574bbc218640c13b96e22efefd7193a6b9b86b42778b6bf1a5d81cd5674468f4

Analysis

max time kernel
150s
max time network
119s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
26-05-2024 22:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

07957c7937e351cea3c2075c2a428c60_NeikiAnalytics.exe
Size

184KB
MD5

07957c7937e351cea3c2075c2a428c60
SHA1

eca81c2c21af8ae2af0cbf2bd4b1bfd2c47d67c2
SHA256

574bbc218640c13b96e22efefd7193a6b9b86b42778b6bf1a5d81cd5674468f4
SHA512

f04d31182288db2e9e99cc8953b68fe7823448f6d737d9644f4362bedb798063f27ae62958d447d899530e798f1e31f8315ac1031f45f973f8cb6a1b914d0d4e
SSDEEP

3072:4/aOgxoT7/OKdSmWefVLoKsghlnViF7n3:4/Ko2GSmrLjsghlnViF7

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2856	Unicorn-62911.exe
2620	Unicorn-38298.exe
2752	Unicorn-45075.exe
2504	Unicorn-57924.exe
2648	Unicorn-3248.exe
2508	Unicorn-19030.exe
2728	Unicorn-2776.exe
2836	Unicorn-9361.exe
1780	Unicorn-16975.exe
1276	Unicorn-27835.exe
1472	Unicorn-47701.exe
1688	Unicorn-23244.exe
2940	Unicorn-64831.exe
1632	Unicorn-19160.exe
2264	Unicorn-38210.exe
788	Unicorn-40902.exe
1404	Unicorn-25958.exe
1572	Unicorn-25958.exe
2280	Unicorn-32734.exe
2436	Unicorn-35278.exe
1448	Unicorn-61920.exe
1476	Unicorn-37970.exe
1284	Unicorn-53752.exe
2008	Unicorn-3160.exe
2112	Unicorn-45584.exe
2328	Unicorn-17358.exe
1948	Unicorn-6497.exe
876	Unicorn-29056.exe
1748	Unicorn-63866.exe
2376	Unicorn-44001.exe
892	Unicorn-39916.exe
1672	Unicorn-59782.exe
2868	Unicorn-2688.exe
1952	Unicorn-9465.exe
2764	Unicorn-12802.exe
2492	Unicorn-54390.exe
2968	Unicorn-18833.exe
1556	Unicorn-45475.exe
2816	Unicorn-2496.exe
2848	Unicorn-9273.exe
1564	Unicorn-63949.exe
2208	Unicorn-59865.exe
900	Unicorn-55589.exe
1316	Unicorn-62366.exe
2080	Unicorn-31639.exe
2952	Unicorn-12610.exe
2232	Unicorn-54198.exe
2948	Unicorn-8526.exe
2424	Unicorn-43337.exe
780	Unicorn-35444.exe
676	Unicorn-50389.exe
396	Unicorn-4717.exe
1676	Unicorn-53918.exe
2444	Unicorn-60695.exe
1424	Unicorn-49834.exe
1500	Unicorn-25138.exe
1528	Unicorn-31914.exe
3064	Unicorn-51780.exe
2784	Unicorn-1188.exe
2500	Unicorn-19470.exe
2496	Unicorn-35252.exe
2928	Unicorn-46113.exe
2804	Unicorn-7218.exe
1856	Unicorn-33882.exe

Loads dropped DLL 64 IoCs

pid	Process
3008	07957c7937e351cea3c2075c2a428c60_NeikiAnalytics.exe
3008	07957c7937e351cea3c2075c2a428c60_NeikiAnalytics.exe
2856	Unicorn-62911.exe
2856	Unicorn-62911.exe
3008	07957c7937e351cea3c2075c2a428c60_NeikiAnalytics.exe
3008	07957c7937e351cea3c2075c2a428c60_NeikiAnalytics.exe
2620	Unicorn-38298.exe
2620	Unicorn-38298.exe
2856	Unicorn-62911.exe
2856	Unicorn-62911.exe
2752	Unicorn-45075.exe
2752	Unicorn-45075.exe
2152	WerFault.exe
2152	WerFault.exe
2152	WerFault.exe
2152	WerFault.exe
2152	WerFault.exe
2504	Unicorn-57924.exe
2504	Unicorn-57924.exe
2620	Unicorn-38298.exe
2620	Unicorn-38298.exe
2648	Unicorn-3248.exe
2648	Unicorn-3248.exe
2752	Unicorn-45075.exe
2752	Unicorn-45075.exe
2508	Unicorn-19030.exe
2508	Unicorn-19030.exe
1648	WerFault.exe
1648	WerFault.exe
1648	WerFault.exe
1648	WerFault.exe
1648	WerFault.exe
2040	WerFault.exe
2040	WerFault.exe
2040	WerFault.exe
2040	WerFault.exe
2040	WerFault.exe
2728	Unicorn-2776.exe
2728	Unicorn-2776.exe
2504	Unicorn-57924.exe
2504	Unicorn-57924.exe
2836	Unicorn-9361.exe
2836	Unicorn-9361.exe
1780	Unicorn-16975.exe
1780	Unicorn-16975.exe
2648	Unicorn-3248.exe
2648	Unicorn-3248.exe
1472	Unicorn-47701.exe
1276	Unicorn-27835.exe
1472	Unicorn-47701.exe
1276	Unicorn-27835.exe
2508	Unicorn-19030.exe
2508	Unicorn-19030.exe
2428	WerFault.exe
2428	WerFault.exe
2428	WerFault.exe
2428	WerFault.exe
2428	WerFault.exe
2348	WerFault.exe
2348	WerFault.exe
2348	WerFault.exe
2348	WerFault.exe
2348	WerFault.exe
1936	WerFault.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2768	3008	WerFault.exe	27
2152	2856	WerFault.exe	28
1648	2620	WerFault.exe	29
2040	2752	WerFault.exe	30
2428	2504	WerFault.exe	32
2348	2648	WerFault.exe	33
1936	2508	WerFault.exe	34
2572	2728	WerFault.exe	36
356	2836	WerFault.exe	37
1668	1780	WerFault.exe	38
2688	1472	WerFault.exe	40
2684	1276	WerFault.exe	39
768	2940	WerFault.exe	44
1064	1632	WerFault.exe	45
1728	1688	WerFault.exe	43
1788	2264	WerFault.exe	46
2344	788	WerFault.exe	47
1468	1404	WerFault.exe	48
1760	2280	WerFault.exe	50
928	1572	WerFault.exe	49
1960	2436	WerFault.exe	54
1524	1448	WerFault.exe	55
2476	1476	WerFault.exe	56
2532	2008	WerFault.exe	58
2964	1284	WerFault.exe	57
1440	2328	WerFault.exe	60
108	1672	WerFault.exe	66
2128	1948	WerFault.exe	61
1260	2112	WerFault.exe	59
1268	1748	WerFault.exe	63
2548	876	WerFault.exe	62
2924	892	WerFault.exe	65
2288	2376	WerFault.exe	64
3296	2868	WerFault.exe	72
3320	2492	WerFault.exe	75
3396	1556	WerFault.exe	77
3420	2816	WerFault.exe	78
3452	1952	WerFault.exe	73
3496	2764	WerFault.exe	74
3576	2968	WerFault.exe	76
3844	2952	WerFault.exe	85
3904	2232	WerFault.exe	86
4028	1316	WerFault.exe	83
4036	900	WerFault.exe	82
3156	2948	WerFault.exe	87
3656	2080	WerFault.exe	84
3716	2424	WerFault.exe	88
3728	2208	WerFault.exe	81
3756	1676	WerFault.exe	100
3888	2848	WerFault.exe	79
3208	780	WerFault.exe	94
3212	2804	WerFault.exe	110
3292	2016	WerFault.exe	116
3644	1928	WerFault.exe	121
3696	328	WerFault.exe	118
3700	2192	WerFault.exe	115
3836	2832	WerFault.exe	114
4052	592	WerFault.exe	122
4024	2188	WerFault.exe	113
3180	264	WerFault.exe	119
3232	1856	WerFault.exe	111
3660	2096	WerFault.exe	117
4180	2484	WerFault.exe	129
4380	2712	WerFault.exe	133

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
3008	07957c7937e351cea3c2075c2a428c60_NeikiAnalytics.exe
2856	Unicorn-62911.exe
2620	Unicorn-38298.exe
2752	Unicorn-45075.exe
2504	Unicorn-57924.exe
2648	Unicorn-3248.exe
2508	Unicorn-19030.exe
2728	Unicorn-2776.exe
2836	Unicorn-9361.exe
1780	Unicorn-16975.exe
1472	Unicorn-47701.exe
1276	Unicorn-27835.exe
1688	Unicorn-23244.exe
2940	Unicorn-64831.exe
1632	Unicorn-19160.exe
2264	Unicorn-38210.exe
788	Unicorn-40902.exe
1404	Unicorn-25958.exe
1572	Unicorn-25958.exe
2280	Unicorn-32734.exe
2436	Unicorn-35278.exe
1448	Unicorn-61920.exe
1476	Unicorn-37970.exe
1284	Unicorn-53752.exe
2008	Unicorn-3160.exe
2112	Unicorn-45584.exe
2328	Unicorn-17358.exe
1948	Unicorn-6497.exe
876	Unicorn-29056.exe
1748	Unicorn-63866.exe
2376	Unicorn-44001.exe
1672	Unicorn-59782.exe
892	Unicorn-39916.exe
2868	Unicorn-2688.exe
1952	Unicorn-9465.exe
2764	Unicorn-12802.exe
2492	Unicorn-54390.exe
2968	Unicorn-18833.exe
1556	Unicorn-45475.exe
2816	Unicorn-2496.exe
2848	Unicorn-9273.exe
1564	Unicorn-63949.exe
2208	Unicorn-59865.exe
2952	Unicorn-12610.exe
1316	Unicorn-62366.exe
900	Unicorn-55589.exe
2080	Unicorn-31639.exe
2232	Unicorn-54198.exe
2948	Unicorn-8526.exe
2424	Unicorn-43337.exe
780	Unicorn-35444.exe
676	Unicorn-50389.exe
396	Unicorn-4717.exe
1676	Unicorn-53918.exe
2444	Unicorn-60695.exe
1424	Unicorn-49834.exe
1500	Unicorn-25138.exe
1528	Unicorn-31914.exe
3064	Unicorn-51780.exe
2784	Unicorn-1188.exe
2500	Unicorn-19470.exe
2496	Unicorn-35252.exe
2928	Unicorn-46113.exe
2804	Unicorn-7218.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3008 wrote to memory of 2856	3008	07957c7937e351cea3c2075c2a428c60_NeikiAnalytics.exe	28
PID 3008 wrote to memory of 2856	3008	07957c7937e351cea3c2075c2a428c60_NeikiAnalytics.exe	28
PID 3008 wrote to memory of 2856	3008	07957c7937e351cea3c2075c2a428c60_NeikiAnalytics.exe	28
PID 3008 wrote to memory of 2856	3008	07957c7937e351cea3c2075c2a428c60_NeikiAnalytics.exe	28
PID 2856 wrote to memory of 2620	2856	Unicorn-62911.exe	29
PID 2856 wrote to memory of 2620	2856	Unicorn-62911.exe	29
PID 2856 wrote to memory of 2620	2856	Unicorn-62911.exe	29
PID 2856 wrote to memory of 2620	2856	Unicorn-62911.exe	29
PID 3008 wrote to memory of 2752	3008	07957c7937e351cea3c2075c2a428c60_NeikiAnalytics.exe	30
PID 3008 wrote to memory of 2752	3008	07957c7937e351cea3c2075c2a428c60_NeikiAnalytics.exe	30
PID 3008 wrote to memory of 2752	3008	07957c7937e351cea3c2075c2a428c60_NeikiAnalytics.exe	30
PID 3008 wrote to memory of 2752	3008	07957c7937e351cea3c2075c2a428c60_NeikiAnalytics.exe	30
PID 3008 wrote to memory of 2768	3008	07957c7937e351cea3c2075c2a428c60_NeikiAnalytics.exe	31
PID 3008 wrote to memory of 2768	3008	07957c7937e351cea3c2075c2a428c60_NeikiAnalytics.exe	31
PID 3008 wrote to memory of 2768	3008	07957c7937e351cea3c2075c2a428c60_NeikiAnalytics.exe	31
PID 3008 wrote to memory of 2768	3008	07957c7937e351cea3c2075c2a428c60_NeikiAnalytics.exe	31
PID 2620 wrote to memory of 2504	2620	Unicorn-38298.exe	32
PID 2620 wrote to memory of 2504	2620	Unicorn-38298.exe	32
PID 2620 wrote to memory of 2504	2620	Unicorn-38298.exe	32
PID 2620 wrote to memory of 2504	2620	Unicorn-38298.exe	32
PID 2856 wrote to memory of 2648	2856	Unicorn-62911.exe	33
PID 2856 wrote to memory of 2648	2856	Unicorn-62911.exe	33
PID 2856 wrote to memory of 2648	2856	Unicorn-62911.exe	33
PID 2856 wrote to memory of 2648	2856	Unicorn-62911.exe	33
PID 2752 wrote to memory of 2508	2752	Unicorn-45075.exe	34
PID 2752 wrote to memory of 2508	2752	Unicorn-45075.exe	34
PID 2752 wrote to memory of 2508	2752	Unicorn-45075.exe	34
PID 2752 wrote to memory of 2508	2752	Unicorn-45075.exe	34
PID 2856 wrote to memory of 2152	2856	Unicorn-62911.exe	35
PID 2856 wrote to memory of 2152	2856	Unicorn-62911.exe	35
PID 2856 wrote to memory of 2152	2856	Unicorn-62911.exe	35
PID 2856 wrote to memory of 2152	2856	Unicorn-62911.exe	35
PID 2504 wrote to memory of 2728	2504	Unicorn-57924.exe	36
PID 2504 wrote to memory of 2728	2504	Unicorn-57924.exe	36
PID 2504 wrote to memory of 2728	2504	Unicorn-57924.exe	36
PID 2504 wrote to memory of 2728	2504	Unicorn-57924.exe	36
PID 2620 wrote to memory of 2836	2620	Unicorn-38298.exe	37
PID 2620 wrote to memory of 2836	2620	Unicorn-38298.exe	37
PID 2620 wrote to memory of 2836	2620	Unicorn-38298.exe	37
PID 2620 wrote to memory of 2836	2620	Unicorn-38298.exe	37
PID 2648 wrote to memory of 1780	2648	Unicorn-3248.exe	38
PID 2648 wrote to memory of 1780	2648	Unicorn-3248.exe	38
PID 2648 wrote to memory of 1780	2648	Unicorn-3248.exe	38
PID 2648 wrote to memory of 1780	2648	Unicorn-3248.exe	38
PID 2752 wrote to memory of 1276	2752	Unicorn-45075.exe	39
PID 2752 wrote to memory of 1276	2752	Unicorn-45075.exe	39
PID 2752 wrote to memory of 1276	2752	Unicorn-45075.exe	39
PID 2752 wrote to memory of 1276	2752	Unicorn-45075.exe	39
PID 2508 wrote to memory of 1472	2508	Unicorn-19030.exe	40
PID 2508 wrote to memory of 1472	2508	Unicorn-19030.exe	40
PID 2508 wrote to memory of 1472	2508	Unicorn-19030.exe	40
PID 2508 wrote to memory of 1472	2508	Unicorn-19030.exe	40
PID 2620 wrote to memory of 1648	2620	Unicorn-38298.exe	41
PID 2620 wrote to memory of 1648	2620	Unicorn-38298.exe	41
PID 2620 wrote to memory of 1648	2620	Unicorn-38298.exe	41
PID 2620 wrote to memory of 1648	2620	Unicorn-38298.exe	41
PID 2752 wrote to memory of 2040	2752	Unicorn-45075.exe	42
PID 2752 wrote to memory of 2040	2752	Unicorn-45075.exe	42
PID 2752 wrote to memory of 2040	2752	Unicorn-45075.exe	42
PID 2752 wrote to memory of 2040	2752	Unicorn-45075.exe	42
PID 2728 wrote to memory of 1688	2728	Unicorn-2776.exe	43
PID 2728 wrote to memory of 1688	2728	Unicorn-2776.exe	43
PID 2728 wrote to memory of 1688	2728	Unicorn-2776.exe	43
PID 2728 wrote to memory of 1688	2728	Unicorn-2776.exe	43

C:\Users\Admin\AppData\Local\Temp\07957c7937e351cea3c2075c2a428c60_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\07957c7937e351cea3c2075c2a428c60_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3008
- C:\Users\Admin\AppData\Local\Temp\Unicorn-62911.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-62911.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2856
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38298.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38298.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57924.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57924.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2776.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23244.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53752.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2496.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35252.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33052.exe
        10⤵
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12906.exe
        11⤵
        
        PID:3676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50981.exe
        12⤵
        
        PID:4148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47935.exe
        13⤵
        
        PID:7256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9523.exe
        14⤵
        
        PID:10016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12095.exe
        15⤵
        
        PID:7960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7256 -s 216
        14⤵
        
        PID:11136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4148 -s 216
        13⤵
        
        PID:7772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3676 -s 216
        12⤵
        
        PID:6124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2736 -s 216
        11⤵
        
        PID:4568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25713.exe
        10⤵
        
        PID:3808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49419.exe
        11⤵
        
        PID:4500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39767.exe
        12⤵
        
        PID:6728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53270.exe
        13⤵
        
        PID:10112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20155.exe
        14⤵
        
        PID:8284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6728 -s 216
        13⤵
        
        PID:11228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4500 -s 216
        12⤵
        
        PID:7908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3808 -s 236
        11⤵
        
        PID:6164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2496 -s 240
        10⤵
        
        PID:4736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6772.exe
        9⤵
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48101.exe
        10⤵
        
        PID:3084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59040.exe
        11⤵
        
        PID:4892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54889.exe
        12⤵
        
        PID:7572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27012.exe
        13⤵
        
        PID:9748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32324.exe
        14⤵
        
        PID:8656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7572 -s 216
        13⤵
        
        PID:10456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4892 -s 216
        12⤵
        
        PID:8460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3084 -s 216
        11⤵
        
        PID:6384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1716 -s 236
        10⤵
        
        PID:4964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2816 -s 240
        9⤵
        Program crash
        
        PID:3420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7218.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42974.exe
        9⤵
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11043.exe
        10⤵
        
        PID:4088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50042.exe
        11⤵
        
        PID:5660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16654.exe
        12⤵
        
        PID:8052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55730.exe
        13⤵
        
        PID:10844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8052 -s 220
        13⤵
        
        PID:11540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5660 -s 216
        12⤵
        
        PID:8796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4088 -s 216
        11⤵
        
        PID:6820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2516 -s 236
        10⤵
        
        PID:5008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2804 -s 236
        9⤵
        Program crash
        
        PID:3212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1284 -s 240
        8⤵
        Program crash
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9273.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33882.exe
        8⤵
        Executes dropped EXE
        
        PID:1856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44427.exe
        9⤵
        
        PID:924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5397.exe
        10⤵
        
        PID:3564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32528.exe
        11⤵
        
        PID:6024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56015.exe
        12⤵
        
        PID:8264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26047.exe
        13⤵
        
        PID:10428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8264 -s 236
        13⤵
        
        PID:12072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6024 -s 216
        12⤵
        
        PID:9564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3564 -s 216
        11⤵
        
        PID:6904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 924 -s 236
        10⤵
        
        PID:5636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1856 -s 236
        9⤵
        Program crash
        
        PID:3232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51204.exe
        8⤵
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15319.exe
        9⤵
        
        PID:4336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59855.exe
        10⤵
        
        PID:5784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61469.exe
        11⤵
        
        PID:8032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31226.exe
        12⤵
        
        PID:10760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8032 -s 216
        12⤵
        
        PID:11492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5784 -s 216
        11⤵
        
        PID:9380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4336 -s 216
        10⤵
        
        PID:7320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2848 -s 240
        8⤵
        Program crash
        
        PID:3888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1688 -s 240
        7⤵
        Program crash
        
        PID:1728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3160.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45475.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51780.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22746.exe
        9⤵
        
        PID:904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35849.exe
        10⤵
        
        PID:3168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14992.exe
        11⤵
        
        PID:4704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52751.exe
        12⤵
        
        PID:7620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62507.exe
        13⤵
        
        PID:10060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30378.exe
        14⤵
        
        PID:8616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7620 -s 216
        13⤵
        
        PID:10508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4704 -s 216
        12⤵
        
        PID:8536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3168 -s 216
        11⤵
        
        PID:6368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 904 -s 236
        10⤵
        
        PID:4972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21136.exe
        9⤵
        
        PID:3216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24230.exe
        10⤵
        
        PID:4140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39622.exe
        11⤵
        
        PID:8000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52777.exe
        12⤵
        
        PID:10008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8000 -s 216
        12⤵
        
        PID:10736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4140 -s 216
        11⤵
        
        PID:8760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3216 -s 216
        10⤵
        
        PID:6392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3064 -s 240
        9⤵
        
        PID:5020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60249.exe
        8⤵
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47717.exe
        9⤵
        
        PID:3704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12086.exe
        10⤵
        
        PID:4216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45221.exe
        11⤵
        
        PID:6596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4069.exe
        12⤵
        
        PID:10044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39485.exe
        13⤵
        
        PID:11340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6596 -s 216
        12⤵
        
        PID:11204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4216 -s 216
        11⤵
        
        PID:7836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3704 -s 216
        10⤵
        
        PID:5300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2800 -s 236
        9⤵
        
        PID:4560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1556 -s 240
        8⤵
        Program crash
        
        PID:3396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1188.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37136.exe
        8⤵
        
        PID:3004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3176.exe
        9⤵
        
        PID:4004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8386.exe
        10⤵
        
        PID:4696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1028.exe
        11⤵
        
        PID:7444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53270.exe
        12⤵
        
        PID:10104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12650.exe
        13⤵
        
        PID:7484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7444 -s 216
        12⤵
        
        PID:11236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4696 -s 216
        11⤵
        
        PID:8332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4004 -s 236
        10⤵
        
        PID:6204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3004 -s 236
        9⤵
        
        PID:4760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1785.exe
        8⤵
        
        PID:4056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44567.exe
        9⤵
        
        PID:5760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28522.exe
        10⤵
        
        PID:7808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2637.exe
        11⤵
        
        PID:10724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7808 -s 216
        11⤵
        
        PID:11408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5760 -s 216
        10⤵
        
        PID:8520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4056 -s 236
        9⤵
        
        PID:6872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2784 -s 240
        8⤵
        
        PID:4904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2008 -s 240
        7⤵
        Program crash
        
        PID:2532
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2728 -s 240
        6⤵
        Program crash
        
        PID:2572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64831.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35278.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2688.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35444.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63238.exe
        9⤵
        
        PID:1140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65184.exe
        10⤵
        
        PID:3256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11977.exe
        11⤵
        
        PID:4300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43021.exe
        12⤵
        
        PID:7788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50831.exe
        13⤵
        
        PID:10188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7788 -s 216
        13⤵
        
        PID:10644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4300 -s 216
        12⤵
        
        PID:8680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3256 -s 216
        11⤵
        
        PID:6416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1140 -s 236
        10⤵
        
        PID:5032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24945.exe
        9⤵
        
        PID:3356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32040.exe
        10⤵
        
        PID:4492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26647.exe
        10⤵
        
        PID:4872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14878.exe
        11⤵
        
        PID:6212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58916.exe
        12⤵
        
        PID:9948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51929.exe
        13⤵
        
        PID:7924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6212 -s 216
        12⤵
        
        PID:11080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4872 -s 236
        11⤵
        
        PID:7264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3356 -s 220
        10⤵
        
        PID:5840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 780 -s 240
        9⤵
        Program crash
        
        PID:3208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43372.exe
        8⤵
        
        PID:2484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49087.exe
        9⤵
        
        PID:3344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54790.exe
        10⤵
        
        PID:4440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62761.exe
        11⤵
        
        PID:5304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9227.exe
        12⤵
        
        PID:8692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42487.exe
        13⤵
        
        PID:12044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8692 -s 216
        13⤵
        
        PID:11520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5304 -s 216
        12⤵
        
        PID:9840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4440 -s 236
        11⤵
        
        PID:7604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3344 -s 236
        10⤵
        
        PID:5872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2484 -s 216
        9⤵
        Program crash
        
        PID:4180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2868 -s 240
        8⤵
        Program crash
        
        PID:3296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50389.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52932.exe
        8⤵
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52979.exe
        9⤵
        
        PID:3464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64219.exe
        10⤵
        
        PID:4532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39300.exe
        11⤵
        
        PID:6608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13332.exe
        12⤵
        
        PID:9528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4534.exe
        13⤵
        
        PID:4124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9528 -s 236
        13⤵
        
        PID:5480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6608 -s 236
        12⤵
        
        PID:10612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4532 -s 216
        11⤵
        
        PID:7944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3464 -s 236
        10⤵
        
        PID:5936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2712 -s 236
        9⤵
        Program crash
        
        PID:4380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1017.exe
        8⤵
        
        PID:3540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60711.exe
        9⤵
        
        PID:4680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51936.exe
        10⤵
        
        PID:6708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23338.exe
        11⤵
        
        PID:9752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17254.exe
        12⤵
        
        PID:7024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9752 -s 236
        12⤵
        
        PID:8380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6708 -s 216
        11⤵
        
        PID:10892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4680 -s 236
        10⤵
        
        PID:7328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3540 -s 236
        9⤵
        
        PID:6032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 676 -s 240
        8⤵
        
        PID:4404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2436 -s 240
        7⤵
        Program crash
        
        PID:1960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9465.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4717.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50794.exe
        8⤵
        
        PID:648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15044.exe
        9⤵
        
        PID:3604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12086.exe
        10⤵
        
        PID:4204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41713.exe
        11⤵
        
        PID:7176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63384.exe
        12⤵
        
        PID:10172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43616.exe
        13⤵
        
        PID:7388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7176 -s 216
        12⤵
        
        PID:10268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4204 -s 216
        11⤵
        
        PID:8080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3604 -s 216
        10⤵
        
        PID:5200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 648 -s 236
        9⤵
        
        PID:4576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13653.exe
        8⤵
        
        PID:3636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38729.exe
        9⤵
        
        PID:4248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35683.exe
        10⤵
        
        PID:6260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60862.exe
        11⤵
        
        PID:9984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29719.exe
        12⤵
        
        PID:6428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6260 -s 216
        11⤵
        
        PID:11128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4248 -s 216
        10⤵
        
        PID:1900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3636 -s 236
        9⤵
        
        PID:5152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 396 -s 240
        8⤵
        
        PID:4612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26844.exe
        7⤵
        
        PID:812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26420.exe
        8⤵
        
        PID:3584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51412.exe
        9⤵
        
        PID:4544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23862.exe
        10⤵
        
        PID:8140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57053.exe
        11⤵
        
        PID:9780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34545.exe
        12⤵
        
        PID:8372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8140 -s 216
        11⤵
        
        PID:10696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4544 -s 216
        10⤵
        
        PID:8928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3584 -s 216
        9⤵
        
        PID:6516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 812 -s 216
        8⤵
        
        PID:4112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1952 -s 240
        7⤵
        Program crash
        
        PID:3452
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2940 -s 240
        6⤵
        Program crash
        
        PID:768
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2504 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:2428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9361.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9361.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19160.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61920.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12802.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53918.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61640.exe
        9⤵
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37795.exe
        10⤵
        
        PID:3376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-794.exe
        11⤵
        
        PID:4268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30001.exe
        12⤵
        
        PID:7740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50447.exe
        13⤵
        
        PID:9836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17358.exe
        14⤵
        
        PID:8296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7740 -s 216
        13⤵
        
        PID:10468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4268 -s 236
        12⤵
        
        PID:8632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3376 -s 216
        11⤵
        
        PID:6296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3048 -s 236
        10⤵
        
        PID:4860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1676 -s 236
        9⤵
        Program crash
        
        PID:3756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6964.exe
        8⤵
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62299.exe
        9⤵
        
        PID:3684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26908.exe
        10⤵
        
        PID:4956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11609.exe
        11⤵
        
        PID:8036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19529.exe
        12⤵
        
        PID:10180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25479.exe
        13⤵
        
        PID:7760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8036 -s 216
        12⤵
        
        PID:10780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4956 -s 216
        11⤵
        
        PID:8832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3684 -s 236
        10⤵
        
        PID:6564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1664 -s 236
        9⤵
        
        PID:4136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2764 -s 240
        8⤵
        Program crash
        
        PID:3496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60695.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24152.exe
        8⤵
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39549.exe
        9⤵
        
        PID:3732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12662.exe
        10⤵
        
        PID:4388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52019.exe
        11⤵
        
        PID:7228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36742.exe
        12⤵
        
        PID:10144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4913.exe
        13⤵
        
        PID:8324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7228 -s 216
        12⤵
        
        PID:11260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4388 -s 216
        11⤵
        
        PID:7236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3732 -s 236
        10⤵
        
        PID:5380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2228 -s 236
        9⤵
        
        PID:4720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3155.exe
        8⤵
        
        PID:3936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25491.exe
        9⤵
        
        PID:4932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17941.exe
        10⤵
        
        PID:7648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40634.exe
        11⤵
        
        PID:9360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17934.exe
        12⤵
        
        PID:3956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7648 -s 216
        11⤵
        
        PID:10344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4932 -s 216
        10⤵
        
        PID:8544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3936 -s 236
        9⤵
        
        PID:6248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2444 -s 240
        8⤵
        
        PID:4844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1448 -s 240
        7⤵
        Program crash
        
        PID:1524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54390.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49834.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61640.exe
        8⤵
        
        PID:884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45963.exe
        9⤵
        
        PID:3304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26176.exe
        10⤵
        
        PID:4796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18325.exe
        11⤵
        
        PID:7892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34495.exe
        12⤵
        
        PID:9540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44088.exe
        13⤵
        
        PID:1912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9540 -s 216
        13⤵
        
        PID:7780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7892 -s 216
        12⤵
        
        PID:10656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4796 -s 216
        11⤵
        
        PID:8716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3304 -s 216
        10⤵
        
        PID:6472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 884 -s 236
        9⤵
        
        PID:5068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53809.exe
        8⤵
        
        PID:3536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61178.exe
        9⤵
        
        PID:4176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4126.exe
        10⤵
        
        PID:7820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38195.exe
        11⤵
        
        PID:9996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7820 -s 216
        11⤵
        
        PID:10496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4176 -s 216
        10⤵
        
        PID:8752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3536 -s 216
        9⤵
        
        PID:6272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1424 -s 220
        8⤵
        
        PID:4896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6964.exe
        7⤵
        
        PID:1852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9206.exe
        8⤵
        
        PID:3104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40758.exe
        9⤵
        
        PID:4508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7634.exe
        10⤵
        
        PID:7704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3192.exe
        11⤵
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58966.exe
        12⤵
        
        PID:6432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7704 -s 216
        11⤵
        
        PID:10532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4508 -s 216
        10⤵
        
        PID:8600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3104 -s 216
        9⤵
        
        PID:6328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1852 -s 236
        8⤵
        
        PID:4940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2492 -s 240
        7⤵
        Program crash
        
        PID:3320
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1632 -s 240
        6⤵
        Program crash
        
        PID:1064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37970.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18833.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25138.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59502.exe
        8⤵
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29134.exe
        9⤵
        
        PID:3800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38968.exe
        10⤵
        
        PID:4240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34661.exe
        11⤵
        
        PID:7848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58999.exe
        12⤵
        
        PID:10088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58966.exe
        13⤵
        
        PID:11484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7848 -s 216
        12⤵
        
        PID:10604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4240 -s 216
        11⤵
        
        PID:8744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3800 -s 236
        10⤵
        
        PID:6668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2028 -s 236
        9⤵
        
        PID:4448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15490.exe
        8⤵
        
        PID:3928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44650.exe
        9⤵
        
        PID:4188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8018.exe
        10⤵
        
        PID:7948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54339.exe
        11⤵
        
        PID:10100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9002.exe
        12⤵
        
        PID:5728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10100 -s 216
        12⤵
        
        PID:7416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7948 -s 216
        11⤵
        
        PID:10672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4188 -s 216
        10⤵
        
        PID:8732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3928 -s 216
        9⤵
        
        PID:6504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1500 -s 240
        8⤵
        
        PID:5092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55973.exe
        7⤵
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45470.exe
        8⤵
        
        PID:4068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39352.exe
        9⤵
        
        PID:5280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54396.exe
        10⤵
        
        PID:7196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41293.exe
        11⤵
        
        PID:10372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10559.exe
        12⤵
        
        PID:8152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7196 -s 216
        11⤵
        
        PID:10368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5280 -s 216
        10⤵
        
        PID:8968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4068 -s 216
        9⤵
        
        PID:6736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2260 -s 236
        8⤵
        
        PID:4716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2968 -s 240
        7⤵
        Program crash
        
        PID:3576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31914.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3010.exe
        7⤵
        
        PID:352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18828.exe
        8⤵
        
        PID:3992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28854.exe
        9⤵
        
        PID:4588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54396.exe
        10⤵
        
        PID:7248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36633.exe
        11⤵
        
        PID:10216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7248 -s 216
        11⤵
        
        PID:10752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4588 -s 236
        10⤵
        
        PID:8976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3992 -s 236
        9⤵
        
        PID:6632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 352 -s 236
        8⤵
        
        PID:4288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17436.exe
        7⤵
        
        PID:3096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53550.exe
        8⤵
        
        PID:5372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30852.exe
        9⤵
        
        PID:7556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45377.exe
        10⤵
        
        PID:10332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7556 -s 216
        10⤵
        
        PID:10276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5372 -s 216
        9⤵
        
        PID:9184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3096 -s 216
        8⤵
        
        PID:6756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1528 -s 240
        7⤵
        
        PID:4912
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1476 -s 220
        6⤵
        Program crash
        
        PID:2476
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2836 -s 240
        5⤵
        Program crash
        
        PID:356
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2620 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1648
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3248.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3248.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16975.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16975.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38210.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45584.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55589.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31744.exe
        8⤵
        
        PID:328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46565.exe
        9⤵
        
        PID:2480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25242.exe
        10⤵
        
        PID:3784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48480.exe
        11⤵
        
        PID:6016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49326.exe
        12⤵
        
        PID:8172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58807.exe
        13⤵
        
        PID:10132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8172 -s 216
        13⤵
        
        PID:10768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6016 -s 216
        12⤵
        
        PID:9120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2480 -s 236
        10⤵
        
        PID:5224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 328 -s 216
        9⤵
        Program crash
        
        PID:3696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45174.exe
        8⤵
        
        PID:1844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45662.exe
        9⤵
        
        PID:3264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15423.exe
        10⤵
        
        PID:5536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8184.exe
        11⤵
        
        PID:8168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46384.exe
        12⤵
        
        PID:11032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8168 -s 216
        12⤵
        
        PID:11748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5536 -s 216
        11⤵
        
        PID:9416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3264 -s 216
        10⤵
        
        PID:6616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1844 -s 236
        9⤵
        
        PID:5552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 900 -s 240
        8⤵
        Program crash
        
        PID:4036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7794.exe
        7⤵
        
        PID:1928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20115.exe
        8⤵
        
        PID:1868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33986.exe
        9⤵
        
        PID:3272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26306.exe
        10⤵
        
        PID:5892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25014.exe
        11⤵
        
        PID:7972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33172.exe
        12⤵
        
        PID:10800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25531.exe
        13⤵
        
        PID:5468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10800 -s 216
        13⤵
        
        PID:11708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7972 -s 216
        12⤵
        
        PID:11532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5892 -s 216
        11⤵
        
        PID:8436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3272 -s 216
        10⤵
        
        PID:6720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1868 -s 216
        9⤵
        
        PID:5620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1928 -s 236
        8⤵
        Program crash
        
        PID:3644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2112 -s 240
        7⤵
        Program crash
        
        PID:1260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31639.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44188.exe
        7⤵
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34313.exe
        8⤵
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14935.exe
        9⤵
        
        PID:3744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42066.exe
        10⤵
        
        PID:5756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8376.exe
        11⤵
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31994.exe
        12⤵
        
        PID:11000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1616 -s 216
        12⤵
        
        PID:11740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5756 -s 216
        11⤵
        
        PID:9368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3744 -s 216
        10⤵
        
        PID:5040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2324 -s 216
        9⤵
        
        PID:5516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2832 -s 236
        8⤵
        Program crash
        
        PID:3836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28837.exe
        7⤵
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7343.exe
        8⤵
        
        PID:4152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51448.exe
        9⤵
        
        PID:5932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40722.exe
        10⤵
        
        PID:9088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28045.exe
        11⤵
        
        PID:11456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9088 -s 216
        11⤵
        
        PID:11508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5932 -s 216
        10⤵
        
        PID:10124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4152 -s 220
        9⤵
        
        PID:7876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2748 -s 216
        8⤵
        
        PID:5984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2080 -s 240
        7⤵
        Program crash
        
        PID:3656
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2264 -s 240
        6⤵
        Program crash
        
        PID:1788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17358.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63949.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28406.exe
        6⤵
        
        PID:2188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26145.exe
        7⤵
        
        PID:3060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31272.exe
        8⤵
        
        PID:3148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3148 -s 220
        9⤵
        
        PID:6140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3060 -s 216
        8⤵
        
        PID:5344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2188 -s 236
        7⤵
        Program crash
        
        PID:4024
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2328 -s 240
        6⤵
        Program crash
        
        PID:1440
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1780 -s 240
        5⤵
        Program crash
        
        PID:1668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40902.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40902.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6497.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19470.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6409.exe
        7⤵
        
        PID:712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23213.exe
        8⤵
        
        PID:3776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53119.exe
        9⤵
        
        PID:4316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43851.exe
        10⤵
        
        PID:7164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26628.exe
        11⤵
        
        PID:10076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-118.exe
        12⤵
        
        PID:8400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7164 -s 216
        11⤵
        
        PID:11220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4316 -s 216
        10⤵
        
        PID:7868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3776 -s 236
        9⤵
        
        PID:5912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 712 -s 236
        8⤵
        
        PID:4652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14037.exe
        7⤵
        
        PID:3976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49995.exe
        8⤵
        
        PID:4744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5112.exe
        9⤵
        
        PID:7536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65330.exe
        10⤵
        
        PID:10208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30274.exe
        11⤵
        
        PID:5748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10208 -s 216
        11⤵
        
        PID:1580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7536 -s 216
        10⤵
        
        PID:10328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4744 -s 216
        9⤵
        
        PID:8420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3976 -s 236
        8⤵
        
        PID:6228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2500 -s 220
        7⤵
        
        PID:4804
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1948 -s 236
        6⤵
        Program crash
        
        PID:2128
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 788 -s 236
        5⤵
        Program crash
        
        PID:2344
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2648 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:2348
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2856 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2152
- C:\Users\Admin\AppData\Local\Temp\Unicorn-45075.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-45075.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2752
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19030.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19030.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47701.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47701.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25958.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29056.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12610.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5101.exe
        8⤵
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32175.exe
        9⤵
        
        PID:3076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60052.exe
        10⤵
        
        PID:3384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56648.exe
        11⤵
        
        PID:5976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27344.exe
        12⤵
        
        PID:7580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9243.exe
        13⤵
        
        PID:10904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7580 -s 220
        13⤵
        
        PID:11620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5976 -s 220
        12⤵
        
        PID:9268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3384 -s 216
        11⤵
        
        PID:7060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3076 -s 216
        10⤵
        
        PID:5188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 216
        9⤵
        Program crash
        
        PID:3660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43035.exe
        8⤵
        
        PID:3124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54022.exe
        9⤵
        
        PID:3952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58018.exe
        10⤵
        
        PID:5916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12761.exe
        11⤵
        
        PID:7844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17173.exe
        12⤵
        
        PID:10444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62863.exe
        13⤵
        
        PID:6360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10444 -s 236
        13⤵
        
        PID:7996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7844 -s 220
        12⤵
        
        PID:1732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5916 -s 216
        11⤵
        
        PID:8496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3952 -s 216
        10⤵
        
        PID:6928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3124 -s 216
        9⤵
        
        PID:5160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2952 -s 240
        8⤵
        Program crash
        
        PID:3844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7794.exe
        7⤵
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13700.exe
        8⤵
        
        PID:1180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10467.exe
        9⤵
        
        PID:3240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56648.exe
        10⤵
        
        PID:5968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47380.exe
        11⤵
        
        PID:8012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59767.exe
        12⤵
        
        PID:10284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8012 -s 216
        12⤵
        
        PID:11056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5968 -s 216
        11⤵
        
        PID:8708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3240 -s 216
        10⤵
        
        PID:7036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1180 -s 236
        9⤵
        
        PID:5180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13736.exe
        8⤵
        
        PID:3460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8708.exe
        9⤵
        
        PID:5320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19259.exe
        10⤵
        
        PID:8156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32378.exe
        11⤵
        
        PID:11096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8156 -s 236
        11⤵
        
        PID:11868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5320 -s 216
        10⤵
        
        PID:9508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3460 -s 220
        9⤵
        
        PID:6236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2576 -s 240
        8⤵
        
        PID:5312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 876 -s 240
        7⤵
        Program crash
        
        PID:2548
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1404 -s 236
        6⤵
        Program crash
        
        PID:1468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44001.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43337.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23576.exe
        7⤵
        
        PID:688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30229.exe
        8⤵
        
        PID:584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40208.exe
        9⤵
        
        PID:3404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32528.exe
        10⤵
        
        PID:6008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27344.exe
        11⤵
        
        PID:7392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55875.exe
        12⤵
        
        PID:10544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11607.exe
        13⤵
        
        PID:6376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10544 -s 236
        13⤵
        
        PID:8356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7392 -s 216
        12⤵
        
        PID:11320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6008 -s 220
        11⤵
        
        PID:9260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3404 -s 216
        10⤵
        
        PID:6912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 584 -s 216
        9⤵
        
        PID:5644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63648.exe
        7⤵
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38070.exe
        8⤵
        
        PID:4192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4624.exe
        9⤵
        
        PID:5428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50945.exe
        10⤵
        
        PID:8556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23198.exe
        11⤵
        
        PID:11468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8556 -s 236
        11⤵
        
        PID:12264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5428 -s 216
        10⤵
        
        PID:9708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4192 -s 220
        9⤵
        
        PID:6808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2356 -s 216
        8⤵
        
        PID:6060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2424 -s 240
        7⤵
        Program crash
        
        PID:3716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38520.exe
        6⤵
        
        PID:496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5293.exe
        7⤵
        
        PID:3860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25516.exe
        8⤵
        
        PID:5416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61578.exe
        9⤵
        
        PID:7584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36872.exe
        10⤵
        
        PID:10636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7584 -s 216
        10⤵
        
        PID:11384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5416 -s 216
        9⤵
        
        PID:9204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3860 -s 216
        8⤵
        
        PID:6768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 496 -s 236
        7⤵
        
        PID:4764
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2376 -s 240
        6⤵
        Program crash
        
        PID:2288
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1472 -s 220
        5⤵
        Program crash
        
        PID:2688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32734.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32734.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63866.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46113.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13892.exe
        7⤵
        
        PID:316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14551.exe
        8⤵
        
        PID:3188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59772.exe
        9⤵
        
        PID:5472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62756.exe
        10⤵
        
        PID:8104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24573.exe
        11⤵
        
        PID:10072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8104 -s 216
        11⤵
        
        PID:10928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5472 -s 216
        10⤵
        
        PID:8884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3188 -s 216
        9⤵
        
        PID:6784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 316 -s 236
        8⤵
        
        PID:4420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44463.exe
        7⤵
        
        PID:3852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28444.exe
        8⤵
        
        PID:6036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49326.exe
        9⤵
        
        PID:8188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43815.exe
        10⤵
        
        PID:10472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44280.exe
        11⤵
        
        PID:7396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10472 -s 236
        11⤵
        
        PID:7728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8188 -s 220
        10⤵
        
        PID:11076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6036 -s 216
        9⤵
        
        PID:9132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3852 -s 216
        8⤵
        
        PID:7108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2928 -s 240
        7⤵
        
        PID:5252
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1748 -s 216
        6⤵
        Program crash
        
        PID:1268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54198.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25714.exe
        6⤵
        
        PID:1864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3586.exe
        7⤵
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44100.exe
        8⤵
        
        PID:4272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57909.exe
        9⤵
        
        PID:5612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5252.exe
        10⤵
        
        PID:8388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42850.exe
        11⤵
        
        PID:10716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8388 -s 236
        11⤵
        
        PID:12216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5612 -s 216
        10⤵
        
        PID:9624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4272 -s 216
        9⤵
        
        PID:7212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1584 -s 236
        8⤵
        
        PID:5168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41089.exe
        6⤵
        
        PID:2716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55968.exe
        7⤵
        
        PID:3484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21838.exe
        8⤵
        
        PID:6000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17099.exe
        9⤵
        
        PID:7676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25149.exe
        10⤵
        
        PID:10572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9464.exe
        11⤵
        
        PID:9148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7676 -s 216
        10⤵
        
        PID:11328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6000 -s 216
        9⤵
        
        PID:9344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3484 -s 220
        8⤵
        
        PID:7080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2716 -s 216
        7⤵
        
        PID:5236
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2232 -s 240
        6⤵
        Program crash
        
        PID:3904
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2280 -s 240
        5⤵
        Program crash
        
        PID:1760
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2508 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1936
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27835.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27835.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25958.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25958.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59782.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59865.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13461.exe
        7⤵
        
        PID:2192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46565.exe
        8⤵
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31464.exe
        9⤵
        
        PID:3664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7063.exe
        10⤵
        
        PID:5704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35320.exe
        11⤵
        
        PID:7888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7888 -s 220
        12⤵
        
        PID:11196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5704 -s 216
        11⤵
        
        PID:8552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3664 -s 216
        10⤵
        
        PID:6840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2840 -s 216
        9⤵
        
        PID:4828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2192 -s 236
        8⤵
        Program crash
        
        PID:3700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14447.exe
        7⤵
        
        PID:380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29710.exe
        8⤵
        
        PID:4224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64131.exe
        9⤵
        
        PID:6092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43955.exe
        10⤵
        
        PID:7452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2829.exe
        11⤵
        
        PID:10960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7452 -s 236
        11⤵
        
        PID:11672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6092 -s 216
        10⤵
        
        PID:9496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4224 -s 216
        9⤵
        
        PID:6320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 380 -s 216
        8⤵
        
        PID:5736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2208 -s 220
        7⤵
        Program crash
        
        PID:3728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15962.exe
        6⤵
        
        PID:2016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1640.exe
        7⤵
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25818.exe
        8⤵
        
        PID:3092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60540.exe
        9⤵
        
        PID:5832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-317.exe
        10⤵
        
        PID:8132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41293.exe
        11⤵
        
        PID:10360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3818.exe
        12⤵
        
        PID:7672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8132 -s 216
        11⤵
        
        PID:10308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5832 -s 216
        10⤵
        
        PID:8952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3092 -s 216
        9⤵
        
        PID:6648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2796 -s 236
        8⤵
        
        PID:5628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2016 -s 236
        7⤵
        Program crash
        
        PID:3292
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1672 -s 220
        6⤵
        Program crash
        
        PID:108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62366.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31744.exe
        6⤵
        
        PID:264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44427.exe
        7⤵
        
        PID:1012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4821.exe
        8⤵
        
        PID:848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36228.exe
        9⤵
        
        PID:6072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31681.exe
        10⤵
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32186.exe
        11⤵
        
        PID:11156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2212 -s 236
        11⤵
        
        PID:11904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6072 -s 216
        10⤵
        
        PID:9480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 848 -s 216
        9⤵
        
        PID:7112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1012 -s 216
        8⤵
        
        PID:5336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 264 -s 216
        7⤵
        Program crash
        
        PID:3180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51204.exe
        6⤵
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49746.exe
        7⤵
        
        PID:3996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46342.exe
        8⤵
        
        PID:5264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49710.exe
        9⤵
        
        PID:7612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6145.exe
        10⤵
        
        PID:10664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7612 -s 216
        10⤵
        
        PID:11392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5264 -s 216
        9⤵
        
        PID:9292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3996 -s 216
        8⤵
        
        PID:7144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2808 -s 216
        7⤵
        
        PID:5504
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1316 -s 220
        6⤵
        Program crash
        
        PID:4028
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1572 -s 240
        5⤵
        Program crash
        
        PID:928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39916.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39916.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8526.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62470.exe
        6⤵
        
        PID:592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26145.exe
        7⤵
        
        PID:1428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-545.exe
        8⤵
        
        PID:3368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25346.exe
        9⤵
        
        PID:5812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57494.exe
        10⤵
        
        PID:7636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8236.exe
        11⤵
        
        PID:9476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11716.exe
        12⤵
        
        PID:11476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9476 -s 236
        12⤵
        
        PID:7916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7636 -s 216
        11⤵
        
        PID:11008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5812 -s 216
        10⤵
        
        PID:8228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3368 -s 216
        9⤵
        
        PID:6888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1428 -s 236
        8⤵
        
        PID:4984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 592 -s 216
        7⤵
        Program crash
        
        PID:4052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63648.exe
        6⤵
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64712.exe
        7⤵
        
        PID:3648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36036.exe
        8⤵
        
        PID:5432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20053.exe
        9⤵
        
        PID:7800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2829.exe
        10⤵
        
        PID:10952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7800 -s 216
        10⤵
        
        PID:11664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5432 -s 216
        9⤵
        
        PID:9308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3648 -s 216
        8⤵
        
        PID:6280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2368 -s 236
        7⤵
        
        PID:5460
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2948 -s 240
        6⤵
        Program crash
        
        PID:3156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3710.exe
        5⤵
        
        PID:2896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62901.exe
        6⤵
        
        PID:3116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-737.exe
        7⤵
        
        PID:3772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13093.exe
        8⤵
        
        PID:5848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59056.exe
        9⤵
        
        PID:7368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13088.exe
        10⤵
        
        PID:10488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7368 -s 216
        10⤵
        
        PID:11120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5848 -s 216
        9⤵
        
        PID:9032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3772 -s 216
        8⤵
        
        PID:6920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3116 -s 236
        7⤵
        
        PID:5140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48547.exe
        6⤵
        
        PID:3164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51256.exe
        7⤵
        
        PID:6068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33841.exe
        8⤵
        
        PID:8472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16893.exe
        9⤵
        
        PID:11108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8472 -s 216
        9⤵
        
        PID:12180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6068 -s 216
        8⤵
        
        PID:9664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3164 -s 216
        7⤵
        
        PID:7512
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2896 -s 240
        6⤵
        
        PID:5208
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 892 -s 240
        5⤵
        Program crash
        
        PID:2924
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1276 -s 240
      4⤵
      Program crash
      PID:2684
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2752 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2040
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3008 -s 240
  2⤵
  - Program crash
  PID:2768

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-13736.exe

Filesize
184KB

MD5
c297b58ec0c165216d569eb438b7ddd6

SHA1
19955cc3c0456954b726aa778be5e50c143fd2b8

SHA256
24c4dcc9cd7b136a7ae9a8f149a5e5c600c5f325fc7dcabf8ecf8000589ec1a7

SHA512
a1334be28f6ae14e139ac001a39e26c7f02001279fedfdcfb059503ef9b89db9f09ab6ba8b276074d9276ce7e88bd9a0064ab8d352be95ac9e545cde7a408965

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2776.exe

Filesize
184KB

MD5
0402ea4b83b6b9880e245f43bd06feb5

SHA1
d38d41e399056b82b22533c80e362979ea3d10fb

SHA256
8d5b54817adedfd9523a0d5b64b19f681ad4b2533f25625470a6b5423ca09b25

SHA512
99d715ca7999e545dc3bc8170043af676b332f00cbbd04a69075f9132d5814c267c386cb5f7a9c2d154281695d32624dd279e4c7e91d20d71a37dd15875c3d19

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39916.exe

Filesize
184KB

MD5
433e04d5233f93bdfe5fcc3b34bb8c60

SHA1
9d7da971617cd9f34b3221c41658a27a95085490

SHA256
a8a8a53dfed224c4f3600ab92c93fc4abe9f784194491d80fdc3d98a7b7bb894

SHA512
5d2d2e7efcb6862ab7cf7d455a08c835342e9b8439f9affc92ebc5e9cd43254dd5531ed9183ebb6766918306186a27b2cef12b9c531c1589f35704836d5853e8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40902.exe

Filesize
184KB

MD5
f7b16880eec9a4a92b52b9189e892305

SHA1
664a68607becaa24347e944b0412bcd2bbe8829f

SHA256
beafcaf20e6b1d68fa49e4fd5acf4607e141f252068ae9e02272b051e5335460

SHA512
c4bf517b8c2f48983397e9ff87369085199fc64b7f6bf779c443f793c03903b199af7307289bda9d7b1cb3f37b2088f5546b5dee550de6d30dcbbafffcbf65ef

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44567.exe

Filesize
184KB

MD5
39cf3662f6f687925ddf3c96db480167

SHA1
3b84853c49d14eac465fd31be8b6ebeb9a272fac

SHA256
e0d8cf928d1da0c548313e077f75c80db0ca46a224d7c2cca6971f2121031a92

SHA512
452e46617056c6b2551487913da880bcac8c864d89d495f7535ddbb0c7b0782f072f7cba0fd021359daae8f16195e4d4df18b0407fe9e5c80e643793f06c034d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44650.exe

Filesize
184KB

MD5
2b2f654fb9455933b9fc30f86ca882c7

SHA1
4156bbbfed3de78cf72fcb20a7c5b0fbfdf57dfa

SHA256
20a032e566d55f1b1ca3808c9bc7812e981cf304ffc2e2689c4f51618672603f

SHA512
1e44027aab8ee49087395e70b73f418c138a70d0d7cd7fe64c1eca4aadb2e16b178b463f8077cb22130a8e9c2c8dd3c530781d38d335a14b9f8d1b05db985516

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47701.exe

Filesize
184KB

MD5
7ea6f4324db17ebaa2b6d8ff4b68a0c0

SHA1
81f362e12fbe692386723c5b5e120aa796dac1d3

SHA256
a6a7bcb03ceaacd5d3818c7da922cd6cb6817f58da19d8abf87e9b10da1109d0

SHA512
3c054579f4a616278dc13550494850c8a96f0c1f268e8217b44e2e21fc38d824139b8be1078c62c146b2c9fd3e85393d3b396feb62bfe72fc8691d172eaab7d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64831.exe

Filesize
184KB

MD5
e792ef4fe375e5ed09aabdcce681a89a

SHA1
42483ae51b518dc409beebbb2b8019c147ff0b09

SHA256
f7601213aa9d73586f2c17ead2e901312e81a7f29290037c3a3e7676e6136f8e

SHA512
6f5abd798fc2a131de158c5e02ee838a79a0ef96543f38962b0535cf0122aab23597ec8980fe3a1d83c60a142584ba70db5564f7d889f6957dc5f4b4cee002cf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6497.exe

Filesize
184KB

MD5
daa92c5bc3baf1517b91220da7aa3cb0

SHA1
69042cdef6d4350e68edf7cb07d9342208982aa3

SHA256
27096ea1873ba9dd9f0206f856658d2e3b1274d7b81a2e7be2dbbc050e585f47

SHA512
7c23897498a22a28527b4ce76a032600de56b1487f3ca555a03adabc8bad44374291461f3871d2eb774aa6197abdb966963c5709c2cd2778e4d0163e7ae9c107

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-16975.exe

Filesize
184KB

MD5
be6adf7f09b6b671e7903d3c689a0d51

SHA1
2920a4c5d672e53926ec2106d3e964b9eb1776b7

SHA256
e35205be33834ca2500ed96eafb5c4f419c61822a41976efa8edc1ca1ff20f96

SHA512
3646992be1edde5a2a5591a7f28c6916ac4b6968241b4bbe9bc0061f715b375743df060610696bea14b201880fb4d018dd367ec7c2d3c273c538d1871aa215d4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-19030.exe

Filesize
184KB

MD5
aa8acdcda9df01b854d8e09805d46349

SHA1
b07a57fa9e341b95ddc2a086da3acfbfda74095e

SHA256
415cabbed6340cc8340ba9b53c91e1c2b98f7fe8cd9149b2410058f838e3e4c9

SHA512
04777a114629507d7be189727db43ef514e4e74bcc77de9411f89593d42074f6d34a8157d8dd9551fc0fc2b144d614d3b237a0a424ac6e9f0b081dda50006745

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-19160.exe

Filesize
184KB

MD5
11f6ecb8b64850359f2a3a77f78e5752

SHA1
6632373b9990f236937f2fcd184f09fb6a903dfe

SHA256
9052daea03a636ee9554ff7d6f75095b4c64a3ffb374ac4d5c761afcf012b501

SHA512
ea173c9d69e662008a53b125d3e3d0cfbe8db10b7f353b1d38cb7cce71f8105a51440d5f1ecd47cca207b82a10cca954a5d9f0b002fbf0919bb3d54d89e487d6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-23244.exe

Filesize
184KB

MD5
2ea6a00c0ec35aafd016f4f42e163e85

SHA1
b952f4d94d72650828db06bdffb1f22cfb3575b6

SHA256
7a24ba97354c03640bb1be99fdf6e3e485f0a4d5c06f088c87d5ce857cfefee0

SHA512
ebdb7c011ab83f15fa270759a7f6d038a4b1d5ff64a3ffe383d3a29ea8048eb4b7acdae69847dd04786a02809bc5a340f61f7fd14a2320c2fad00927f8c83205

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-27835.exe

Filesize
184KB

MD5
a43e3df1fc70246fdf0aed7b1c80dbca

SHA1
72718d7fe3e581c79132cdd4b332b557b3444910

SHA256
93d0d313b775e6861c9f8a06f7594770f5c54dbfb77d7915cb50485b630e8fd2

SHA512
67b3b204feb802911f75e231d0f6fd08e785febce48bde9ef29f5726193966b64b7fb6a2849f93eb972a22281cc93ffde41a6d6fa9b71bf6d7e2a344bd2d5527

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3248.exe

Filesize
184KB

MD5
6e9e356d8db6c320aeb436283a22f3b2

SHA1
88f8e487ff619dfbb0666952371e4df6113598b6

SHA256
36f3cbf5cb343afcda74986e86df3ab232948a18aa47452d79768a20c616850a

SHA512
525620e6d7b152e786ba18759a419366f8bd16ce739b63c2940b4cb90482b1dd26c53f0796e051d942a873a81560dda46e532540d5c18ed8c9e17caab99da405

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-38298.exe

Filesize
184KB

MD5
b78abf62298aa14b5d7a60069ab508f5

SHA1
05424ceeb350dfdafe357e53f30045b04d429d90

SHA256
d61036e384bb83a47f5204be9a05815b154520b7c4e73d00a68c1dee10216919

SHA512
72b69d73b4786d3d64a0915782cb2de185a6afc4b7a2ea9a944e1c249dd6e0e1532ec96fefb3d0c2f4e2da34e77444e0459f4ebccb15889bb5e8a182790bbd33

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-45075.exe

Filesize
184KB

MD5
7433b0f73634072759989c9aaa8493ab

SHA1
0310f0347e9b8bc8a9c5672aa6f73157f352f247

SHA256
b24ec11fc1602b56305319afecf3d5fea16dcbc5f370fdb5212e68959cc58504

SHA512
44c4ac853856752e24fb7dbd281e317652056e16e7c8db5757372fc55e5d24fce68611d7569ee99fd5a35dab492a5e67dad710ad95d51ca802d110c1a6414908

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-57924.exe

Filesize
184KB

MD5
46e7395d66dd290c3e9fcc98f32c3664

SHA1
97e0a2c414c56780aa1e5f46999fc46a22fdc7d0

SHA256
2524195b18ca80c835e6e201cfd6a1390977c0140ef5410d3606137cc34f1f2a

SHA512
e0ef0ca6f620848b897d64d27bef4319cb07f8274bef32298dfb7f5717d0dbb66ab20a49b37f6fdbbd1aafdf508a8212d0f99ec290865faa763bea89df16ce85

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-62911.exe

Filesize
184KB

MD5
d9b151b9a64a1239a9a911e72763bb84

SHA1
7863e429504eb4ac4a6ed1fdb7840b31845f70f0

SHA256
efabe1fa95a0684ce4eb8af0d3e43c0cb54c60fe46887360f251476640451df9

SHA512
b6aaac65966aec31180e934c9f6b9e2615033ec0f0bc5bf5c2e433a019a02111c485d7a6c5c70d6c8b3b3230c643a91c7a0d00e72353f7bed87ed2193d2e96ad

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9361.exe

Filesize
184KB

MD5
d1710ab33731d6726a93044b4d968b54

SHA1
5b6dccddff6d040678f2c9d90350d8e1c803e2af

SHA256
60f8d01ddad5ef01f03f7a58c92fd289ce73d184e78f66996e7b38d15dd48d53

SHA512
50637eac072e967ec44a95784af16bd320ae9b8abb38474753c10be63293b0c69ef36b0d1638373c962a74e87ceccdae5b2bf3d8de60747fd63388f08a60d953

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads