1984 -s 236
        5⤵
        Program crash
        
        PID:2264
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2520 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:628
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1712 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2568
- C:\Users\Admin\AppData\Local\Temp\Unicorn-20883.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-20883.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2280
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14734.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14734.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12311.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12311.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8108.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34022.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30504.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11033.exe
        8⤵
        Executes dropped EXE
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26103.exe
        9⤵
        
        PID:3780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59698.exe
        10⤵
        
        PID:4324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46220.exe
        11⤵
        
        PID:6292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25875.exe
        12⤵
        
        PID:10032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23978.exe
        13⤵
        
        PID:12332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10032 -s 216
        13⤵
        
        PID:13280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6292 -s 220
        12⤵
        
        PID:11220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4324 -s 216
        11⤵
        
        PID:7828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3780 -s 216
        10⤵
        
        PID:5896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2812 -s 216
        9⤵
        Program crash
        
        PID:3460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64214.exe
        8⤵
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50110.exe
        9⤵
        
        PID:4036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49216.exe
        10⤵
        
        PID:5728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15341.exe
        11⤵
        
        PID:9084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21292.exe
        12⤵
        
        PID:12136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58770.exe
        13⤵
        
        PID:8532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9084 -s 216
        12⤵
        
        PID:12628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5728 -s 216
        11⤵
        
        PID:10164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4036 -s 216
        10⤵
        
        PID:6992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2732 -s 236
        9⤵
        
        PID:4372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1572 -s 240
        8⤵
        Program crash
        
        PID:3132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24032.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42108.exe
        8⤵
        
        PID:1520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13846.exe
        9⤵
        
        PID:1960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30083.exe
        10⤵
        
        PID:5488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9752.exe
        11⤵
        
        PID:8340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56247.exe
        12⤵
        
        PID:11584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43505.exe
        13⤵
        
        PID:8840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8340 -s 216
        12⤵
        
        PID:928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5488 -s 216
        11⤵
        
        PID:9228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1960 -s 216
        10⤵
        
        PID:7120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1520 -s 216
        9⤵
        
        PID:4348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-813.exe
        8⤵
        
        PID:3276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13554.exe
        9⤵
        
        PID:5456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9752.exe
        10⤵
        
        PID:8576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-611.exe
        11⤵
        
        PID:12100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45755.exe
        12⤵
        
        PID:7552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8576 -s 216
        11⤵
        
        PID:12540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5456 -s 216
        10⤵
        
        PID:9368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3276 -s 216
        9⤵
        
        PID:7052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2664 -s 240
        8⤵
        
        PID:4156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 608 -s 240
        7⤵
        Program crash
        
        PID:1076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27166.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59741.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2014.exe
        8⤵
        
        PID:948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17246.exe
        9⤵
        
        PID:3980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14047.exe
        10⤵
        
        PID:5672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38232.exe
        11⤵
        
        PID:8588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43585.exe
        12⤵
        
        PID:11748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30480.exe
        13⤵
        
        PID:7616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8588 -s 216
        12⤵
        
        PID:11288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5672 -s 216
        11⤵
        
        PID:9408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3980 -s 216
        10⤵
        
        PID:6896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 948 -s 216
        9⤵
        
        PID:4512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46773.exe
        8⤵
        
        PID:4056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34120.exe
        9⤵
        
        PID:5092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31493.exe
        10⤵
        
        PID:7412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7412 -s 220
        11⤵
        
        PID:10468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5092 -s 216
        10⤵
        
        PID:9024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4056 -s 216
        9⤵
        
        PID:6372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2708 -s 220
        8⤵
        
        PID:4792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65283.exe
        7⤵
        
        PID:2364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33582.exe
        8⤵
        
        PID:4008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25428.exe
        9⤵
        
        PID:4824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3452.exe
        10⤵
        
        PID:7356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52277.exe
        11⤵
        
        PID:11352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15991.exe
        12⤵
        
        PID:8328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7356 -s 216
        11⤵
        
        PID:11888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4824 -s 216
        10⤵
        
        PID:9128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4008 -s 216
        9⤵
        
        PID:7000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2364 -s 216
        8⤵
        
        PID:4996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1752 -s 240
        7⤵
        Program crash
        
        PID:3080
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1924 -s 240
        6⤵
        Program crash
        
        PID:776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46310.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14167.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60426.exe
        7⤵
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9627.exe
        8⤵
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52775.exe
        9⤵
        
        PID:3788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44156.exe
        10⤵
        
        PID:4828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65244.exe
        11⤵
        
        PID:6576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44240.exe
        12⤵
        
        PID:9748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24053.exe
        13⤵
        
        PID:11660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9748 -s 236
        13⤵
        
        PID:13012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6576 -s 216
        12⤵
        
        PID:11096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4828 -s 216
        11⤵
        
        PID:1736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3788 -s 236
        10⤵
        
        PID:5776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20891.exe
        9⤵
        
        PID:4956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6370.exe
        10⤵
        
        PID:6968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19157.exe
        11⤵
        
        PID:9760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61136.exe
        12⤵
        
        PID:12016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9760 -s 216
        12⤵
        
        PID:12712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6968 -s 216
        11⤵
        
        PID:10592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4956 -s 216
        10⤵
        
        PID:8180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1512 -s 240
        9⤵
        
        PID:5908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48670.exe
        8⤵
        
        PID:3872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24805.exe
        9⤵
        
        PID:4908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35530.exe
        10⤵
        
        PID:6512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64932.exe
        11⤵
        
        PID:9908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47649.exe
        12⤵
        
        PID:11836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9908 -s 220
        12⤵
        
        PID:12524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6512 -s 216
        11⤵
        
        PID:10716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4908 -s 216
        10⤵
        
        PID:7696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3872 -s 236
        9⤵
        
        PID:5864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2872 -s 220
        8⤵
        Program crash
        
        PID:4020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21858.exe
        7⤵
        
        PID:580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23833.exe
        8⤵
        
        PID:3836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47844.exe
        9⤵
        
        PID:6272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57288.exe
        10⤵
        
        PID:8664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15923.exe
        11⤵
        
        PID:11972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8664 -s 236
        11⤵
        
        PID:12852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6272 -s 216
        10⤵
        
        PID:10352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3836 -s 216
        9⤵
        
        PID:7740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 580 -s 216
        8⤵
        
        PID:5872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2468 -s 240
        7⤵
        Program crash
        
        PID:3212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56897.exe
        6⤵
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35756.exe
        7⤵
        
        PID:1264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53159.exe
        8⤵
        
        PID:3592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48640.exe
        9⤵
        
        PID:5812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32829.exe
        10⤵
        
        PID:9140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28038.exe
        11⤵
        
        PID:12228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9140 -s 236
        11⤵
        
        PID:12736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5812 -s 220
        10⤵
        
        PID:9496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3592 -s 216
        9⤵
        
        PID:6416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1264 -s 236
        8⤵
        
        PID:5088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32717.exe
        7⤵
        
        PID:3676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30192.exe
        8⤵
        
        PID:5608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11480.exe
        9⤵
        
        PID:8456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29470.exe
        10⤵
        
        PID:11624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12944.exe
        11⤵
        
        PID:9004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8456 -s 220
        10⤵
        
        PID:11880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5608 -s 216
        9⤵
        
        PID:9280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3676 -s 216
        8⤵
        
        PID:6816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2832 -s 240
        7⤵
        
        PID:4640
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2576 -s 240
        6⤵
        Program crash
        
        PID:1228
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2100 -s 220
        5⤵
        Program crash
        
        PID:2964
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2788 -s 236
      4⤵
      Loads dropped DLL
      Program crash
      PID:1500
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8782.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8782.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7916.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7916.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17878.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29160.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5283.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17583.exe
        8⤵
        
        PID:2632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47256.exe
        9⤵
        
        PID:3480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44706.exe
        10⤵
        
        PID:4720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16236.exe
        11⤵
        
        PID:6720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60768.exe
        12⤵
        
        PID:9904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7641.exe
        13⤵
        
        PID:12376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9904 -s 220
        13⤵
        
        PID:12316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6720 -s 216
        12⤵
        
        PID:11120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4720 -s 220
        11⤵
        
        PID:7824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3480 -s 236
        10⤵
        
        PID:6208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2632 -s 236
        9⤵
        
        PID:4200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43726.exe
        8⤵
        
        PID:3500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14119.exe
        9⤵
        
        PID:4712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40398.exe
        10⤵
        
        PID:7804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62579.exe
        11⤵
        
        PID:9352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41212.exe
        12⤵
        
        PID:12504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9352 -s 220
        12⤵
        
        PID:6016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7804 -s 220
        11⤵
        
        PID:10376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4712 -s 236
        10⤵
        
        PID:8388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3500 -s 216
        9⤵
        
        PID:6520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2088 -s 240
        8⤵
        Program crash
        
        PID:3944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47110.exe
        7⤵
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63400.exe
        8⤵
        
        PID:3432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34265.exe
        9⤵
        
        PID:4072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38638.exe
        10⤵
        
        PID:6484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41035.exe
        11⤵
        
        PID:9272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11904.exe
        12⤵
        
        PID:12236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9272 -s 216
        12⤵
        
        PID:13232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6484 -s 216
        11⤵
        
        PID:10420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4072 -s 216
        10⤵
        
        PID:7856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3432 -s 236
        9⤵
        
        PID:6000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31996.exe
        8⤵
        
        PID:3804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11549.exe
        9⤵
        
        PID:6580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13946.exe
        10⤵
        
        PID:9500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45454.exe
        11⤵
        
        PID:12156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9500 -s 216
        11⤵
        
        PID:13216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6580 -s 216
        10⤵
        
        PID:10460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3804 -s 216
        9⤵
        
        PID:7896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2840 -s 240
        8⤵
        
        PID:6032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2160 -s 240
        7⤵
        Program crash
        
        PID:1744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31603.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2782.exe
        7⤵
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-743.exe
        8⤵
        
        PID:3600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16087.exe
        9⤵
        
        PID:5044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2985.exe
        10⤵
        
        PID:8132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64482.exe
        11⤵
        
        PID:11280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40578.exe
        12⤵
        
        PID:7992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11280 -s 216
        12⤵
        
        PID:8660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8132 -s 216
        11⤵
        
        PID:11728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5044 -s 236
        10⤵
        
        PID:8964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3600 -s 216
        9⤵
        
        PID:6744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1624 -s 236
        8⤵
        
        PID:4892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13742.exe
        7⤵
        
        PID:3644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42594.exe
        8⤵
        
        PID:4528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19661.exe
        9⤵
        
        PID:6828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27473.exe
        10⤵
        
        PID:9468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46113.exe
        11⤵
        
        PID:11384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9468 -s 216
        11⤵
        
        PID:12488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6828 -s 216
        10⤵
        
        PID:11032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4528 -s 220
        9⤵
        
        PID:7480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3644 -s 216
        8⤵
        
        PID:6160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1488 -s 240
        7⤵
        Program crash
        
        PID:3476
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 408 -s 240
        6⤵
        Program crash
        
        PID:2532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8417.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2076.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35590.exe
        7⤵
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60914.exe
        8⤵
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61161.exe
        9⤵
        
        PID:3456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19422.exe
        10⤵
        
        PID:6456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57371.exe
        11⤵
        
        PID:9436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54151.exe
        12⤵
        
        PID:11988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9436 -s 216
        12⤵
        
        PID:13124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6456 -s 216
        11⤵
        
        PID:10476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3456 -s 216
        10⤵
        
        PID:7836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 236
        9⤵
        
        PID:5944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2072 -s 236
        8⤵
        Program crash
        
        PID:4052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37265.exe
        7⤵
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22044.exe
        8⤵
        
        PID:4728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32842.exe
        9⤵
        
        PID:6248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36487.exe
        10⤵
        
        PID:10064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42579.exe
        11⤵
        
        PID:11276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10064 -s 216
        11⤵
        
        PID:12552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6248 -s 216
        10⤵
        
        PID:10900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4728 -s 216
        9⤵
        
        PID:7520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2176 -s 216
        8⤵
        
        PID:5664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2024 -s 220
        7⤵
        Program crash
        
        PID:3800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31868.exe
        6⤵
        
        PID:560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14666.exe
        7⤵
        
        PID:3100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62111.exe
        8⤵
        
        PID:4780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35380.exe
        9⤵
        
        PID:7672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10317.exe
        10⤵
        
        PID:10820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41361.exe
        11⤵
        
        PID:7464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10820 -s 216
        11⤵
        
        PID:1196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7672 -s 236
        10⤵
        
        PID:11924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4780 -s 236
        9⤵
        
        PID:8224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3100 -s 216
        8⤵
        
        PID:6404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 560 -s 236
        7⤵
        Program crash
        
        PID:3556
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2252 -s 240
        6⤵
        Program crash
        
        PID:2052
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1804 -s 240
        5⤵
        Program crash
        
        PID:1200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11525.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11525.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47416.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26986.exe
        6⤵
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58252.exe
        7⤵
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52775.exe
        8⤵
        
        PID:3792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40202.exe
        9⤵
        
        PID:5288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64028.exe
        10⤵
        
        PID:7380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52277.exe
        11⤵
        
        PID:11340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23474.exe
        12⤵
        
        PID:7408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7380 -s 216
        11⤵
        
        PID:11896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5288 -s 216
        10⤵
        
        PID:9156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3792 -s 216
        9⤵
        
        PID:7112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2868 -s 216
        8⤵
        
        PID:4608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48670.exe
        7⤵
        
        PID:3816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64016.exe
        8⤵
        
        PID:5516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58377.exe
        9⤵
        
        PID:8404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56247.exe
        10⤵
        
        PID:11608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28705.exe
        11⤵
        
        PID:9108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8404 -s 216
        10⤵
        
        PID:11492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5516 -s 216
        9⤵
        
        PID:9244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3816 -s 216
        8⤵
        
        PID:6220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2900 -s 240
        7⤵
        
        PID:4228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2507.exe
        6⤵
        
        PID:1792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3382.exe
        7⤵
        
        PID:3724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26149.exe
        8⤵
        
        PID:4180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13547.exe
        9⤵
        
        PID:6468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6468 -s 200
        10⤵
        
        PID:9540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4180 -s 216
        9⤵
        
        PID:2036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3724 -s 236
        8⤵
        
        PID:5844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1792 -s 236
        7⤵
        
        PID:5016
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2240 -s 240
        6⤵
        Program crash
        
        PID:3264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6051.exe
        5⤵
        
        PID:2896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55045.exe
        6⤵
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63239.exe
        7⤵
        
        PID:3244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53756.exe
        8⤵
        
        PID:4800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46028.exe
        9⤵
        
        PID:7076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44515.exe
        10⤵
        
        PID:10116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41020.exe
        11⤵
        
        PID:12556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10116 -s 220
        11⤵
        
        PID:6788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7076 -s 220
        10⤵
        
        PID:11244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4800 -s 216
        9⤵
        
        PID:8156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3244 -s 216
        8⤵
        
        PID:5748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1604 -s 236
        7⤵
        
        PID:4816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50014.exe
        6⤵
        
        PID:3396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63632.exe
        7⤵
        
        PID:5576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43494.exe
        8⤵
        
        PID:8368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40487.exe
        9⤵
        
        PID:11552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12944.exe
        10⤵
        
        PID:9012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8368 -s 216
        9⤵
        
        PID:11636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5576 -s 216
        8⤵
        
        PID:9236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3396 -s 216
        7⤵
        
        PID:6736
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2896 -s 240
        6⤵
        
        PID:4744
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2288 -s 240
        5⤵
        Program crash
        
        PID:1976
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2908 -s 240
      4⤵
      Program crash
      PID:880
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2280 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:1552
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2320 -s 240
  2⤵
  - Program crash
  PID:2792

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-11735.exe

Filesize
184KB

MD5
4021d2d64b9c22c7c382f907577a7807

SHA1
5b8d1b555080567944d030218e5d5f6502cbaa89

SHA256
7fd36b1ee4b4179bce4694d955d40dba8bf30eb554fbe954d8a14c124b870195

SHA512
212228709158d4c4ce3bcf203bb78c89c876495938d2f3ff635d7d414e9c15c13794e73799b182ff8dd8631c8ee1767ad89c4d6306f1cbce24bad5f51e916ee8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3268.exe

Filesize
184KB

MD5
5fcc3379f027d8e927e6456bd89b5ebe

SHA1
7c56829bdeeec791b139c962a0f4f968ec58e948

SHA256
84f4158a5555ca591d2e9becd8587b091013aeff222a12c1846bc66a497a8eed

SHA512
6c686c46e9329ce001a6b1d476a2f6e303256b2866992c5cf55bb92b8bed47c89f764e1677cc36c22afb4181b08dd536280ffa20a4c89081efdbcb96995a9a21

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39875.exe

Filesize
184KB

MD5
709917d96b67efbe600f74f53c097e43

SHA1
03ea3b2a06af5a08d6aa0e84cab458e4bf88ec27

SHA256
f64ad2bbfefe26be94702f335b4fa58b9db7083f42342b70f01e18395d69a40b

SHA512
8e7be079e1655a1a7b7c04262c961778453afcd26ccc0af51b889c0779ea12f86507b3e6fc9c1f03e55af6f64523f7dbbd95655e8380397b953313b81cefba31

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40781.exe

Filesize
184KB

MD5
54ac9344564e2fa3b19f9555d3909d17

SHA1
c51be13b8077fe488565e41d0dee84d178f3726e

SHA256
943205c98103aab451280aa6657ffa73186d4ef3e951ef3bda096d5ae577a0b7

SHA512
6be2fcfcc698795e7e9b556b51d3c75e138c6d704c0c369c1bec5b6abf487d8c100027f4dabd2255f49c0a6327a938ae5f9493e7a76e6b0c399ba5484d98a689

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40944.exe

Filesize
184KB

MD5
a472fef5cbcf791138660f6005637fab

SHA1
abe11b7102a11aca64538be8e835b2eef44d3338

SHA256
baa6acb326fe74866c84b12ec18a17cd36e78f569be019aceea6db36e7146827

SHA512
6c7641e4cffa740ea3a80ab1d75c414fe74f139bd64d7c746381110c353cad6f2d784d17902f82a9488b7b260fe4d93a29ecbf0d170950e2d75f8f96724bc44c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47407.exe

Filesize
184KB

MD5
a693a4cd265f88236e72d76421b1354b

SHA1
0aac4b1727fe3ef5bbf8ec9372ab2c6a2da40f95

SHA256
9ac796d4d8995fe5d2eaad05d4e04ecb8b55c88f9fb73c91397f6818430191c5

SHA512
cec0a92f47da5c35441196503b9d1df6669d0597a1f0abcd6f79daf5a9589c9afe4530084b288b5aead80af0ef296c007a2acde9ef8e76874c5b3d239b16c881

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54912.exe

Filesize
184KB

MD5
df76771fd68ca97263c03d6cb35ae620

SHA1
974b7450cda6d706bec70ce4b4f165b89efcb336

SHA256
160e9fa55c3e687b27278b25c9370cc6ddc6aebfd8d54a02443853350c34cc20

SHA512
0598c9a5c163ef659add2b8e2b9874d6ef486287b4d85e5b26799cae9cf582785861060fbb99b9f296b0249f482042055cf0c5a4e4b847f1f428c96ea3ad1bea

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55188.exe

Filesize
184KB

MD5
76eb4746b32114ba595d3d620420d061

SHA1
cbc0435885600aadb139e752acd1a75dbf24bb03

SHA256
15e665cabffc8e59d72a1895ebcbc90ff478bac152b23ad80b326c5e43680acf

SHA512
c53065ba078ce086391cf69772070e0fe993f7626d6cf6ed2e7c534dd8e51ddc8e15702fb978ca00afb145f703d89be8a466b060c32b17700a122cc6967eef89

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56488.exe

Filesize
184KB

MD5
e52a736a921b337fa5dbe2ac7a4d9a18

SHA1
87903be848035c9cc46e68da2c971274616ad7e4

SHA256
9cdc456a6ea2743248d1c8898bb710c189f1f1709eb8aa72fc1aebe585363a90

SHA512
542bda6598440a6c9446041064b0fa2246e92bc6b564108805164a4cd199f3daf258a306f33d8b4c9b3a5f5b52788ff9e31b86f7214399ff8aa6dc6a81086c8d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56640.exe

Filesize
184KB

MD5
b46a3d23a15291bb043c66e309032dca

SHA1
14ec9e62524cfa0124f83fe06642720ce5f94d82

SHA256
9e50218e1cebd39a2fd4dbf2d7c28f79d84956b20f77e24fabcb9cf02fbf009f

SHA512
fdc508c4df2aa81eb16f250901baa065358135e82ffffb86dda37a491ebf11a9a2107e968257d1f64f7667c834caadb7b5fcbc93526e1afcce2d334464340dd0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5844.exe

Filesize
184KB

MD5
8181905512bd35ad2217de3af3906499

SHA1
c99cdb6fdea8b4411a84f097b03ffff729e72942

SHA256
92451cfe103cd5de904778d5679c8a838bd97505d6eee1d1c3dab13023dac268

SHA512
cd27d9709cf4aa0d5d835ff758af9881cc1641c941f994c2bdc0df9a1314ae91fec56ed0303b5ec8c166b5e3e9cd1026d475dad3dad5aa657dd9918f1da9d583

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60406.exe

Filesize
184KB

MD5
e987f3c3f27f9fbe592596605d48b21d

SHA1
2586ac5b9b6f5f04490a0f10f36943bbe20d8477

SHA256
9cb79153b2950004217f6a7b928ce95d4189f398d5f08da5506801af236186e5

SHA512
16ed4026a0738b81c45f7cd79350c96bdbe61084d60788a0ef22293ecd703cc6f40408f2b2fd2c4a41c8e6cd121e948e9647b871a73129e7b890ef55ac36616a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61512.exe

Filesize
184KB

MD5
81a3a73bdce5c8dc2a7c0ad5760b4ecd

SHA1
e91b80d1da9f9876271774c8696eea779d640611

SHA256
efd75fa4d97c0a21ea9c33b6bb04b8146c5c40acc832ef4932c9cda3780ac813

SHA512
e312b79310c99300fc7a1f2d3fa19842c942168002c6d47b66119fb95f2edb25e4ad186858e2012e512f4286c71eb29e520237870814fdf3a2675fa1c75240ba

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7916.exe

Filesize
184KB

MD5
8a0472f468ea4f9c38dfe5f17755a575

SHA1
fec1278372da181db58df69d0e7ad8bcf9d2fc9f

SHA256
1deba68df0d616e647822fc7982774f768d5ccd133fdf645ea3be6a2c894ca95

SHA512
1548287d3dd1ece9c42f8319fba3e631fa9e0a39bad4d7bc7fff2f5eba5c207d9e8433c183f0b3b24a43cba92ce232a78d2bdfcebaea6c9fbbecf181455cd023

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8782.exe

Filesize
184KB

MD5
bf57d7b49ae8769a91a0d0d95257bcf7

SHA1
728fdfc31bba61c5f9291699e7c9e849ab794c2b

SHA256
3028a01dab6667f62786b16cc27ced88f1be4553a0a395d4958b85f4e523cc38

SHA512
a33b792cd10067938f3a444d16100f7f267451664a207e4cecf6c13e74ee270b802eb76f21f7e9c9384dbb6252f61582acebb5dcdd5c5cc5c5ffcff861211d56

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-12311.exe

Filesize
184KB

MD5
edfdac3ca5e4c078ae68053ee567fb88

SHA1
cf9b026c41d7ba001d08bbf0f5e55472f5da3957

SHA256
62da1e426e1e28b112d95c793fd305b35017aad65864cbed6decf850d3c5cc6a

SHA512
b0c6c136250bb61fbe4d9f89e66dacd75c02e55fca6b981b26229cf732f3ce1c1562f2cbc759e326940dcb3ae4147e3bb6a23a35c6ec903cb8536bdd267807c1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-14734.exe

Filesize
184KB

MD5
3e1d93163b181d66c0f89817c9340cf4

SHA1
8efbe53527086d9372f193afdb156f9b8caa69ce

SHA256
755141152164dba9fe33769695a89ba5af7d0a41b8e0375acd874c08d6588827

SHA512
fbdd5d0c1ac0bd62279a546b25d35d98161b224eaaca506c524c8915f61269ea2b6664f995fbad1502b4faa0cf2d08b4d848f9ddff0df08249cd577f889cbb33

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-20883.exe

Filesize
184KB

MD5
18d167d46dd4c38e75c90729c391b60e

SHA1
ff05fd9ac0d3aa0ffbfab6da73c6cb7b335f22c4

SHA256
1b2bbaaf081ca804cd8493f8e8027d408e9ca0a55d3a36a9dab632360388dd17

SHA512
1a95fb2088de32720ba8c5128bea07911e554c65e6aea04aef77a82ebdd7269c04b1ae395046158d06e171d0d500554d197ba3600bdd2d6e9b2eadfa703b1264

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-41626.exe

Filesize
184KB

MD5
d4de60559d26fc4824e927d35e43bbc1

SHA1
a36292cb3802880732c5f2c5a02542a4ba13f852

SHA256
79f089e64592e0ffa75b615a6f65ea02841a3263c77c38a3cd2b36c44a7b4c23

SHA512
308f15d769c218054a33d659ca6da6caa75874234877e867e6378863bcd13b1acdd0d60f8cb393a27129b6478fbd72d76af470e52b1839266f8bf05d983c46cd

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-57407.exe

Filesize
184KB

MD5
e65f093e1f2e65657326bb7d7def35db

SHA1
eeb24124884951d744ab06640d7334b2375a35b8

SHA256
df844a142494c4594e8464c6d3c8c6c1dea6817ac325a94cdbd868b4dc1ad539

SHA512
cb8fc84ca5371952abfd81fa21bab1f0d9cffc28ac2d8059c83cd6d1f017a9d12532105f546a010b6403d7b261eeb4b37439695d8b200d3cf3de540bcbf29673

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-8304.exe

Filesize
184KB

MD5
9f45d3dc0148b1817b8b1c1a7705b85a

SHA1
6f41af8e4a89e5b65e10c9b0cdc8f44482e8861d

SHA256
b067735d8033defb770275aef7e1ecd0a51fa4f062e6e9f5e18cd32355bfa908

SHA512
fec5ae253db91c4eeccfac26ab244a465e05103add48ec0efe6fd474b65f636de2b85de30f744025a935951d3ddec1efd0a88c6e7ff12ceec9d6a5340fed3b77

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads