f5feecd4bb3f620a9f6c334b1cb6baf7c2eb86e6888a39f5226794a6789c5928

Analysis

max time kernel
150s
max time network
123s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
29/05/2024, 04:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f5feecd4bb3f620a9f6c334b1cb6baf7c2eb86e6888a39f5226794a6789c5928.exe
Size

184KB
MD5

12ae9049ca3865a83c814ca08450f028
SHA1

a437bcebc45910cbf7aed7eeea45f9127ec0d244
SHA256

f5feecd4bb3f620a9f6c334b1cb6baf7c2eb86e6888a39f5226794a6789c5928
SHA512

c860ca1d05c33ac6d90ff8dbba55d682495e029d9316336110d3d13f5eb844452da347ae6a9d34a3b0fe5f9a07f4d46987c325d2334f96911e5ad0a449c51a06
SSDEEP

1536:SHZY6jZuZZP8o5x1/KSAlvwMjM9yvBc8Z8ddcILR2OQptlhl5hj5nizpCh:wZMZP8ofJKSudjaW2yILR6/lhlnViFW

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2928	Unicorn-27217.exe
3064	Unicorn-33839.exe
2856	Unicorn-13973.exe
2868	Unicorn-30344.exe
2500	Unicorn-9601.exe
2756	Unicorn-29467.exe
1568	Unicorn-60785.exe
2964	Unicorn-11776.exe
2168	Unicorn-56379.exe
1900	Unicorn-57448.exe
2812	Unicorn-43873.exe
1684	Unicorn-53053.exe
2296	Unicorn-1584.exe
1648	Unicorn-53930.exe
1232	Unicorn-37594.exe
480	Unicorn-24272.exe
692	Unicorn-60474.exe
636	Unicorn-57137.exe
1636	Unicorn-59867.exe
2140	Unicorn-30764.exe
240	Unicorn-50630.exe
1876	Unicorn-42689.exe
1624	Unicorn-46219.exe
900	Unicorn-27614.exe
2364	Unicorn-12970.exe
1512	Unicorn-43374.exe
2188	Unicorn-62363.exe
1620	Unicorn-47096.exe
2544	Unicorn-26161.exe
2116	Unicorn-47096.exe
2348	Unicorn-53972.exe
2824	Unicorn-40650.exe
3052	Unicorn-40650.exe
2196	Unicorn-11315.exe
2780	Unicorn-60708.exe
2468	Unicorn-60132.exe
2464	Unicorn-8471.exe
2472	Unicorn-60324.exe
1828	Unicorn-59748.exe
928	Unicorn-40951.exe
2684	Unicorn-43604.exe
2560	Unicorn-56904.exe
1656	Unicorn-26692.exe
1460	Unicorn-60433.exe
1848	Unicorn-39690.exe
1584	Unicorn-7895.exe
1716	Unicorn-27761.exe
1108	Unicorn-64836.exe
1284	Unicorn-21853.exe
576	Unicorn-37613.exe
1056	Unicorn-34275.exe
1420	Unicorn-4748.exe
1976	Unicorn-1712.exe
1528	Unicorn-1712.exe
1452	Unicorn-7353.exe
1920	Unicorn-40218.exe
2360	Unicorn-53217.exe
1612	Unicorn-56362.exe
2416	Unicorn-7161.exe
3048	Unicorn-20160.exe
2656	Unicorn-20160.exe
2844	Unicorn-20160.exe
2576	Unicorn-65023.exe
2752	Unicorn-23114.exe

Loads dropped DLL 64 IoCs

pid	Process
3044	f5feecd4bb3f620a9f6c334b1cb6baf7c2eb86e6888a39f5226794a6789c5928.exe
3044	f5feecd4bb3f620a9f6c334b1cb6baf7c2eb86e6888a39f5226794a6789c5928.exe
2928	Unicorn-27217.exe
2928	Unicorn-27217.exe
3044	f5feecd4bb3f620a9f6c334b1cb6baf7c2eb86e6888a39f5226794a6789c5928.exe
3044	f5feecd4bb3f620a9f6c334b1cb6baf7c2eb86e6888a39f5226794a6789c5928.exe
3064	Unicorn-33839.exe
3064	Unicorn-33839.exe
2856	Unicorn-13973.exe
2856	Unicorn-13973.exe
2928	Unicorn-27217.exe
2928	Unicorn-27217.exe
2536	WerFault.exe
2536	WerFault.exe
2536	WerFault.exe
2536	WerFault.exe
2536	WerFault.exe
2868	Unicorn-30344.exe
2868	Unicorn-30344.exe
2756	Unicorn-29467.exe
3064	Unicorn-33839.exe
2856	Unicorn-13973.exe
2756	Unicorn-29467.exe
3064	Unicorn-33839.exe
2856	Unicorn-13973.exe
2500	Unicorn-9601.exe
2500	Unicorn-9601.exe
3060	WerFault.exe
3060	WerFault.exe
3060	WerFault.exe
3060	WerFault.exe
2972	WerFault.exe
2972	WerFault.exe
2972	WerFault.exe
2972	WerFault.exe
3060	WerFault.exe
2972	WerFault.exe
1568	Unicorn-60785.exe
1568	Unicorn-60785.exe
2868	Unicorn-30344.exe
2868	Unicorn-30344.exe
2168	Unicorn-56379.exe
2168	Unicorn-56379.exe
2812	Unicorn-43873.exe
2812	Unicorn-43873.exe
2500	Unicorn-9601.exe
2500	Unicorn-9601.exe
2964	Unicorn-11776.exe
2964	Unicorn-11776.exe
2756	Unicorn-29467.exe
2756	Unicorn-29467.exe
1820	WerFault.exe
1820	WerFault.exe
1820	WerFault.exe
1820	WerFault.exe
1820	WerFault.exe
1924	WerFault.exe
1924	WerFault.exe
1924	WerFault.exe
1924	WerFault.exe
1924	WerFault.exe
2340	WerFault.exe
2340	WerFault.exe
2340	WerFault.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2660	3044	WerFault.exe	27
2536	2928	WerFault.exe	28
3060	3064	WerFault.exe	29
2972	2856	WerFault.exe	30
1820	2868	WerFault.exe	32
1924	2756	WerFault.exe	33
2340	2500	WerFault.exe	34
2912	1568	WerFault.exe	36
3000	2168	WerFault.exe	39
3024	1900	WerFault.exe	38
1532	2812	WerFault.exe	40
2564	2964	WerFault.exe	37
1256	1684	WerFault.exe	43
1744	2296	WerFault.exe	44
1008	1648	WerFault.exe	45
1728	1232	WerFault.exe	46
2132	480	WerFault.exe	47
840	692	WerFault.exe	48
1664	636	WerFault.exe	49
2336	1636	WerFault.exe	53
932	240	WerFault.exe	55
1644	2140	WerFault.exe	54
536	1876	WerFault.exe	56
2352	1624	WerFault.exe	57
1560	900	WerFault.exe	58
1856	2364	WerFault.exe	59
1064	2188	WerFault.exe	61
1576	2116	WerFault.exe	63
2924	1512	WerFault.exe	60
1772	2544	WerFault.exe	64
2152	1620	WerFault.exe	62
2708	1056	WerFault.exe	97
688	2416	WerFault.exe	105
2700	2196	WerFault.exe	73
2532	3052	WerFault.exe	70
2528	2348	WerFault.exe	69
1304	2824	WerFault.exe	71
3088	1828	WerFault.exe	78
3112	2780	WerFault.exe	74
3136	2472	WerFault.exe	77
3128	2468	WerFault.exe	75
3184	2560	WerFault.exe	81
3200	1584	WerFault.exe	85
3208	1716	WerFault.exe	86
3232	928	WerFault.exe	79
3272	1848	WerFault.exe	84
3296	2464	WerFault.exe	76
3312	2684	WerFault.exe	80
3328	1460	WerFault.exe	83
3352	1656	WerFault.exe	82
3664	1108	WerFault.exe	89
3960	1284	WerFault.exe	91
3336	1528	WerFault.exe	100
3432	1920	WerFault.exe	102
3540	1452	WerFault.exe	101
3572	1420	WerFault.exe	98
3580	1752	WerFault.exe	116
3692	2476	WerFault.exe	115
3964	2752	WerFault.exe	110
4064	2624	WerFault.exe	112
4048	2656	WerFault.exe	106
4348	1612	WerFault.exe	104
4472	576	WerFault.exe	93
4524	2844	WerFault.exe	108

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
3044	f5feecd4bb3f620a9f6c334b1cb6baf7c2eb86e6888a39f5226794a6789c5928.exe
2928	Unicorn-27217.exe
3064	Unicorn-33839.exe
2856	Unicorn-13973.exe
2868	Unicorn-30344.exe
2500	Unicorn-9601.exe
2756	Unicorn-29467.exe
1568	Unicorn-60785.exe
2168	Unicorn-56379.exe
1900	Unicorn-57448.exe
2812	Unicorn-43873.exe
2964	Unicorn-11776.exe
1684	Unicorn-53053.exe
2296	Unicorn-1584.exe
1648	Unicorn-53930.exe
1232	Unicorn-37594.exe
480	Unicorn-24272.exe
692	Unicorn-60474.exe
636	Unicorn-57137.exe
1636	Unicorn-59867.exe
2140	Unicorn-30764.exe
240	Unicorn-50630.exe
1876	Unicorn-42689.exe
1624	Unicorn-46219.exe
900	Unicorn-27614.exe
2364	Unicorn-12970.exe
1512	Unicorn-43374.exe
2188	Unicorn-62363.exe
1620	Unicorn-47096.exe
2544	Unicorn-26161.exe
2116	Unicorn-47096.exe
2348	Unicorn-53972.exe
2824	Unicorn-40650.exe
3052	Unicorn-40650.exe
2196	Unicorn-11315.exe
2780	Unicorn-60708.exe
2468	Unicorn-60132.exe
2464	Unicorn-8471.exe
2472	Unicorn-60324.exe
1828	Unicorn-59748.exe
928	Unicorn-40951.exe
2684	Unicorn-43604.exe
2560	Unicorn-56904.exe
1656	Unicorn-26692.exe
1460	Unicorn-60433.exe
1848	Unicorn-39690.exe
1584	Unicorn-7895.exe
1716	Unicorn-27761.exe
1108	Unicorn-64836.exe
1284	Unicorn-21853.exe
576	Unicorn-37613.exe
1056	Unicorn-34275.exe
1420	Unicorn-4748.exe
1528	Unicorn-1712.exe
1976	Unicorn-1712.exe
1452	Unicorn-7353.exe
1920	Unicorn-40218.exe
1612	Unicorn-56362.exe
2844	Unicorn-20160.exe
2416	Unicorn-7161.exe
2656	Unicorn-20160.exe
2828	Unicorn-23114.exe
2576	Unicorn-65023.exe
2752	Unicorn-23114.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3044 wrote to memory of 2928	3044	f5feecd4bb3f620a9f6c334b1cb6baf7c2eb86e6888a39f5226794a6789c5928.exe	28
PID 3044 wrote to memory of 2928	3044	f5feecd4bb3f620a9f6c334b1cb6baf7c2eb86e6888a39f5226794a6789c5928.exe	28
PID 3044 wrote to memory of 2928	3044	f5feecd4bb3f620a9f6c334b1cb6baf7c2eb86e6888a39f5226794a6789c5928.exe	28
PID 3044 wrote to memory of 2928	3044	f5feecd4bb3f620a9f6c334b1cb6baf7c2eb86e6888a39f5226794a6789c5928.exe	28
PID 2928 wrote to memory of 3064	2928	Unicorn-27217.exe	29
PID 2928 wrote to memory of 3064	2928	Unicorn-27217.exe	29
PID 2928 wrote to memory of 3064	2928	Unicorn-27217.exe	29
PID 2928 wrote to memory of 3064	2928	Unicorn-27217.exe	29
PID 3044 wrote to memory of 2856	3044	f5feecd4bb3f620a9f6c334b1cb6baf7c2eb86e6888a39f5226794a6789c5928.exe	30
PID 3044 wrote to memory of 2856	3044	f5feecd4bb3f620a9f6c334b1cb6baf7c2eb86e6888a39f5226794a6789c5928.exe	30
PID 3044 wrote to memory of 2856	3044	f5feecd4bb3f620a9f6c334b1cb6baf7c2eb86e6888a39f5226794a6789c5928.exe	30
PID 3044 wrote to memory of 2856	3044	f5feecd4bb3f620a9f6c334b1cb6baf7c2eb86e6888a39f5226794a6789c5928.exe	30
PID 3044 wrote to memory of 2660	3044	f5feecd4bb3f620a9f6c334b1cb6baf7c2eb86e6888a39f5226794a6789c5928.exe	31
PID 3044 wrote to memory of 2660	3044	f5feecd4bb3f620a9f6c334b1cb6baf7c2eb86e6888a39f5226794a6789c5928.exe	31
PID 3044 wrote to memory of 2660	3044	f5feecd4bb3f620a9f6c334b1cb6baf7c2eb86e6888a39f5226794a6789c5928.exe	31
PID 3044 wrote to memory of 2660	3044	f5feecd4bb3f620a9f6c334b1cb6baf7c2eb86e6888a39f5226794a6789c5928.exe	31
PID 3064 wrote to memory of 2868	3064	Unicorn-33839.exe	32
PID 3064 wrote to memory of 2868	3064	Unicorn-33839.exe	32
PID 3064 wrote to memory of 2868	3064	Unicorn-33839.exe	32
PID 3064 wrote to memory of 2868	3064	Unicorn-33839.exe	32
PID 2856 wrote to memory of 2756	2856	Unicorn-13973.exe	33
PID 2856 wrote to memory of 2756	2856	Unicorn-13973.exe	33
PID 2856 wrote to memory of 2756	2856	Unicorn-13973.exe	33
PID 2856 wrote to memory of 2756	2856	Unicorn-13973.exe	33
PID 2928 wrote to memory of 2500	2928	Unicorn-27217.exe	34
PID 2928 wrote to memory of 2500	2928	Unicorn-27217.exe	34
PID 2928 wrote to memory of 2500	2928	Unicorn-27217.exe	34
PID 2928 wrote to memory of 2500	2928	Unicorn-27217.exe	34
PID 2928 wrote to memory of 2536	2928	Unicorn-27217.exe	35
PID 2928 wrote to memory of 2536	2928	Unicorn-27217.exe	35
PID 2928 wrote to memory of 2536	2928	Unicorn-27217.exe	35
PID 2928 wrote to memory of 2536	2928	Unicorn-27217.exe	35
PID 2868 wrote to memory of 1568	2868	Unicorn-30344.exe	36
PID 2868 wrote to memory of 1568	2868	Unicorn-30344.exe	36
PID 2868 wrote to memory of 1568	2868	Unicorn-30344.exe	36
PID 2868 wrote to memory of 1568	2868	Unicorn-30344.exe	36
PID 2756 wrote to memory of 2964	2756	Unicorn-29467.exe	37
PID 2756 wrote to memory of 2964	2756	Unicorn-29467.exe	37
PID 2756 wrote to memory of 2964	2756	Unicorn-29467.exe	37
PID 2756 wrote to memory of 2964	2756	Unicorn-29467.exe	37
PID 3064 wrote to memory of 1900	3064	Unicorn-33839.exe	38
PID 3064 wrote to memory of 1900	3064	Unicorn-33839.exe	38
PID 3064 wrote to memory of 1900	3064	Unicorn-33839.exe	38
PID 3064 wrote to memory of 1900	3064	Unicorn-33839.exe	38
PID 2856 wrote to memory of 2168	2856	Unicorn-13973.exe	39
PID 2856 wrote to memory of 2168	2856	Unicorn-13973.exe	39
PID 2856 wrote to memory of 2168	2856	Unicorn-13973.exe	39
PID 2856 wrote to memory of 2168	2856	Unicorn-13973.exe	39
PID 2500 wrote to memory of 2812	2500	Unicorn-9601.exe	40
PID 2500 wrote to memory of 2812	2500	Unicorn-9601.exe	40
PID 2500 wrote to memory of 2812	2500	Unicorn-9601.exe	40
PID 2500 wrote to memory of 2812	2500	Unicorn-9601.exe	40
PID 3064 wrote to memory of 3060	3064	Unicorn-33839.exe	41
PID 3064 wrote to memory of 3060	3064	Unicorn-33839.exe	41
PID 3064 wrote to memory of 3060	3064	Unicorn-33839.exe	41
PID 3064 wrote to memory of 3060	3064	Unicorn-33839.exe	41
PID 2856 wrote to memory of 2972	2856	Unicorn-13973.exe	42
PID 2856 wrote to memory of 2972	2856	Unicorn-13973.exe	42
PID 2856 wrote to memory of 2972	2856	Unicorn-13973.exe	42
PID 2856 wrote to memory of 2972	2856	Unicorn-13973.exe	42
PID 1568 wrote to memory of 1684	1568	Unicorn-60785.exe	43
PID 1568 wrote to memory of 1684	1568	Unicorn-60785.exe	43
PID 1568 wrote to memory of 1684	1568	Unicorn-60785.exe	43
PID 1568 wrote to memory of 1684	1568	Unicorn-60785.exe	43

C:\Users\Admin\AppData\Local\Temp\f5feecd4bb3f620a9f6c334b1cb6baf7c2eb86e6888a39f5226794a6789c5928.exe
"C:\Users\Admin\AppData\Local\Temp\f5feecd4bb3f620a9f6c334b1cb6baf7c2eb86e6888a39f5226794a6789c5928.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3044
- C:\Users\Admin\AppData\Local\Temp\Unicorn-27217.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-27217.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2928
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33839.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33839.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30344.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30344.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60785.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53053.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59867.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53972.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4748.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30395.exe
        10⤵
        
        PID:796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13472.exe
        11⤵
        
        PID:3584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34687.exe
        12⤵
        
        PID:3792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36927.exe
        13⤵
        
        PID:5196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30922.exe
        14⤵
        
        PID:8272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51277.exe
        15⤵
        
        PID:11636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23463.exe
        16⤵
        
        PID:13472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11636 -s 216
        16⤵
        
        PID:13444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8272 -s 216
        15⤵
        
        PID:11624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5196 -s 216
        14⤵
        
        PID:9544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3792 -s 216
        13⤵
        
        PID:7228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3584 -s 236
        12⤵
        
        PID:5500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64022.exe
        11⤵
        
        PID:3904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28458.exe
        12⤵
        
        PID:6100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4990.exe
        13⤵
        
        PID:7964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2844.exe
        14⤵
        
        PID:11544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6550.exe
        15⤵
        
        PID:13504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11544 -s 216
        15⤵
        
        PID:8356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7964 -s 216
        14⤵
        
        PID:11616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6100 -s 216
        13⤵
        
        PID:9508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3904 -s 216
        12⤵
        
        PID:7116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 796 -s 220
        11⤵
        
        PID:5248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45797.exe
        10⤵
        
        PID:3808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21190.exe
        11⤵
        
        PID:4756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19502.exe
        12⤵
        
        PID:6772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47246.exe
        13⤵
        
        PID:9800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22496.exe
        14⤵
        
        PID:12904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9800 -s 216
        14⤵
        
        PID:6748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6772 -s 236
        13⤵
        
        PID:11020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4756 -s 216
        12⤵
        
        PID:8072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3808 -s 236
        11⤵
        
        PID:5624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1420 -s 240
        10⤵
        Program crash
        
        PID:3572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17820.exe
        9⤵
        
        PID:852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18574.exe
        10⤵
        
        PID:3916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14474.exe
        11⤵
        
        PID:4688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44452.exe
        12⤵
        
        PID:6628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4703.exe
        13⤵
        
        PID:9592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21754.exe
        14⤵
        
        PID:12776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9592 -s 236
        14⤵
        
        PID:12796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6628 -s 216
        13⤵
        
        PID:10888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4688 -s 216
        12⤵
        
        PID:8012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3916 -s 236
        11⤵
        
        PID:5340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10177.exe
        10⤵
        
        PID:4792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59252.exe
        11⤵
        
        PID:6484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20435.exe
        11⤵
        
        PID:6636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27890.exe
        12⤵
        
        PID:10036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33010.exe
        13⤵
        
        PID:12388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10036 -s 220
        13⤵
        
        PID:7684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6636 -s 216
        12⤵
        
        PID:9560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4792 -s 240
        11⤵
        
        PID:8324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 852 -s 240
        10⤵
        
        PID:5420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2348 -s 240
        9⤵
        Program crash
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1712.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46923.exe
        9⤵
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63057.exe
        10⤵
        
        PID:3516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34495.exe
        11⤵
        
        PID:3952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13320.exe
        12⤵
        
        PID:6052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19075.exe
        13⤵
        
        PID:8956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1744.exe
        14⤵
        
        PID:12096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36390.exe
        15⤵
        
        PID:13984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8956 -s 216
        14⤵
        
        PID:12344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6052 -s 216
        13⤵
        
        PID:9904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3952 -s 216
        12⤵
        
        PID:7412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3516 -s 236
        11⤵
        
        PID:5776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38256.exe
        10⤵
        
        PID:4036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15432.exe
        11⤵
        
        PID:5228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46537.exe
        12⤵
        
        PID:7216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54477.exe
        13⤵
        
        PID:12108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7216 -s 216
        13⤵
        
        PID:13072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5228 -s 216
        12⤵
        
        PID:9648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4036 -s 216
        11⤵
        
        PID:7484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2800 -s 240
        10⤵
        
        PID:5832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42615.exe
        9⤵
        
        PID:3556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50831.exe
        10⤵
        
        PID:3472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46185.exe
        11⤵
        
        PID:6096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30398.exe
        12⤵
        
        PID:8220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56036.exe
        13⤵
        
        PID:12172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36779.exe
        14⤵
        
        PID:13788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8220 -s 216
        13⤵
        
        PID:12424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6096 -s 216
        12⤵
        
        PID:10128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3472 -s 216
        11⤵
        
        PID:7440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3556 -s 236
        10⤵
        
        PID:5784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1528 -s 240
        9⤵
        Program crash
        
        PID:3336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1636 -s 240
        8⤵
        Program crash
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40650.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7353.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13098.exe
        9⤵
        
        PID:1592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2237.exe
        10⤵
        
        PID:3876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58828.exe
        11⤵
        
        PID:4368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48619.exe
        12⤵
        
        PID:6132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17617.exe
        13⤵
        
        PID:8712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-945.exe
        14⤵
        
        PID:11592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35757.exe
        15⤵
        
        PID:14216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8712 -s 220
        14⤵
        
        PID:12624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6132 -s 236
        13⤵
        
        PID:9944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4368 -s 216
        12⤵
        
        PID:7876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3876 -s 236
        11⤵
        
        PID:5236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8895.exe
        10⤵
        
        PID:4500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12817.exe
        11⤵
        
        PID:6204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56763.exe
        12⤵
        
        PID:8268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19553.exe
        13⤵
        
        PID:11344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8268 -s 236
        13⤵
        
        PID:13244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6204 -s 216
        12⤵
        
        PID:10512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1592 -s 220
        10⤵
        
        PID:5896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14660.exe
        9⤵
        
        PID:3968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64614.exe
        10⤵
        
        PID:4620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39330.exe
        11⤵
        
        PID:6028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22415.exe
        12⤵
        
        PID:9340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54841.exe
        13⤵
        
        PID:12700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9340 -s 236
        13⤵
        
        PID:12520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6028 -s 236
        12⤵
        
        PID:10724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4620 -s 216
        11⤵
        
        PID:8004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3968 -s 236
        10⤵
        
        PID:5880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1452 -s 240
        9⤵
        Program crash
        
        PID:3540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26097.exe
        8⤵
        
        PID:1996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27427.exe
        9⤵
        
        PID:4028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19719.exe
        10⤵
        
        PID:5084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42797.exe
        11⤵
        
        PID:7132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13473.exe
        12⤵
        
        PID:10176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25719.exe
        13⤵
        
        PID:12340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10176 -s 216
        13⤵
        
        PID:7708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7132 -s 220
        12⤵
        
        PID:10496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5084 -s 216
        11⤵
        
        PID:8396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4028 -s 216
        10⤵
        
        PID:6364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1996 -s 236
        9⤵
        
        PID:5048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2824 -s 240
        8⤵
        Program crash
        
        PID:1304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1684 -s 240
        7⤵
        Program crash
        
        PID:1256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30764.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11315.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37613.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27899.exe
        9⤵
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-893.exe
        10⤵
        
        PID:3696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51215.exe
        11⤵
        
        PID:3320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4062.exe
        12⤵
        
        PID:4780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65322.exe
        13⤵
        
        PID:8476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36560.exe
        14⤵
        
        PID:11680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59360.exe
        15⤵
        
        PID:9208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11680 -s 216
        15⤵
        
        PID:8968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8476 -s 216
        14⤵
        
        PID:11540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4780 -s 216
        13⤵
        
        PID:9652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3320 -s 216
        12⤵
        
        PID:7240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3696 -s 236
        11⤵
        
        PID:5476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38640.exe
        10⤵
        
        PID:3856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13704.exe
        11⤵
        
        PID:5808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21379.exe
        12⤵
        
        PID:9088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57079.exe
        13⤵
        
        PID:12212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56104.exe
        14⤵
        
        PID:13840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9088 -s 220
        13⤵
        
        PID:12492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5808 -s 220
        12⤵
        
        PID:10040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3856 -s 216
        11⤵
        
        PID:7376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2552 -s 240
        10⤵
        
        PID:5736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45413.exe
        9⤵
        
        PID:3844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43730.exe
        10⤵
        
        PID:4768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1551.exe
        11⤵
        
        PID:7144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3136.exe
        12⤵
        
        PID:10204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21396.exe
        13⤵
        
        PID:13184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10204 -s 216
        13⤵
        
        PID:7916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7144 -s 216
        12⤵
        
        PID:11228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4768 -s 236
        11⤵
        
        PID:8180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3844 -s 236
        10⤵
        
        PID:6276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 576 -s 220
        9⤵
        Program crash
        
        PID:4472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33964.exe
        8⤵
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46337.exe
        9⤵
        
        PID:3616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8859.exe
        10⤵
        
        PID:4208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43196.exe
        11⤵
        
        PID:5600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35987.exe
        12⤵
        
        PID:8884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56036.exe
        13⤵
        
        PID:12156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38201.exe
        14⤵
        
        PID:14016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8884 -s 220
        13⤵
        
        PID:12416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5600 -s 216
        12⤵
        
        PID:9880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4208 -s 216
        11⤵
        
        PID:7320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3616 -s 236
        10⤵
        
        PID:5696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21090.exe
        9⤵
        
        PID:4236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59340.exe
        10⤵
        
        PID:5528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36288.exe
        11⤵
        
        PID:8928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33950.exe
        12⤵
        
        PID:11976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23048.exe
        13⤵
        
        PID:13860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8928 -s 216
        12⤵
        
        PID:11644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5528 -s 216
        11⤵
        
        PID:9896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4236 -s 216
        10⤵
        
        PID:7312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2904 -s 220
        9⤵
        
        PID:5680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2196 -s 240
        8⤵
        Program crash
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34275.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1056 -s 240
        8⤵
        Program crash
        
        PID:2708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2140 -s 240
        7⤵
        Program crash
        
        PID:1644
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1568 -s 240
        6⤵
        Program crash
        
        PID:2912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1584.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50630.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64836.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36150.exe
        8⤵
        
        PID:544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37655.exe
        9⤵
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2367.exe
        10⤵
        
        PID:3796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48299.exe
        11⤵
        
        PID:4928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59252.exe
        12⤵
        
        PID:6492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56016.exe
        13⤵
        
        PID:9692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38749.exe
        14⤵
        
        PID:12808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9692 -s 216
        14⤵
        
        PID:12928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6492 -s 216
        13⤵
        
        PID:10920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4928 -s 216
        12⤵
        
        PID:7820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3796 -s 236
        11⤵
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14702.exe
        10⤵
        
        PID:5060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51800.exe
        11⤵
        
        PID:5192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17285.exe
        12⤵
        
        PID:8588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21395.exe
        13⤵
        
        PID:12196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8588 -s 216
        13⤵
        
        PID:13024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5192 -s 216
        12⤵
        
        PID:10264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5060 -s 216
        11⤵
        
        PID:7900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64567.exe
        9⤵
        
        PID:3860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42884.exe
        10⤵
        
        PID:4384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56476.exe
        11⤵
        
        PID:7140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-85.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-85.exe
        12⤵
        
        PID:10408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19510.exe
        13⤵
        
        PID:13164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10408 -s 216
        13⤵
        
        PID:5540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7140 -s 216
        12⤵
        
        PID:11296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4384 -s 216
        11⤵
        
        PID:8804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3860 -s 216
        10⤵
        
        PID:6904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 544 -s 240
        9⤵
        
        PID:4976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34317.exe
        8⤵
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51760.exe
        9⤵
        
        PID:3980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37783.exe
        10⤵
        
        PID:4896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4862.exe
        11⤵
        
        PID:7104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20376.exe
        12⤵
        
        PID:10112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37924.exe
        13⤵
        
        PID:13196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10112 -s 216
        13⤵
        
        PID:13308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7104 -s 236
        12⤵
        
        PID:10964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4896 -s 236
        11⤵
        
        PID:8592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3980 -s 216
        10⤵
        
        PID:6552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1600 -s 236
        9⤵
        
        PID:4936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1108 -s 240
        8⤵
        Program crash
        
        PID:3664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 240 -s 236
        7⤵
        Program crash
        
        PID:932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40650.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21853.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28283.exe
        8⤵
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30385.exe
        9⤵
        
        PID:3404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42554.exe
        10⤵
        
        PID:3724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4830.exe
        11⤵
        
        PID:6064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21327.exe
        12⤵
        
        PID:7888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36093.exe
        13⤵
        
        PID:11492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8605.exe
        14⤵
        
        PID:13412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11492 -s 216
        14⤵
        
        PID:9108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7888 -s 216
        13⤵
        
        PID:11580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6064 -s 216
        12⤵
        
        PID:9516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3724 -s 216
        11⤵
        
        PID:6868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3404 -s 236
        10⤵
        
        PID:5260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22880.exe
        9⤵
        
        PID:3788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4446.exe
        10⤵
        
        PID:6136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46682.exe
        11⤵
        
        PID:8412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41075.exe
        12⤵
        
        PID:11744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39057.exe
        13⤵
        
        PID:13340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11744 -s 220
        13⤵
        
        PID:9064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8412 -s 236
        12⤵
        
        PID:11452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6136 -s 216
        11⤵
        
        PID:9580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3788 -s 236
        10⤵
        
        PID:7176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1724 -s 240
        9⤵
        
        PID:5380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42506.exe
        8⤵
        
        PID:3448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26026.exe
        9⤵
        
        PID:3528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61945.exe
        10⤵
        
        PID:4960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6962.exe
        11⤵
        
        PID:8304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15553.exe
        12⤵
        
        PID:11396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5528.exe
        13⤵
        
        PID:14032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8304 -s 216
        12⤵
        
        PID:12576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4960 -s 216
        11⤵
        
        PID:10192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3528 -s 216
        10⤵
        
        PID:7432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3448 -s 236
        9⤵
        
        PID:5820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1284 -s 240
        8⤵
        Program crash
        
        PID:3960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40513.exe
        7⤵
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62372.exe
        8⤵
        
        PID:3440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10073.exe
        9⤵
        
        PID:3896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62137.exe
        10⤵
        
        PID:5924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21763.exe
        11⤵
        
        PID:8996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40276.exe
        12⤵
        
        PID:12128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36613.exe
        13⤵
        
        PID:13608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 12128 -s 216
        13⤵
        
        PID:5068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8996 -s 216
        12⤵
        
        PID:12392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5924 -s 216
        11⤵
        
        PID:9920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3896 -s 216
        10⤵
        
        PID:7452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3440 -s 236
        9⤵
        
        PID:5856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38832.exe
        8⤵
        
        PID:4020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60300.exe
        9⤵
        
        PID:5372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52515.exe
        10⤵
        
        PID:8772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18081.exe
        11⤵
        
        PID:12064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11835.exe
        12⤵
        
        PID:7848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 12064 -s 216
        12⤵
        
        PID:14308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8772 -s 216
        11⤵
        
        PID:12364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5372 -s 216
        10⤵
        
        PID:9844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4020 -s 216
        9⤵
        
        PID:7268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1672 -s 240
        8⤵
        
        PID:5636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3052 -s 240
        7⤵
        Program crash
        
        PID:2532
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2296 -s 240
        6⤵
        Program crash
        
        PID:1744
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2868 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:1820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57448.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57448.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42689.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60708.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56362.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2932.exe
        8⤵
        
        PID:384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45299.exe
        9⤵
        
        PID:3640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37783.exe
        10⤵
        
        PID:4888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61738.exe
        11⤵
        
        PID:6792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19717.exe
        12⤵
        
        PID:10184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53378.exe
        13⤵
        
        PID:6124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10184 -s 216
        13⤵
        
        PID:13036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6792 -s 216
        12⤵
        
        PID:10820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4888 -s 216
        11⤵
        
        PID:8568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3640 -s 216
        10⤵
        
        PID:6536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 384 -s 216
        9⤵
        
        PID:4288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58490.exe
        8⤵
        
        PID:3800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4500.exe
        9⤵
        
        PID:4344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18272.exe
        10⤵
        
        PID:7084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64158.exe
        11⤵
        
        PID:9948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23679.exe
        12⤵
        
        PID:12732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9948 -s 236
        12⤵
        
        PID:6752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7084 -s 216
        11⤵
        
        PID:11212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4344 -s 216
        10⤵
        
        PID:7948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3800 -s 216
        9⤵
        
        PID:6236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1612 -s 240
        8⤵
        Program crash
        
        PID:4348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15163.exe
        7⤵
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1085.exe
        8⤵
        
        PID:3412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26164.exe
        9⤵
        
        PID:4776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23036.exe
        10⤵
        
        PID:6888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17574.exe
        11⤵
        
        PID:10340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40527.exe
        12⤵
        
        PID:13264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10340 -s 220
        12⤵
        
        PID:8388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6888 -s 216
        11⤵
        
        PID:10416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4776 -s 216
        10⤵
        
        PID:8816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3412 -s 216
        9⤵
        
        PID:6848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2276 -s 236
        8⤵
        
        PID:4152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2780 -s 240
        7⤵
        Program crash
        
        PID:3112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20160.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29076.exe
        7⤵
        
        PID:3768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25004.exe
        8⤵
        
        PID:4176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10715.exe
        9⤵
        
        PID:5408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36672.exe
        10⤵
        
        PID:8844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-784.exe
        11⤵
        
        PID:11912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56104.exe
        12⤵
        
        PID:13848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8844 -s 216
        11⤵
        
        PID:11328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5408 -s 216
        10⤵
        
        PID:9864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4176 -s 216
        9⤵
        
        PID:7328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3768 -s 236
        8⤵
        
        PID:5628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2656 -s 236
        7⤵
        Program crash
        
        PID:4048
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1876 -s 240
        6⤵
        Program crash
        
        PID:536
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1900 -s 216
        5⤵
        Program crash
        
        PID:3024
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3064 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:3060
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9601.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9601.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43873.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43873.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37594.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12970.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59748.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40218.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62491.exe
        9⤵
        
        PID:1960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18574.exe
        10⤵
        
        PID:3908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29659.exe
        11⤵
        
        PID:4820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25895.exe
        12⤵
        
        PID:6384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36800.exe
        13⤵
        
        PID:9628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22688.exe
        14⤵
        
        PID:12848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9628 -s 216
        14⤵
        
        PID:13060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6384 -s 216
        13⤵
        
        PID:10896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4820 -s 216
        12⤵
        
        PID:7260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3908 -s 236
        11⤵
        
        PID:5180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28817.exe
        10⤵
        
        PID:4880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9558.exe
        11⤵
        
        PID:6428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4319.exe
        12⤵
        
        PID:9664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55552.exe
        13⤵
        
        PID:12876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9664 -s 216
        13⤵
        
        PID:13080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6428 -s 216
        12⤵
        
        PID:10912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4880 -s 236
        11⤵
        
        PID:7340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1960 -s 220
        10⤵
        
        PID:5292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23897.exe
        9⤵
        
        PID:4000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12616.exe
        10⤵
        
        PID:4448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7425.exe
        11⤵
        
        PID:5348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-245.exe
        12⤵
        
        PID:8296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3299.exe
        13⤵
        
        PID:11696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8296 -s 236
        13⤵
        
        PID:13288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4448 -s 216
        11⤵
        
        PID:7988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4000 -s 236
        10⤵
        
        PID:5672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1920 -s 240
        9⤵
        Program crash
        
        PID:3432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42625.exe
        8⤵
        
        PID:572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49710.exe
        9⤵
        
        PID:3652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41402.exe
        10⤵
        
        PID:3944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48790.exe
        11⤵
        
        PID:5456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27902.exe
        12⤵
        
        PID:9192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65522.exe
        13⤵
        
        PID:11336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11854.exe
        14⤵
        
        PID:14168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9192 -s 216
        13⤵
        
        PID:12600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5456 -s 216
        12⤵
        
        PID:10096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3944 -s 236
        11⤵
        
        PID:7616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3652 -s 236
        10⤵
        
        PID:5932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47302.exe
        9⤵
        
        PID:3596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29548.exe
        10⤵
        
        PID:5704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21187.exe
        11⤵
        
        PID:9052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1853.exe
        12⤵
        
        PID:11876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54259.exe
        13⤵
        
        PID:8896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11876 -s 216
        13⤵
        
        PID:8948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9052 -s 216
        12⤵
        
        PID:12228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5704 -s 216
        11⤵
        
        PID:9976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3596 -s 216
        10⤵
        
        PID:7352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 572 -s 220
        9⤵
        
        PID:5728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1828 -s 240
        8⤵
        Program crash
        
        PID:3088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53217.exe
        7⤵
        Executes dropped EXE
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46155.exe
        8⤵
        
        PID:2160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27235.exe
        9⤵
        
        PID:3240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54630.exe
        10⤵
        
        PID:4724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12656.exe
        11⤵
        
        PID:6644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38035.exe
        12⤵
        
        PID:9744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7887.exe
        13⤵
        
        PID:12944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9744 -s 216
        13⤵
        
        PID:6316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6644 -s 216
        12⤵
        
        PID:10988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4724 -s 236
        11⤵
        
        PID:8032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3240 -s 216
        10⤵
        
        PID:5392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2160 -s 236
        9⤵
        
        PID:3752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6793.exe
        8⤵
        
        PID:3480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42417.exe
        9⤵
        
        PID:4908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51440.exe
        10⤵
        
        PID:7192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65482.exe
        11⤵
        
        PID:10700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40766.exe
        12⤵
        
        PID:12720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10700 -s 236
        12⤵
        
        PID:13640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7192 -s 236
        11⤵
        
        PID:11728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4908 -s 216
        10⤵
        
        PID:9172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3480 -s 216
        9⤵
        
        PID:6948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2360 -s 240
        8⤵
        
        PID:5016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2364 -s 240
        7⤵
        Program crash
        
        PID:1856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40951.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23114.exe
        7⤵
        Suspicious use of SetWindowsHookEx
        
        PID:2828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31848.exe
        8⤵
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61635.exe
        9⤵
        
        PID:3648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61763.exe
        10⤵
        
        PID:5324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18296.exe
        11⤵
        
        PID:8128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35849.exe
        12⤵
        
        PID:10708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23647.exe
        13⤵
        
        PID:7692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10708 -s 216
        13⤵
        
        PID:14244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8128 -s 216
        12⤵
        
        PID:11920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5324 -s 216
        11⤵
        
        PID:8204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3648 -s 216
        10⤵
        
        PID:6228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2508 -s 216
        9⤵
        
        PID:5072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58490.exe
        8⤵
        
        PID:3828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50990.exe
        9⤵
        
        PID:5220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48612.exe
        10⤵
        
        PID:7836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8767.exe
        11⤵
        
        PID:10812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39671.exe
        12⤵
        
        PID:7648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10812 -s 236
        12⤵
        
        PID:13672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7836 -s 216
        11⤵
        
        PID:11952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5220 -s 216
        10⤵
        
        PID:9016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3828 -s 236
        9⤵
        
        PID:7032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2828 -s 240
        8⤵
        
        PID:4916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45916.exe
        7⤵
        
        PID:948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45107.exe
        8⤵
        
        PID:4088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53486.exe
        9⤵
        
        PID:5268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14948.exe
        10⤵
        
        PID:8060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1954.exe
        10⤵
        
        PID:7816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1308.exe
        11⤵
        
        PID:11464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56947.exe
        12⤵
        
        PID:9124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11464 -s 216
        12⤵
        
        PID:13356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7816 -s 216
        11⤵
        
        PID:12168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5268 -s 240
        10⤵
        
        PID:9432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4088 -s 216
        9⤵
        
        PID:7152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 948 -s 236
        8⤵
        
        PID:4284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 928 -s 240
        7⤵
        Program crash
        
        PID:3232
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1232 -s 240
        6⤵
        Program crash
        
        PID:1728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43374.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1712.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62683.exe
        7⤵
        
        PID:2268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59907.exe
        8⤵
        
        PID:3160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56532.exe
        9⤵
        
        PID:4872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17424.exe
        10⤵
        
        PID:6712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17465.exe
        11⤵
        
        PID:10484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63469.exe
        12⤵
        
        PID:12512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10484 -s 236
        12⤵
        
        PID:9204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6712 -s 236
        11⤵
        
        PID:11360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4872 -s 216
        10⤵
        
        PID:8984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3160 -s 216
        9⤵
        
        PID:6824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2268 -s 216
        8⤵
        
        PID:4120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55994.exe
        7⤵
        
        PID:3456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21639.exe
        8⤵
        
        PID:4944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56720.exe
        9⤵
        
        PID:6488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35591.exe
        10⤵
        
        PID:9684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4592.exe
        11⤵
        
        PID:13096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9684 -s 216
        11⤵
        
        PID:6676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6488 -s 216
        10⤵
        
        PID:11236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4944 -s 216
        9⤵
        
        PID:8260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3456 -s 216
        8⤵
        
        PID:6580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1976 -s 240
        7⤵
        
        PID:4672
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1512 -s 216
        6⤵
        Program crash
        
        PID:2924
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2812 -s 240
        5⤵
        Program crash
        
        PID:1532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24272.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24272.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62363.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43604.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61074.exe
        7⤵
        
        PID:768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2429.exe
        8⤵
        
        PID:3932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37749.exe
        9⤵
        
        PID:4264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50067.exe
        10⤵
        
        PID:7052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30417.exe
        11⤵
        
        PID:9988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39299.exe
        12⤵
        
        PID:12972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9988 -s 236
        12⤵
        
        PID:13256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7052 -s 236
        11⤵
        
        PID:11220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4264 -s 216
        10⤵
        
        PID:7908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3932 -s 236
        9⤵
        
        PID:6192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 768 -s 236
        8⤵
        
        PID:5024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2684 -s 236
        7⤵
        Program crash
        
        PID:3312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42656.exe
        6⤵
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64712.exe
        7⤵
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61936.exe
        8⤵
        
        PID:1464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23668.exe
        9⤵
        
        PID:4444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-127.exe
        10⤵
        
        PID:6660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7646.exe
        11⤵
        
        PID:10632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37009.exe
        12⤵
        
        PID:6624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10632 -s 236
        12⤵
        
        PID:13452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6660 -s 216
        11⤵
        
        PID:11504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4444 -s 236
        10⤵
        
        PID:9076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1464 -s 216
        9⤵
        
        PID:6804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2712 -s 236
        8⤵
        
        PID:4516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2476 -s 236
        7⤵
        Program crash
        
        PID:3692
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2188 -s 240
        6⤵
        Program crash
        
        PID:1064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56904.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65023.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18200.exe
        7⤵
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60867.exe
        8⤵
        
        PID:3476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28742.exe
        9⤵
        
        PID:5532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38379.exe
        10⤵
        
        PID:7928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53036.exe
        11⤵
        
        PID:11308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42972.exe
        12⤵
        
        PID:8312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11308 -s 216
        12⤵
        
        PID:14288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7928 -s 236
        11⤵
        
        PID:11832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5532 -s 216
        10⤵
        
        PID:9228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3476 -s 236
        9⤵
        
        PID:6940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1984 -s 236
        8⤵
        
        PID:4616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9398.exe
        7⤵
        
        PID:3512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22407.exe
        8⤵
        
        PID:4376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43290.exe
        9⤵
        
        PID:6392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6182.exe
        10⤵
        
        PID:9708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58583.exe
        11⤵
        
        PID:12608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9708 -s 216
        11⤵
        
        PID:7716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6392 -s 216
        10⤵
        
        PID:10656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4376 -s 236
        9⤵
        
        PID:8440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3512 -s 216
        8⤵
        
        PID:6472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2576 -s 240
        7⤵
        
        PID:4608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14670.exe
        6⤵
        
        PID:336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12626.exe
        7⤵
        
        PID:3708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16398.exe
        8⤵
        
        PID:5160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50257.exe
        9⤵
        
        PID:7808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22992.exe
        10⤵
        
        PID:10764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56500.exe
        11⤵
        
        PID:7680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10764 -s 216
        11⤵
        
        PID:13704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7808 -s 216
        10⤵
        
        PID:11884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5160 -s 216
        9⤵
        
        PID:2404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3708 -s 236
        8⤵
        
        PID:7008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 336 -s 236
        7⤵
        
        PID:4388
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2560 -s 240
        6⤵
        Program crash
        
        PID:3184
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 480 -s 240
        5⤵
        Program crash
        
        PID:2132
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2500 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:2340
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2928 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2536
- C:\Users\Admin\AppData\Local\Temp\Unicorn-13973.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-13973.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2856
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29467.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29467.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11776.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11776.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60474.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47096.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27761.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23114.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12247.exe
        9⤵
        
        PID:3736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57567.exe
        10⤵
        
        PID:3604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41914.exe
        11⤵
        
        PID:6032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52655.exe
        12⤵
        
        PID:7972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1308.exe
        13⤵
        
        PID:11456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22337.exe
        14⤵
        
        PID:13376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11456 -s 216
        14⤵
        
        PID:9084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7972 -s 236
        13⤵
        
        PID:12152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6032 -s 216
        12⤵
        
        PID:9468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3604 -s 216
        11⤵
        
        PID:7160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3736 -s 236
        10⤵
        
        PID:5200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2752 -s 236
        9⤵
        Program crash
        
        PID:3964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48220.exe
        8⤵
        
        PID:472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62320.exe
        9⤵
        
        PID:3924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27586.exe
        10⤵
        
        PID:4876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17120.exe
        11⤵
        
        PID:6300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54231.exe
        12⤵
        
        PID:9816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39299.exe
        13⤵
        
        PID:12980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9816 -s 216
        13⤵
        
        PID:13296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6300 -s 216
        12⤵
        
        PID:10336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4876 -s 216
        11⤵
        
        PID:8236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3924 -s 236
        10⤵
        
        PID:6308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 472 -s 216
        9⤵
        
        PID:4420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1716 -s 240
        8⤵
        Program crash
        
        PID:3208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19776.exe
        7⤵
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2548.exe
        8⤵
        
        PID:652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61251.exe
        9⤵
        
        PID:3948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9417.exe
        10⤵
        
        PID:5396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1383.exe
        11⤵
        
        PID:8184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18060.exe
        12⤵
        
        PID:10292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26335.exe
        13⤵
        
        PID:7724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10292 -s 216
        13⤵
        
        PID:14264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8184 -s 216
        12⤵
        
        PID:11972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5396 -s 216
        11⤵
        
        PID:8232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3948 -s 216
        10⤵
        
        PID:6456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 652 -s 236
        9⤵
        
        PID:4412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2624 -s 236
        8⤵
        Program crash
        
        PID:4064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1620 -s 240
        7⤵
        Program crash
        
        PID:2152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7895.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58386.exe
        7⤵
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37701.exe
        8⤵
        
        PID:4080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36351.exe
        9⤵
        
        PID:5276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13900.exe
        10⤵
        
        PID:8580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18797.exe
        11⤵
        
        PID:11608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58784.exe
        12⤵
        
        PID:8424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11608 -s 216
        12⤵
        
        PID:8972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8580 -s 216
        11⤵
        
        PID:11500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5276 -s 236
        10⤵
        
        PID:9824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4080 -s 216
        9⤵
        
        PID:7248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3028 -s 216
        8⤵
        
        PID:5520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1584 -s 216
        7⤵
        Program crash
        
        PID:3200
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 692 -s 240
        6⤵
        Program crash
        
        PID:840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26161.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26692.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22751.exe
        7⤵
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48184.exe
        8⤵
        
        PID:1476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55491.exe
        9⤵
        
        PID:4396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64825.exe
        10⤵
        
        PID:5316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21379.exe
        11⤵
        
        PID:9100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23556.exe
        12⤵
        
        PID:12184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22358.exe
        13⤵
        
        PID:14076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9100 -s 216
        12⤵
        
        PID:12440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5316 -s 216
        11⤵
        
        PID:10048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4396 -s 216
        10⤵
        
        PID:7492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1476 -s 236
        9⤵
        
        PID:5840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42070.exe
        8⤵
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42884.exe
        9⤵
        
        PID:5080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1580.exe
        10⤵
        
        PID:7080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52716.exe
        11⤵
        
        PID:10560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58368.exe
        12⤵
        
        PID:13032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10560 -s 216
        12⤵
        
        PID:13436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7080 -s 216
        11⤵
        
        PID:11440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5080 -s 216
        10⤵
        
        PID:9020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1740 -s 216
        9⤵
        
        PID:6896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2808 -s 240
        8⤵
        
        PID:4968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1656 -s 236
        7⤵
        Program crash
        
        PID:3352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2885.exe
        6⤵
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15896.exe
        7⤵
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29539.exe
        8⤵
        
        PID:3608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45619.exe
        9⤵
        
        PID:5356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34855.exe
        10⤵
        
        PID:7952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54276.exe
        11⤵
        
        PID:11132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2660.exe
        12⤵
        
        PID:12792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11132 -s 236
        12⤵
        
        PID:13888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7952 -s 216
        11⤵
        
        PID:11316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5356 -s 216
        10⤵
        
        PID:8364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3608 -s 236
        9⤵
        
        PID:6248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2680 -s 216
        8⤵
        
        PID:4268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1752 -s 236
        7⤵
        Program crash
        
        PID:3580
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2544 -s 240
        6⤵
        Program crash
        
        PID:1772
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2964 -s 240
        5⤵
        Program crash
        
        PID:2564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57137.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57137.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47096.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60433.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55423.exe
        7⤵
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18693.exe
        8⤵
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29155.exe
        9⤵
        
        PID:3868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21639.exe
        10⤵
        
        PID:4940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7436.exe
        11⤵
        
        PID:7064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29618.exe
        12⤵
        
        PID:10236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37317.exe
        13⤵
        
        PID:12784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10236 -s 220
        13⤵
        
        PID:7540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7064 -s 216
        12⤵
        
        PID:10572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4940 -s 216
        11⤵
        
        PID:8348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3868 -s 236
        10⤵
        
        PID:6568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1708 -s 216
        9⤵
        
        PID:4124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25241.exe
        8⤵
        
        PID:4052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59874.exe
        9⤵
        
        PID:4964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40493.exe
        10⤵
        
        PID:6784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4262.exe
        11⤵
        
        PID:9972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53378.exe
        12⤵
        
        PID:6088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9972 -s 216
        12⤵
        
        PID:8164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6784 -s 216
        11⤵
        
        PID:10360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4964 -s 216
        10⤵
        
        PID:8288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4052 -s 216
        9⤵
        
        PID:6340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2308 -s 220
        8⤵
        
        PID:4556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1460 -s 236
        7⤵
        Program crash
        
        PID:3328
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2116 -s 236
        6⤵
        Program crash
        
        PID:1576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39690.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39642.exe
        6⤵
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35029.exe
        7⤵
        
        PID:944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29539.exe
        8⤵
        
        PID:3636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11830.exe
        9⤵
        
        PID:5572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64341.exe
        10⤵
        
        PID:8024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8024 -s 188
        11⤵
        
        PID:8172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5572 -s 216
        10⤵
        
        PID:8912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3636 -s 216
        9⤵
        
        PID:7040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 944 -s 216
        8⤵
        
        PID:4296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41961.exe
        7⤵
        
        PID:3764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61571.exe
        8⤵
        
        PID:5440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17912.exe
        9⤵
        
        PID:7204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19129.exe
        10⤵
        
        PID:10684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49277.exe
        11⤵
        
        PID:8548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10684 -s 216
        11⤵
        
        PID:14332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7204 -s 216
        10⤵
        
        PID:11904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5440 -s 216
        9⤵
        
        PID:8656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3764 -s 216
        8⤵
        
        PID:6592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2840 -s 240
        7⤵
        
        PID:4788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15163.exe
        6⤵
        
        PID:2144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17614.exe
        7⤵
        
        PID:3504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41348.exe
        8⤵
        
        PID:4480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23119.exe
        9⤵
        
        PID:6920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53899.exe
        10⤵
        
        PID:10148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33241.exe
        11⤵
        
        PID:13056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10148 -s 216
        11⤵
        
        PID:8124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6920 -s 236
        10⤵
        
        PID:11192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4480 -s 216
        9⤵
        
        PID:8668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3504 -s 236
        8⤵
        
        PID:6696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2144 -s 236
        7⤵
        
        PID:4196
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1848 -s 240
        6⤵
        Program crash
        
        PID:3272
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 636 -s 240
        5⤵
        Program crash
        
        PID:1664
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2756 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1924
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56379.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56379.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53930.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53930.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46219.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60132.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27358.exe
        7⤵
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59907.exe
        8⤵
        
        PID:3120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59874.exe
        9⤵
        
        PID:4984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40301.exe
        10⤵
        
        PID:6640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6758.exe
        11⤵
        
        PID:10088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53378.exe
        12⤵
        
        PID:12728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10088 -s 216
        12⤵
        
        PID:6768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6640 -s 216
        11⤵
        
        PID:10424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4984 -s 216
        10⤵
        
        PID:8252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3120 -s 216
        9⤵
        
        PID:6332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2356 -s 236
        8⤵
        
        PID:5112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2468 -s 216
        7⤵
        Program crash
        
        PID:3128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20160.exe
        6⤵
        Executes dropped EXE
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50488.exe
        7⤵
        
        PID:1456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39730.exe
        8⤵
        
        PID:4316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64934.exe
        9⤵
        
        PID:5388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20995.exe
        10⤵
        
        PID:9136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23255.exe
        11⤵
        
        PID:12280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9550.exe
        12⤵
        
        PID:14132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9136 -s 216
        11⤵
        
        PID:12556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5388 -s 220
        10⤵
        
        PID:10072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4316 -s 216
        9⤵
        
        PID:7592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1456 -s 216
        8⤵
        
        PID:5912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58490.exe
        7⤵
        
        PID:3824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3824 -s 240
        8⤵
        
        PID:5448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3048 -s 240
        7⤵
        
        PID:4576
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1624 -s 240
        6⤵
        Program crash
        
        PID:2352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8471.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2464
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2464 -s 240
        6⤵
        Program crash
        
        PID:3296
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1648 -s 240
        5⤵
        Program crash
        
        PID:1008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27614.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27614.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60324.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7161.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2416 -s 240
        7⤵
        Program crash
        
        PID:688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11982.exe
        6⤵
        
        PID:2200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60867.exe
        7⤵
        
        PID:3492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54119.exe
        8⤵
        
        PID:4856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12537.exe
        9⤵
        
        PID:6876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20101.exe
        10⤵
        
        PID:10140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40667.exe
        11⤵
        
        PID:12932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10140 -s 216
        11⤵
        
        PID:7652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6876 -s 216
        10⤵
        
        PID:10776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4856 -s 216
        9⤵
        
        PID:8560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3492 -s 216
        8⤵
        
        PID:6544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2200 -s 216
        7⤵
        
        PID:4632
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2472 -s 240
        6⤵
        Program crash
        
        PID:3136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20160.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65096.exe
        6⤵
        
        PID:868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12818.exe
        7⤵
        
        PID:3836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26818.exe
        8⤵
        
        PID:4216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40000.exe
        9⤵
        
        PID:6404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2451.exe
        10⤵
        
        PID:10116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20270.exe
        11⤵
        
        PID:13048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10116 -s 216
        11⤵
        
        PID:7628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6404 -s 216
        10⤵
        
        PID:11244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4216 -s 216
        9⤵
        
        PID:8244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3836 -s 236
        8⤵
        
        PID:6412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 868 -s 236
        7⤵
        
        PID:4404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57914.exe
        6⤵
        
        PID:3992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60258.exe
        7⤵
        
        PID:4836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1551.exe
        8⤵
        
        PID:7120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52145.exe
        9⤵
        
        PID:10168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21396.exe
        10⤵
        
        PID:13172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10168 -s 216
        10⤵
        
        PID:6356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7120 -s 216
        9⤵
        
        PID:11252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4836 -s 216
        8⤵
        
        PID:7208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3992 -s 216
        7⤵
        
        PID:6292
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2844 -s 240
        6⤵
        Program crash
        
        PID:4524
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 900 -s 240
        5⤵
        Program crash
        
        PID:1560
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2168 -s 240
      4⤵
      Program crash
      PID:3000
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2856 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2972
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3044 -s 240
  2⤵
  - Program crash
  PID:2660

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-21853.exe

Filesize
184KB

MD5
95900df51af91b20ebc25d8052cf4c36

SHA1
54600e547ee1c8bc84370ff5a7149c0e701ee1dd

SHA256
f59d22321c01c09ac7dfefa60455a7316290aa96d56e7ab71a1082ec8ef5069b

SHA512
cc2d0bdaa98e37cc630de896cc17542ff4edb3940574a25e2255ffcea0db717eced955acaf1d99864f9164010295fa50c0c626a957e97c867f4274dae6a3db37

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23463.exe

Filesize
184KB

MD5
a247eb87542954bf036039614384f815

SHA1
47b83e221265ecd16be3798bb333ab9c4a331881

SHA256
294810fa0abb70d08a978619eb30a298063b603de0c95f3712f2b65a939bdec9

SHA512
2c706d8e2b5939da74d5a7530c2f8b6636273cb9d3878e737284759c33a1bcb111b19a32c2c26b2cf1e72c0e78b8ebc5a1280bb145f2efc6cec9ab61fb6e58ce

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29618.exe

Filesize
184KB

MD5
7473d195d5a975c0384b58c5bce991ed

SHA1
481b315cbd504e06cbb9f71b36d5639a5038da96

SHA256
67dda6dd7cf56f937eeb01fec0a0e59bb9dc15549ae96f9cc54a66ac76bcc3fc

SHA512
df63e8d0b75d99fa23785158946349a5b5e654a7b0adc5875a2701b9613b63bc11e59b6b62065d85f5c603138fda462d03454ea8c3b5fbe8813e6c58412b4971

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33839.exe

Filesize
184KB

MD5
8eb89e86af156a38c509f02be0d2715e

SHA1
d32ccd981d86d0299e2642f9602f26bce5618979

SHA256
61cc9e0bd5fbed775ce4a5e2080ca97fc32397bdfad5d4601a60f240abf37127

SHA512
219f77d5e8ec26a499057ff792d0eb0ba266a5e67ec2a06424dcda9edc928070d47a146c944e5f5fc42c932880cbb87c417b57334368f28d909a351b903a8c8e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39690.exe

Filesize
184KB

MD5
a521a07a36fc350968c57cf8057fba98

SHA1
25470590a8e4b73213018ee774912d5655dc6d21

SHA256
9896acc90865ff135abb57bbfc23255c9bc1f2a8807eba0a5d58abbb8c8fd63e

SHA512
ea3d8bcb6ebf01bf9db5dc87028e55128b11bc66b6cee1f7532af4c138587bf5b278c70063b653cf69746ca56cb4a94259b5d31c8eb2a284329fd7083d328c4e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39730.exe

Filesize
184KB

MD5
d7cb1c94d46f7662e5653ac971ccbc8c

SHA1
4262d8e83fa513d778559b467d72a11f61358700

SHA256
e6e2a5e6e36487af47ee8a429a9a30f8600dc17b71ab7708e5a6b870d5c3594c

SHA512
82c80af4c4021650da81d001f7703c0992cf95a4e3ca328182a6c51f4e8bcb1390df8459fac1e0e93b828a0c34bec1df64c4141737b53c43233681602cb8f286

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40513.exe

Filesize
184KB

MD5
9fe52ca6ba258c2782118502ac565ef0

SHA1
82a84ca3d9168e3b3b1383ff81b1e9b3cbdadbb5

SHA256
0c629ddc35e12d591b6247bf490da0edd3e6fe12f74c1e87e74c18b6ce37bf17

SHA512
766c14c4889ddb6ac0148b83ce9534ad319e3d34adddcc0ae7568fa532b084565e8f4b48f519da7f635cb724a400f56e3f3aeb67fe8784df1b64541cd236e941

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40951.exe

Filesize
184KB

MD5
bcc8aab5cbdd1aa94e790743625da2cc

SHA1
08ced706c8e0411c364a1eca80106cbb7715095a

SHA256
dfcf447f233396cfb6a5f6e0afa2c30d71b12f7ec7fdfc997d8709b831ffdab9

SHA512
5689710209ea1aa891e95a2b7e88ed0aa2fab74a045d5de2d9e340b5bbfc28c1078612a0cdeb3961436b139bb44ad07814230176c6d6720b49d5d128181a4d94

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43873.exe

Filesize
184KB

MD5
db7d87f5c00458be1eb31439ddc10329

SHA1
c3bfc2ce97c51926f49e13c5a02aaa8defe9ec39

SHA256
a43c90785e22959adacae52231bffbcf60c73f134f129c6919972453c4a909b3

SHA512
a0d508c61b09cee6e35120e3a8cd5c90974ae91950a7bd3da516e5dee3ef171b4b63a4e744b2e5aef02ea2cfb977f7355cda6a0333753d36b1486af5ece3bdbb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54841.exe

Filesize
184KB

MD5
7c2526757069e06b1dc7be32d7f9bf1c

SHA1
fc0af7b1dc6359ed5caabcda38baf2ea5ddf711d

SHA256
7c46e6873bd4f0854b93e4d51b58d598d0f70049051f50135ceca5abb33d7aa1

SHA512
526e737b6c0e5977ee92c58abf01d6353248d8bece7e40502bf64ddd8a965f117d3d0a2b13c3bb7017d19b63bd246477e3a8410936fc7c127be23fb234a3f912

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55552.exe

Filesize
184KB

MD5
a0c8fed20e4ba5b72a0702ed40d1cc21

SHA1
ec0300eafb827043e1944c9cde2b99fd7465f506

SHA256
d216cd89b8a4beaeda6693306464f571ed5dfc1ca0a2c40efeb6914c50d9f26e

SHA512
3b96af6f2034c4cb284699b8d5ff811c6cbbfd495f676eafe8a2e57cbfce7db31f6d1fcb45e2c4e78632dce6f1e746d9f2c17d1a3d7eb894686d7e68f608927d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56379.exe

Filesize
184KB

MD5
e6eca16b7231d9dbd91337264ba43ae0

SHA1
212ddddd0670279fceca262bc07b037bd0de101f

SHA256
42778d92572b80c7203291a22349306d6f04ebb473ba3c598300a7d114848a3b

SHA512
5dbe4a54fcb4b2c55739a20777e8632eb5357d88ee810def3941b61c5dd2bc77c3ff434336a51ecd7cb136144938a8ccf414b6b074f718065c13c8489fdd8071

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9601.exe

Filesize
184KB

MD5
9be738b73d48c1298e66af8dc665c6f6

SHA1
ec62eaadb1672aa8274df016c01f68da040085cc

SHA256
f6ed86e09a32b04bdbceea25d823b459887a6acb7cd8986a8d13bcd4faaaa64b

SHA512
d65f8d3c123d2e4ad417658760f253c6ec31bd6ed8007275a0298ef3e72e06647b91b6e582b632163db7b0a995686e9cccdb503d0664e0d3302faeb3ae8eb6a4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-11776.exe

Filesize
184KB

MD5
0130de366332c6bf856cf43fb5d5d276

SHA1
9c47331a3844029fa6fc919be15495e888512055

SHA256
2bd424b3df092b817f7cb1caf874ec0546ef2d1e350390fe30143e220920c2c0

SHA512
bd6b22542623b8e097f86cc8bfa62299c72f2219cb4990d3e5caac0105eec0cc90b79bba2b029c27f7c2b86b25f4554f51947d6d2c347cfacfeeb3090e822775

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-13973.exe

Filesize
184KB

MD5
0dbbf3caa0f818ad0ecc979e70bc0131

SHA1
b04f99056259df37e449234898d427219c0008ab

SHA256
4574b50dcc5b1a47805e8e2ddde8c2e8d1664a5c8efa1891492c1b30b6ba9606

SHA512
069329e4d92227b61507c3529f6e7ef1e50f0766114c5e2fe0b94f6d23ce1e7c1475b422a3b7a4fc8dcd34c9802996314c9cc919226e557f95b76be8176cf549

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-1584.exe

Filesize
184KB

MD5
f533f674b8c586e57373f7efd747d555

SHA1
9d05468c6fe5afbdb974d03fb78f2a329f5c21fd

SHA256
4a54afcdd50202fd72ad3c13779d02b6d69f1cba163cce20ae7a557f6aef9582

SHA512
fb0dd58e8b2c1ccd81e75fce1b720dc754269152a96f69c6b3d47f09dfb118687094572bd92ef55ad3275857e43f872d6700919ca8493d3353fc17b55c838228

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-27217.exe

Filesize
184KB

MD5
2afb36366acefda283de3c9da9b4b6d8

SHA1
005ac592d78b7b8ebdabb3e3ede107a9df56319c

SHA256
4d044dbc3a984e4d627ded0b1326c3abfb6af28ba203dac339b2accb89696df9

SHA512
a88acb5bad277b27141ac97e1ae1e31c941514a37e9dc801b4c83a5c94b535929d3f8fb3a64dba56318de8fa56b23adef4baa35c27058bd6715b94e90fc87289

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-29467.exe

Filesize
184KB

MD5
fe1b0a6c948c4f846bac58192784876c

SHA1
8dc752ba342a3eee599f32e54c132dfc404efa60

SHA256
ecf925e50c1c6a6e1f0b6cb8b38842cd0a88216773c5b626b36e960579b2e207

SHA512
a59bea0570e36db6fae419d7cf4bc651978cd71c45892dfefd12364a44b461bdfb4e69d81a54a299e1dfb2ce10de5f50ac34b3afe32bce571d63e3de0fbbdab0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-30344.exe

Filesize
184KB

MD5
8c03d36db7905399604492d7f0cca0a9

SHA1
e26b8831cc3a17e48dd8b83a8f61d50f4a489404

SHA256
f5da598eab58c5c307d9999260dd7aaa7ebb6a14fe43b2982e3db95fd346f159

SHA512
54c886f62daf90be0a491ec766cbd8240b76e61aeeea29f639fbb4216f08f5984b85120296fb4838632019a8101681753b560f165ced1fee34d78815b6435d8c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-53053.exe

Filesize
184KB

MD5
aa5491e00be494f5776ca940e26f16e8

SHA1
00ee78147a1191fe70f20e7c189e7fc7914a6f6c

SHA256
1982c47c84872cba2a4edbfd20e97218cf0a68099665ccb1d3c6d28af94b7218

SHA512
db385f342b11859cb4af86f4e993db8960d5204a8bf467967eb10dda8de2a344d5d370b6a648b4f4b4dc948ba99e6a613ce5b3beda62a89b04c400d41f768273

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-53930.exe

Filesize
184KB

MD5
74c512f4a23f9ab1c22cd2c8ca2f1e6d

SHA1
68fb3f768da92d26933fea2df503e923c206e052

SHA256
6b305c36716139930e81c768ba219e0a78a1ee85841af912e19eb89d44b45447

SHA512
399a178149195b178f4acbd550a658ec31ae88b5b9263fc1cf18afcc8200fff2f657c25dbadd4c6ba882e674a5a402e41ade377a9fd39406b0403e75af519739

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-57448.exe

Filesize
184KB

MD5
65a7cbfc0a36ce45fa43a2c6460b9380

SHA1
dd11b170694d876a547e35b7102119d94a326965

SHA256
7bea1b89e1e46db9cb1705b9cec02cc997b762508d2883282ef1f346cd3881fa

SHA512
3c3acca7d6bfb985e196c7a61fb44e51fdbafde79c70aad1dcc6645a399f53361d8a374dabd308c7f7065504896f729c4b0ca3136d12202c093ecb111a111969

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60785.exe

Filesize
184KB

MD5
f7540a67f36796ee839a2761acf9d204

SHA1
1830cabc760524812070e33f66fb1db72690c88c

SHA256
d89532d812247eb58ccc74375cea9cfc1c6c025f2e452cc8c410611723bf1eab

SHA512
8b9c084cdf7ea5f12a4a6a3d15779047bef007804ec91d99a58613568ea2cfc8f9d1ff0284d5fe4d968c45612fc88928a53b198bcb84667e9d9235a3cca762e9

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads