f4bbf4effdbb2c5858a3ebc90609b60dbb68937a964835ed65bdb7da3f2ca645

Analysis

max time kernel
150s
max time network
119s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
01/06/2024, 05:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f4bbf4effdbb2c5858a3ebc90609b60dbb68937a964835ed65bdb7da3f2ca645.exe
Size

184KB
MD5

c4b25e7c0cb2836cb748eb514a6aa357
SHA1

b33cbbf055cb10a54948388e7d6343a6e2babe7c
SHA256

f4bbf4effdbb2c5858a3ebc90609b60dbb68937a964835ed65bdb7da3f2ca645
SHA512

f3d0f0e19de7fd35da3554261f331b7e676eebb07195b5674300887fab3be060f007dc599813b42cce0341ee271d351f2a861370052972f34c3d1a457a27885e
SSDEEP

3072:Ida34xoW7JOtjtiWe8wLRKs7hlnViF7n3:IdfozVtifLYs7hlnViF7

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2192	Unicorn-33584.exe
2396	Unicorn-37087.exe
3052	Unicorn-25389.exe
2668	Unicorn-31943.exe
2712	Unicorn-51809.exe
2556	Unicorn-26345.exe
2800	Unicorn-29848.exe
2196	Unicorn-13319.exe
2008	Unicorn-54352.exe
1716	Unicorn-58991.exe
1936	Unicorn-42654.exe
1900	Unicorn-7585.exe
1924	Unicorn-53257.exe
2260	Unicorn-65530.exe
952	Unicorn-1062.exe
704	Unicorn-32666.exe
2536	Unicorn-12800.exe
1304	Unicorn-20968.exe
956	Unicorn-40834.exe
2828	Unicorn-52889.exe
356	Unicorn-41191.exe
976	Unicorn-44529.exe
1440	Unicorn-52697.exe
2072	Unicorn-40999.exe
944	Unicorn-59448.exe
2124	Unicorn-38281.exe
2116	Unicorn-46449.exe
1756	Unicorn-2079.exe
1072	Unicorn-46449.exe
1188	Unicorn-10247.exe
2068	Unicorn-21945.exe
3028	Unicorn-59443.exe
1216	Unicorn-19480.exe
2448	Unicorn-23049.exe
2716	Unicorn-51083.exe
2476	Unicorn-6713.exe
2348	Unicorn-59251.exe
2488	Unicorn-64959.exe
1576	Unicorn-65507.exe
2960	Unicorn-33712.exe
1680	Unicorn-25928.exe
2528	Unicorn-29689.exe
2184	Unicorn-50432.exe
1528	Unicorn-50432.exe
2688	Unicorn-58600.exe
2428	Unicorn-34096.exe
2692	Unicorn-22398.exe
2016	Unicorn-22398.exe
2920	Unicorn-42264.exe
2840	Unicorn-63239.exe
1812	Unicorn-15762.exe
276	Unicorn-20400.exe
1232	Unicorn-7401.exe
2128	Unicorn-15569.exe
2896	Unicorn-37312.exe
892	Unicorn-37312.exe
1572	Unicorn-7977.exe
2216	Unicorn-45289.exe
2148	Unicorn-56026.exe
2532	Unicorn-29061.exe
2740	Unicorn-47858.exe
2356	Unicorn-23162.exe
2440	Unicorn-32207.exe
1224	Unicorn-31138.exe

Loads dropped DLL 64 IoCs

pid	Process
1712	f4bbf4effdbb2c5858a3ebc90609b60dbb68937a964835ed65bdb7da3f2ca645.exe
1712	f4bbf4effdbb2c5858a3ebc90609b60dbb68937a964835ed65bdb7da3f2ca645.exe
2192	Unicorn-33584.exe
2192	Unicorn-33584.exe
1712	f4bbf4effdbb2c5858a3ebc90609b60dbb68937a964835ed65bdb7da3f2ca645.exe
1712	f4bbf4effdbb2c5858a3ebc90609b60dbb68937a964835ed65bdb7da3f2ca645.exe
2192	Unicorn-33584.exe
2396	Unicorn-37087.exe
2192	Unicorn-33584.exe
2396	Unicorn-37087.exe
3052	Unicorn-25389.exe
3052	Unicorn-25389.exe
2656	WerFault.exe
2656	WerFault.exe
2656	WerFault.exe
2656	WerFault.exe
2656	WerFault.exe
2712	Unicorn-51809.exe
2712	Unicorn-51809.exe
2668	Unicorn-31943.exe
2668	Unicorn-31943.exe
2396	Unicorn-37087.exe
2556	Unicorn-26345.exe
2396	Unicorn-37087.exe
2556	Unicorn-26345.exe
3052	Unicorn-25389.exe
3052	Unicorn-25389.exe
1912	WerFault.exe
1912	WerFault.exe
1912	WerFault.exe
1912	WerFault.exe
2784	WerFault.exe
2784	WerFault.exe
2784	WerFault.exe
2784	WerFault.exe
1912	WerFault.exe
2784	WerFault.exe
2800	Unicorn-29848.exe
2712	Unicorn-51809.exe
2800	Unicorn-29848.exe
2712	Unicorn-51809.exe
1936	Unicorn-42654.exe
1936	Unicorn-42654.exe
2196	Unicorn-13319.exe
2196	Unicorn-13319.exe
2668	Unicorn-31943.exe
2668	Unicorn-31943.exe
2008	Unicorn-54352.exe
2008	Unicorn-54352.exe
2556	Unicorn-26345.exe
2556	Unicorn-26345.exe
1716	Unicorn-58991.exe
1716	Unicorn-58991.exe
1316	WerFault.exe
1316	WerFault.exe
1316	WerFault.exe
1316	WerFault.exe
1316	WerFault.exe
1112	WerFault.exe
1112	WerFault.exe
1112	WerFault.exe
1112	WerFault.exe
1112	WerFault.exe
444	WerFault.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2996	1712	WerFault.exe	27
2656	2192	WerFault.exe	28
1912	2396	WerFault.exe	29
2784	3052	WerFault.exe	30
1316	2712	WerFault.exe	33
1112	2668	WerFault.exe	32
444	2556	WerFault.exe	34
2264	952	WerFault.exe	46
2520	2800	WerFault.exe	36
2340	1936	WerFault.exe	40
3032	2196	WerFault.exe	37
2988	2008	WerFault.exe	39
2640	1716	WerFault.exe	38
268	1900	WerFault.exe	43
536	1924	WerFault.exe	44
696	2260	WerFault.exe	45
1692	2536	WerFault.exe	47
948	956	WerFault.exe	50
1904	1304	WerFault.exe	49
1764	704	WerFault.exe	48
1688	1576	WerFault.exe	79
1876	356	WerFault.exe	55
1700	2828	WerFault.exe	54
2132	976	WerFault.exe	56
1524	1440	WerFault.exe	57
3048	2072	WerFault.exe	58
2868	944	WerFault.exe	60
2468	2124	WerFault.exe	61
2804	1188	WerFault.exe	66
2156	2068	WerFault.exe	65
2332	2116	WerFault.exe	63
2004	1072	WerFault.exe	62
2872	3028	WerFault.exe	70
3016	1216	WerFault.exe	72
2832	2348	WerFault.exe	77
800	2716	WerFault.exe	75
3108	2476	WerFault.exe	76
3172	2448	WerFault.exe	74
3188	2488	WerFault.exe	78
3300	2016	WerFault.exe	88
3292	2960	WerFault.exe	80
3308	2184	WerFault.exe	83
3364	2528	WerFault.exe	82
3372	2692	WerFault.exe	87
3416	1680	WerFault.exe	81
3452	1528	WerFault.exe	84
3496	2840	WerFault.exe	90
3532	2428	WerFault.exe	86
3540	2688	WerFault.exe	85
3552	2920	WerFault.exe	89
3996	276	WerFault.exe	99
3404	892	WerFault.exe	103
3484	1812	WerFault.exe	98
1940	2216	WerFault.exe	106
3824	2356	WerFault.exe	110
3828	2740	WerFault.exe	109
4004	2704	WerFault.exe	113
3904	1212	WerFault.exe	115
3100	2836	WerFault.exe	118
3876	2440	WerFault.exe	111
3408	2952	WerFault.exe	123
3584	2020	WerFault.exe	114
3136	2896	WerFault.exe	102
4184	1232	WerFault.exe	100

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1712	f4bbf4effdbb2c5858a3ebc90609b60dbb68937a964835ed65bdb7da3f2ca645.exe
2192	Unicorn-33584.exe
2396	Unicorn-37087.exe
3052	Unicorn-25389.exe
2668	Unicorn-31943.exe
2712	Unicorn-51809.exe
2556	Unicorn-26345.exe
2800	Unicorn-29848.exe
2196	Unicorn-13319.exe
2008	Unicorn-54352.exe
1936	Unicorn-42654.exe
1716	Unicorn-58991.exe
1900	Unicorn-7585.exe
1924	Unicorn-53257.exe
2260	Unicorn-65530.exe
952	Unicorn-1062.exe
704	Unicorn-32666.exe
1304	Unicorn-20968.exe
2536	Unicorn-12800.exe
956	Unicorn-40834.exe
2828	Unicorn-52889.exe
356	Unicorn-41191.exe
976	Unicorn-44529.exe
1440	Unicorn-52697.exe
2072	Unicorn-40999.exe
944	Unicorn-59448.exe
2124	Unicorn-38281.exe
1756	Unicorn-2079.exe
1072	Unicorn-46449.exe
2116	Unicorn-46449.exe
1188	Unicorn-10247.exe
2068	Unicorn-21945.exe
1216	Unicorn-19480.exe
3028	Unicorn-59443.exe
2448	Unicorn-23049.exe
2716	Unicorn-51083.exe
2476	Unicorn-6713.exe
2348	Unicorn-59251.exe
1576	Unicorn-65507.exe
2488	Unicorn-64959.exe
2960	Unicorn-33712.exe
1680	Unicorn-25928.exe
2528	Unicorn-29689.exe
1528	Unicorn-50432.exe
2184	Unicorn-50432.exe
2688	Unicorn-58600.exe
2428	Unicorn-34096.exe
2016	Unicorn-22398.exe
2692	Unicorn-22398.exe
2920	Unicorn-42264.exe
2840	Unicorn-63239.exe
1812	Unicorn-15762.exe
276	Unicorn-20400.exe
1232	Unicorn-7401.exe
892	Unicorn-37312.exe
2128	Unicorn-15569.exe
2896	Unicorn-37312.exe
1572	Unicorn-7977.exe
2216	Unicorn-45289.exe
2148	Unicorn-56026.exe
2740	Unicorn-47858.exe
2532	Unicorn-29061.exe
2356	Unicorn-23162.exe
2440	Unicorn-32207.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1712 wrote to memory of 2192	1712	f4bbf4effdbb2c5858a3ebc90609b60dbb68937a964835ed65bdb7da3f2ca645.exe	28
PID 1712 wrote to memory of 2192	1712	f4bbf4effdbb2c5858a3ebc90609b60dbb68937a964835ed65bdb7da3f2ca645.exe	28
PID 1712 wrote to memory of 2192	1712	f4bbf4effdbb2c5858a3ebc90609b60dbb68937a964835ed65bdb7da3f2ca645.exe	28
PID 1712 wrote to memory of 2192	1712	f4bbf4effdbb2c5858a3ebc90609b60dbb68937a964835ed65bdb7da3f2ca645.exe	28
PID 2192 wrote to memory of 2396	2192	Unicorn-33584.exe	29
PID 2192 wrote to memory of 2396	2192	Unicorn-33584.exe	29
PID 2192 wrote to memory of 2396	2192	Unicorn-33584.exe	29
PID 2192 wrote to memory of 2396	2192	Unicorn-33584.exe	29
PID 1712 wrote to memory of 3052	1712	f4bbf4effdbb2c5858a3ebc90609b60dbb68937a964835ed65bdb7da3f2ca645.exe	30
PID 1712 wrote to memory of 3052	1712	f4bbf4effdbb2c5858a3ebc90609b60dbb68937a964835ed65bdb7da3f2ca645.exe	30
PID 1712 wrote to memory of 3052	1712	f4bbf4effdbb2c5858a3ebc90609b60dbb68937a964835ed65bdb7da3f2ca645.exe	30
PID 1712 wrote to memory of 3052	1712	f4bbf4effdbb2c5858a3ebc90609b60dbb68937a964835ed65bdb7da3f2ca645.exe	30
PID 1712 wrote to memory of 2996	1712	f4bbf4effdbb2c5858a3ebc90609b60dbb68937a964835ed65bdb7da3f2ca645.exe	31
PID 1712 wrote to memory of 2996	1712	f4bbf4effdbb2c5858a3ebc90609b60dbb68937a964835ed65bdb7da3f2ca645.exe	31
PID 1712 wrote to memory of 2996	1712	f4bbf4effdbb2c5858a3ebc90609b60dbb68937a964835ed65bdb7da3f2ca645.exe	31
PID 1712 wrote to memory of 2996	1712	f4bbf4effdbb2c5858a3ebc90609b60dbb68937a964835ed65bdb7da3f2ca645.exe	31
PID 2192 wrote to memory of 2668	2192	Unicorn-33584.exe	32
PID 2192 wrote to memory of 2668	2192	Unicorn-33584.exe	32
PID 2192 wrote to memory of 2668	2192	Unicorn-33584.exe	32
PID 2192 wrote to memory of 2668	2192	Unicorn-33584.exe	32
PID 2396 wrote to memory of 2712	2396	Unicorn-37087.exe	33
PID 2396 wrote to memory of 2712	2396	Unicorn-37087.exe	33
PID 2396 wrote to memory of 2712	2396	Unicorn-37087.exe	33
PID 2396 wrote to memory of 2712	2396	Unicorn-37087.exe	33
PID 3052 wrote to memory of 2556	3052	Unicorn-25389.exe	34
PID 3052 wrote to memory of 2556	3052	Unicorn-25389.exe	34
PID 3052 wrote to memory of 2556	3052	Unicorn-25389.exe	34
PID 3052 wrote to memory of 2556	3052	Unicorn-25389.exe	34
PID 2192 wrote to memory of 2656	2192	Unicorn-33584.exe	35
PID 2192 wrote to memory of 2656	2192	Unicorn-33584.exe	35
PID 2192 wrote to memory of 2656	2192	Unicorn-33584.exe	35
PID 2192 wrote to memory of 2656	2192	Unicorn-33584.exe	35
PID 2712 wrote to memory of 2800	2712	Unicorn-51809.exe	36
PID 2712 wrote to memory of 2800	2712	Unicorn-51809.exe	36
PID 2712 wrote to memory of 2800	2712	Unicorn-51809.exe	36
PID 2712 wrote to memory of 2800	2712	Unicorn-51809.exe	36
PID 2668 wrote to memory of 2196	2668	Unicorn-31943.exe	37
PID 2668 wrote to memory of 2196	2668	Unicorn-31943.exe	37
PID 2668 wrote to memory of 2196	2668	Unicorn-31943.exe	37
PID 2668 wrote to memory of 2196	2668	Unicorn-31943.exe	37
PID 2396 wrote to memory of 1716	2396	Unicorn-37087.exe	38
PID 2396 wrote to memory of 1716	2396	Unicorn-37087.exe	38
PID 2396 wrote to memory of 1716	2396	Unicorn-37087.exe	38
PID 2396 wrote to memory of 1716	2396	Unicorn-37087.exe	38
PID 2556 wrote to memory of 2008	2556	Unicorn-26345.exe	39
PID 2556 wrote to memory of 2008	2556	Unicorn-26345.exe	39
PID 2556 wrote to memory of 2008	2556	Unicorn-26345.exe	39
PID 2556 wrote to memory of 2008	2556	Unicorn-26345.exe	39
PID 3052 wrote to memory of 1936	3052	Unicorn-25389.exe	40
PID 3052 wrote to memory of 1936	3052	Unicorn-25389.exe	40
PID 3052 wrote to memory of 1936	3052	Unicorn-25389.exe	40
PID 3052 wrote to memory of 1936	3052	Unicorn-25389.exe	40
PID 2396 wrote to memory of 1912	2396	Unicorn-37087.exe	41
PID 2396 wrote to memory of 1912	2396	Unicorn-37087.exe	41
PID 2396 wrote to memory of 1912	2396	Unicorn-37087.exe	41
PID 2396 wrote to memory of 1912	2396	Unicorn-37087.exe	41
PID 3052 wrote to memory of 2784	3052	Unicorn-25389.exe	42
PID 3052 wrote to memory of 2784	3052	Unicorn-25389.exe	42
PID 3052 wrote to memory of 2784	3052	Unicorn-25389.exe	42
PID 3052 wrote to memory of 2784	3052	Unicorn-25389.exe	42
PID 2800 wrote to memory of 1900	2800	Unicorn-29848.exe	43
PID 2800 wrote to memory of 1900	2800	Unicorn-29848.exe	43
PID 2800 wrote to memory of 1900	2800	Unicorn-29848.exe	43
PID 2800 wrote to memory of 1900	2800	Unicorn-29848.exe	43

C:\Users\Admin\AppData\Local\Temp\f4bbf4effdbb2c5858a3ebc90609b60dbb68937a964835ed65bdb7da3f2ca645.exe
"C:\Users\Admin\AppData\Local\Temp\f4bbf4effdbb2c5858a3ebc90609b60dbb68937a964835ed65bdb7da3f2ca645.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1712
- C:\Users\Admin\AppData\Local\Temp\Unicorn-33584.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-33584.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2192
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37087.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37087.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51809.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51809.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29848.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7585.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52889.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19480.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7401.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59337.exe
        10⤵
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38035.exe
        11⤵
        
        PID:3384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15633.exe
        12⤵
        
        PID:5076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64748.exe
        13⤵
        
        PID:7912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1900.exe
        14⤵
        
        PID:10636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29263.exe
        15⤵
        
        PID:12728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10636 -s 216
        15⤵
        
        PID:14212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7912 -s 220
        14⤵
        
        PID:11804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5076 -s 216
        13⤵
        
        PID:9140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3384 -s 216
        12⤵
        
        PID:6512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2308 -s 236
        11⤵
        
        PID:4692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26337.exe
        10⤵
        
        PID:3428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23993.exe
        11⤵
        
        PID:5004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23966.exe
        11⤵
        
        PID:5872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37639.exe
        12⤵
        
        PID:7576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53758.exe
        13⤵
        
        PID:9932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35018.exe
        14⤵
        
        PID:12420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9932 -s 216
        14⤵
        
        PID:13916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7576 -s 216
        13⤵
        
        PID:11448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5872 -s 216
        12⤵
        
        PID:8868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3428 -s 220
        11⤵
        
        PID:6924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1232 -s 240
        10⤵
        Program crash
        
        PID:4184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23135.exe
        9⤵
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38912.exe
        10⤵
        
        PID:3468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23993.exe
        11⤵
        
        PID:5012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50825.exe
        12⤵
        
        PID:8080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54111.exe
        13⤵
        
        PID:10968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39683.exe
        14⤵
        
        PID:12708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10968 -s 216
        14⤵
        
        PID:12892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8080 -s 216
        13⤵
        
        PID:12064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5012 -s 216
        12⤵
        
        PID:8764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3468 -s 216
        11⤵
        
        PID:6476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2616 -s 236
        10⤵
        
        PID:4740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1216 -s 240
        9⤵
        Program crash
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37312.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27049.exe
        9⤵
        
        PID:1820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38720.exe
        10⤵
        
        PID:3632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15934.exe
        11⤵
        
        PID:4172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10690.exe
        12⤵
        
        PID:7640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45292.exe
        13⤵
        
        PID:10832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25156.exe
        14⤵
        
        PID:13628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10832 -s 236
        14⤵
        
        PID:7200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7640 -s 216
        13⤵
        
        PID:12284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4172 -s 216
        12⤵
        
        PID:9348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3632 -s 216
        11⤵
        
        PID:6700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1820 -s 236
        10⤵
        
        PID:4900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18854.exe
        9⤵
        
        PID:3640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40500.exe
        10⤵
        
        PID:4408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63531.exe
        11⤵
        
        PID:6776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21802.exe
        12⤵
        
        PID:9944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12511.exe
        13⤵
        
        PID:13012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9944 -s 220
        13⤵
        
        PID:13528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6776 -s 216
        12⤵
        
        PID:11160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4408 -s 216
        11⤵
        
        PID:7364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3640 -s 236
        10⤵
        
        PID:5164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 892 -s 240
        9⤵
        Program crash
        
        PID:3404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2828 -s 240
        8⤵
        Program crash
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23049.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47858.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13893.exe
        9⤵
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26141.exe
        10⤵
        
        PID:3920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40993.exe
        11⤵
        
        PID:4800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16230.exe
        12⤵
        
        PID:6240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6240 -s 220
        13⤵
        
        PID:9752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4800 -s 216
        12⤵
        
        PID:7744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3920 -s 236
        11⤵
        
        PID:5680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59960.exe
        10⤵
        
        PID:4964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31606.exe
        11⤵
        
        PID:6548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62258.exe
        12⤵
        
        PID:9892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20851.exe
        13⤵
        
        PID:12644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9892 -s 216
        13⤵
        
        PID:12832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6548 -s 216
        12⤵
        
        PID:11120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4964 -s 216
        11⤵
        
        PID:8044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2272 -s 240
        10⤵
        
        PID:5692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2740 -s 236
        9⤵
        Program crash
        
        PID:3828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51397.exe
        8⤵
        
        PID:568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51797.exe
        9⤵
        
        PID:3444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2970.exe
        10⤵
        
        PID:5168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56087.exe
        11⤵
        
        PID:7816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9876.exe
        12⤵
        
        PID:10568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47841.exe
        13⤵
        
        PID:12760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10568 -s 220
        13⤵
        
        PID:7508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7816 -s 220
        12⤵
        
        PID:11708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5168 -s 216
        11⤵
        
        PID:8996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3444 -s 236
        10⤵
        
        PID:6936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 568 -s 236
        9⤵
        
        PID:5020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2448 -s 240
        8⤵
        Program crash
        
        PID:3172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1900 -s 240
        7⤵
        Program crash
        
        PID:268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41191.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59443.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15762.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3120.exe
        9⤵
        
        PID:1960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45819.exe
        10⤵
        
        PID:3208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60287.exe
        11⤵
        
        PID:4104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4880.exe
        12⤵
        
        PID:6012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53685.exe
        13⤵
        
        PID:9620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20851.exe
        14⤵
        
        PID:12624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9620 -s 216
        14⤵
        
        PID:12860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6012 -s 216
        13⤵
        
        PID:10876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4104 -s 236
        12⤵
        
        PID:7312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3208 -s 216
        11⤵
        
        PID:5296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1501.exe
        10⤵
        
        PID:4144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24014.exe
        11⤵
        
        PID:5284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65418.exe
        12⤵
        
        PID:9668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4706.exe
        13⤵
        
        PID:12568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9668 -s 216
        13⤵
        
        PID:12656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5284 -s 216
        12⤵
        
        PID:10908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4144 -s 216
        11⤵
        
        PID:7684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1960 -s 220
        10⤵
        
        PID:5568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1257.exe
        9⤵
        
        PID:3224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48258.exe
        10⤵
        
        PID:5624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64748.exe
        11⤵
        
        PID:7904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1900.exe
        12⤵
        
        PID:10644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38372.exe
        13⤵
        
        PID:5228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10644 -s 236
        13⤵
        
        PID:6600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7904 -s 220
        12⤵
        
        PID:11796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5624 -s 216
        11⤵
        
        PID:9132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3224 -s 236
        10⤵
        
        PID:6952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1812 -s 240
        9⤵
        Program crash
        
        PID:3484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32455.exe
        8⤵
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45819.exe
        9⤵
        
        PID:3200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6312.exe
        10⤵
        
        PID:4440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32460.exe
        11⤵
        
        PID:7844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18320.exe
        12⤵
        
        PID:10468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37784.exe
        13⤵
        
        PID:12932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10468 -s 216
        13⤵
        
        PID:13388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7844 -s 216
        12⤵
        
        PID:11688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4440 -s 216
        11⤵
        
        PID:9016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3200 -s 236
        10⤵
        
        PID:5932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2956 -s 236
        9⤵
        
        PID:4452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3028 -s 240
        8⤵
        Program crash
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20400.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2435.exe
        8⤵
        
        PID:1556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46779.exe
        9⤵
        
        PID:3080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-121.exe
        10⤵
        
        PID:4068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4068 -s 220
        11⤵
        
        PID:5772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3080 -s 236
        10⤵
        
        PID:5500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37624.exe
        9⤵
        
        PID:3244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40106.exe
        10⤵
        
        PID:5184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21407.exe
        11⤵
        
        PID:8744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2303.exe
        12⤵
        
        PID:12148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11954.exe
        13⤵
        
        PID:8000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 12148 -s 216
        13⤵
        
        PID:8800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8744 -s 216
        12⤵
        
        PID:13172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5184 -s 216
        11⤵
        
        PID:10068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3244 -s 216
        10⤵
        
        PID:7616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1556 -s 240
        9⤵
        
        PID:5860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2217.exe
        8⤵
        
        PID:3120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16842.exe
        9⤵
        
        PID:3560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23791.exe
        10⤵
        
        PID:5616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2647.exe
        11⤵
        
        PID:9444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43134.exe
        12⤵
        
        PID:12428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9444 -s 236
        12⤵
        
        PID:13208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5616 -s 216
        11⤵
        
        PID:10716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3560 -s 216
        10⤵
        
        PID:8008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3120 -s 236
        9⤵
        
        PID:6108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 276 -s 240
        8⤵
        Program crash
        
        PID:3996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 356 -s 240
        7⤵
        Program crash
        
        PID:1876
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2800 -s 240
        6⤵
        Program crash
        
        PID:2520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53257.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44529.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51083.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7977.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12632.exe
        9⤵
        
        PID:2268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-375.exe
        10⤵
        
        PID:3844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24294.exe
        11⤵
        
        PID:5080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54359.exe
        12⤵
        
        PID:7604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18398.exe
        13⤵
        
        PID:9840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26871.exe
        14⤵
        
        PID:13116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9840 -s 220
        14⤵
        
        PID:14312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7604 -s 216
        13⤵
        
        PID:11440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5080 -s 216
        12⤵
        
        PID:8876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3844 -s 216
        11⤵
        
        PID:6612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2268 -s 236
        10⤵
        
        PID:4176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13182.exe
        9⤵
        
        PID:3908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1901.exe
        10⤵
        
        PID:5128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30283.exe
        11⤵
        
        PID:6912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21802.exe
        12⤵
        
        PID:9952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54120.exe
        13⤵
        
        PID:12920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9952 -s 216
        13⤵
        
        PID:13376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6912 -s 236
        12⤵
        
        PID:11184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5128 -s 216
        11⤵
        
        PID:7592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3908 -s 236
        10⤵
        
        PID:6264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1572 -s 220
        9⤵
        
        PID:4340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2716 -s 236
        8⤵
        Program crash
        
        PID:800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29061.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37713.exe
        8⤵
        
        PID:3020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59773.exe
        9⤵
        
        PID:3516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52555.exe
        10⤵
        
        PID:5308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34873.exe
        11⤵
        
        PID:8156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29415.exe
        12⤵
        
        PID:11004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6123.exe
        13⤵
        
        PID:12604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11004 -s 220
        13⤵
        
        PID:7472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8156 -s 216
        12⤵
        
        PID:12076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5308 -s 216
        11⤵
        
        PID:1092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3516 -s 216
        10⤵
        
        PID:6996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3020 -s 236
        9⤵
        
        PID:4976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23571.exe
        8⤵
        
        PID:3572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51076.exe
        9⤵
        
        PID:6028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59805.exe
        10⤵
        
        PID:6236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23255.exe
        11⤵
        
        PID:9504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36886.exe
        12⤵
        
        PID:12464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9504 -s 216
        12⤵
        
        PID:13292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6236 -s 216
        11⤵
        
        PID:10700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6028 -s 216
        10⤵
        
        PID:8404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3572 -s 216
        9⤵
        
        PID:6288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2532 -s 220
        8⤵
        
        PID:4332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 976 -s 240
        7⤵
        Program crash
        
        PID:2132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6713.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56026.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53473.exe
        8⤵
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49192.exe
        9⤵
        
        PID:3988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50910.exe
        10⤵
        
        PID:5232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64278.exe
        11⤵
        
        PID:6364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56098.exe
        12⤵
        
        PID:9820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9397.exe
        13⤵
        
        PID:12720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9820 -s 216
        13⤵
        
        PID:14172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6364 -s 236
        12⤵
        
        PID:11068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5232 -s 216
        11⤵
        
        PID:7840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3988 -s 216
        10⤵
        
        PID:5744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2748 -s 236
        9⤵
        
        PID:4528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28366.exe
        8⤵
        
        PID:4088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41590.exe
        9⤵
        
        PID:4860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35086.exe
        10⤵
        
        PID:7420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7323.exe
        11⤵
        
        PID:10368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1419.exe
        12⤵
        
        PID:13416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10368 -s 216
        12⤵
        
        PID:14296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7420 -s 216
        11⤵
        
        PID:12180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4860 -s 216
        10⤵
        
        PID:9300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4088 -s 216
        9⤵
        
        PID:6660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2148 -s 240
        8⤵
        
        PID:4252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1511.exe
        7⤵
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40064.exe
        8⤵
        
        PID:4060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65409.exe
        9⤵
        
        PID:4236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38643.exe
        10⤵
        
        PID:6632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37754.exe
        11⤵
        
        PID:9848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29424.exe
        12⤵
        
        PID:12960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9848 -s 216
        12⤵
        
        PID:13400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6632 -s 216
        11⤵
        
        PID:11100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4236 -s 236
        10⤵
        
        PID:8072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4060 -s 236
        9⤵
        
        PID:6004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2012 -s 236
        8⤵
        
        PID:4632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2476 -s 240
        7⤵
        Program crash
        
        PID:3108
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1924 -s 240
        6⤵
        Program crash
        
        PID:536
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2712 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:1316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58991.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58991.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40834.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46449.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42264.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56384.exe
        8⤵
        
        PID:1132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30552.exe
        9⤵
        
        PID:3684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8917.exe
        10⤵
        
        PID:4484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26918.exe
        11⤵
        
        PID:7352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38276.exe
        12⤵
        
        PID:10752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9587.exe
        13⤵
        
        PID:13448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10752 -s 216
        13⤵
        
        PID:7180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7352 -s 216
        12⤵
        
        PID:12228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4484 -s 216
        11⤵
        
        PID:9292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3684 -s 216
        10⤵
        
        PID:6668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1132 -s 236
        9⤵
        
        PID:4920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2920 -s 216
        8⤵
        Program crash
        
        PID:3552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1072 -s 236
        7⤵
        Program crash
        
        PID:2004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63239.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16447.exe
        7⤵
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62134.exe
        8⤵
        
        PID:1756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59965.exe
        9⤵
        
        PID:3156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35067.exe
        10⤵
        
        PID:5540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27634.exe
        11⤵
        
        PID:7340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15964.exe
        12⤵
        
        PID:9644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9644 -s 208
        13⤵
        
        PID:12896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7340 -s 216
        12⤵
        
        PID:11012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5540 -s 216
        11⤵
        
        PID:8608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3156 -s 236
        10⤵
        
        PID:6280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1756 -s 236
        9⤵
        
        PID:4700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31931.exe
        8⤵
        
        PID:3436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43318.exe
        9⤵
        
        PID:5360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62602.exe
        10⤵
        
        PID:7320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9907.exe
        11⤵
        
        PID:9736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58754.exe
        12⤵
        
        PID:12484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11639.exe
        12⤵
        
        PID:12684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9736 -s 212
        12⤵
        
        PID:7500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7320 -s 216
        11⤵
        
        PID:10500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5360 -s 216
        10⤵
        
        PID:8588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3436 -s 216
        9⤵
        
        PID:7048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2808 -s 220
        8⤵
        
        PID:4636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2840 -s 236
        7⤵
        Program crash
        
        PID:3496
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 956 -s 240
        6⤵
        Program crash
        
        PID:948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2079.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50432.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23135.exe
        7⤵
        
        PID:748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29675.exe
        8⤵
        
        PID:3508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49566.exe
        9⤵
        
        PID:5028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40179.exe
        10⤵
        
        PID:5648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38439.exe
        11⤵
        
        PID:10036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10036 -s 224
        12⤵
        
        PID:12636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5648 -s 216
        11⤵
        
        PID:11248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5028 -s 216
        10⤵
        
        PID:8052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3508 -s 216
        9⤵
        
        PID:6404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 748 -s 236
        8⤵
        
        PID:4748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2184 -s 236
        7⤵
        Program crash
        
        PID:3308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36544.exe
        6⤵
        
        PID:2020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29846.exe
        7⤵
        
        PID:2080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58813.exe
        8⤵
        
        PID:3076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23012.exe
        9⤵
        
        PID:4656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30859.exe
        10⤵
        
        PID:6716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62258.exe
        11⤵
        
        PID:9884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46699.exe
        12⤵
        
        PID:12864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9884 -s 220
        12⤵
        
        PID:12580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6716 -s 216
        11⤵
        
        PID:11136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4656 -s 216
        10⤵
        
        PID:8176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3076 -s 216
        9⤵
        
        PID:5152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61091.exe
        8⤵
        
        PID:4760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42976.exe
        9⤵
        
        PID:6900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38247.exe
        10⤵
        
        PID:10104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36886.exe
        11⤵
        
        PID:12472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10104 -s 216
        11⤵
        
        PID:924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6900 -s 216
        10⤵
        
        PID:10300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4760 -s 216
        9⤵
        
        PID:8240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2080 -s 240
        8⤵
        
        PID:5124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47116.exe
        7⤵
        
        PID:3116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37833.exe
        8⤵
        
        PID:4784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48710.exe
        9⤵
        
        PID:6300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48890.exe
        10⤵
        
        PID:9700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23155.exe
        11⤵
        
        PID:12804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9700 -s 216
        11⤵
        
        PID:6572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6300 -s 216
        10⤵
        
        PID:10920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4784 -s 236
        9⤵
        
        PID:7836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3116 -s 236
        8⤵
        
        PID:5724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2020 -s 240
        7⤵
        Program crash
        
        PID:3584
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1716 -s 240
        5⤵
        Program crash
        
        PID:2640
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2396 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1912
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31943.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31943.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13319.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13319.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1062.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:952
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 952 -s 240
        6⤵
        Program crash
        
        PID:2264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59448.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33712.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31138.exe
        7⤵
        Executes dropped EXE
        
        PID:1224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62518.exe
        8⤵
        
        PID:2444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35653.exe
        9⤵
        
        PID:3840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29395.exe
        10⤵
        
        PID:5756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59076.exe
        11⤵
        
        PID:8036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49477.exe
        12⤵
        
        PID:10692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39107.exe
        13⤵
        
        PID:12664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10692 -s 216
        13⤵
        
        PID:12884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8036 -s 216
        12⤵
        
        PID:11936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5756 -s 216
        11⤵
        
        PID:8740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3840 -s 216
        10⤵
        
        PID:6440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2444 -s 236
        9⤵
        
        PID:4940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40291.exe
        8⤵
        
        PID:3976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36027.exe
        9⤵
        
        PID:5420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7698.exe
        10⤵
        
        PID:7068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37863.exe
        11⤵
        
        PID:9992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47851.exe
        12⤵
        
        PID:12736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9992 -s 216
        12⤵
        
        PID:13248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7068 -s 216
        11⤵
        
        PID:11240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5420 -s 216
        10⤵
        
        PID:7804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3976 -s 216
        9⤵
        
        PID:6376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1224 -s 240
        8⤵
        
        PID:4836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42652.exe
        7⤵
        
        PID:1824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35077.exe
        8⤵
        
        PID:3628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21165.exe
        9⤵
        
        PID:6072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29139.exe
        10⤵
        
        PID:8096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59438.exe
        11⤵
        
        PID:11288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23122.exe
        12⤵
        
        PID:13928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11288 -s 236
        12⤵
        
        PID:13512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8096 -s 216
        11⤵
        
        PID:11740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6072 -s 216
        10⤵
        
        PID:9468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3628 -s 216
        9⤵
        
        PID:7412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1824 -s 236
        8⤵
        
        PID:5816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2960 -s 220
        7⤵
        Program crash
        
        PID:3292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4173.exe
        6⤵
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62134.exe
        7⤵
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26141.exe
        8⤵
        
        PID:3888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56068.exe
        9⤵
        
        PID:4468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38708.exe
        10⤵
        
        PID:7720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65024.exe
        11⤵
        
        PID:10288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42418.exe
        12⤵
        
        PID:12524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10288 -s 220
        12⤵
        
        PID:13988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7720 -s 220
        11⤵
        
        PID:11664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4468 -s 216
        10⤵
        
        PID:8952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3888 -s 236
        9⤵
        
        PID:6084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3338.exe
        8⤵
        
        PID:4548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62335.exe
        9⤵
        
        PID:7732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42824.exe
        10⤵
        
        PID:10420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3819.exe
        11⤵
        
        PID:13308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10420 -s 220
        11⤵
        
        PID:13544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7732 -s 216
        10⤵
        
        PID:11680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4548 -s 216
        9⤵
        
        PID:8960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2612 -s 220
        8⤵
        
        PID:6100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14443.exe
        7⤵
        
        PID:3960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-152.exe
        8⤵
        
        PID:4708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37937.exe
        9⤵
        
        PID:6052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62045.exe
        10⤵
        
        PID:9588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4405.exe
        11⤵
        
        PID:12504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9588 -s 216
        11⤵
        
        PID:5248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6052 -s 216
        10⤵
        
        PID:10856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4708 -s 216
        9⤵
        
        PID:7428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3960 -s 236
        8⤵
        
        PID:5392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 220
        7⤵
        Program crash
        
        PID:4004
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 944 -s 240
        6⤵
        Program crash
        
        PID:2868
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2196 -s 240
        5⤵
        Program crash
        
        PID:3032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12800.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12800.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38281.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25928.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31714.exe
        7⤵
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62134.exe
        8⤵
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19098.exe
        9⤵
        
        PID:4212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48518.exe
        10⤵
        
        PID:6064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62045.exe
        11⤵
        
        PID:9580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37379.exe
        12⤵
        
        PID:12596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9580 -s 216
        12⤵
        
        PID:12716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6064 -s 216
        11⤵
        
        PID:10848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4212 -s 236
        10⤵
        
        PID:7696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2236 -s 236
        9⤵
        
        PID:5584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40099.exe
        8⤵
        
        PID:3140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43126.exe
        9⤵
        
        PID:5448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42657.exe
        10⤵
        
        PID:8108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39965.exe
        11⤵
        
        PID:10768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20327.exe
        12⤵
        
        PID:12952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10768 -s 216
        12⤵
        
        PID:14220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8108 -s 216
        11⤵
        
        PID:11956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5448 -s 216
        10⤵
        
        PID:8772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3140 -s 216
        9⤵
        
        PID:7132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2772 -s 220
        8⤵
        
        PID:4844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1680 -s 236
        7⤵
        Program crash
        
        PID:3416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62118.exe
        6⤵
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12741.exe
        7⤵
        
        PID:1808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17973.exe
        8⤵
        
        PID:4012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15227.exe
        9⤵
        
        PID:4932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12856.exe
        10⤵
        
        PID:6036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39626.exe
        11⤵
        
        PID:9832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42418.exe
        12⤵
        
        PID:12516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9832 -s 220
        12⤵
        
        PID:13996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6036 -s 216
        11⤵
        
        PID:10584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4932 -s 236
        10⤵
        
        PID:7612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4012 -s 236
        9⤵
        
        PID:5412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2591.exe
        8⤵
        
        PID:5060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62109.exe
        9⤵
        
        PID:7268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9907.exe
        10⤵
        
        PID:9740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28656.exe
        11⤵
        
        PID:13056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9740 -s 216
        11⤵
        
        PID:13588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7268 -s 216
        10⤵
        
        PID:10436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5060 -s 216
        9⤵
        
        PID:8512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1808 -s 240
        8⤵
        
        PID:5716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63644.exe
        7⤵
        
        PID:3948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38601.exe
        8⤵
        
        PID:4156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18773.exe
        9⤵
        
        PID:6500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15964.exe
        10⤵
        
        PID:9628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9628 -s 212
        11⤵
        
        PID:13180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6500 -s 216
        10⤵
        
        PID:10984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4156 -s 216
        9⤵
        
        PID:8420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3948 -s 236
        8⤵
        
        PID:5888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2836 -s 220
        7⤵
        Program crash
        
        PID:3100
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2124 -s 240
        6⤵
        Program crash
        
        PID:2468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29689.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48242.exe
        6⤵
        
        PID:1212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4765.exe
        7⤵
        
        PID:1204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1444.exe
        8⤵
        
        PID:3324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22265.exe
        9⤵
        
        PID:4224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11105.exe
        10⤵
        
        PID:7372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59492.exe
        11⤵
        
        PID:9912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12573.exe
        12⤵
        
        PID:12532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9912 -s 216
        12⤵
        
        PID:5404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4224 -s 216
        10⤵
        
        PID:8620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3324 -s 236
        9⤵
        
        PID:6048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27479.exe
        8⤵
        
        PID:4388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63531.exe
        9⤵
        
        PID:6784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38138.exe
        10⤵
        
        PID:9916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12511.exe
        11⤵
        
        PID:13004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9916 -s 220
        11⤵
        
        PID:13504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6784 -s 216
        10⤵
        
        PID:11168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4388 -s 216
        9⤵
        
        PID:7316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1204 -s 240
        8⤵
        
        PID:5636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47116.exe
        7⤵
        
        PID:3148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14288.exe
        8⤵
        
        PID:4996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29663.exe
        9⤵
        
        PID:7676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64723.exe
        10⤵
        
        PID:9868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49901.exe
        11⤵
        
        PID:13276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9868 -s 216
        11⤵
        
        PID:13872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4996 -s 216
        9⤵
        
        PID:8892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3148 -s 236
        8⤵
        
        PID:5592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1212 -s 240
        7⤵
        Program crash
        
        PID:3904
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2528 -s 236
        6⤵
        Program crash
        
        PID:3364
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2536 -s 240
        5⤵
        Program crash
        
        PID:1692
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2668 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1112
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2192 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2656
- C:\Users\Admin\AppData\Local\Temp\Unicorn-25389.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-25389.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3052
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26345.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26345.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54352.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54352.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32666.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21945.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58600.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56218.exe
        8⤵
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3862.exe
        9⤵
        
        PID:3104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43318.exe
        10⤵
        
        PID:5368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59590.exe
        11⤵
        
        PID:7304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54228.exe
        12⤵
        
        PID:10520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58596.exe
        13⤵
        
        PID:13516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10520 -s 216
        13⤵
        
        PID:14272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7304 -s 216
        12⤵
        
        PID:12204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5368 -s 216
        11⤵
        
        PID:9308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3104 -s 216
        10⤵
        
        PID:7040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1648 -s 216
        9⤵
        
        PID:4624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17572.exe
        8⤵
        
        PID:616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18165.exe
        9⤵
        
        PID:3600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52555.exe
        10⤵
        
        PID:5300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43360.exe
        11⤵
        
        PID:6248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24215.exe
        12⤵
        
        PID:10232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14026.exe
        13⤵
        
        PID:12824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10232 -s 216
        13⤵
        
        PID:6584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6248 -s 216
        12⤵
        
        PID:10660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5300 -s 216
        11⤵
        
        PID:8288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3600 -s 216
        10⤵
        
        PID:6848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 616 -s 236
        9⤵
        
        PID:5044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2688 -s 220
        8⤵
        Program crash
        
        PID:3540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53758.exe
        7⤵
        
        PID:2952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46182.exe
        8⤵
        
        PID:932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18165.exe
        9⤵
        
        PID:3664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48990.exe
        10⤵
        
        PID:4480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12716.exe
        11⤵
        
        PID:7188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7987.exe
        12⤵
        
        PID:9708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16797.exe
        13⤵
        
        PID:4516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9708 -s 216
        13⤵
        
        PID:14184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7188 -s 216
        12⤵
        
        PID:10868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4480 -s 216
        11⤵
        
        PID:8460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3664 -s 216
        10⤵
        
        PID:6868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 932 -s 216
        9⤵
        
        PID:4232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22803.exe
        8⤵
        
        PID:3812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55129.exe
        9⤵
        
        PID:5116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39943.exe
        10⤵
        
        PID:7776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24184.exe
        11⤵
        
        PID:10264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20732.exe
        12⤵
        
        PID:13216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10264 -s 220
        12⤵
        
        PID:13524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7776 -s 220
        11⤵
        
        PID:11656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5116 -s 216
        10⤵
        
        PID:8984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3812 -s 236
        9⤵
        
        PID:5776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2952 -s 240
        8⤵
        Program crash
        
        PID:3408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2068 -s 240
        7⤵
        Program crash
        
        PID:2156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22398.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32783.exe
        7⤵
        
        PID:1952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20006.exe
        8⤵
        
        PID:3236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40438.exe
        9⤵
        
        PID:4604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28861.exe
        10⤵
        
        PID:7220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7987.exe
        11⤵
        
        PID:9688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9444.exe
        12⤵
        
        PID:12340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9688 -s 216
        12⤵
        
        PID:13908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7220 -s 216
        11⤵
        
        PID:11044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4604 -s 216
        10⤵
        
        PID:8488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3236 -s 216
        9⤵
        
        PID:6760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1952 -s 236
        8⤵
        
        PID:4292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26316.exe
        7⤵
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50344.exe
        8⤵
        
        PID:3732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18403.exe
        9⤵
        
        PID:5996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18723.exe
        10⤵
        
        PID:7952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51784.exe
        11⤵
        
        PID:11516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57714.exe
        12⤵
        
        PID:14116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11516 -s 216
        12⤵
        
        PID:7404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7952 -s 236
        11⤵
        
        PID:11300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5996 -s 216
        10⤵
        
        PID:9600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3732 -s 236
        9⤵
        
        PID:7396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2452 -s 236
        8⤵
        
        PID:4124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2692 -s 240
        7⤵
        Program crash
        
        PID:3372
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 704 -s 240
        6⤵
        Program crash
        
        PID:1764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10247.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50432.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16447.exe
        7⤵
        
        PID:1328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3670.exe
        8⤵
        
        PID:3268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2778.exe
        9⤵
        
        PID:5264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21547.exe
        10⤵
        
        PID:7976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24161.exe
        11⤵
        
        PID:11016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30631.exe
        12⤵
        
        PID:13704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11016 -s 236
        12⤵
        
        PID:7228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7976 -s 236
        11⤵
        
        PID:11340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5264 -s 216
        10⤵
        
        PID:9408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3268 -s 216
        9⤵
        
        PID:6972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1328 -s 216
        8⤵
        
        PID:4492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9980.exe
        7⤵
        
        PID:768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51989.exe
        8⤵
        
        PID:4016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-225.exe
        9⤵
        
        PID:6136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30037.exe
        10⤵
        
        PID:8300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62256.exe
        11⤵
        
        PID:11584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33101.exe
        12⤵
        
        PID:14300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11584 -s 216
        12⤵
        
        PID:7664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8300 -s 216
        11⤵
        
        PID:11408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6136 -s 236
        10⤵
        
        PID:9788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4016 -s 236
        9⤵
        
        PID:7556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 768 -s 236
        8⤵
        
        PID:5836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1528 -s 240
        7⤵
        Program crash
        
        PID:3452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4749.exe
        6⤵
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4573.exe
        7⤵
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19125.exe
        8⤵
        
        PID:3096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3162.exe
        9⤵
        
        PID:5476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37115.exe
        10⤵
        
        PID:7172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17446.exe
        11⤵
        
        PID:11320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15639.exe
        12⤵
        
        PID:13836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11320 -s 216
        12⤵
        
        PID:7264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7172 -s 236
        11⤵
        
        PID:11696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5476 -s 216
        10⤵
        
        PID:9512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3096 -s 216
        9⤵
        
        PID:7160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2104 -s 236
        8⤵
        
        PID:4584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48268.exe
        7⤵
        
        PID:3280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34766.exe
        8⤵
        
        PID:4676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38023.exe
        9⤵
        
        PID:7648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62289.exe
        10⤵
        
        PID:10152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17722.exe
        11⤵
        
        PID:12576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10152 -s 216
        11⤵
        
        PID:14020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7648 -s 216
        10⤵
        
        PID:10616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4676 -s 216
        9⤵
        
        PID:8884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3280 -s 216
        8⤵
        
        PID:6884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2844 -s 220
        7⤵
        
        PID:4316
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1188 -s 240
        6⤵
        Program crash
        
        PID:2804
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2008 -s 240
        5⤵
        Program crash
        
        PID:2988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20968.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20968.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46449.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34096.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2428 -s 240
        7⤵
        Program crash
        
        PID:3532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29253.exe
        6⤵
        
        PID:1136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13317.exe
        7⤵
        
        PID:2240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18741.exe
        8⤵
        
        PID:3672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59654.exe
        9⤵
        
        PID:5332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53451.exe
        10⤵
        
        PID:8004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31534.exe
        11⤵
        
        PID:11464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15420.exe
        12⤵
        
        PID:14144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12244.exe
        12⤵
        
        PID:13984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11464 -s 240
        12⤵
        
        PID:14052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8004 -s 216
        11⤵
        
        PID:11276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5332 -s 216
        10⤵
        
        PID:9416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3672 -s 216
        9⤵
        
        PID:7032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2240 -s 236
        8⤵
        
        PID:5108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30478.exe
        7⤵
        
        PID:3720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52555.exe
        8⤵
        
        PID:5316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45581.exe
        9⤵
        
        PID:7140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15964.exe
        10⤵
        
        PID:9636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9636 -s 212
        11⤵
        
        PID:12512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7140 -s 216
        10⤵
        
        PID:10992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5316 -s 216
        9⤵
        
        PID:8448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3720 -s 216
        8⤵
        
        PID:7008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1136 -s 240
        7⤵
        
        PID:4536
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2116 -s 240
        6⤵
        Program crash
        
        PID:2332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22398.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32207.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61942.exe
        7⤵
        
        PID:1096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59280.exe
        8⤵
        
        PID:3892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3354.exe
        9⤵
        
        PID:5384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38708.exe
        10⤵
        
        PID:7712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42824.exe
        11⤵
        
        PID:10444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52828.exe
        12⤵
        
        PID:4268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10444 -s 220
        12⤵
        
        PID:13636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7712 -s 216
        11⤵
        
        PID:11672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5384 -s 216
        10⤵
        
        PID:8936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3892 -s 216
        9⤵
        
        PID:7092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1096 -s 216
        8⤵
        
        PID:4192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32123.exe
        7⤵
        
        PID:4020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7059.exe
        8⤵
        
        PID:4868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4868 -s 240
        9⤵
        
        PID:6452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4020 -s 236
        8⤵
        
        PID:5800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2440 -s 220
        7⤵
        Program crash
        
        PID:3876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9980.exe
        6⤵
        
        PID:1908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18165.exe
        7⤵
        
        PID:3656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48274.exe
        8⤵
        
        PID:5244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18034.exe
        9⤵
        
        PID:8644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5261.exe
        10⤵
        
        PID:1500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46059.exe
        11⤵
        
        PID:13764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1500 -s 216
        11⤵
        
        PID:8092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8644 -s 216
        10⤵
        
        PID:12692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5244 -s 236
        9⤵
        
        PID:9720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3656 -s 216
        8⤵
        
        PID:7624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1908 -s 236
        7⤵
        
        PID:5896
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2016 -s 240
        6⤵
        Program crash
        
        PID:3300
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1304 -s 220
        5⤵
        Program crash
        
        PID:1904
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2556 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:444
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42654.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42654.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65530.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65530.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52697.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59251.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15569.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12632.exe
        8⤵
        
        PID:2120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24880.exe
        9⤵
        
        PID:3880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38217.exe
        10⤵
        
        PID:4944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65368.exe
        11⤵
        
        PID:6756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56503.exe
        12⤵
        
        PID:10188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4727.exe
        13⤵
        
        PID:13108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48945.exe
        14⤵
        
        PID:7060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10188 -s 216
        13⤵
        
        PID:13616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6756 -s 216
        12⤵
        
        PID:10488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4944 -s 216
        11⤵
        
        PID:8232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3880 -s 236
        10⤵
        
        PID:6424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2120 -s 236
        9⤵
        
        PID:4348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62191.exe
        8⤵
        
        PID:3936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-557.exe
        9⤵
        
        PID:4808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62602.exe
        10⤵
        
        PID:7328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10291.exe
        11⤵
        
        PID:9808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1385.exe
        12⤵
        
        PID:12608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9808 -s 216
        12⤵
        
        PID:14028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7328 -s 216
        11⤵
        
        PID:10588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4808 -s 216
        10⤵
        
        PID:8596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3936 -s 216
        9⤵
        
        PID:6620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2128 -s 240
        8⤵
        
        PID:4244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1812.exe
        7⤵
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64952.exe
        8⤵
        
        PID:3448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35067.exe
        9⤵
        
        PID:5516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40052.exe
        10⤵
        
        PID:7944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9876.exe
        11⤵
        
        PID:10576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59159.exe
        12⤵
        
        PID:13048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10576 -s 216
        12⤵
        
        PID:14288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7944 -s 220
        11⤵
        
        PID:11716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5516 -s 216
        10⤵
        
        PID:9116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3448 -s 216
        9⤵
        
        PID:6256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2892 -s 236
        8⤵
        
        PID:4888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2348 -s 240
        7⤵
        Program crash
        
        PID:2832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37312.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62383.exe
        7⤵
        
        PID:3816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54937.exe
        8⤵
        
        PID:4832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25872.exe
        9⤵
        
        PID:6308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32191.exe
        10⤵
        
        PID:10132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46699.exe
        11⤵
        
        PID:12876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10132 -s 220
        11⤵
        
        PID:5924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6308 -s 216
        10⤵
        
        PID:10324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4832 -s 216
        9⤵
        
        PID:8340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3816 -s 236
        8⤵
        
        PID:6352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2896 -s 236
        7⤵
        Program crash
        
        PID:3136
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1440 -s 240
        6⤵
        Program crash
        
        PID:1524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64959.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23162.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21185.exe
        7⤵
        
        PID:936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9996.exe
        8⤵
        
        PID:3592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39540.exe
        9⤵
        
        PID:4504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23822.exe
        10⤵
        
        PID:5660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39653.exe
        11⤵
        
        PID:9728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14986.exe
        12⤵
        
        PID:12768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9728 -s 216
        12⤵
        
        PID:6544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5660 -s 216
        11⤵
        
        PID:10940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4504 -s 216
        10⤵
        
        PID:7708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3592 -s 236
        9⤵
        
        PID:4972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36010.exe
        8⤵
        
        PID:4588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18472.exe
        9⤵
        
        PID:6856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40551.exe
        10⤵
        
        PID:9424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9885.exe
        11⤵
        
        PID:12400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9424 -s 236
        11⤵
        
        PID:13152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6856 -s 216
        10⤵
        
        PID:10704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4588 -s 216
        9⤵
        
        PID:8324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 936 -s 220
        8⤵
        
        PID:6116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47308.exe
        7⤵
        
        PID:3748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32332.exe
        8⤵
        
        PID:4380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49032.exe
        9⤵
        
        PID:6732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46415.exe
        10⤵
        
        PID:10076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62096.exe
        11⤵
        
        PID:13092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10076 -s 216
        11⤵
        
        PID:13600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6732 -s 216
        10⤵
        
        PID:10308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4380 -s 216
        9⤵
        
        PID:8224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3748 -s 236
        8⤵
        
        PID:5180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2356 -s 240
        7⤵
        Program crash
        
        PID:3824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25823.exe
        6⤵
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19317.exe
        7⤵
        
        PID:3932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35259.exe
        8⤵
        
        PID:5652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40052.exe
        9⤵
        
        PID:7936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25720.exe
        10⤵
        
        PID:10604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38372.exe
        11⤵
        
        PID:12452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10604 -s 220
        11⤵
        
        PID:14180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7936 -s 216
        10⤵
        
        PID:11780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5652 -s 216
        9⤵
        
        PID:9124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3932 -s 216
        8⤵
        
        PID:6944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2856 -s 236
        7⤵
        
        PID:4168
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2488 -s 240
        6⤵
        Program crash
        
        PID:3188
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2260 -s 240
        5⤵
        Program crash
        
        PID:696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40999.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40999.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65507.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1576
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1576 -s 240
        6⤵
        Program crash
        
        PID:1688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45289.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62217.exe
        6⤵
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56592.exe
        7⤵
        
        PID:4024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48798.exe
        8⤵
        
        PID:4824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49224.exe
        9⤵
        
        PID:6644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7494.exe
        10⤵
        
        PID:10160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41925.exe
        11⤵
        
        PID:13232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10160 -s 216
        11⤵
        
        PID:13864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6644 -s 216
        10⤵
        
        PID:10496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4824 -s 216
        9⤵
        
        PID:8216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4024 -s 236
        8⤵
        
        PID:6504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2700 -s 236
        7⤵
        
        PID:4572
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2216 -s 236
        6⤵
        Program crash
        
        PID:1940
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2072 -s 240
        5⤵
        Program crash
        
        PID:3048
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1936 -s 240
      4⤵
      Program crash
      PID:2340
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3052 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2784
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1712 -s 240
  2⤵
  - Program crash
  PID:2996

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-13319.exe

Filesize
184KB

MD5
6f48ba40fe3cb869696cf98f2edc1de2

SHA1
77454c35ed5d57556de90d6c65c12e33ea44aa0a

SHA256
bd4f74ac1e7aa756b1ac72c5de3a3b7a49b56113d1c65147df3cc753c3139e7e

SHA512
c18779cece4fb94a3fc8354611d179a030bc65514356a2083f2fd7d6575bb15b9fb5054fdc114521bf14c686f6437ba3f2bea641d1cbba8e316c1741fb0be74d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26345.exe

Filesize
184KB

MD5
e8d196144897e0f70a0ffe6713c27ede

SHA1
e946e864a335ad48765dd873d5f0d5ce366e79c3

SHA256
89236f90832911d6ae3be369f006c225efd281d547741670f983b2edb4250867

SHA512
31fefbdf065cc1f1d17f02e3d50a4e6cf76a27ce295eb7108d1ca6fcf5d924e7cb13862d9a2887ce929be6d154823378531f1eae8fa62fdf0157b1d3173fea6b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30283.exe

Filesize
184KB

MD5
b38e79e95051452a8edb5b79794b3269

SHA1
3876f57db67a08d16da0bcccaeaf590d80586255

SHA256
afbdca7a4236acd2b3021d52e0ac029f817f007fde778dd9edc8f3dd0078392b

SHA512
a4f80ad3af98265aec8b7c0332eb06349f09b112bf7d539cd5bb2ed4b391435d472798f21089a576393347151a338679a3fdcfc56f8db839d9687aa6e8600ff1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30859.exe

Filesize
184KB

MD5
87f74fd022471046a962ac9d237908a9

SHA1
5a8e90954a8c05da53c5a19b5b18d6c9243a7a9d

SHA256
12dbfa8104bae8a31270c22d750f55fbf1d4337cd2e4a73b95a8dcf313da424a

SHA512
7dc667b50597ae74ad433048253e9382fdab6bab6d0bf91d2c2a4f9d5b719947409315098fd49118f46b85ff0c24557bd567b6287ab1bd0b4fb5e2322ca3a4d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39683.exe

Filesize
184KB

MD5
71da8cebd309fc68464ebf0053fef1fc

SHA1
429df1076226ed3f8764a7472f5f50e8fd79b9cd

SHA256
ac9968e68ec3101a3fd7694ba4d2da8d76ae299b7388772f26ac302a4aea6a57

SHA512
d2e5aa58654b5bc9901a3f87a90dfa1c56c7971a03606c000771a4c715892e59ebb7b3db94190f8b35cc7e1a6b00b88a4ed08ef52376c1d998d66ae7f1a448db

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40291.exe

Filesize
184KB

MD5
df4d0651c205fdf9b77fa0c79ec1d795

SHA1
93f1605b85c254b955c35e69b01833cb0da1fdba

SHA256
f8347d6ee3cfb64c6f72eb748108b8e969ed703f3e977d7ad6796e91cfba82ed

SHA512
576f69b53e77a8841c8a942967e81ed80b5b1ffd1b6356a472a83cb704cd2a3e2e2d343bfd44141a2f51f504695d9a7db771f237398d4d78c10680164cc50d25

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40999.exe

Filesize
184KB

MD5
7745e139fa27980a2e69ef82aca5c614

SHA1
6cad960fc0857548b881e8270150791a7d9ed817

SHA256
b9a7652182146db71f96f8627dc112d7757fb2f6ea5c1fea845d3fece06ee2fa

SHA512
46a01779b9a80de6b2d39da83393f31a8e85d4834daf2176d2d71e91f23d0da80e46401ba52af4afc96209f7e87070506b1597ca9bda67aa1d5c89b08d07b458

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54352.exe

Filesize
184KB

MD5
3f2bfd660fa1b7a97a4ba81c00e069ef

SHA1
d170ac4e79b3d190da45720c33c9283f217909a6

SHA256
ceaca7e5ec289bdd5db6e15c3d96c2d6a5b087abc513e2b719023655d8644be9

SHA512
5a87e891fb77e9153e4662e9b8575351b05015a262b0bfe835b6080f739a5c15e29d7c04130288027f3f4a565f93762cd48e889d52aa5b9b3e03b6f629652ede

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-25389.exe

Filesize
184KB

MD5
094c034dbacaf60e4dbac72c4c5ec8cf

SHA1
0cccd924e041b8f37ace93cb58dd98118220655f

SHA256
eccb4aa489465a959441983c3651bfbf487be2cf0f32190be2032051d12595a7

SHA512
42c8bb3779948ca7c10d54b1cdc5814362659ec77c3d6d84c773680b984d094fd35bc0439753e45465f86537dba5d4cfd105b6d833cc2097be40bd933f9357a5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-29848.exe

Filesize
184KB

MD5
05ebd64e2941e4bf2c0b20e49fddcd5a

SHA1
d2dd3021a7e084c4563ac2da2e0c599758ea5901

SHA256
62e8bdfa7796f53eb59191f2d6a12b0a28a43f94ebee62675c6e8c18fe0e0f25

SHA512
dc27c4598be8286299c8d4e04f364d1b22f1b86156bce2dceb98ade99f0b6a97870c964b42e8318c6ada93783f5e539511d452cddb5f1028f8647f8c740889e8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-31943.exe

Filesize
184KB

MD5
2e163555759e2be205db6e057da8e2c7

SHA1
41f52696ef1b1c4904699f5de23e027facacbc0a

SHA256
ae2173b4a5e20a5a82c6f6e727236c9fb0d37a267e468fac84a1b5465e7fb823

SHA512
c912dc1f9c8940ef37962f1502dd6340773e571e790470c158799e2c4062a569483368704278f3ef7f1b9318f9503f1b7bf1d2176098e737305811e0c0ed0cc1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-33584.exe

Filesize
184KB

MD5
99ecd927ac464902be94eb16ef218467

SHA1
e17773240157525187b464c5a5d168082794d779

SHA256
f7239d31ab53c81002d2cb7c93aad4ebf88737e473725302d165b61ca2c55f12

SHA512
06bfd37af31f89db70b65a8b3f3dea919b5ee2f13a6a2d6691004e04c7f44c00dac6563faedc364ad40e17c8d665a3ee38112f0fe1b8491e2798bbe2190507e4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-37087.exe

Filesize
184KB

MD5
d3f937f2882e5e38c2c711f45e4e32f3

SHA1
f7f6a253e0f6eb96efc684cb7308ff6d3ee69668

SHA256
12fa17106d335938b307cb3b228d7725ded4619f4605391427894280a4cb4d07

SHA512
7cdb6a9346940a9019b6a04306e7f85c64e925584c17118e57f0c9e348975622011200ec43dd58e4de9d4ad632db5e39e461464c42da6270b1462ec7723a88c3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-42654.exe

Filesize
184KB

MD5
068e85d854cf4100e216a3cdd6affe6b

SHA1
aafd5559555570b0078e13e46aaae556f230609b

SHA256
8291bef643a2a1cc79b9c072e738086d84e364d61c82650e38b166d3183ed58c

SHA512
f51a11eece41643ec27c19a5535a026b1e9f5378e5f0dd7f9cf56bee9c7a8efd9122ce71f8a8d395430980e46c4d46ecbca9c0c489ae08228a9f2797997b7700

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-51809.exe

Filesize
184KB

MD5
e6c6c44d537c0147ceef40068261b24d

SHA1
ae3cefc4ddc2935046336c3c5c0dc0f1f5e4e427

SHA256
12215f28e8bf29dd190cc00e7e01c4e68ff8620024be7c3139ed649485eda403

SHA512
c309127f2622e0d0b1542ec7998d7d3e5685aa7e0a535de2097678deaf468dc12fb9464273aa63932b60abaa5be1d25b5781e8a482e58662a4e4310f651a2387

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-53257.exe

Filesize
184KB

MD5
7275b9070c8fa9bf6da77889fcfcf657

SHA1
725f256eeafea48587deba7d3d04bd1a8d324b30

SHA256
32120d4437707c8548371ba6d3722d70b5e20df86d81ff945c81cd3f28fe2c68

SHA512
eb4201ac235f69304df97662392a30f5a36bf556e98cd7a35e9f9f958cbe384b8061a36dd45c245feea8a038dab9d24a3024cc54157c639ff37e5499f35a50de

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-58991.exe

Filesize
184KB

MD5
afcd8205162c2264debd04fbdbbed560

SHA1
9926cfb07143816d81a0fafc78964d3277a392c5

SHA256
2b0f6c6ba210ecce46176187ed88067fa8dca6554d2a64b39d272e5e51f8dcce

SHA512
4f931dba549c93685448aa30dbcef51d0074004dd694fe6e6c5c7c9e66f389e73e997c49a28c3d14f1bbecec96b8ea5a6d1ed8b4dbdd71dc6d301ae0484c8dee

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-65530.exe

Filesize
184KB

MD5
bdb564679f056b34a6ecb75a933bcc66

SHA1
82187258213b807fd7494e91c2892364ab28f81e

SHA256
c5a0703d000f6a13f3924904f4419168d3de24a16388ffda2749713477f5d58e

SHA512
6ecb54f1992a0d4206b8fd97140c2a7975d6c8dccb27304399d28d27b32860bed1abb1f1c01bcd3f9e12a6cf942cc51d282f92c1aa6e2e692d0da6c3fd7e1f80

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-7585.exe

Filesize
184KB

MD5
34d33cbb366f929927dd5034d49801ec

SHA1
b2aca0c00e3a87d6cb2ec26f9d28e211a97d1b3c

SHA256
d30296154cf7ab863dd7ec8778b562686c31af2b8bf7c39a03bc473ec4dec750

SHA512
dd58e23fd9e210c9724bc2250079bd61ffbfb8804195fcf49f0ab93cf0b22c5d2a06a0e02eb3f142967a2d3f96465b9c9d9745990d097df66fde2515edb1e751

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads