ace6e5e5080f9ab6a5a46006eaecb0551cca8fb238dda3e56ea926f35a582446

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
01-06-2024 01:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ace6e5e5080f9ab6a5a46006eaecb0551cca8fb238dda3e56ea926f35a582446.exe
Size

184KB
MD5

7a519b4c860c058901ee8180e128183a
SHA1

5648d4181442c2457dc16ee3136c3f6b6162a6e5
SHA256

ace6e5e5080f9ab6a5a46006eaecb0551cca8fb238dda3e56ea926f35a582446
SHA512

f831e8d44ca4118d6ed72e7f993ff66d60ce3ac87a85486602eba33af865982305fee32d29d189365fe23a203a9be470c81a61d6e644df6f4b667816650e5b5d
SSDEEP

3072:hi/nigolNsVzdRjYec2laXwICYhxProH+mKO5qzUoKehlnhOFN:hitoCpRjXoXwIIe/RhlnhOF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
380	Unicorn-30247.exe
2952	Unicorn-39910.exe
2944	Unicorn-20044.exe
2704	Unicorn-2567.exe
2524	Unicorn-17835.exe
2356	Unicorn-48431.exe
1324	Unicorn-27978.exe
1356	Unicorn-8112.exe
760	Unicorn-8304.exe
312	Unicorn-28170.exe
2684	Unicorn-32850.exe
2800	Unicorn-20236.exe
2808	Unicorn-12949.exe
2020	Unicorn-32815.exe
484	Unicorn-34761.exe
1904	Unicorn-14895.exe
556	Unicorn-27473.exe
2940	Unicorn-22324.exe
3008	Unicorn-42766.exe
1884	Unicorn-42958.exe
1304	Unicorn-38359.exe
1684	Unicorn-40689.exe
808	Unicorn-58225.exe
2076	Unicorn-60555.exe
1544	Unicorn-10285.exe
1264	Unicorn-55957.exe
2200	Unicorn-49139.exe
1624	Unicorn-14198.exe
1988	Unicorn-1391.exe
2140	Unicorn-52429.exe
2556	Unicorn-47831.exe
3056	Unicorn-19757.exe
2476	Unicorn-6326.exe
2856	Unicorn-59248.exe
2776	Unicorn-60016.exe
2188	Unicorn-44941.exe
2364	Unicorn-44941.exe
2780	Unicorn-57748.exe
2144	Unicorn-39600.exe
548	Unicorn-59466.exe
1716	Unicorn-54868.exe
2028	Unicorn-468.exe
1848	Unicorn-63737.exe
2448	Unicorn-18258.exe
2068	Unicorn-3374.exe
1416	Unicorn-16181.exe
2692	Unicorn-36239.exe
1608	Unicorn-19026.exe
2080	Unicorn-53836.exe
2732	Unicorn-29336.exe
1516	Unicorn-46742.exe
960	Unicorn-49202.exe
904	Unicorn-64339.exe
2752	Unicorn-51724.exe
400	Unicorn-65107.exe
876	Unicorn-5678.exe
1536	Unicorn-23276.exe
2936	Unicorn-18677.exe
1636	Unicorn-38543.exe
2444	Unicorn-38543.exe
2612	Unicorn-56140.exe
2544	Unicorn-56140.exe
2564	Unicorn-36274.exe
2512	Unicorn-21199.exe

Loads dropped DLL 64 IoCs

pid	Process
1764	ace6e5e5080f9ab6a5a46006eaecb0551cca8fb238dda3e56ea926f35a582446.exe
1764	ace6e5e5080f9ab6a5a46006eaecb0551cca8fb238dda3e56ea926f35a582446.exe
1764	ace6e5e5080f9ab6a5a46006eaecb0551cca8fb238dda3e56ea926f35a582446.exe
380	Unicorn-30247.exe
380	Unicorn-30247.exe
1764	ace6e5e5080f9ab6a5a46006eaecb0551cca8fb238dda3e56ea926f35a582446.exe
2944	Unicorn-20044.exe
2944	Unicorn-20044.exe
2952	Unicorn-39910.exe
2952	Unicorn-39910.exe
380	Unicorn-30247.exe
380	Unicorn-30247.exe
3000	WerFault.exe
3000	WerFault.exe
3000	WerFault.exe
3000	WerFault.exe
3000	WerFault.exe
2524	Unicorn-17835.exe
2524	Unicorn-17835.exe
2952	Unicorn-39910.exe
2952	Unicorn-39910.exe
2944	Unicorn-20044.exe
2944	Unicorn-20044.exe
2704	Unicorn-2567.exe
2704	Unicorn-2567.exe
1184	WerFault.exe
1184	WerFault.exe
1184	WerFault.exe
1184	WerFault.exe
1512	WerFault.exe
1512	WerFault.exe
1512	WerFault.exe
1512	WerFault.exe
1184	WerFault.exe
1512	WerFault.exe
2356	Unicorn-48431.exe
2356	Unicorn-48431.exe
1324	Unicorn-27978.exe
1324	Unicorn-27978.exe
2524	Unicorn-17835.exe
2524	Unicorn-17835.exe
1356	Unicorn-8112.exe
1356	Unicorn-8112.exe
2704	Unicorn-2567.exe
2704	Unicorn-2567.exe
760	Unicorn-8304.exe
760	Unicorn-8304.exe
1404	WerFault.exe
1404	WerFault.exe
1404	WerFault.exe
1404	WerFault.exe
1404	WerFault.exe
804	WerFault.exe
804	WerFault.exe
804	WerFault.exe
804	WerFault.exe
1612	WerFault.exe
1612	WerFault.exe
1612	WerFault.exe
1612	WerFault.exe
804	WerFault.exe
1612	WerFault.exe
2684	Unicorn-32850.exe
2684	Unicorn-32850.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2456	1764	WerFault.exe	27
3000	380	WerFault.exe	28
1184	2944	WerFault.exe	30
1512	2952	WerFault.exe	29
1404	2524	WerFault.exe	33
804	2356	WerFault.exe	34
1612	2704	WerFault.exe	32
2768	1324	WerFault.exe	36
3048	1356	WerFault.exe	37
1428	760	WerFault.exe	38
2160	312	WerFault.exe	39
2340	2684	WerFault.exe	42
1036	2808	WerFault.exe	44
2244	2800	WerFault.exe	43
1720	2020	WerFault.exe	45
1676	1904	WerFault.exe	46
1044	484	WerFault.exe	47
1212	556	WerFault.exe	51
2328	2940	WerFault.exe	52
1580	3008	WerFault.exe	53
880	1884	WerFault.exe	54
2636	1304	WerFault.exe	55
2008	2028	WerFault.exe	86
1132	2076	WerFault.exe	59
2960	1264	WerFault.exe	60
3004	808	WerFault.exe	57
552	1684	WerFault.exe	56
2528	1544	WerFault.exe	58
2596	2200	WerFault.exe	65
2464	1624	WerFault.exe	66
2788	1988	WerFault.exe	67
2924	2476	WerFault.exe	71
2216	2556	WerFault.exe	69
444	3056	WerFault.exe	70
604	2856	WerFault.exe	72
2404	2140	WerFault.exe	68
1596	2780	WerFault.exe	76
1432	2776	WerFault.exe	73
1000	2364	WerFault.exe	75
2500	2188	WerFault.exe	74
3080	2144	WerFault.exe	77
3088	548	WerFault.exe	78
3100	1716	WerFault.exe	79
3560	1848	WerFault.exe	87
3652	2448	WerFault.exe	88
3692	2068	WerFault.exe	89
3288	1416	WerFault.exe	90
3360	2080	WerFault.exe	93
3416	2692	WerFault.exe	91
3444	2752	WerFault.exe	98
3500	1516	WerFault.exe	95
3620	1636	WerFault.exe	103
3728	2512	WerFault.exe	108
3904	2544	WerFault.exe	106
4004	2936	WerFault.exe	102
3964	2712	WerFault.exe	129
4048	960	WerFault.exe	96
4108	400	WerFault.exe	99
4116	2248	WerFault.exe	119
4232	2152	WerFault.exe	145
4252	2860	WerFault.exe	149
4268	904	WerFault.exe	97
4284	2764	WerFault.exe	138
4312	2984	WerFault.exe	127

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1764	ace6e5e5080f9ab6a5a46006eaecb0551cca8fb238dda3e56ea926f35a582446.exe
380	Unicorn-30247.exe
2944	Unicorn-20044.exe
2952	Unicorn-39910.exe
2524	Unicorn-17835.exe
2704	Unicorn-2567.exe
2356	Unicorn-48431.exe
1324	Unicorn-27978.exe
1356	Unicorn-8112.exe
760	Unicorn-8304.exe
312	Unicorn-28170.exe
2684	Unicorn-32850.exe
2800	Unicorn-20236.exe
2020	Unicorn-32815.exe
2808	Unicorn-12949.exe
484	Unicorn-34761.exe
1904	Unicorn-14895.exe
556	Unicorn-27473.exe
2940	Unicorn-22324.exe
3008	Unicorn-42766.exe
1884	Unicorn-42958.exe
1304	Unicorn-38359.exe
1684	Unicorn-40689.exe
2076	Unicorn-60555.exe
808	Unicorn-58225.exe
1544	Unicorn-10285.exe
1264	Unicorn-55957.exe
2200	Unicorn-49139.exe
1624	Unicorn-14198.exe
1988	Unicorn-1391.exe
2140	Unicorn-52429.exe
2556	Unicorn-47831.exe
3056	Unicorn-19757.exe
2476	Unicorn-6326.exe
2856	Unicorn-59248.exe
2776	Unicorn-60016.exe
2364	Unicorn-44941.exe
2144	Unicorn-39600.exe
2188	Unicorn-44941.exe
548	Unicorn-59466.exe
2780	Unicorn-57748.exe
1716	Unicorn-54868.exe
2028	Unicorn-468.exe
1848	Unicorn-63737.exe
2448	Unicorn-18258.exe
2068	Unicorn-3374.exe
1416	Unicorn-16181.exe
1608	Unicorn-19026.exe
2692	Unicorn-36239.exe
960	Unicorn-49202.exe
1516	Unicorn-46742.exe
2080	Unicorn-53836.exe
2732	Unicorn-29336.exe
904	Unicorn-64339.exe
2752	Unicorn-51724.exe
400	Unicorn-65107.exe
876	Unicorn-5678.exe
1536	Unicorn-23276.exe
2612	Unicorn-56140.exe
1636	Unicorn-38543.exe
2936	Unicorn-18677.exe
2564	Unicorn-36274.exe
2544	Unicorn-56140.exe
2444	Unicorn-38543.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1764 wrote to memory of 380	1764	ace6e5e5080f9ab6a5a46006eaecb0551cca8fb238dda3e56ea926f35a582446.exe	28
PID 1764 wrote to memory of 380	1764	ace6e5e5080f9ab6a5a46006eaecb0551cca8fb238dda3e56ea926f35a582446.exe	28
PID 1764 wrote to memory of 380	1764	ace6e5e5080f9ab6a5a46006eaecb0551cca8fb238dda3e56ea926f35a582446.exe	28
PID 1764 wrote to memory of 380	1764	ace6e5e5080f9ab6a5a46006eaecb0551cca8fb238dda3e56ea926f35a582446.exe	28
PID 380 wrote to memory of 2952	380	Unicorn-30247.exe	29
PID 380 wrote to memory of 2952	380	Unicorn-30247.exe	29
PID 380 wrote to memory of 2952	380	Unicorn-30247.exe	29
PID 380 wrote to memory of 2952	380	Unicorn-30247.exe	29
PID 1764 wrote to memory of 2944	1764	ace6e5e5080f9ab6a5a46006eaecb0551cca8fb238dda3e56ea926f35a582446.exe	30
PID 1764 wrote to memory of 2944	1764	ace6e5e5080f9ab6a5a46006eaecb0551cca8fb238dda3e56ea926f35a582446.exe	30
PID 1764 wrote to memory of 2944	1764	ace6e5e5080f9ab6a5a46006eaecb0551cca8fb238dda3e56ea926f35a582446.exe	30
PID 1764 wrote to memory of 2944	1764	ace6e5e5080f9ab6a5a46006eaecb0551cca8fb238dda3e56ea926f35a582446.exe	30
PID 1764 wrote to memory of 2456	1764	ace6e5e5080f9ab6a5a46006eaecb0551cca8fb238dda3e56ea926f35a582446.exe	31
PID 1764 wrote to memory of 2456	1764	ace6e5e5080f9ab6a5a46006eaecb0551cca8fb238dda3e56ea926f35a582446.exe	31
PID 1764 wrote to memory of 2456	1764	ace6e5e5080f9ab6a5a46006eaecb0551cca8fb238dda3e56ea926f35a582446.exe	31
PID 1764 wrote to memory of 2456	1764	ace6e5e5080f9ab6a5a46006eaecb0551cca8fb238dda3e56ea926f35a582446.exe	31
PID 2944 wrote to memory of 2704	2944	Unicorn-20044.exe	32
PID 2944 wrote to memory of 2704	2944	Unicorn-20044.exe	32
PID 2944 wrote to memory of 2704	2944	Unicorn-20044.exe	32
PID 2944 wrote to memory of 2704	2944	Unicorn-20044.exe	32
PID 2952 wrote to memory of 2524	2952	Unicorn-39910.exe	33
PID 2952 wrote to memory of 2524	2952	Unicorn-39910.exe	33
PID 2952 wrote to memory of 2524	2952	Unicorn-39910.exe	33
PID 2952 wrote to memory of 2524	2952	Unicorn-39910.exe	33
PID 380 wrote to memory of 2356	380	Unicorn-30247.exe	34
PID 380 wrote to memory of 2356	380	Unicorn-30247.exe	34
PID 380 wrote to memory of 2356	380	Unicorn-30247.exe	34
PID 380 wrote to memory of 2356	380	Unicorn-30247.exe	34
PID 380 wrote to memory of 3000	380	Unicorn-30247.exe	35
PID 380 wrote to memory of 3000	380	Unicorn-30247.exe	35
PID 380 wrote to memory of 3000	380	Unicorn-30247.exe	35
PID 380 wrote to memory of 3000	380	Unicorn-30247.exe	35
PID 2524 wrote to memory of 1324	2524	Unicorn-17835.exe	36
PID 2524 wrote to memory of 1324	2524	Unicorn-17835.exe	36
PID 2524 wrote to memory of 1324	2524	Unicorn-17835.exe	36
PID 2524 wrote to memory of 1324	2524	Unicorn-17835.exe	36
PID 2952 wrote to memory of 1356	2952	Unicorn-39910.exe	37
PID 2952 wrote to memory of 1356	2952	Unicorn-39910.exe	37
PID 2952 wrote to memory of 1356	2952	Unicorn-39910.exe	37
PID 2952 wrote to memory of 1356	2952	Unicorn-39910.exe	37
PID 2944 wrote to memory of 760	2944	Unicorn-20044.exe	38
PID 2944 wrote to memory of 760	2944	Unicorn-20044.exe	38
PID 2944 wrote to memory of 760	2944	Unicorn-20044.exe	38
PID 2944 wrote to memory of 760	2944	Unicorn-20044.exe	38
PID 2704 wrote to memory of 312	2704	Unicorn-2567.exe	39
PID 2704 wrote to memory of 312	2704	Unicorn-2567.exe	39
PID 2704 wrote to memory of 312	2704	Unicorn-2567.exe	39
PID 2704 wrote to memory of 312	2704	Unicorn-2567.exe	39
PID 2944 wrote to memory of 1184	2944	Unicorn-20044.exe	40
PID 2944 wrote to memory of 1184	2944	Unicorn-20044.exe	40
PID 2944 wrote to memory of 1184	2944	Unicorn-20044.exe	40
PID 2944 wrote to memory of 1184	2944	Unicorn-20044.exe	40
PID 2952 wrote to memory of 1512	2952	Unicorn-39910.exe	41
PID 2952 wrote to memory of 1512	2952	Unicorn-39910.exe	41
PID 2952 wrote to memory of 1512	2952	Unicorn-39910.exe	41
PID 2952 wrote to memory of 1512	2952	Unicorn-39910.exe	41
PID 2356 wrote to memory of 2684	2356	Unicorn-48431.exe	42
PID 2356 wrote to memory of 2684	2356	Unicorn-48431.exe	42
PID 2356 wrote to memory of 2684	2356	Unicorn-48431.exe	42
PID 2356 wrote to memory of 2684	2356	Unicorn-48431.exe	42
PID 1324 wrote to memory of 2800	1324	Unicorn-27978.exe	43
PID 1324 wrote to memory of 2800	1324	Unicorn-27978.exe	43
PID 1324 wrote to memory of 2800	1324	Unicorn-27978.exe	43
PID 1324 wrote to memory of 2800	1324	Unicorn-27978.exe	43

C:\Users\Admin\AppData\Local\Temp\ace6e5e5080f9ab6a5a46006eaecb0551cca8fb238dda3e56ea926f35a582446.exe
"C:\Users\Admin\AppData\Local\Temp\ace6e5e5080f9ab6a5a46006eaecb0551cca8fb238dda3e56ea926f35a582446.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1764
- C:\Users\Admin\AppData\Local\Temp\Unicorn-30247.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-30247.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:380
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39910.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39910.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17835.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17835.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27978.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20236.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42958.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19757.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49202.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8167.exe
        10⤵
        
        PID:1456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46121.exe
        11⤵
        
        PID:3700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25323.exe
        12⤵
        
        PID:4596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30368.exe
        13⤵
        
        PID:8044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18863.exe
        14⤵
        
        PID:11012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45194.exe
        15⤵
        
        PID:12944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11012 -s 216
        15⤵
        
        PID:13396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8044 -s 216
        14⤵
        
        PID:11564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4596 -s 216
        13⤵
        
        PID:9092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3700 -s 236
        12⤵
        
        PID:5172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1456 -s 236
        11⤵
        
        PID:4448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27023.exe
        10⤵
        
        PID:3876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61358.exe
        11⤵
        
        PID:4860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4680.exe
        12⤵
        
        PID:7224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11924.exe
        13⤵
        
        PID:10300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13719.exe
        14⤵
        
        PID:13220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10300 -s 216
        14⤵
        
        PID:12932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7224 -s 216
        13⤵
        
        PID:11724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4860 -s 216
        12⤵
        
        PID:8228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3876 -s 236
        11⤵
        
        PID:6176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 960 -s 240
        10⤵
        Program crash
        
        PID:4048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36817.exe
        9⤵
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18651.exe
        10⤵
        
        PID:3868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26665.exe
        11⤵
        
        PID:5256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53796.exe
        12⤵
        
        PID:7932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11779.exe
        13⤵
        
        PID:11028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58700.exe
        14⤵
        
        PID:7852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11028 -s 220
        14⤵
        
        PID:14276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7932 -s 220
        13⤵
        
        PID:12280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5256 -s 216
        12⤵
        
        PID:9444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3868 -s 216
        11⤵
        
        PID:6880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2256 -s 216
        10⤵
        
        PID:5108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3056 -s 240
        9⤵
        Program crash
        
        PID:444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64339.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23461.exe
        9⤵
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29292.exe
        10⤵
        
        PID:3816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5756.exe
        11⤵
        
        PID:5048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31614.exe
        12⤵
        
        PID:8184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50456.exe
        13⤵
        
        PID:10652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58391.exe
        14⤵
        
        PID:12856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10652 -s 216
        14⤵
        
        PID:13956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8184 -s 216
        13⤵
        
        PID:12024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5048 -s 216
        12⤵
        
        PID:9100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3816 -s 216
        11⤵
        
        PID:6464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2728 -s 236
        10⤵
        
        PID:4456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10194.exe
        9⤵
        
        PID:3956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51610.exe
        10⤵
        
        PID:4748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23835.exe
        11⤵
        
        PID:8040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31899.exe
        12⤵
        
        PID:10552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47758.exe
        13⤵
        
        PID:7380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10552 -s 204
        13⤵
        
        PID:14044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8040 -s 220
        12⤵
        
        PID:11904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4748 -s 216
        11⤵
        
        PID:9136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3956 -s 216
        10⤵
        
        PID:6432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 904 -s 240
        9⤵
        Program crash
        
        PID:4268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1884 -s 240
        8⤵
        Program crash
        
        PID:880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6326.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36239.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41224.exe
        9⤵
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56178.exe
        10⤵
        
        PID:3504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4054.exe
        11⤵
        
        PID:4852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43291.exe
        12⤵
        
        PID:6300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63524.exe
        13⤵
        
        PID:10268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36602.exe
        14⤵
        
        PID:13016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10268 -s 236
        14⤵
        
        PID:7900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6300 -s 216
        13⤵
        
        PID:10736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4852 -s 236
        12⤵
        
        PID:7844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3504 -s 216
        11⤵
        
        PID:6440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2296 -s 216
        10⤵
        
        PID:4808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2692 -s 236
        9⤵
        Program crash
        
        PID:3416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39147.exe
        8⤵
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50555.exe
        9⤵
        
        PID:3436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48943.exe
        10⤵
        
        PID:5600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38271.exe
        11⤵
        
        PID:7596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35336.exe
        12⤵
        
        PID:10668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42360.exe
        13⤵
        
        PID:13192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10668 -s 216
        13⤵
        
        PID:7668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7596 -s 216
        12⤵
        
        PID:10744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5600 -s 236
        11⤵
        
        PID:8456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3436 -s 216
        10⤵
        
        PID:7088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2232 -s 216
        9⤵
        
        PID:4260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2476 -s 240
        8⤵
        Program crash
        
        PID:2924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2800 -s 240
        7⤵
        Program crash
        
        PID:2244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38359.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59248.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51724.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56683.exe
        9⤵
        
        PID:1548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55768.exe
        10⤵
        
        PID:3740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57178.exe
        11⤵
        
        PID:4364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31806.exe
        12⤵
        
        PID:7496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17758.exe
        13⤵
        
        PID:10824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18275.exe
        14⤵
        
        PID:13008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10824 -s 220
        14⤵
        
        PID:14128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7496 -s 220
        13⤵
        
        PID:12128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4364 -s 216
        12⤵
        
        PID:9312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3740 -s 216
        11⤵
        
        PID:6560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1548 -s 216
        10⤵
        
        PID:4944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2752 -s 236
        9⤵
        Program crash
        
        PID:3444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54415.exe
        8⤵
        
        PID:1888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52091.exe
        9⤵
        
        PID:3984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49566.exe
        10⤵
        
        PID:5596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11876.exe
        11⤵
        
        PID:8292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8726.exe
        12⤵
        
        PID:10352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57972.exe
        13⤵
        
        PID:13560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10352 -s 216
        13⤵
        
        PID:13872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8292 -s 216
        12⤵
        
        PID:12556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5596 -s 216
        11⤵
        
        PID:9804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3984 -s 216
        10⤵
        
        PID:6696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1888 -s 236
        9⤵
        
        PID:5724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2856 -s 240
        8⤵
        Program crash
        
        PID:604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65107.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56709.exe
        8⤵
        
        PID:1056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31998.exe
        9⤵
        
        PID:4052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14397.exe
        10⤵
        
        PID:5632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28057.exe
        11⤵
        
        PID:2204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54390.exe
        12⤵
        
        PID:10800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35582.exe
        13⤵
        
        PID:7912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10800 -s 216
        13⤵
        
        PID:8892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2204 -s 220
        12⤵
        
        PID:12320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5632 -s 220
        11⤵
        
        PID:9616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4052 -s 216
        10⤵
        
        PID:3924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1056 -s 236
        9⤵
        
        PID:5784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29921.exe
        8⤵
        
        PID:3096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48953.exe
        9⤵
        
        PID:5752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45635.exe
        10⤵
        
        PID:8060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40326.exe
        11⤵
        
        PID:10956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-274.exe
        12⤵
        
        PID:6148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10956 -s 216
        12⤵
        
        PID:13364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8060 -s 216
        11⤵
        
        PID:11540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5752 -s 216
        10⤵
        
        PID:9112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3096 -s 236
        9⤵
        
        PID:6168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 400 -s 240
        8⤵
        Program crash
        
        PID:4108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1304 -s 240
        7⤵
        Program crash
        
        PID:2636
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1324 -s 240
        6⤵
        Program crash
        
        PID:2768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12949.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42766.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52429.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53836.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40648.exe
        9⤵
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44001.exe
        10⤵
        
        PID:3600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9074.exe
        11⤵
        
        PID:688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31049.exe
        12⤵
        
        PID:6680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21153.exe
        13⤵
        
        PID:9892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31392.exe
        14⤵
        
        PID:12896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9892 -s 216
        14⤵
        
        PID:13184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6680 -s 236
        13⤵
        
        PID:11156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 688 -s 236
        12⤵
        
        PID:7772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3600 -s 236
        11⤵
        
        PID:5616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22649.exe
        10⤵
        
        PID:3532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39020.exe
        11⤵
        
        PID:6768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55169.exe
        12⤵
        
        PID:10104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50385.exe
        13⤵
        
        PID:12924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10104 -s 216
        13⤵
        
        PID:13188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6768 -s 216
        12⤵
        
        PID:11240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3532 -s 236
        11⤵
        
        PID:8080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2508 -s 240
        10⤵
        
        PID:5620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41924.exe
        9⤵
        
        PID:3632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30657.exe
        10⤵
        
        PID:3792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53504.exe
        11⤵
        
        PID:5096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13857.exe
        11⤵
        
        PID:5528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41285.exe
        12⤵
        
        PID:8264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8726.exe
        13⤵
        
        PID:11196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32482.exe
        14⤵
        
        PID:13620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8264 -s 216
        13⤵
        
        PID:12564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5528 -s 216
        12⤵
        
        PID:9796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3792 -s 220
        11⤵
        
        PID:6668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3632 -s 236
        10⤵
        
        PID:4132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2080 -s 240
        9⤵
        Program crash
        
        PID:3360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3569.exe
        8⤵
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13640.exe
        9⤵
        
        PID:3780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27124.exe
        10⤵
        
        PID:4924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16953.exe
        11⤵
        
        PID:7536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7536 -s 224
        12⤵
        
        PID:10556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4924 -s 216
        11⤵
        
        PID:8432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3780 -s 216
        10⤵
        
        PID:6200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2568 -s 216
        9⤵
        
        PID:4464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2140 -s 240
        8⤵
        Program crash
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29336.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8935.exe
        8⤵
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31998.exe
        9⤵
        
        PID:4076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27124.exe
        10⤵
        
        PID:4916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32911.exe
        11⤵
        
        PID:7472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30201.exe
        12⤵
        
        PID:10320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18758.exe
        13⤵
        
        PID:7952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10320 -s 216
        13⤵
        
        PID:8556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7472 -s 216
        12⤵
        
        PID:11632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4916 -s 216
        11⤵
        
        PID:8396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4076 -s 236
        10⤵
        
        PID:6192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2764 -s 236
        9⤵
        Program crash
        
        PID:4284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47519.exe
        8⤵
        
        PID:3320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44454.exe
        9⤵
        
        PID:5312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21777.exe
        10⤵
        
        PID:8372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23968.exe
        11⤵
        
        PID:10996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57085.exe
        12⤵
        
        PID:13864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8372 -s 220
        11⤵
        
        PID:12672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5312 -s 216
        10⤵
        
        PID:9868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3320 -s 216
        9⤵
        
        PID:6896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2732 -s 220
        8⤵
        
        PID:5084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3008 -s 240
        7⤵
        Program crash
        
        PID:1580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47831.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19026.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32075.exe
        8⤵
        
        PID:1500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-425.exe
        9⤵
        
        PID:3452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11933
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11933
        10⤵
        
        PID:3536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3536 -s 220
        11⤵
        
        PID:7292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3452 -s 236
        10⤵
        
        PID:6096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43105.exe
        9⤵
        
        PID:3888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59939.exe
        10⤵
        
        PID:4604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47649.exe
        11⤵
        
        PID:7500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33409.exe
        12⤵
        
        PID:10856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59351.exe
        13⤵
        
        PID:7440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10856 -s 204
        13⤵
        
        PID:14060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7500 -s 220
        12⤵
        
        PID:12144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4604 -s 220
        11⤵
        
        PID:9348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3888 -s 216
        10⤵
        
        PID:6616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1500 -s 240
        9⤵
        
        PID:4704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63886.exe
        8⤵
        
        PID:3484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25857.exe
        9⤵
        
        PID:3336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17060.exe
        10⤵
        
        PID:5960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37180.exe
        11⤵
        
        PID:7504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31892.exe
        12⤵
        
        PID:10864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41197.exe
        13⤵
        
        PID:7988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10864 -s 216
        13⤵
        
        PID:13704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7504 -s 216
        12⤵
        
        PID:12544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5960 -s 216
        11⤵
        
        PID:9748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3336 -s 216
        10⤵
        
        PID:7192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3484 -s 236
        9⤵
        
        PID:5340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20590.exe
        7⤵
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48583.exe
        8⤵
        
        PID:3540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26625.exe
        9⤵
        
        PID:3860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1745.exe
        10⤵
        
        PID:5860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29593.exe
        11⤵
        
        PID:7576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37369.exe
        12⤵
        
        PID:10680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58773.exe
        13⤵
        
        PID:7416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10680 -s 220
        13⤵
        
        PID:8712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7576 -s 216
        12⤵
        
        PID:11368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5860 -s 216
        11⤵
        
        PID:9584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3860 -s 216
        10⤵
        
        PID:6728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3540 -s 236
        9⤵
        
        PID:5436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6951.exe
        8⤵
        
        PID:4036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11280.exe
        9⤵
        
        PID:4832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25952.exe
        10⤵
        
        PID:8028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7653.exe
        11⤵
        
        PID:10928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57508.exe
        12⤵
        
        PID:12744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10928 -s 216
        12⤵
        
        PID:7460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8028 -s 216
        11⤵
        
        PID:11532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4832 -s 216
        10⤵
        
        PID:9076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4036 -s 216
        9⤵
        
        PID:6160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2712 -s 240
        8⤵
        Program crash
        
        PID:3964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2556 -s 240
        7⤵
        Program crash
        
        PID:2216
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2808 -s 240
        6⤵
        Program crash
        
        PID:1036
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2524 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:1404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8112.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8112.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32815.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58225.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44941.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38543.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56901.exe
        9⤵
        
        PID:564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37045.exe
        10⤵
        
        PID:3680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4054.exe
        11⤵
        
        PID:4856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34962.exe
        12⤵
        
        PID:6824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37406.exe
        13⤵
        
        PID:10040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12066.exe
        14⤵
        
        PID:12956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10040 -s 216
        14⤵
        
        PID:13236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6824 -s 216
        13⤵
        
        PID:10244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4856 -s 236
        12⤵
        
        PID:7200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3680 -s 216
        11⤵
        
        PID:5636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 564 -s 216
        10⤵
        
        PID:4936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1636 -s 236
        9⤵
        Program crash
        
        PID:3620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19822.exe
        8⤵
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32766.exe
        9⤵
        
        PID:3400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63847.exe
        10⤵
        
        PID:5184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23543.exe
        11⤵
        
        PID:8720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24617.exe
        12⤵
        
        PID:11444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30914.exe
        13⤵
        
        PID:13756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8720 -s 236
        12⤵
        
        PID:12800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5184 -s 216
        11⤵
        
        PID:10008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3400 -s 220
        10⤵
        
        PID:7244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1540 -s 236
        9⤵
        
        PID:5848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2188 -s 240
        8⤵
        Program crash
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36274.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12801.exe
        8⤵
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49787.exe
        9⤵
        
        PID:3108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38621.exe
        10⤵
        
        PID:5024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41266.exe
        11⤵
        
        PID:7616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30290.exe
        12⤵
        
        PID:10360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32584.exe
        13⤵
        
        PID:13212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10360 -s 216
        13⤵
        
        PID:13684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7616 -s 216
        12⤵
        
        PID:11780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5024 -s 216
        11⤵
        
        PID:8452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3108 -s 216
        10⤵
        
        PID:6472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2664 -s 236
        9⤵
        
        PID:4332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12900.exe
        8⤵
        
        PID:3376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30817.exe
        9⤵
        
        PID:5824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20735.exe
        10⤵
        
        PID:7876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60459.exe
        11⤵
        
        PID:10548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14165.exe
        12⤵
        
        PID:8344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10548 -s 220
        12⤵
        
        PID:13740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7876 -s 220
        11⤵
        
        PID:12476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5824 -s 216
        10⤵
        
        PID:9712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3376 -s 216
        9⤵
        
        PID:6568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2564 -s 220
        8⤵
        
        PID:5836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 808 -s 240
        7⤵
        Program crash
        
        PID:3004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39600.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56140.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57669.exe
        8⤵
        
        PID:2376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47657.exe
        9⤵
        
        PID:3480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42344.exe
        10⤵
        
        PID:4560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61675.exe
        11⤵
        
        PID:7676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13273.exe
        12⤵
        
        PID:10756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53019.exe
        13⤵
        
        PID:13300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10756 -s 216
        13⤵
        
        PID:4828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7676 -s 236
        12⤵
        
        PID:11356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4560 -s 216
        11⤵
        
        PID:8748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3480 -s 236
        10⤵
        
        PID:6128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2376 -s 236
        9⤵
        
        PID:4356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45773.exe
        8⤵
        
        PID:3556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59365.exe
        9⤵
        
        PID:4524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25952.exe
        10⤵
        
        PID:8004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54031.exe
        11⤵
        
        PID:10984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48816.exe
        12⤵
        
        PID:12848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10984 -s 216
        12⤵
        
        PID:8304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8004 -s 216
        11⤵
        
        PID:11556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4524 -s 216
        10⤵
        
        PID:9068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3556 -s 236
        9⤵
        
        PID:6032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2544 -s 240
        8⤵
        Program crash
        
        PID:3904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8395.exe
        7⤵
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16513.exe
        8⤵
        
        PID:3808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9908.exe
        9⤵
        
        PID:6100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50911.exe
        10⤵
        
        PID:7768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24331.exe
        11⤵
        
        PID:11136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9489.exe
        12⤵
        
        PID:12936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11136 -s 216
        12⤵
        
        PID:8812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7768 -s 220
        11⤵
        
        PID:12432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6100 -s 220
        10⤵
        
        PID:9656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3808 -s 216
        9⤵
        
        PID:6844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2004 -s 236
        8⤵
        
        PID:5764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2144 -s 240
        7⤵
        Program crash
        
        PID:3080
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2020 -s 220
        6⤵
        Program crash
        
        PID:1720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40689.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46742.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26195.exe
        7⤵
        
        PID:3512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45950.exe
        8⤵
        
        PID:3208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5466.exe
        9⤵
        
        PID:4956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5612.exe
        10⤵
        
        PID:8180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27047.exe
        11⤵
        
        PID:11064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27976.exe
        12⤵
        
        PID:7036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11064 -s 216
        12⤵
        
        PID:13656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8180 -s 220
        11⤵
        
        PID:12272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4956 -s 216
        10⤵
        
        PID:9468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3208 -s 216
        9⤵
        
        PID:6820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3512 -s 216
        8⤵
        
        PID:5736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1516 -s 236
        7⤵
        Program crash
        
        PID:3500
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1684 -s 216
        6⤵
        Program crash
        
        PID:552
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1356 -s 220
        5⤵
        Program crash
        
        PID:3048
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2952 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1512
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48431.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48431.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32850.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32850.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27473.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49139.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-468.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2028 -s 220
        8⤵
        Program crash
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6013.exe
        7⤵
        
        PID:740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55277.exe
        8⤵
        
        PID:3192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29723.exe
        9⤵
        
        PID:3788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11973.exe
        10⤵
        
        PID:5376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6572.exe
        11⤵
        
        PID:7256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11779.exe
        12⤵
        
        PID:11020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22525.exe
        13⤵
        
        PID:13104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11020 -s 216
        13⤵
        
        PID:14168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7256 -s 220
        12⤵
        
        PID:12264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5376 -s 216
        11⤵
        
        PID:9484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3788 -s 216
        10⤵
        
        PID:6932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3192 -s 236
        9⤵
        
        PID:4488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26084.exe
        8⤵
        
        PID:4012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26857.exe
        9⤵
        
        PID:5284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46766.exe
        10⤵
        
        PID:7748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50746.exe
        11⤵
        
        PID:10788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10788 -s 188
        12⤵
        
        PID:11076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7748 -s 216
        11⤵
        
        PID:11388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5284 -s 216
        10⤵
        
        PID:8796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4012 -s 216
        9⤵
        
        PID:6888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 740 -s 240
        8⤵
        
        PID:5052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2200 -s 240
        7⤵
        Program crash
        
        PID:2596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63737.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60497.exe
        7⤵
        
        PID:1968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17395.exe
        8⤵
        
        PID:768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53630.exe
        9⤵
        
        PID:3940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5398.exe
        10⤵
        
        PID:4556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25013.exe
        11⤵
        
        PID:7916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40923.exe
        12⤵
        
        PID:10420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49273.exe
        13⤵
        
        PID:13128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10420 -s 216
        13⤵
        
        PID:13648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7916 -s 216
        12⤵
        
        PID:11800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4556 -s 216
        11⤵
        
        PID:8804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3940 -s 236
        10⤵
        
        PID:6384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 768 -s 236
        9⤵
        
        PID:4156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57605.exe
        8⤵
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12259.exe
        9⤵
        
        PID:5672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41643.exe
        10⤵
        
        PID:8388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10288.exe
        11⤵
        
        PID:10480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57972.exe
        12⤵
        
        PID:13572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10480 -s 216
        12⤵
        
        PID:13880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8388 -s 220
        11⤵
        
        PID:12632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5672 -s 216
        10⤵
        
        PID:9860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1608 -s 216
        9⤵
        
        PID:6956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1968 -s 240
        8⤵
        
        PID:5236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13948.exe
        7⤵
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20190.exe
        8⤵
        
        PID:3936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64210.exe
        9⤵
        
        PID:5640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8191.exe
        10⤵
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4862.exe
        11⤵
        
        PID:10920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31524.exe
        12⤵
        
        PID:13088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10920 -s 216
        12⤵
        
        PID:8840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2760 -s 220
        11⤵
        
        PID:12360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5640 -s 216
        10⤵
        
        PID:9608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3936 -s 216
        9⤵
        
        PID:7104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1648 -s 236
        8⤵
        
        PID:5076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1848 -s 240
        7⤵
        Program crash
        
        PID:3560
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 556 -s 240
        6⤵
        Program crash
        
        PID:1212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14198.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18258.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43476.exe
        7⤵
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43224.exe
        8⤵
        
        PID:3236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48945.exe
        9⤵
        
        PID:4996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32220.exe
        10⤵
        
        PID:7508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48299.exe
        11⤵
        
        PID:10620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30191.exe
        12⤵
        
        PID:13168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10620 -s 236
        12⤵
        
        PID:13040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7508 -s 216
        11⤵
        
        PID:11144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4996 -s 216
        10⤵
        
        PID:8352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3236 -s 216
        9⤵
        
        PID:6256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2248 -s 236
        8⤵
        Program crash
        
        PID:4116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51639.exe
        7⤵
        
        PID:3292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58721.exe
        8⤵
        
        PID:3648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44480.exe
        9⤵
        
        PID:4768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21297.exe
        10⤵
        
        PID:7804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19657.exe
        11⤵
        
        PID:10888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57269.exe
        12⤵
        
        PID:12712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10888 -s 216
        12⤵
        
        PID:12964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7804 -s 236
        11⤵
        
        PID:11476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4768 -s 216
        10⤵
        
        PID:8848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3648 -s 236
        9⤵
        
        PID:6624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3292 -s 236
        8⤵
        
        PID:4720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2448 -s 240
        7⤵
        Program crash
        
        PID:3652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23610.exe
        6⤵
        
        PID:1476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22989.exe
        7⤵
        
        PID:3220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62971.exe
        8⤵
        
        PID:3952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38570.exe
        9⤵
        
        PID:5244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31633.exe
        10⤵
        
        PID:8488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32323.exe
        11⤵
        
        PID:10776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27485.exe
        12⤵
        
        PID:13924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8488 -s 220
        11⤵
        
        PID:12728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5244 -s 216
        10⤵
        
        PID:9924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3952 -s 216
        9⤵
        
        PID:7360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3220 -s 216
        8⤵
        
        PID:5564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26084.exe
        7⤵
        
        PID:4060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8372.exe
        8⤵
        
        PID:5220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19967.exe
        9⤵
        
        PID:7604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14657.exe
        10⤵
        
        PID:10596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40429.exe
        11⤵
        
        PID:7456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10596 -s 216
        11⤵
        
        PID:8964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7604 -s 220
        10⤵
        
        PID:12488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5220 -s 216
        9⤵
        
        PID:9700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4060 -s 216
        8⤵
        
        PID:6916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1476 -s 240
        7⤵
        
        PID:5924
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1624 -s 240
        6⤵
        Program crash
        
        PID:2464
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2684 -s 240
        5⤵
        Program crash
        
        PID:2340
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2356 -s 236
      4⤵
      Loads dropped DLL
      Program crash
      PID:804
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 380 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:3000
- C:\Users\Admin\AppData\Local\Temp\Unicorn-20044.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-20044.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2944
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2567.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2567.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28170.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28170.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22324.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1391.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3374.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10995.exe
        8⤵
        
        PID:872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23181.exe
        9⤵
        
        PID:3256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11741.exe
        10⤵
        
        PID:3276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38013.exe
        11⤵
        
        PID:6284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34624.exe
        12⤵
        
        PID:10092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18818.exe
        13⤵
        
        PID:12840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10092 -s 236
        13⤵
        
        PID:2432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6284 -s 216
        12⤵
        
        PID:11036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3276 -s 216
        11⤵
        
        PID:8112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3256 -s 236
        10⤵
        
        PID:6076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9857.exe
        9⤵
        
        PID:3708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42508.exe
        10⤵
        
        PID:5348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58989.exe
        11⤵
        
        PID:6644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17526.exe
        12⤵
        
        PID:10464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40733.exe
        13⤵
        
        PID:13076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10464 -s 216
        13⤵
        
        PID:5268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6644 -s 216
        12⤵
        
        PID:10356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5348 -s 236
        11⤵
        
        PID:7764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3708 -s 216
        10⤵
        
        PID:6924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 872 -s 240
        9⤵
        
        PID:4140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51639.exe
        8⤵
        
        PID:3300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38171.exe
        9⤵
        
        PID:4068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52160.exe
        10⤵
        
        PID:4792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5721.exe
        11⤵
        
        PID:7824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44836.exe
        12⤵
        
        PID:11120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36713.exe
        13⤵
        
        PID:12508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11120 -s 216
        13⤵
        
        PID:13328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7824 -s 216
        12⤵
        
        PID:11468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4792 -s 216
        11⤵
        
        PID:9520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4068 -s 216
        10⤵
        
        PID:6584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3300 -s 236
        9⤵
        
        PID:4176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2068 -s 240
        8⤵
        Program crash
        
        PID:3692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5847.exe
        7⤵
        
        PID:912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5967.exe
        8⤵
        
        PID:3312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45950.exe
        9⤵
        
        PID:3188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53504.exe
        10⤵
        
        PID:4216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47649.exe
        11⤵
        
        PID:7696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2272.exe
        12⤵
        
        PID:10700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17390.exe
        13⤵
        
        PID:5188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10700 -s 216
        13⤵
        
        PID:13980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7696 -s 216
        12⤵
        
        PID:12044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4216 -s 220
        11⤵
        
        PID:9340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3188 -s 216
        10⤵
        
        PID:6600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3312 -s 236
        9⤵
        
        PID:4664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5991.exe
        8⤵
        
        PID:3280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23738.exe
        9⤵
        
        PID:4608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8593.exe
        10⤵
        
        PID:7624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28178.exe
        11⤵
        
        PID:10516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34935.exe
        12⤵
        
        PID:12664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10516 -s 216
        12⤵
        
        PID:13912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7624 -s 216
        11⤵
        
        PID:11832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4608 -s 216
        10⤵
        
        PID:8476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3280 -s 216
        9⤵
        
        PID:6500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 912 -s 240
        8⤵
        
        PID:4384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1988 -s 240
        7⤵
        Program crash
        
        PID:2788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16181.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14285.exe
        7⤵
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23949.exe
        8⤵
        
        PID:3344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55192.exe
        9⤵
        
        PID:3980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4822.exe
        10⤵
        
        PID:4324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42200.exe
        11⤵
        
        PID:7816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28178.exe
        12⤵
        
        PID:10500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57410.exe
        13⤵
        
        PID:13268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10500 -s 216
        13⤵
        
        PID:13804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7816 -s 216
        12⤵
        
        PID:11824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4324 -s 220
        11⤵
        
        PID:8732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3980 -s 216
        10⤵
        
        PID:6360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3344 -s 236
        9⤵
        
        PID:5116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57413.exe
        8⤵
        
        PID:3232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52378.exe
        9⤵
        
        PID:4888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51660.exe
        10⤵
        
        PID:7176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26668.exe
        11⤵
        
        PID:11164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-181.exe
        12⤵
        
        PID:13044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11164 -s 220
        12⤵
        
        PID:13592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7176 -s 216
        11⤵
        
        PID:11672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4888 -s 216
        10⤵
        
        PID:8204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3232 -s 216
        9⤵
        
        PID:6448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2984 -s 240
        8⤵
        Program crash
        
        PID:4312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36755.exe
        7⤵
        
        PID:3388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62971.exe
        8⤵
        
        PID:3928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37085.exe
        9⤵
        
        PID:4848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47457.exe
        10⤵
        
        PID:7584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2464.exe
        11⤵
        
        PID:10708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34935.exe
        12⤵
        
        PID:924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10708 -s 216
        12⤵
        
        PID:13896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7584 -s 216
        11⤵
        
        PID:12064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4848 -s 216
        10⤵
        
        PID:9328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3928 -s 216
        9⤵
        
        PID:6576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3388 -s 236
        8⤵
        
        PID:4572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1416 -s 240
        7⤵
        Program crash
        
        PID:3288
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2940 -s 240
        6⤵
        Program crash
        
        PID:2328
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 312 -s 236
        5⤵
        Program crash
        
        PID:2160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14895.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14895.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60555.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60016.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23276.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24229.exe
        8⤵
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10791.exe
        9⤵
        
        PID:3608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45414.exe
        10⤵
        
        PID:5404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63710.exe
        11⤵
        
        PID:8136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17400.exe
        12⤵
        
        PID:10600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19860.exe
        13⤵
        
        PID:5272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10600 -s 216
        13⤵
        
        PID:13904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8136 -s 220
        12⤵
        
        PID:11988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5404 -s 216
        11⤵
        
        PID:8284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3608 -s 216
        10⤵
        
        PID:6964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1948 -s 236
        9⤵
        
        PID:4192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47109.exe
        8⤵
        
        PID:3920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42005.exe
        9⤵
        
        PID:6008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52665.exe
        10⤵
        
        PID:7548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8103.exe
        11⤵
        
        PID:11008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41197.exe
        12⤵
        
        PID:6020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11008 -s 216
        12⤵
        
        PID:8984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7548 -s 216
        11⤵
        
        PID:12400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6008 -s 220
        10⤵
        
        PID:9640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1536 -s 220
        8⤵
        
        PID:5792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37803.exe
        7⤵
        
        PID:2372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-101.exe
        8⤵
        
        PID:3576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4822.exe
        9⤵
        
        PID:4408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53004.exe
        10⤵
        
        PID:7316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11950.exe
        11⤵
        
        PID:11124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33430.exe
        12⤵
        
        PID:13096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11124 -s 220
        12⤵
        
        PID:13608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7316 -s 216
        11⤵
        
        PID:11664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4408 -s 216
        10⤵
        
        PID:8260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3576 -s 216
        9⤵
        
        PID:6348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2372 -s 216
        8⤵
        
        PID:4376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2776 -s 240
        7⤵
        Program crash
        
        PID:1432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18677.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57477.exe
        7⤵
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47657.exe
        8⤵
        
        PID:3472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5805.exe
        9⤵
        
        PID:4692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26886.exe
        10⤵
        
        PID:8124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6117.exe
        11⤵
        
        PID:11052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35853.exe
        12⤵
        
        PID:12912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11052 -s 216
        12⤵
        
        PID:13384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8124 -s 216
        11⤵
        
        PID:11604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4692 -s 216
        10⤵
        
        PID:9144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3472 -s 236
        9⤵
        
        PID:5280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2672 -s 236
        8⤵
        
        PID:4344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60848.exe
        7⤵
        
        PID:3520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22827.exe
        8⤵
        
        PID:4644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63358.exe
        9⤵
        
        PID:6552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9196.exe
        10⤵
        
        PID:10304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33888.exe
        11⤵
        
        PID:12984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10304 -s 216
        11⤵
        
        PID:13296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6552 -s 216
        10⤵
        
        PID:10764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4644 -s 236
        9⤵
        
        PID:8092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3520 -s 236
        8⤵
        
        PID:5232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2936 -s 220
        7⤵
        Program crash
        
        PID:4004
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2076 -s 240
        6⤵
        Program crash
        
        PID:1132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57748.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5678.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24229.exe
        7⤵
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14618.exe
        8⤵
        
        PID:3712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4822.exe
        9⤵
        
        PID:4276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64197.exe
        10⤵
        
        PID:7628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16180.exe
        11⤵
        
        PID:10724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12183.exe
        12⤵
        
        PID:13252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10724 -s 236
        12⤵
        
        PID:8024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7628 -s 216
        11⤵
        
        PID:11288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4276 -s 216
        10⤵
        
        PID:8664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3712 -s 216
        9⤵
        
        PID:6376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2152 -s 216
        8⤵
        Program crash
        
        PID:4232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46341.exe
        7⤵
        
        PID:3748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33842.exe
        8⤵
        
        PID:5804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57278.exe
        9⤵
        
        PID:7744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50456.exe
        10⤵
        
        PID:10664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59927.exe
        11⤵
        
        PID:5560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10664 -s 204
        11⤵
        
        PID:13964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7744 -s 216
        10⤵
        
        PID:12016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5804 -s 220
        9⤵
        
        PID:9380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3748 -s 216
        8⤵
        
        PID:6484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 876 -s 240
        7⤵
        
        PID:5448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37803.exe
        6⤵
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-669.exe
        7⤵
        
        PID:3768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23595.exe
        8⤵
        
        PID:4740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3554.exe
        9⤵
        
        PID:8160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59828.exe
        10⤵
        
        PID:11200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11200 -s 212
        11⤵
        
        PID:7000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8160 -s 216
        10⤵
        
        PID:11352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4740 -s 216
        9⤵
        
        PID:9168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3768 -s 236
        8⤵
        
        PID:5556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2860 -s 216
        7⤵
        Program crash
        
        PID:4252
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2780 -s 240
        6⤵
        Program crash
        
        PID:1596
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1904 -s 240
        5⤵
        Program crash
        
        PID:1676
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1612
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8304.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8304.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34761.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34761.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10285.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59466.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56140.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12801.exe
        8⤵
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34302.exe
        9⤵
        
        PID:3908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19177.exe
        10⤵
        
        PID:5460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26308.exe
        11⤵
        
        PID:7552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11203.exe
        12⤵
        
        PID:10972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38778.exe
        13⤵
        
        PID:7048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10972 -s 216
        13⤵
        
        PID:14212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7552 -s 216
        12⤵
        
        PID:12256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5460 -s 216
        11⤵
        
        PID:9492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3908 -s 216
        10⤵
        
        PID:6984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2420 -s 236
        9⤵
        
        PID:4992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11940.exe
        8⤵
        
        PID:4024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12959.exe
        9⤵
        
        PID:4760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7057.exe
        10⤵
        
        PID:7732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44597.exe
        11⤵
        
        PID:11256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20249.exe
        12⤵
        
        PID:13144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11256 -s 216
        12⤵
        
        PID:13676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7732 -s 220
        11⤵
        
        PID:11688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4760 -s 220
        10⤵
        
        PID:8588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4024 -s 236
        9⤵
        
        PID:6704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2612 -s 240
        8⤵
        
        PID:4896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8395.exe
        7⤵
        
        PID:568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48425.exe
        8⤵
        
        PID:3640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48587.exe
        9⤵
        
        PID:4784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4083.exe
        10⤵
        
        PID:7836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47072.exe
        11⤵
        
        PID:10848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4721.exe
        12⤵
        
        PID:940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10848 -s 216
        12⤵
        
        PID:7968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7836 -s 216
        11⤵
        
        PID:11432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4784 -s 216
        10⤵
        
        PID:8860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3640 -s 236
        9⤵
        
        PID:5820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 568 -s 236
        8⤵
        
        PID:4400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 548 -s 240
        7⤵
        Program crash
        
        PID:3088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21199.exe
        6⤵
        Executes dropped EXE
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28261.exe
        7⤵
        
        PID:1900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41653.exe
        8⤵
        
        PID:3892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4822.exe
        9⤵
        
        PID:4432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14430.exe
        10⤵
        
        PID:7476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43042.exe
        11⤵
        
        PID:10584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30191.exe
        12⤵
        
        PID:13160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10584 -s 216
        12⤵
        
        PID:8104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7476 -s 216
        11⤵
        
        PID:11000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4432 -s 216
        10⤵
        
        PID:8244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3892 -s 216
        9⤵
        
        PID:6368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1900 -s 236
        8⤵
        
        PID:5040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2512 -s 236
        7⤵
        Program crash
        
        PID:3728
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1544 -s 240
        6⤵
        Program crash
        
        PID:2528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54868.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41065.exe
        6⤵
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28261.exe
        7⤵
        
        PID:1576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18459.exe
        8⤵
        
        PID:3836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46758.exe
        9⤵
        
        PID:5212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28785.exe
        10⤵
        
        PID:7720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64259.exe
        11⤵
        
        PID:10816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17659.exe
        12⤵
        
        PID:4840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10816 -s 216
        12⤵
        
        PID:7276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7720 -s 216
        11⤵
        
        PID:11396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5212 -s 216
        10⤵
        
        PID:8780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3836 -s 216
        9⤵
        
        PID:6868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1576 -s 236
        8⤵
        
        PID:5060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32225.exe
        7⤵
        
        PID:3972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19753.exe
        8⤵
        
        PID:5496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41266.exe
        9⤵
        
        PID:7612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60300.exe
        10⤵
        
        PID:11220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-181.exe
        11⤵
        
        PID:13068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11220 -s 220
        11⤵
        
        PID:13600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7612 -s 220
        10⤵
        
        PID:11680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5496 -s 216
        9⤵
        
        PID:7800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3972 -s 216
        8⤵
        
        PID:7024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2424 -s 220
        7⤵
        
        PID:4580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8395.exe
        6⤵
        
        PID:868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27812.exe
        7⤵
        
        PID:3328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48492.exe
        8⤵
        
        PID:5844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42444.exe
        9⤵
        
        PID:7544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30290.exe
        10⤵
        
        PID:10400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55682.exe
        11⤵
        
        PID:12416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10400 -s 216
        11⤵
        
        PID:13832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7544 -s 216
        10⤵
        
        PID:11792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5844 -s 216
        9⤵
        
        PID:8412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3328 -s 220
        8⤵
        
        PID:7704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 868 -s 236
        7⤵
        
        PID:5508
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1716 -s 240
        6⤵
        Program crash
        
        PID:3100
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 484 -s 240
        5⤵
        Program crash
        
        PID:1044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55957.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55957.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44941.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38543.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24229.exe
        7⤵
        
        PID:2560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16923.exe
        8⤵
        
        PID:3248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46468.exe
        9⤵
        
        PID:5872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14445.exe
        10⤵
        
        PID:8580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35613.exe
        11⤵
        
        PID:11320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3261.exe
        12⤵
        
        PID:13456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8580 -s 216
        11⤵
        
        PID:12760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5872 -s 216
        10⤵
        
        PID:9908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3248 -s 216
        9⤵
        
        PID:7008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2560 -s 236
        8⤵
        
        PID:5908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12900.exe
        7⤵
        
        PID:3384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32114.exe
        8⤵
        
        PID:5684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59795.exe
        9⤵
        
        PID:8068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64784.exe
        10⤵
        
        PID:10524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10833.exe
        11⤵
        
        PID:5892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10524 -s 216
        11⤵
        
        PID:13360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8068 -s 216
        10⤵
        
        PID:12188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5684 -s 220
        9⤵
        
        PID:9544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3384 -s 236
        8⤵
        
        PID:7124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2444 -s 220
        7⤵
        
        PID:5156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37803.exe
        6⤵
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29694.exe
        7⤵
        
        PID:3672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9048.exe
        8⤵
        
        PID:4144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53130.exe
        9⤵
        
        PID:6308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3218.exe
        10⤵
        
        PID:10404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57946.exe
        11⤵
        
        PID:13060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10404 -s 216
        11⤵
        
        PID:928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6308 -s 216
        10⤵
        
        PID:1864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4144 -s 216
        9⤵
        
        PID:7184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3672 -s 216
        8⤵
        
        PID:5700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14751.exe
        7⤵
        
        PID:4196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41968.exe
        8⤵
        
        PID:7304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25855.exe
        9⤵
        
        PID:10528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6446.exe
        10⤵
        
        PID:13120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10528 -s 236
        10⤵
        
        PID:13048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7304 -s 216
        9⤵
        
        PID:10648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4196 -s 216
        8⤵
        
        PID:240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2260 -s 240
        7⤵
        
        PID:5240
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2364 -s 220
        6⤵
        Program crash
        
        PID:1000
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1264 -s 236
        5⤵
        Program crash
        
        PID:2960
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 760 -s 240
      4⤵
      Program crash
      PID:1428
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2944 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:1184
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1764 -s 240
  2⤵
  - Program crash
  PID:2456

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-28170.exe

Filesize
184KB

MD5
0722abc6d9ad0074ae12d70d2f119131

SHA1
cf6fe6122bcdd8533aafe74c37cb5b739a4cc5b5

SHA256
7b0e7c77793c8dfa3993b40b7ff20d813ab16e202f181567db1b76eb625c808e

SHA512
18959411a765c01a3a8b0ca04b76d27b8cccd027bdb69c847c2202f4306f9d25126fcf51934939f8cabd23c61e2ff6d5d9d35df8e5a594639869971242a90bb0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40689.exe

Filesize
184KB

MD5
851f7ce4017d35e12646c5484e675822

SHA1
2a1eeefce906944488bd841a28356f452492360e

SHA256
31bc7df259aa7ea69ea6547f9bc4c2c8358924fdf0dae9e01d472f21c8a28bf5

SHA512
3c96ac3588b9da38755137f7f392634c6fcf2c2d23691dd776d1a55054f2acfe01a83df14f0791c29a6248b48f1246de6cd66e034835afd6e03977c6482e540e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5612.exe

Filesize
184KB

MD5
2e9f6d701ec4c5615c66caa9fe2da28c

SHA1
67f7baeeeb13380ac2384ad0353b7b89fd596416

SHA256
3023d0db92b17ed257cce0d22dccf0ca669ad887b461d2fa69e744a499bbb64f

SHA512
839cfe409cfbf9e308e330c550136c6b8af803ef2871e05a259b8fa504e105af6dcc57e58b7c65f5156b4266d643fecaff37ea94a2e70c1e94d270047f550fd9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5678.exe

Filesize
184KB

MD5
a73b9c18cfb1f1d96ca26c26d2cad6a9

SHA1
28fa9e44d647960fe33c679f9b097b5a314554e4

SHA256
7896dec968c1583c549c959f7ef68afea20b9aafd68d765b35e1b7f5f602e6e4

SHA512
9593fb6a26d551a53a0321c9f56cdc08cecc9a2cd37d5d633abeea9955f12518fdd1c0b0b283d9f25435f4aab699806b3648991ce5bec4a55d2cd62d97bebc4a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5756.exe

Filesize
184KB

MD5
d5876d37a7db0784e888949f3a35573f

SHA1
4ad7844255b730708a8239b40a7ca346417536de

SHA256
337b33bf442067526960a5e1747fcfac4d5360c1a3f9a144039236efb40909b6

SHA512
2cc5e78c7cd9cfff172d8aeb3ae55c979e6014a03c6eff57046630d9d5aef5fed25d96f902a13d066f5878fc0055e86b50bd5724c50c29bcda71fe459400c564

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5967.exe

Filesize
184KB

MD5
286fce54ef94b7f16fd6892396d1ec40

SHA1
413a5de2cd4c1508d3f4222acee8f12596119167

SHA256
fe0b343127f2cb94ee2fc29e05b85a9230382f4e7e47dcf9feaedc69ab6bdd1c

SHA512
f09c7a040560244b00e924bfba05d8b08e2450ab877dfa0ed6a000b35c3a414b436df602fc7a310b59c2460922dc8016b1b881d0fce6500f2aa2b12f6c4e039e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-12949.exe

Filesize
184KB

MD5
1c4ebec234b20fd3694caa452fd48055

SHA1
9a220e5f8b4674bb484d7bd3547f9547f052b49b

SHA256
f6c3c77f52b643fd22a7e3091a4df9d2f4b91f33a8b1b7de9b1f3b400def8a42

SHA512
c9053f0eff200e5026af3ae3e6043b49262e9de9f51e694762ecff91dabdd7fd94a059fcc87e4731a1e6a6907cea976a390db7b32b3d8da3942b4af891de01ae

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-17835.exe

Filesize
184KB

MD5
6bccfae0e358d9360b2411a670358953

SHA1
52d693b69a041d73b2a5c5bfbe717e686bdd87f0

SHA256
d1271904d0a2760af02d92b4f67a0f1cb2c7de61b1f6411577c1129f17447028

SHA512
27ee53b9e7417784b584f229fa3ce4dbbb8efe4161e147ef9467322383bd29f74acdf033b84ba3974476c05151645f94c9852904b2b094f986eb1d0b5c5439a6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-20044.exe

Filesize
184KB

MD5
438a3a2cd1d385d555dd5de8036aef55

SHA1
4265b6a86233d23a0909fb06b478363e8be34a82

SHA256
1bdd4af45282daa263bf5b6a41d5f42aa96c3a852b121a1a51f6fc81996f68e8

SHA512
81369dd9abeda8b4b5e7ae1c552477a9c5ca7f99d3e94aa354d61bf1428c9b8505d8a56b8eb83f0707233343ea9e1413293435b7b431393c26b1eeb9595bb1cf

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-20236.exe

Filesize
184KB

MD5
5f9ce025e93a97d655e5cfe8b5678910

SHA1
4d4dc1263f40215edfdd5c6d2f63225e4b6f9c4f

SHA256
ced1fb4b2135e7f9971d804e72d283e53b7a4d27ff734aa3b0150f495b861269

SHA512
30671bcefc135996e36195a7457a2566e79c26a3b1f876b9469784515fe77dc659183c98eee78f3d430bace67d3d31792712936cccf6401509dacd873eed3a38

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-2567.exe

Filesize
184KB

MD5
a814be3bd0bcfa8fbc3227166e74106d

SHA1
2ed1224c44c29f6805339e4a963247155781e3ff

SHA256
674d729c02a0c5a61da2c853e878434fe4f4b11185e5508fb99179f05b1c6816

SHA512
0cc6ddbc47e2eb005fe849db41ef99258405fe360d14a846e7055e4f17697275922fffd574a99b683adec195e8a1bac92af3f243d5634728e258823c6f402443

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-27978.exe

Filesize
184KB

MD5
6081ff8328ced524ca6674cdcba96d1f

SHA1
1af6a96da3edce1d26d39e748bd50b34779c5a35

SHA256
842d0666cce860fa206cbb775821ce5b338302325b6c42337db16f06953836e2

SHA512
d5dc56e4a3b31ea9c2956a0beeadea05e2fb11ec3e3ff3d6ff4ac21fd0de179922a258c146f7b92d7a74a61b000dca57d2b58444e61282ed5f8eae5531aa043e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-30247.exe

Filesize
184KB

MD5
4dd9eb2f49edc4f509da0a022f223ac9

SHA1
54be19eeecd93bba6f102000becdc546b066a605

SHA256
506ba742b10e732badf502baf2e046e1e2077163ced4c8cba527f095bb0c38f2

SHA512
e7c9aa875e05cb2135929108cb50fcc2c890923da315bb70fceed856646f84c3fb5a32e0d88394a67ebdbabecd96ac01c6aa4aee1fff1e49967ebfbeb77701c7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-32815.exe

Filesize
184KB

MD5
d44b68a88f4b3e051bade8153c67730d

SHA1
b14a72fe8eafc9773534fc3b0bf6fb1208b423d4

SHA256
57197c0b9f8096207bc2a3439098cebb16ac57254145078f3bf61c8ef6358773

SHA512
ddb94e2e8d20fcf2eba9428c467e8e6e21b20e9ac91ebf3a871d4f9aeefbb2999d8d3cf67dd02d11c26099df1aa188c2c99144236d4bc68cff7422d9a0859d15

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-32850.exe

Filesize
184KB

MD5
51da2eb3ea36a0439311fdb584eb3560

SHA1
7d7dcf9f86546e47bd6e4c99b8f3eb495abbf3d5

SHA256
3d2f4741d16c58296b9b9f99a9487f5bdeeb3b779dff3331cf09905785e69d83

SHA512
4ffd26c4af5b4582ca52a460a2fd3789e023b202f03d917c7440b67773ca363d2ee5e10571d5aa4c2ed8d858d7665241cc7dcacacc2c8d75476924dca54d0ff6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-39910.exe

Filesize
184KB

MD5
4b9baecdba111afc44395136ae175a87

SHA1
380ccf476e937eb450ed748be1b5d8a849eec032

SHA256
88cc955ef74cd84e7594cff2c17b2b50cc98151cd62e1e54acbc4f2b18aef77e

SHA512
3260370e8e9fd1b35f2c3fe6cc456b53956c131475f4fb42deca01dbe56577a20eafdfe9125f90522d18931461e73bc228cc8504ab8c1f361160a250a099d3e0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48431.exe

Filesize
184KB

MD5
477cd99fcb08d522f56048e43265b695

SHA1
51383142fe16c67cc8fdc2ad73cf50bd126eb713

SHA256
fc5c09917a8a44f431c3232dfe563ce69a3e7c8125e09f25acbddeee26423703

SHA512
bad67ceea0256b9c952d8147d796938958d85745f55ba2f1cb9653d9cc25025d93331240792657267018740bc4738f4ba750f9e674b1c3ee6512d4b13080317e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-8112.exe

Filesize
184KB

MD5
672a2d8dee5ed90582eb3103e4abe61e

SHA1
8d561306d538e6db2bd2ac613546c7821cb523ed

SHA256
1e9cc1ceef2f08a207f3d271f6b1b282184348f68d6622a2bc1fc6f2d2494c28

SHA512
4758b1c3b0d4f52b36fba6b031036025677ec78aacf584c61ac3837f8078e46b5ccc8f03f313e12809e10668c6c49ad10b1b6f84f18462829948c136f9b225cc

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-8304.exe

Filesize
184KB

MD5
221fe3a63586bbe5ea9966f09a4058c3

SHA1
13fa77b1a2fbcd19d7830521cc58354d5008191b

SHA256
cea37904675a0c366177a6b719f96a73567180fddc40fa1860ccaf7e2156a361

SHA512
07b7ab52caf164259a05043009c9573b00c3d1d06f23e1ad8fc3d82484dffe4ddabdc3f7ed13b95c5b182c5779fa690005e1ffe3abb0c0b0629396901fdf99ca

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads