dee965435139a63d2a69bf7db386d5cf26b7c62c988d10cc570d0e255c441453

Analysis

max time kernel
150s
max time network
119s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
01/06/2024, 04:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

dee965435139a63d2a69bf7db386d5cf26b7c62c988d10cc570d0e255c441453.exe
Size

184KB
MD5

458f2ca2e191b0e50dccb12f8d60fad3
SHA1

c2ab95107f14b9368771fc70468c766846a580a2
SHA256

dee965435139a63d2a69bf7db386d5cf26b7c62c988d10cc570d0e255c441453
SHA512

be6ec6ffba0613417b6d46163d0bbddffe27d7be5be178d83af338a4a6c3fc3f9e9cb0abf41438db65055c8570d25fb0f21ef289ceee5ae609fdfd697cdb014c
SSDEEP

3072:7wc3f8of5Hh+dFVW/O2wJ7iG5hlnViFCn3:7wPoH6FVywFi0hlnViFC

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2464	Unicorn-47716.exe
2360	Unicorn-38806.exe
3040	Unicorn-18940.exe
2828	Unicorn-48635.exe
2676	Unicorn-11665.exe
2704	Unicorn-15194.exe
2440	Unicorn-55944.exe
3044	Unicorn-10272.exe
2988	Unicorn-42753.exe
1496	Unicorn-40614.exe
380	Unicorn-50828.exe
1192	Unicorn-1819.exe
672	Unicorn-33458.exe
1708	Unicorn-52447.exe
2304	Unicorn-32581.exe
2512	Unicorn-3438.exe
1620	Unicorn-49531.exe
1812	Unicorn-15768.exe
1104	Unicorn-35826.exe
1092	Unicorn-64393.exe
1348	Unicorn-2577.exe
1332	Unicorn-15576.exe
948	Unicorn-35442.exe
2496	Unicorn-64009.exe
876	Unicorn-11072.exe
1944	Unicorn-57813.exe
1540	Unicorn-28670.exe
1952	Unicorn-27217.exe
2452	Unicorn-7351.exe
1932	Unicorn-10880.exe
2148	Unicorn-8031.exe
2640	Unicorn-8031.exe
2900	Unicorn-13184.exe
2812	Unicorn-25415.exe
2692	Unicorn-28945.exe
3000	Unicorn-18764.exe
1956	Unicorn-53252.exe
2876	Unicorn-2619.exe
2980	Unicorn-51820.exe
1520	Unicorn-37107.exe
2572	Unicorn-4731.exe
1244	Unicorn-4731.exe
1108	Unicorn-17730.exe
1628	Unicorn-37596.exe
1680	Unicorn-1394.exe
320	Unicorn-53164.exe
1260	Unicorn-65094.exe
564	Unicorn-37020.exe
2480	Unicorn-31845.exe
1844	Unicorn-64710.exe
2472	Unicorn-52780.exe
1848	Unicorn-19039.exe
2388	Unicorn-20108.exe
1664	Unicorn-32037.exe
1688	Unicorn-7297.exe
1564	Unicorn-27163.exe
2712	Unicorn-43992.exe
2716	Unicorn-29467.exe
2856	Unicorn-25553.exe
2984	Unicorn-61947.exe
800	Unicorn-8641.exe
1012	Unicorn-28507.exe
1500	Unicorn-15377.exe
1412	Unicorn-47858.exe

Loads dropped DLL 64 IoCs

pid	Process
3056	dee965435139a63d2a69bf7db386d5cf26b7c62c988d10cc570d0e255c441453.exe
3056	dee965435139a63d2a69bf7db386d5cf26b7c62c988d10cc570d0e255c441453.exe
2464	Unicorn-47716.exe
2464	Unicorn-47716.exe
3056	dee965435139a63d2a69bf7db386d5cf26b7c62c988d10cc570d0e255c441453.exe
3056	dee965435139a63d2a69bf7db386d5cf26b7c62c988d10cc570d0e255c441453.exe
2360	Unicorn-38806.exe
2464	Unicorn-47716.exe
2360	Unicorn-38806.exe
2464	Unicorn-47716.exe
3040	Unicorn-18940.exe
3040	Unicorn-18940.exe
2592	WerFault.exe
2592	WerFault.exe
2592	WerFault.exe
2592	WerFault.exe
2592	WerFault.exe
3040	Unicorn-18940.exe
2704	Unicorn-15194.exe
3040	Unicorn-18940.exe
2704	Unicorn-15194.exe
2676	Unicorn-11665.exe
2676	Unicorn-11665.exe
2360	Unicorn-38806.exe
2360	Unicorn-38806.exe
3028	WerFault.exe
3028	WerFault.exe
3028	WerFault.exe
3028	WerFault.exe
3028	WerFault.exe
3028	WerFault.exe
3028	WerFault.exe
2516	WerFault.exe
2516	WerFault.exe
2516	WerFault.exe
2516	WerFault.exe
288	WerFault.exe
288	WerFault.exe
288	WerFault.exe
288	WerFault.exe
288	WerFault.exe
2516	WerFault.exe
2440	Unicorn-55944.exe
2440	Unicorn-55944.exe
3044	Unicorn-10272.exe
3044	Unicorn-10272.exe
2704	Unicorn-15194.exe
2704	Unicorn-15194.exe
2988	Unicorn-42753.exe
2988	Unicorn-42753.exe
2676	Unicorn-11665.exe
2676	Unicorn-11665.exe
1496	Unicorn-40614.exe
1496	Unicorn-40614.exe
2920	WerFault.exe
2920	WerFault.exe
2920	WerFault.exe
2920	WerFault.exe
2920	WerFault.exe
748	WerFault.exe
748	WerFault.exe
748	WerFault.exe
748	WerFault.exe
748	WerFault.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2724	3056	WerFault.exe	27
2592	2464	WerFault.exe	28
3028	2828	WerFault.exe	32
2516	2360	WerFault.exe	29
288	3040	WerFault.exe	30
2920	2304	WerFault.exe	47
748	2704	WerFault.exe	34
1028	672	WerFault.exe	45
2424	2440	WerFault.exe	37
2408	3044	WerFault.exe	36
2436	2988	WerFault.exe	39
1800	1496	WerFault.exe	40
2700	1708	WerFault.exe	46
2696	380	WerFault.exe	43
2544	1192	WerFault.exe	44
2492	2512	WerFault.exe	48
604	2676	WerFault.exe	33
2392	1620	WerFault.exe	51
2500	1812	WerFault.exe	52
1720	1104	WerFault.exe	53
1272	1092	WerFault.exe	54
2284	948	WerFault.exe	58
2176	1348	WerFault.exe	56
2688	1332	WerFault.exe	57
2536	2496	WerFault.exe	59
692	1844	WerFault.exe	94
1788	2640	WerFault.exe	71
1580	1664	WerFault.exe	97
1588	2900	WerFault.exe	72
2056	876	WerFault.exe	64
1480	1944	WerFault.exe	65
2280	1540	WerFault.exe	66
2072	2452	WerFault.exe	68
1608	1952	WerFault.exe	67
1328	1932	WerFault.exe	69
1636	2148	WerFault.exe	70
2760	2812	WerFault.exe	73
2104	2692	WerFault.exe	75
3268	2472	WerFault.exe	93
3448	892	WerFault.exe	123
3716	3000	WerFault.exe	78
3732	1956	WerFault.exe	79
3772	2980	WerFault.exe	81
3788	1520	WerFault.exe	83
3804	1108	WerFault.exe	86
3840	2572	WerFault.exe	84
3280	2880	WerFault.exe	154
3696	1680	WerFault.exe	88
4012	2480	WerFault.exe	92
2728	1244	WerFault.exe	85
3084	564	WerFault.exe	91
3116	2388	WerFault.exe	96
3264	1260	WerFault.exe	90
3260	320	WerFault.exe	89
3308	1628	WerFault.exe	87
3676	1688	WerFault.exe	102
3856	2716	WerFault.exe	109
3920	2852	WerFault.exe	133
3944	1564	WerFault.exe	103
3956	684	WerFault.exe	117
3972	2260	WerFault.exe	134
3980	1220	WerFault.exe	118
3640	2856	WerFault.exe	111
1808	1624	WerFault.exe	119

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
3056	dee965435139a63d2a69bf7db386d5cf26b7c62c988d10cc570d0e255c441453.exe
2464	Unicorn-47716.exe
2360	Unicorn-38806.exe
3040	Unicorn-18940.exe
2704	Unicorn-15194.exe
2676	Unicorn-11665.exe
2828	Unicorn-48635.exe
2440	Unicorn-55944.exe
3044	Unicorn-10272.exe
2988	Unicorn-42753.exe
1496	Unicorn-40614.exe
380	Unicorn-50828.exe
672	Unicorn-33458.exe
1192	Unicorn-1819.exe
1708	Unicorn-52447.exe
2304	Unicorn-32581.exe
2512	Unicorn-3438.exe
1620	Unicorn-49531.exe
1812	Unicorn-15768.exe
1104	Unicorn-35826.exe
1092	Unicorn-64393.exe
1348	Unicorn-2577.exe
1332	Unicorn-15576.exe
2496	Unicorn-64009.exe
948	Unicorn-35442.exe
876	Unicorn-11072.exe
1944	Unicorn-57813.exe
1540	Unicorn-28670.exe
1952	Unicorn-27217.exe
2452	Unicorn-7351.exe
1932	Unicorn-10880.exe
2640	Unicorn-8031.exe
2148	Unicorn-8031.exe
2900	Unicorn-13184.exe
2812	Unicorn-25415.exe
2692	Unicorn-28945.exe
3000	Unicorn-18764.exe
1956	Unicorn-53252.exe
2876	Unicorn-2619.exe
2980	Unicorn-51820.exe
1520	Unicorn-37107.exe
2572	Unicorn-4731.exe
1244	Unicorn-4731.exe
1108	Unicorn-17730.exe
1628	Unicorn-37596.exe
1680	Unicorn-1394.exe
320	Unicorn-53164.exe
1260	Unicorn-65094.exe
2472	Unicorn-52780.exe
564	Unicorn-37020.exe
2480	Unicorn-31845.exe
1844	Unicorn-64710.exe
2388	Unicorn-20108.exe
1848	Unicorn-19039.exe
1664	Unicorn-32037.exe
1688	Unicorn-7297.exe
1564	Unicorn-27163.exe
2712	Unicorn-43992.exe
2716	Unicorn-29467.exe
2856	Unicorn-25553.exe
2984	Unicorn-61947.exe
800	Unicorn-8641.exe
1012	Unicorn-28507.exe
1500	Unicorn-15377.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3056 wrote to memory of 2464	3056	dee965435139a63d2a69bf7db386d5cf26b7c62c988d10cc570d0e255c441453.exe	28
PID 3056 wrote to memory of 2464	3056	dee965435139a63d2a69bf7db386d5cf26b7c62c988d10cc570d0e255c441453.exe	28
PID 3056 wrote to memory of 2464	3056	dee965435139a63d2a69bf7db386d5cf26b7c62c988d10cc570d0e255c441453.exe	28
PID 3056 wrote to memory of 2464	3056	dee965435139a63d2a69bf7db386d5cf26b7c62c988d10cc570d0e255c441453.exe	28
PID 2464 wrote to memory of 2360	2464	Unicorn-47716.exe	29
PID 2464 wrote to memory of 2360	2464	Unicorn-47716.exe	29
PID 2464 wrote to memory of 2360	2464	Unicorn-47716.exe	29
PID 2464 wrote to memory of 2360	2464	Unicorn-47716.exe	29
PID 3056 wrote to memory of 3040	3056	dee965435139a63d2a69bf7db386d5cf26b7c62c988d10cc570d0e255c441453.exe	30
PID 3056 wrote to memory of 3040	3056	dee965435139a63d2a69bf7db386d5cf26b7c62c988d10cc570d0e255c441453.exe	30
PID 3056 wrote to memory of 3040	3056	dee965435139a63d2a69bf7db386d5cf26b7c62c988d10cc570d0e255c441453.exe	30
PID 3056 wrote to memory of 3040	3056	dee965435139a63d2a69bf7db386d5cf26b7c62c988d10cc570d0e255c441453.exe	30
PID 3056 wrote to memory of 2724	3056	dee965435139a63d2a69bf7db386d5cf26b7c62c988d10cc570d0e255c441453.exe	31
PID 3056 wrote to memory of 2724	3056	dee965435139a63d2a69bf7db386d5cf26b7c62c988d10cc570d0e255c441453.exe	31
PID 3056 wrote to memory of 2724	3056	dee965435139a63d2a69bf7db386d5cf26b7c62c988d10cc570d0e255c441453.exe	31
PID 3056 wrote to memory of 2724	3056	dee965435139a63d2a69bf7db386d5cf26b7c62c988d10cc570d0e255c441453.exe	31
PID 2360 wrote to memory of 2828	2360	Unicorn-38806.exe	32
PID 2360 wrote to memory of 2828	2360	Unicorn-38806.exe	32
PID 2360 wrote to memory of 2828	2360	Unicorn-38806.exe	32
PID 2360 wrote to memory of 2828	2360	Unicorn-38806.exe	32
PID 2464 wrote to memory of 2676	2464	Unicorn-47716.exe	33
PID 2464 wrote to memory of 2676	2464	Unicorn-47716.exe	33
PID 2464 wrote to memory of 2676	2464	Unicorn-47716.exe	33
PID 2464 wrote to memory of 2676	2464	Unicorn-47716.exe	33
PID 3040 wrote to memory of 2704	3040	Unicorn-18940.exe	34
PID 3040 wrote to memory of 2704	3040	Unicorn-18940.exe	34
PID 3040 wrote to memory of 2704	3040	Unicorn-18940.exe	34
PID 3040 wrote to memory of 2704	3040	Unicorn-18940.exe	34
PID 2464 wrote to memory of 2592	2464	Unicorn-47716.exe	35
PID 2464 wrote to memory of 2592	2464	Unicorn-47716.exe	35
PID 2464 wrote to memory of 2592	2464	Unicorn-47716.exe	35
PID 2464 wrote to memory of 2592	2464	Unicorn-47716.exe	35
PID 3040 wrote to memory of 2440	3040	Unicorn-18940.exe	37
PID 3040 wrote to memory of 2440	3040	Unicorn-18940.exe	37
PID 3040 wrote to memory of 2440	3040	Unicorn-18940.exe	37
PID 3040 wrote to memory of 2440	3040	Unicorn-18940.exe	37
PID 2704 wrote to memory of 3044	2704	Unicorn-15194.exe	36
PID 2704 wrote to memory of 3044	2704	Unicorn-15194.exe	36
PID 2704 wrote to memory of 3044	2704	Unicorn-15194.exe	36
PID 2704 wrote to memory of 3044	2704	Unicorn-15194.exe	36
PID 2828 wrote to memory of 3028	2828	Unicorn-48635.exe	38
PID 2828 wrote to memory of 3028	2828	Unicorn-48635.exe	38
PID 2828 wrote to memory of 3028	2828	Unicorn-48635.exe	38
PID 2828 wrote to memory of 3028	2828	Unicorn-48635.exe	38
PID 2676 wrote to memory of 2988	2676	Unicorn-11665.exe	39
PID 2676 wrote to memory of 2988	2676	Unicorn-11665.exe	39
PID 2676 wrote to memory of 2988	2676	Unicorn-11665.exe	39
PID 2676 wrote to memory of 2988	2676	Unicorn-11665.exe	39
PID 2360 wrote to memory of 1496	2360	Unicorn-38806.exe	40
PID 2360 wrote to memory of 1496	2360	Unicorn-38806.exe	40
PID 2360 wrote to memory of 1496	2360	Unicorn-38806.exe	40
PID 2360 wrote to memory of 1496	2360	Unicorn-38806.exe	40
PID 2360 wrote to memory of 2516	2360	Unicorn-38806.exe	41
PID 2360 wrote to memory of 2516	2360	Unicorn-38806.exe	41
PID 2360 wrote to memory of 2516	2360	Unicorn-38806.exe	41
PID 2360 wrote to memory of 2516	2360	Unicorn-38806.exe	41
PID 3040 wrote to memory of 288	3040	Unicorn-18940.exe	42
PID 3040 wrote to memory of 288	3040	Unicorn-18940.exe	42
PID 3040 wrote to memory of 288	3040	Unicorn-18940.exe	42
PID 3040 wrote to memory of 288	3040	Unicorn-18940.exe	42
PID 2440 wrote to memory of 380	2440	Unicorn-55944.exe	43
PID 2440 wrote to memory of 380	2440	Unicorn-55944.exe	43
PID 2440 wrote to memory of 380	2440	Unicorn-55944.exe	43
PID 2440 wrote to memory of 380	2440	Unicorn-55944.exe	43

C:\Users\Admin\AppData\Local\Temp\dee965435139a63d2a69bf7db386d5cf26b7c62c988d10cc570d0e255c441453.exe
"C:\Users\Admin\AppData\Local\Temp\dee965435139a63d2a69bf7db386d5cf26b7c62c988d10cc570d0e255c441453.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3056
- C:\Users\Admin\AppData\Local\Temp\Unicorn-47716.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-47716.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2464
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38806.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38806.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48635.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48635.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2828
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2828 -s 224
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:3028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40614.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40614.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3438.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35442.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13184.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52780.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22197.exe
        9⤵
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29971.exe
        10⤵
        
        PID:3208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35799.exe
        11⤵
        
        PID:4368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15008.exe
        12⤵
        
        PID:5840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10030.exe
        13⤵
        
        PID:7592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46033.exe
        14⤵
        
        PID:8424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25114.exe
        15⤵
        
        PID:11260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5079.exe
        16⤵
        
        PID:12224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64782.exe
        17⤵
        
        PID:8128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11260 -s 236
        16⤵
        
        PID:1992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8424 -s 216
        15⤵
        
        PID:11392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7592 -s 216
        14⤵
        
        PID:9296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5840 -s 216
        13⤵
        
        PID:9068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4368 -s 216
        12⤵
        
        PID:5024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3208 -s 236
        11⤵
        
        PID:5496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2820 -s 236
        10⤵
        
        PID:3384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2472 -s 236
        9⤵
        Program crash
        
        PID:3268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2900 -s 248
        8⤵
        Program crash
        
        PID:1588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64710.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1844 -s 220
        8⤵
        Program crash
        
        PID:692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 948 -s 240
        7⤵
        Program crash
        
        PID:2284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25415.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19039.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6737.exe
        8⤵
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63411.exe
        9⤵
        
        PID:1908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53012.exe
        10⤵
        
        PID:4300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11391.exe
        11⤵
        
        PID:6000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45142.exe
        12⤵
        
        PID:7768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4061.exe
        13⤵
        
        PID:8572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23599.exe
        14⤵
        
        PID:10516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36792.exe
        15⤵
        
        PID:12084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10516 -s 216
        15⤵
        
        PID:7548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8572 -s 216
        14⤵
        
        PID:11460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7768 -s 216
        13⤵
        
        PID:9988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6000 -s 216
        12⤵
        
        PID:9104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4300 -s 216
        11⤵
        
        PID:7092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1908 -s 216
        10⤵
        
        PID:5804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2852 -s 236
        9⤵
        Program crash
        
        PID:3920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59306.exe
        8⤵
        
        PID:1320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35415.exe
        9⤵
        
        PID:4428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62320.exe
        10⤵
        
        PID:6044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14581.exe
        11⤵
        
        PID:7900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64097.exe
        12⤵
        
        PID:8612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34081.exe
        13⤵
        
        PID:10968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35209.exe
        14⤵
        
        PID:11896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10968 -s 216
        14⤵
        
        PID:11892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8612 -s 216
        13⤵
        
        PID:11292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7900 -s 216
        12⤵
        
        PID:9860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6044 -s 216
        11⤵
        
        PID:9172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4428 -s 216
        10⤵
        
        PID:6708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1320 -s 216
        9⤵
        
        PID:5864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2331.exe
        7⤵
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63027.exe
        8⤵
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36484.exe
        9⤵
        
        PID:4456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48257.exe
        10⤵
        
        PID:5704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10606.exe
        11⤵
        
        PID:7564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9281.exe
        12⤵
        
        PID:8472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18835.exe
        13⤵
        
        PID:11032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51654.exe
        14⤵
        
        PID:11932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11032 -s 236
        14⤵
        
        PID:12008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8472 -s 216
        13⤵
        
        PID:11308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7564 -s 216
        12⤵
        
        PID:10060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5704 -s 216
        11⤵
        
        PID:9060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4456 -s 216
        10⤵
        
        PID:6604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1604 -s 236
        9⤵
        
        PID:5460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2260 -s 236
        8⤵
        Program crash
        
        PID:3972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2812 -s 240
        7⤵
        Program crash
        
        PID:2760
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2512 -s 240
        6⤵
        Program crash
        
        PID:2492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64009.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28945.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20108.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19509.exe
        8⤵
        
        PID:1544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32659.exe
        9⤵
        
        PID:3396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3396 -s 224
        10⤵
        
        PID:4316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1544 -s 236
        9⤵
        
        PID:3644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28553.exe
        8⤵
        
        PID:3496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18503.exe
        9⤵
        
        PID:4488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44832.exe
        10⤵
        
        PID:5260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42319.exe
        11⤵
        
        PID:7708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22159.exe
        12⤵
        
        PID:8764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37983.exe
        13⤵
        
        PID:10312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10312 -s 224
        14⤵
        
        PID:12100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8764 -s 216
        13⤵
        
        PID:10924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7708 -s 236
        12⤵
        
        PID:9572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5260 -s 216
        11⤵
        
        PID:7720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4488 -s 216
        10⤵
        
        PID:6736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3496 -s 216
        9⤵
        
        PID:5568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2388 -s 240
        8⤵
        Program crash
        
        PID:3116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32507.exe
        7⤵
        
        PID:1276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13442.exe
        8⤵
        
        PID:3124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34756.exe
        9⤵
        
        PID:3432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22004.exe
        10⤵
        
        PID:5752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52604.exe
        11⤵
        
        PID:7252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56261.exe
        12⤵
        
        PID:8244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25861.exe
        13⤵
        
        PID:10776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7567.exe
        14⤵
        
        PID:11800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10776 -s 236
        14⤵
        
        PID:11776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8244 -s 216
        13⤵
        
        PID:11208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7252 -s 216
        12⤵
        
        PID:9996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5752 -s 216
        11⤵
        
        PID:8792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3432 -s 236
        10⤵
        
        PID:6200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3124 -s 216
        9⤵
        
        PID:5276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1276 -s 216
        8⤵
        
        PID:3200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2692 -s 240
        7⤵
        Program crash
        
        PID:2104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32037.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1664 -s 244
        7⤵
        Program crash
        
        PID:1580
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2496 -s 240
        6⤵
        Program crash
        
        PID:2536
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1496 -s 240
        5⤵
        Program crash
        
        PID:1800
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2360 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:2516
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11665.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11665.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42753.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42753.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52447.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2577.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8031.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37020.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37490.exe
        9⤵
        
        PID:1804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35674.exe
        10⤵
        
        PID:3348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3348 -s 220
        11⤵
        
        PID:4644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1804 -s 236
        10⤵
        
        PID:3576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12793.exe
        9⤵
        
        PID:3388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3388 -s 224
        10⤵
        
        PID:4400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 564 -s 240
        9⤵
        Program crash
        
        PID:3084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65180.exe
        8⤵
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18762.exe
        9⤵
        
        PID:3544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3894.exe
        10⤵
        
        PID:4652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28304.exe
        11⤵
        
        PID:5892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5892 -s 224
        12⤵
        
        PID:7396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4652 -s 216
        11⤵
        
        PID:6420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3544 -s 216
        10⤵
        
        PID:5712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1696 -s 236
        9⤵
        
        PID:3936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2148 -s 240
        8⤵
        Program crash
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31845.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53826.exe
        8⤵
        
        PID:752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62643.exe
        9⤵
        
        PID:3152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34564.exe
        10⤵
        
        PID:4212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26851.exe
        11⤵
        
        PID:6136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55562.exe
        12⤵
        
        PID:6788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21477.exe
        13⤵
        
        PID:9036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12534.exe
        14⤵
        
        PID:10892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17721.exe
        15⤵
        
        PID:11816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10892 -s 236
        15⤵
        
        PID:6236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9036 -s 216
        14⤵
        
        PID:4184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6788 -s 216
        13⤵
        
        PID:9968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6136 -s 236
        12⤵
        
        PID:8588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4212 -s 236
        11⤵
        
        PID:7152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3152 -s 236
        10⤵
        
        PID:5788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 752 -s 236
        9⤵
        
        PID:3180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28937.exe
        8⤵
        
        PID:3244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35140.exe
        9⤵
        
        PID:3440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15392.exe
        10⤵
        
        PID:5652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5652 -s 240
        11⤵
        
        PID:7480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3440 -s 216
        10⤵
        
        PID:6584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3244 -s 236
        9⤵
        
        PID:5452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2480 -s 220
        8⤵
        Program crash
        
        PID:4012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1348 -s 240
        7⤵
        Program crash
        
        PID:2176
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1708 -s 248
        6⤵
        Program crash
        
        PID:2700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15576.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8031.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53164.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53826.exe
        8⤵
        
        PID:892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 892 -s 220
        9⤵
        Program crash
        
        PID:3448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64433.exe
        8⤵
        
        PID:3536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20423.exe
        9⤵
        
        PID:4704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12351.exe
        10⤵
        
        PID:5936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37317.exe
        10⤵
        
        PID:6648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63408.exe
        11⤵
        
        PID:6548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29785.exe
        12⤵
        
        PID:8904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23567.exe
        13⤵
        
        PID:10392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40157.exe
        14⤵
        
        PID:11908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54696.exe
        15⤵
        
        PID:7432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11908 -s 216
        15⤵
        
        PID:7664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10392 -s 216
        14⤵
        
        PID:11948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8904 -s 216
        13⤵
        
        PID:10944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6548 -s 236
        12⤵
        
        PID:9640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6648 -s 236
        11⤵
        
        PID:8288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4704 -s 240
        10⤵
        
        PID:6960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3536 -s 236
        9⤵
        
        PID:5540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 320 -s 220
        8⤵
        Program crash
        
        PID:3260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2640 -s 236
        7⤵
        Program crash
        
        PID:1788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65094.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53442.exe
        7⤵
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46307.exe
        8⤵
        
        PID:3168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36676.exe
        9⤵
        
        PID:4336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63441.exe
        10⤵
        
        PID:6056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6056 -s 188
        11⤵
        
        PID:5516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4336 -s 216
        10⤵
        
        PID:6444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3168 -s 216
        9⤵
        
        PID:5348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2784 -s 216
        8⤵
        
        PID:3228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61802.exe
        7⤵
        
        PID:3292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21383.exe
        8⤵
        
        PID:4596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44448.exe
        9⤵
        
        PID:5720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58655.exe
        10⤵
        
        PID:7816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42605.exe
        11⤵
        
        PID:8412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38237.exe
        12⤵
        
        PID:9840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63130.exe
        13⤵
        
        PID:12076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9840 -s 216
        13⤵
        
        PID:12036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8412 -s 216
        12⤵
        
        PID:10352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7816 -s 236
        11⤵
        
        PID:9448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5720 -s 216
        10⤵
        
        PID:8180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4596 -s 216
        9⤵
        
        PID:6920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3292 -s 236
        8⤵
        
        PID:5640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1260 -s 240
        7⤵
        Program crash
        
        PID:3264
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1332 -s 240
        6⤵
        Program crash
        
        PID:2688
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2988 -s 240
        5⤵
        Program crash
        
        PID:2436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32581.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32581.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2304
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2304 -s 200
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:2920
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2676 -s 240
      4⤵
      Program crash
      PID:604
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2464 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2592
- C:\Users\Admin\AppData\Local\Temp\Unicorn-18940.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-18940.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3040
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15194.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15194.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10272.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10272.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:3044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1819.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35826.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27217.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4731.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47858.exe
        9⤵
        Executes dropped EXE
        
        PID:1412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58512.exe
        10⤵
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45451.exe
        11⤵
        
        PID:3408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56949.exe
        12⤵
        
        PID:5472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12095.exe
        13⤵
        
        PID:5968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5163.exe
        14⤵
        
        PID:8660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36976.exe
        15⤵
        
        PID:9940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61018.exe
        16⤵
        
        PID:12020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9940 -s 216
        16⤵
        
        PID:6872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8660 -s 216
        15⤵
        
        PID:10272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5968 -s 236
        14⤵
        
        PID:9520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5472 -s 236
        13⤵
        
        PID:6824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3408 -s 236
        12⤵
        
        PID:6896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2808 -s 236
        11⤵
        
        PID:5192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41729.exe
        10⤵
        
        PID:3472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4790.exe
        11⤵
        
        PID:5684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36211.exe
        12⤵
        
        PID:6216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42797.exe
        13⤵
        
        PID:8440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18336.exe
        14⤵
        
        PID:9560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44490.exe
        15⤵
        
        PID:11992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9560 -s 216
        15⤵
        
        PID:6860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8440 -s 216
        14⤵
        
        PID:11224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6216 -s 236
        13⤵
        
        PID:9464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5684 -s 236
        12⤵
        
        PID:8148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3472 -s 216
        11⤵
        
        PID:7144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1412 -s 240
        10⤵
        
        PID:5244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21734.exe
        9⤵
        
        PID:2092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51097.exe
        10⤵
        
        PID:3144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20338.exe
        11⤵
        
        PID:5384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38842.exe
        12⤵
        
        PID:6528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16054.exe
        13⤵
        
        PID:9012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9012 -s 200
        14⤵
        
        PID:10092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6528 -s 236
        13⤵
        
        PID:9720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5384 -s 216
        12⤵
        
        PID:8488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3144 -s 236
        11⤵
        
        PID:6944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2092 -s 236
        10⤵
        
        PID:5156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2572 -s 240
        9⤵
        Program crash
        
        PID:3840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50489.exe
        8⤵
        
        PID:1220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46691.exe
        9⤵
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34372.exe
        10⤵
        
        PID:4172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31729.exe
        11⤵
        
        PID:5408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52687.exe
        12⤵
        
        PID:7492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48726.exe
        13⤵
        
        PID:8992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28777.exe
        14⤵
        
        PID:10524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12702.exe
        15⤵
        
        PID:12284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6147.exe
        16⤵
        
        PID:7520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10524 -s 216
        15⤵
        
        PID:12276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8992 -s 216
        14⤵
        
        PID:11152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7492 -s 216
        13⤵
        
        PID:9712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5408 -s 216
        12⤵
        
        PID:8496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4172 -s 216
        11⤵
        
        PID:6556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2848 -s 236
        10⤵
        
        PID:5444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1220 -s 236
        9⤵
        Program crash
        
        PID:3980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1952 -s 240
        8⤵
        Program crash
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17730.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15377.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45025.exe
        9⤵
        
        PID:1344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23199.exe
        10⤵
        
        PID:3872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4665.exe
        11⤵
        
        PID:4660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56669.exe
        12⤵
        
        PID:6464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47721.exe
        13⤵
        
        PID:8132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28171.exe
        14⤵
        
        PID:8484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9451.exe
        15⤵
        
        PID:10444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29148.exe
        16⤵
        
        PID:1120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10444 -s 236
        16⤵
        
        PID:7016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8484 -s 216
        15⤵
        
        PID:11016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8132 -s 216
        14⤵
        
        PID:9816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6464 -s 216
        13⤵
        
        PID:8752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4660 -s 236
        12⤵
        
        PID:7436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3872 -s 236
        11⤵
        
        PID:5748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39487.exe
        9⤵
        
        PID:4040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24479.exe
        10⤵
        
        PID:4568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56231.exe
        11⤵
        
        PID:7072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42138.exe
        12⤵
        
        PID:8312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23406.exe
        13⤵
        
        PID:9316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9316 -s 240
        14⤵
        
        PID:11964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8312 -s 236
        13⤵
        
        PID:11104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7072 -s 236
        12⤵
        
        PID:9412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4568 -s 216
        11⤵
        
        PID:8052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4040 -s 216
        10⤵
        
        PID:6780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1500 -s 240
        9⤵
        
        PID:4528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27079.exe
        8⤵
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9301.exe
        9⤵
        
        PID:3912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3912 -s 240
        10⤵
        
        PID:5060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1668 -s 236
        9⤵
        
        PID:4636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1108 -s 240
        8⤵
        Program crash
        
        PID:3804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1104 -s 240
        7⤵
        Program crash
        
        PID:1720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7351.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4731.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5393.exe
        8⤵
        
        PID:684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63027.exe
        9⤵
        
        PID:872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52628.exe
        10⤵
        
        PID:4392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21319.exe
        11⤵
        
        PID:5724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45152.exe
        12⤵
        
        PID:6372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61419.exe
        13⤵
        
        PID:8332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58341.exe
        14⤵
        
        PID:10812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46636.exe
        15⤵
        
        PID:5960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10812 -s 236
        15⤵
        
        PID:6260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8332 -s 216
        14⤵
        
        PID:11164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6372 -s 216
        13⤵
        
        PID:9844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5724 -s 236
        12⤵
        
        PID:8200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4392 -s 236
        11⤵
        
        PID:6912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 872 -s 216
        10⤵
        
        PID:5252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 684 -s 216
        9⤵
        Program crash
        
        PID:3956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59991.exe
        8⤵
        
        PID:348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 348 -s 224
        9⤵
        
        PID:4376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1244 -s 240
        8⤵
        Program crash
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34152.exe
        7⤵
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29779.exe
        8⤵
        
        PID:3092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3092 -s 224
        9⤵
        
        PID:4308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1624 -s 236
        8⤵
        Program crash
        
        PID:1808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2452 -s 240
        7⤵
        Program crash
        
        PID:2072
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1192 -s 240
        6⤵
        Program crash
        
        PID:2544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64393.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10880.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37596.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4433.exe
        8⤵
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15554.exe
        9⤵
        
        PID:3456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4662.exe
        10⤵
        
        PID:4548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4548 -s 224
        11⤵
        
        PID:6072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3456 -s 236
        10⤵
        
        PID:5904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2384 -s 236
        9⤵
        
        PID:3672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64433.exe
        8⤵
        
        PID:3552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23630.exe
        9⤵
        
        PID:4736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28496.exe
        10⤵
        
        PID:5580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5580 -s 224
        11⤵
        
        PID:7572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4736 -s 216
        10⤵
        
        PID:6764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3552 -s 236
        9⤵
        
        PID:5596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1628 -s 240
        8⤵
        Program crash
        
        PID:3308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33768.exe
        7⤵
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16131.exe
        8⤵
        
        PID:3316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3316 -s 224
        9⤵
        
        PID:4464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1528 -s 236
        8⤵
        
        PID:3520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1932 -s 240
        7⤵
        Program crash
        
        PID:1328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1394.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37682.exe
        7⤵
        
        PID:1312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15087.exe
        8⤵
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14698.exe
        9⤵
        
        PID:3568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48174.exe
        10⤵
        
        PID:5952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19740.exe
        11⤵
        
        PID:7372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35893.exe
        12⤵
        
        PID:8900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37703.exe
        13⤵
        
        PID:10848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44298.exe
        14⤵
        
        PID:12048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20379.exe
        15⤵
        
        PID:6288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 12048 -s 236
        15⤵
        
        PID:2196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10848 -s 216
        14⤵
        
        PID:6848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8900 -s 216
        13⤵
        
        PID:10788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7372 -s 236
        12⤵
        
        PID:9892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5952 -s 216
        11⤵
        
        PID:8864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3568 -s 236
        10⤵
        
        PID:6312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2276 -s 216
        9⤵
        
        PID:5332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3816.exe
        8⤵
        
        PID:3712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53140.exe
        9⤵
        
        PID:5560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25661.exe
        10⤵
        
        PID:7192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16819.exe
        11⤵
        
        PID:8248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50590.exe
        12⤵
        
        PID:10208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40157.exe
        13⤵
        
        PID:11916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10208 -s 236
        13⤵
        
        PID:11516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8248 -s 236
        12⤵
        
        PID:11076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7192 -s 236
        11⤵
        
        PID:9396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5560 -s 216
        10⤵
        
        PID:7968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3712 -s 236
        9⤵
        
        PID:7108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1312 -s 240
        8⤵
        
        PID:5216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11750.exe
        7⤵
        
        PID:1504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17330.exe
        8⤵
        
        PID:3624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5750.exe
        9⤵
        
        PID:5920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-585.exe
        10⤵
        
        PID:6792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45083.exe
        11⤵
        
        PID:8428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42178.exe
        12⤵
        
        PID:9944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-530.exe
        13⤵
        
        PID:11768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38353.exe
        14⤵
        
        PID:7292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9944 -s 216
        13⤵
        
        PID:6032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8428 -s 236
        12⤵
        
        PID:10928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6792 -s 216
        11⤵
        
        PID:9612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5920 -s 236
        10⤵
        
        PID:8476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3624 -s 216
        9⤵
        
        PID:7052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1504 -s 216
        8⤵
        
        PID:5316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1680 -s 240
        7⤵
        Program crash
        
        PID:3696
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1092 -s 240
        6⤵
        Program crash
        
        PID:1272
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3044 -s 240
        5⤵
        Program crash
        
        PID:2408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33458.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33458.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:672
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 672 -s 372
        5⤵
        Program crash
        
        PID:1028
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:748
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55944.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55944.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2440
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50828.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50828.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49531.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11072.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18764.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27163.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62238.exe
        9⤵
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39836.exe
        10⤵
        
        PID:4092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50524.exe
        11⤵
        
        PID:4676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61625.exe
        12⤵
        
        PID:6740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60056.exe
        13⤵
        
        PID:7476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59691.exe
        14⤵
        
        PID:9148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50152.exe
        15⤵
        
        PID:10696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11550.exe
        16⤵
        
        PID:11340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10696 -s 236
        16⤵
        
        PID:11316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9148 -s 236
        15⤵
        
        PID:10804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7476 -s 216
        14⤵
        
        PID:9756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6740 -s 236
        13⤵
        
        PID:8552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4676 -s 216
        12⤵
        
        PID:7600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4092 -s 236
        11⤵
        
        PID:6700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2708 -s 236
        10⤵
        
        PID:4280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35730.exe
        9⤵
        
        PID:3088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64657.exe
        10⤵
        
        PID:4224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11858.exe
        11⤵
        
        PID:6148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30150.exe
        12⤵
        
        PID:7972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4445.exe
        13⤵
        
        PID:8456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64138.exe
        14⤵
        
        PID:10440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51675.exe
        15⤵
        
        PID:12136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10440 -s 216
        15⤵
        
        PID:7632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8456 -s 216
        14⤵
        
        PID:11436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7972 -s 216
        13⤵
        
        PID:9340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6148 -s 216
        12⤵
        
        PID:8264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4224 -s 216
        11⤵
        
        PID:6588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3088 -s 236
        10⤵
        
        PID:6084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1564 -s 240
        9⤵
        Program crash
        
        PID:3944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26036.exe
        8⤵
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37724.exe
        9⤵
        
        PID:3992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43552.exe
        10⤵
        
        PID:5084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21034.exe
        11⤵
        
        PID:6304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47145.exe
        12⤵
        
        PID:8164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32131.exe
        13⤵
        
        PID:9248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45420.exe
        14⤵
        
        PID:10760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63922.exe
        15⤵
        
        PID:11480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10760 -s 236
        15⤵
        
        PID:7808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9248 -s 216
        14⤵
        
        PID:11528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8164 -s 216
        13⤵
        
        PID:10224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6304 -s 216
        12⤵
        
        PID:8788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5084 -s 216
        11⤵
        
        PID:7224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3992 -s 216
        10⤵
        
        PID:6128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2008 -s 236
        9⤵
        
        PID:4820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3000 -s 240
        8⤵
        Program crash
        
        PID:3716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7297.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62238.exe
        8⤵
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36525.exe
        9⤵
        
        PID:3860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46401.exe
        10⤵
        
        PID:4964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18211.exe
        11⤵
        
        PID:6252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10222.exe
        12⤵
        
        PID:7672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56583.exe
        13⤵
        
        PID:8916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25389.exe
        14⤵
        
        PID:11188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17467.exe
        15⤵
        
        PID:11988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11188 -s 236
        15⤵
        
        PID:7668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8916 -s 216
        14⤵
        
        PID:11352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7672 -s 216
        13⤵
        
        PID:10144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6252 -s 216
        12⤵
        
        PID:9096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4964 -s 216
        11⤵
        
        PID:5040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3860 -s 216
        10⤵
        
        PID:5124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2944 -s 236
        9⤵
        
        PID:4784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23395.exe
        8⤵
        
        PID:3928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3928 -s 224
        9⤵
        
        PID:4956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1688 -s 240
        8⤵
        Program crash
        
        PID:3676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 876 -s 240
        7⤵
        Program crash
        
        PID:2056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53252.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43992.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12461.exe
        8⤵
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3852.exe
        9⤵
        
        PID:3896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29489.exe
        10⤵
        
        PID:4992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44723.exe
        11⤵
        
        PID:6180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44815.exe
        12⤵
        
        PID:7848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56860.exe
        13⤵
        
        PID:8700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62186.exe
        14⤵
        
        PID:9444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55263.exe
        15⤵
        
        PID:12180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9444 -s 216
        15⤵
        
        PID:12124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8700 -s 216
        14⤵
        
        PID:10808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7848 -s 216
        13⤵
        
        PID:9552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6180 -s 216
        12⤵
        
        PID:7584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4992 -s 216
        11⤵
        
        PID:6904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3896 -s 236
        10⤵
        
        PID:6096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2660 -s 236
        9⤵
        
        PID:4796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34770.exe
        8⤵
        
        PID:3960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3960 -s 244
        9⤵
        
        PID:4496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2712 -s 240
        8⤵
        
        PID:3108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25460.exe
        7⤵
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53868.exe
        8⤵
        
        PID:4052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31793.exe
        9⤵
        
        PID:4128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61635.exe
        10⤵
        
        PID:5948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47830.exe
        11⤵
        
        PID:7860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35976.exe
        12⤵
        
        PID:8708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51273.exe
        13⤵
        
        PID:10588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29306.exe
        14⤵
        
        PID:12216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10588 -s 216
        14⤵
        
        PID:12172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8708 -s 216
        13⤵
        
        PID:11256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7860 -s 216
        12⤵
        
        PID:9832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5948 -s 216
        11⤵
        
        PID:8808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4128 -s 216
        10⤵
        
        PID:6336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4052 -s 216
        9⤵
        
        PID:5852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2236 -s 216
        8⤵
        
        PID:4876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1956 -s 240
        7⤵
        Program crash
        
        PID:3732
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1620 -s 240
        6⤵
        Program crash
        
        PID:2392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57813.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2619.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29467.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27345.exe
        8⤵
        
        PID:484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54719.exe
        9⤵
        
        PID:3136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46401.exe
        10⤵
        
        PID:4972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4972 -s 220
        11⤵
        
        PID:6456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3136 -s 236
        10⤵
        
        PID:5624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 484 -s 236
        9⤵
        
        PID:4980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50614.exe
        8⤵
        
        PID:3184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30174.exe
        9⤵
        
        PID:5064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45491.exe
        10⤵
        
        PID:5484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47254.exe
        11⤵
        
        PID:7944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32473.exe
        12⤵
        
        PID:8936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13369.exe
        13⤵
        
        PID:10204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6799.exe
        14⤵
        
        PID:11876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10204 -s 236
        14⤵
        
        PID:11864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8936 -s 216
        13⤵
        
        PID:10744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7944 -s 236
        12⤵
        
        PID:9656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5484 -s 216
        11⤵
        
        PID:8392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5064 -s 216
        10⤵
        
        PID:6380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3184 -s 216
        9⤵
        
        PID:5880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2716 -s 240
        8⤵
        Program crash
        
        PID:3856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43716.exe
        7⤵
        
        PID:468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21663.exe
        8⤵
        
        PID:3232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3232 -s 224
        9⤵
        
        PID:5000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 468 -s 236
        8⤵
        
        PID:5028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25553.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13312.exe
        7⤵
        
        PID:1548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21279.exe
        8⤵
        
        PID:3336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3336 -s 224
        9⤵
        
        PID:4756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1548 -s 236
        8⤵
        
        PID:5096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53110.exe
        7⤵
        
        PID:3436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3436 -s 220
        8⤵
        
        PID:4424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2856 -s 240
        7⤵
        Program crash
        
        PID:3640
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1944 -s 240
        6⤵
        Program crash
        
        PID:1480
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 380 -s 240
        5⤵
        Program crash
        
        PID:2696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15768.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15768.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28670.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51820.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61947.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13696.exe
        8⤵
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23967.exe
        9⤵
        
        PID:3560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15072.exe
        10⤵
        
        PID:4472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4472 -s 188
        11⤵
        
        PID:4416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3560 -s 216
        10⤵
        
        PID:6204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1632 -s 236
        9⤵
        
        PID:4332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19861.exe
        8⤵
        
        PID:3604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9151.exe
        9⤵
        
        PID:4732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52092.exe
        10⤵
        
        PID:6592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63408.exe
        11⤵
        
        PID:6540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38604.exe
        12⤵
        
        PID:8564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34179.exe
        13⤵
        
        PID:9472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7022.exe
        14⤵
        
        PID:12128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9472 -s 216
        14⤵
        
        PID:12044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8564 -s 216
        13⤵
        
        PID:11200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6540 -s 236
        12⤵
        
        PID:9504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6592 -s 216
        11⤵
        
        PID:7308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4732 -s 216
        10⤵
        
        PID:7128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3604 -s 236
        9⤵
        
        PID:5492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2984 -s 240
        8⤵
        
        PID:4252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9591.exe
        7⤵
        
        PID:2880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2880 -s 220
        8⤵
        Program crash
        
        PID:3280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2980 -s 240
        7⤵
        Program crash
        
        PID:3772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8641.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12544.exe
        7⤵
        
        PID:3032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56639.exe
        8⤵
        
        PID:3488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43552.exe
        9⤵
        
        PID:5088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36467.exe
        10⤵
        
        PID:6356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14664.exe
        11⤵
        
        PID:8088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10179.exe
        12⤵
        
        PID:8856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8856 -s 244
        13⤵
        
        PID:10384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8088 -s 236
        12⤵
        
        PID:9244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6356 -s 216
        11⤵
        
        PID:8748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5088 -s 216
        10⤵
        
        PID:7312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3488 -s 216
        9⤵
        
        PID:5152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3032 -s 216
        8⤵
        
        PID:4324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22876.exe
        7⤵
        
        PID:3584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42976.exe
        8⤵
        
        PID:4516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22954.exe
        9⤵
        
        PID:6392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25656.exe
        10⤵
        
        PID:7188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53142.exe
        11⤵
        
        PID:7360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29514.exe
        12⤵
        
        PID:10252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29039.exe
        13⤵
        
        PID:12268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10252 -s 216
        13⤵
        
        PID:6984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7360 -s 216
        12⤵
        
        PID:10832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7188 -s 236
        11⤵
        
        PID:9800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6392 -s 216
        10⤵
        
        PID:8684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4516 -s 216
        9⤵
        
        PID:7416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3584 -s 236
        8⤵
        
        PID:5268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 800 -s 240
        7⤵
        
        PID:3620
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1540 -s 240
        6⤵
        Program crash
        
        PID:2280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37107.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28507.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61361.exe
        7⤵
        
        PID:1184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21087.exe
        8⤵
        
        PID:3288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27984.exe
        9⤵
        
        PID:4920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45107.exe
        10⤵
        
        PID:5744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26559.exe
        11⤵
        
        PID:7636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25556.exe
        12⤵
        
        PID:8672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23770.exe
        13⤵
        
        PID:11144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36299.exe
        14⤵
        
        PID:6684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5244.exe
        15⤵
        
        PID:8020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11144 -s 216
        14⤵
        
        PID:4356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8672 -s 216
        13⤵
        
        PID:11360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7636 -s 216
        12⤵
        
        PID:10100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5744 -s 216
        11⤵
        
        PID:9076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4920 -s 216
        10⤵
        
        PID:6620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3288 -s 216
        9⤵
        
        PID:5992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1184 -s 236
        8⤵
        
        PID:5052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3909.exe
        7⤵
        
        PID:3412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47745.exe
        8⤵
        
        PID:4696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6041.exe
        9⤵
        
        PID:6424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65136.exe
        10⤵
        
        PID:6624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61035.exe
        11⤵
        
        PID:8584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42773.exe
        12⤵
        
        PID:10748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14840.exe
        13⤵
        
        PID:11660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10748 -s 216
        13⤵
        
        PID:11560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8584 -s 216
        12⤵
        
        PID:10888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6624 -s 216
        11⤵
        
        PID:9824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6424 -s 216
        10⤵
        
        PID:8360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4696 -s 216
        9⤵
        
        PID:7024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3412 -s 216
        8⤵
        
        PID:5412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1012 -s 220
        7⤵
        
        PID:4160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55367.exe
        6⤵
        
        PID:1304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7054.exe
        7⤵
        
        PID:3648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45633.exe
        8⤵
        
        PID:5108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28579.exe
        9⤵
        
        PID:5972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-165.exe
        10⤵
        
        PID:8036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62732.exe
        11⤵
        
        PID:8824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6332.exe
        12⤵
        
        PID:9348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6607.exe
        13⤵
        
        PID:11848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9348 -s 216
        13⤵
        
        PID:11832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8824 -s 236
        12⤵
        
        PID:10580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8036 -s 236
        11⤵
        
        PID:9588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5972 -s 216
        10⤵
        
        PID:8060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5108 -s 216
        9⤵
        
        PID:7032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3648 -s 236
        8⤵
        
        PID:5976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60744.exe
        7⤵
        
        PID:4384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19804.exe
        8⤵
        
        PID:6564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27192.exe
        9⤵
        
        PID:7384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13874.exe
        10⤵
        
        PID:8772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26287.exe
        11⤵
        
        PID:10616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14036.exe
        12⤵
        
        PID:11288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10616 -s 216
        12⤵
        
        PID:7452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8772 -s 216
        11⤵
        
        PID:11468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7384 -s 216
        10⤵
        
        PID:9272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6564 -s 216
        9⤵
        
        PID:9000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4384 -s 216
        8⤵
        
        PID:7644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1304 -s 240
        7⤵
        
        PID:5784
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1520 -s 240
        6⤵
        Program crash
        
        PID:3788
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1812 -s 240
        5⤵
        Program crash
        
        PID:2500
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2440 -s 240
      4⤵
      Program crash
      PID:2424
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3040 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:288
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3056 -s 240
  2⤵
  - Program crash
  PID:2724

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-22159.exe

Filesize
184KB

MD5
3f19df01e35d65aaa893dbd6a1819152

SHA1
efad297cc4da0cf35f388325dbf04f056145e1c7

SHA256
992aef5f5df40e2244bbe9d7f7703b25b5f0dc9ad0411b08d59127e32570c7d8

SHA512
82a6fd32a2afafe515817b0632fa55ba24ae2b7948e18b8c2f8457cc350d88c99afd3e542e02410705abb772c68e1fc9112902b4019c13d196db4f5b9dd4babc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29306.exe

Filesize
184KB

MD5
6b4b4d7232ee3f7134625e03aaf58c93

SHA1
d0925fd68292c0f9c3269a2080c81b6d2fa266e5

SHA256
808790b32fa7c2cc4239a2126403a3035764fa2ba0035f82ac9341ccd8b31fdd

SHA512
f79c680c16f4c64184cbb4339ebf3fe95be2b4ffade584082dab811f773d6861e0cb271a83cf33e8c022db973a5d0c5df3182b1329154797c6919a3df19ddf8f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34770.exe

Filesize
184KB

MD5
878e47ea64b37a25c7dedcb420fef0ce

SHA1
cfb5d8b3148a58ccad79eff8b657566187f6c04a

SHA256
a481c855937b8cf59d95a8cb0fdee141af294d0ecabd65a2278e776476994780

SHA512
d1f5144262239b5ea576b48a0c36ba39cd2a6d7f42b2836e8ee6af5649858e41e08fa2b619993617a4511949a2fe3533213da3d00fcc50eb735ba03ae49e8369

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36211.exe

Filesize
184KB

MD5
256cee9d9e1153708facdcf9c6082ac1

SHA1
fcb405ca57c3461b2df61a1b275bfc0f9c41f524

SHA256
2470da9b425d77dd222f5c66378182523a5c3d1408d586758a9f463b001ee79a

SHA512
e632f75e50e13f6e369fd716aa5134e89517542c8b09fe28357c14f0cdbe5354363e949b71f51e92d5c09102cb3bdff99defaf9de4ede061c60c2e3e4fd0be44

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38604.exe

Filesize
184KB

MD5
b607f8fb64a3a8cc5095b7e43de69af0

SHA1
b5b642867e9c83e867ce5c7bf439e241eb26abb2

SHA256
cfaf4913dd16ec3ff4369be62b4c16f79e594f9ed4b40ac53643b4b38d92347d

SHA512
d62e455202ee947a78b244acbaaf8601d7a47c54d80284f57267ba57f7f36450a6058be6d71cbb41e11e4f15a4537c1fc51044de18ed296a44a4a13cc256c4e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38806.exe

Filesize
184KB

MD5
1a02c4c9965852d2a546e431d0fa0e76

SHA1
fbbe45c112a5a74c2f0c3915cc720c18b6cec866

SHA256
bb175e1868c880c8d04fba0236a810f7c88e629db3adb6d8d7010dc05179d78b

SHA512
7c656f5a8d830fa53f32192ce0579fd1b7f298d76c942a8be015234f94da722b14d89ffde3edd5b6ae60aab8577d5b7a452b790918ea80e6e456a21f2e9e3784

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42753.exe

Filesize
184KB

MD5
cfc16a7fe44d0d63f1091e2750b32291

SHA1
3dfbad1a6a51dc9bb764fa7ba03fcf69cab7f9b4

SHA256
660c7a4df8ebba59e8353cc2bfef35f5ec49f376f6eb800f666a637f4943a331

SHA512
927fcc7092065d6d8f8fade54fde6785a71edd6210d0792c6a725518bc93daee232b3e6d2120b2a5e22692fd66685986abc5a94a106c8b40f7d927ced6729bf8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4662.exe

Filesize
184KB

MD5
17ef2ee8763ccef8c634e24f2cb50b7a

SHA1
a403e3b63b4abc37ad74525c669c34c75c5ba2b4

SHA256
e5973fb6d0908070a093d0133b5ef670560e27d3934f2c662d39e693d9f19a58

SHA512
37bc9094b3213f9bbe07fbe1cb4e727ad975850fcedfb1e8112a77de97fd07de36f9352e63cbbdbee555c619a36898d0569f91a19f64e4f8e9041d8d6745dd06

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4790.exe

Filesize
184KB

MD5
2e762dc90bacca7ed79e361309b529c7

SHA1
6794996a8da1c30531ab549e9fdd44cfe83861d4

SHA256
a4f0bc4fae8297cdf316df09c4c10409656a21180c8886ef022c241edfd74210

SHA512
b82bbaea821b8f6b45d67f2e19656243052bb8e97860d5187c8a5eb650a0786b597a0a6e2251990b59c8974fbf12b6c40a9c5896f0b573edfbd99ae521026bf6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5079.exe

Filesize
184KB

MD5
b3607077da975bb8a9c8c9c0c9dee37f

SHA1
5c5f079abfd1fb2c78ac190636b40be5389fc8a9

SHA256
8dde65bd53ce107358ea457274c427163ac37f26e1153d2a627bc2676471474d

SHA512
c7f68af0fc93317318800332b345a4725bef667fd412eda7830b9f171f291f6170a669edfe723049c62a958f52852e04b90f3b97320303e5f7274439414fca1b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-10272.exe

Filesize
184KB

MD5
530024c952aeefa6253edb9fa9423093

SHA1
2448b7438f3eb5d859a4ca41f6a100fd81dbfa61

SHA256
09f21069cd93367b6f735614ae9340822c9c35978ca7542c902e755521b92cc3

SHA512
624fe23a44d781518176ab8e1827d2b9cbdf88bb9399246a05f2e6d81c0ce958f41c8871bd9093dc76cd35df7d148fad3b6742465f32a8c9de87ce29d53d7824

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-11665.exe

Filesize
184KB

MD5
7a91ee1cc1bcd02a74da21f78e584bf1

SHA1
ea679b469a5cac8c5046784d4ea16a79da08d3fa

SHA256
78e7b091863dc9696c1a2d71ba3765d646fc36f453b34fa96950e8232f0507da

SHA512
78de82794f8dfccc3b3d2e1b01b940a4a7d3c8a6dcc26f53b34b3cd55ecc433a46b9a0d2cbd403cb25583da668a4cc764383f07b53a399fcdd47d95db30f25cd

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-15194.exe

Filesize
184KB

MD5
89c5633702015f920a52d5da0d4aefae

SHA1
cb1ab3afed0103adf75e39bdf05e4a8626a7b8d1

SHA256
eaa721440def5261b50c4176a79e1066a6aade39678ee4204954bb840e9212c8

SHA512
d2831376d42ff5c1e06d41373b59466a24d2fcb297c1638b8d52ef1dd2915032dff83c0f933a97cff24d3ccaa718ca4b829e5a99e3e7a247c28b2f18ba5c3c8e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-18940.exe

Filesize
184KB

MD5
bca97511ed8be8b4f89567b1ffad2655

SHA1
d4baf485472d969bc52c2c862cfc97c83ca28c53

SHA256
31c957021680072e0e999753e7c4093251320e6ddd349cb8f4072fa53be228ff

SHA512
73eae16b2e7baf679da68ce4ad9e75d462021f94d7e45d696fc29fcfc18e6600c1b181762b86cabd9aa312a6d7d85ca12c2a8412cf8e83f7b2b240566890eab0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-40614.exe

Filesize
184KB

MD5
36c5e9d2fa52f8a1aab9160de9dc7353

SHA1
aff7463383d6a681da000b51a117d78a13a3059b

SHA256
8bad68ef793ef383419dc348ac16787990b2b743e5a2230ae1e8bebcb398d13a

SHA512
ea20b6843bab74d9a93255fb8458438ac3e7c7a505378f75a996bc55f5d165afa113f082e3e397f084138618b759ace78cc6b8ac537d342ff3abeb9f85e0921a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-47716.exe

Filesize
184KB

MD5
6a5cec56184f0aa155b910352ee58f5f

SHA1
f3d8e06a31c4059d4bf0aa1d79c39aaf5fcd5163

SHA256
cd8a041b04d85b0cac1bfabef55a4dd764fa6540dcbe5156df1fc61931490cb1

SHA512
e809335441c76bbad4a544d21701c3a3194e577f4a72aca0f070d94b9ced35d441a6852ec0bf7e567998b56277cd65e3a9561cde9572fa331cccb0e9e2bfc00e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48635.exe

Filesize
184KB

MD5
6d42af53c3cbbe8bb54b4e78d1471396

SHA1
6a4b3d29e4ad582b57f6feea26b84ae43dd12ebe

SHA256
1113d29dc790bb78363a8bd6df101592580131f4188f59784cfa9cfbf0a78ecf

SHA512
cd1e18592dfb924abd0e15aefc2fa167e4f48fcad004da1cc776bf42966a964cf408e00901d1b2cc7a42edbda4690f768b1931945f618b9647079764f6cb9401

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-50828.exe

Filesize
184KB

MD5
84b798810651443027e29e18785b019a

SHA1
a38e0cae6be930c332a609eec50a03173138458e

SHA256
7a0316b7386fd5079888931eccf5f5f75984682ccb67c0548a380dedc60eec48

SHA512
e21248132ba60a6b18352e660cf10017a866cc8eb929b945a610188db2a5d10581f85e5d666fc593d78acd9eb4adc679d868b4441d72d86da9d7bbd931b47e80

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55944.exe

Filesize
184KB

MD5
0dd413257f5c9abb782c0b589f2bdd98

SHA1
6a97e1d8cf46c5c38ab7ad47d925c9501c3c6c77

SHA256
8ebba4deb8a9fab884a686f6b855f62519ad521426104a76795fdf25244bd068

SHA512
fcd430cb9a98a649e84c0ffa57f78453ec9f46e46f77a79d6794d02c7824a7cde7299435b3d9992313ab874dcae7bc46b7a0b6a6ff24f9daf6718fdef88e8975

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads