444176f3849059de3cff99afd9871bbce4000cc41326a9dd4264526e6127f56d

Analysis

max time kernel
150s
max time network
124s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
26/05/2024, 00:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

40528f5a0109739f894377c9c3862240_NeikiAnalytics.exe
Size

184KB
MD5

40528f5a0109739f894377c9c3862240
SHA1

d0011e064a4c6884f6e7a4bd7676e1344ff9d218
SHA256

444176f3849059de3cff99afd9871bbce4000cc41326a9dd4264526e6127f56d
SHA512

9d4af42abac2bfa50f85bfc08641a42d48d65b6d20a08f1b7de5d2e557c6234a6d594862cc2fc32e3baa7b3e3e4c145cc211454a535984b9c3e919b12794890c
SSDEEP

3072:H0L3yxofBGLcdhEWeJcLUK+0hlnniFKns:H04owIhEsLP+0hlnniFK

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
1264	Unicorn-61044.exe
2128	Unicorn-26139.exe
2700	Unicorn-58297.exe
2808	Unicorn-59375.exe
2912	Unicorn-13007.exe
2560	Unicorn-19168.exe
2940	Unicorn-45523.exe
2188	Unicorn-31818.exe
1552	Unicorn-12829.exe
1660	Unicorn-51444.exe
1628	Unicorn-12912.exe
1312	Unicorn-15072.exe
2152	Unicorn-7550.exe
776	Unicorn-38049.exe
2352	Unicorn-6014.exe
1956	Unicorn-6014.exe
3012	Unicorn-8090.exe
2220	Unicorn-25880.exe
968	Unicorn-27500.exe
2496	Unicorn-37099.exe
1672	Unicorn-54469.exe
1944	Unicorn-39564.exe
1384	Unicorn-25388.exe
1252	Unicorn-27343.exe
1796	Unicorn-12782.exe
2336	Unicorn-45673.exe
1636	Unicorn-12102.exe
832	Unicorn-31968.exe
2144	Unicorn-9170.exe
3052	Unicorn-29036.exe
2180	Unicorn-10575.exe
2744	Unicorn-36921.exe
2384	Unicorn-38998.exe
2096	Unicorn-61395.exe
2844	Unicorn-61395.exe
2596	Unicorn-7487.exe
2588	Unicorn-59859.exe
2632	Unicorn-26288.exe
2724	Unicorn-47114.exe
2820	Unicorn-20109.exe
1328	Unicorn-50643.exe
2232	Unicorn-30777.exe
1612	Unicorn-55604.exe
2816	Unicorn-17072.exe
2856	Unicorn-56564.exe
2800	Unicorn-56564.exe
2892	Unicorn-18032.exe
1320	Unicorn-37898.exe
1604	Unicorn-18909.exe
2740	Unicorn-24871.exe
908	Unicorn-43655.exe
1028	Unicorn-39256.exe
2484	Unicorn-37511.exe
1824	Unicorn-25883.exe
1936	Unicorn-35224.exe
1932	Unicorn-13246.exe
3048	Unicorn-4414.exe
764	Unicorn-3153.exe
2176	Unicorn-7761.exe
2260	Unicorn-7761.exe
1676	Unicorn-26044.exe
2024	Unicorn-53781.exe
2584	Unicorn-21087.exe
2556	Unicorn-53158.exe

Loads dropped DLL 64 IoCs

pid	Process
2468	40528f5a0109739f894377c9c3862240_NeikiAnalytics.exe
2468	40528f5a0109739f894377c9c3862240_NeikiAnalytics.exe
1264	Unicorn-61044.exe
1264	Unicorn-61044.exe
2468	40528f5a0109739f894377c9c3862240_NeikiAnalytics.exe
2468	40528f5a0109739f894377c9c3862240_NeikiAnalytics.exe
2128	Unicorn-26139.exe
2128	Unicorn-26139.exe
1264	Unicorn-61044.exe
1264	Unicorn-61044.exe
2700	Unicorn-58297.exe
2700	Unicorn-58297.exe
2076	WerFault.exe
2076	WerFault.exe
2076	WerFault.exe
2076	WerFault.exe
2076	WerFault.exe
2912	Unicorn-13007.exe
2912	Unicorn-13007.exe
2808	Unicorn-59375.exe
2808	Unicorn-59375.exe
2128	Unicorn-26139.exe
2128	Unicorn-26139.exe
2560	Unicorn-19168.exe
2560	Unicorn-19168.exe
2700	Unicorn-58297.exe
2700	Unicorn-58297.exe
2812	WerFault.exe
2812	WerFault.exe
2812	WerFault.exe
2812	WerFault.exe
2812	WerFault.exe
2952	WerFault.exe
2952	WerFault.exe
2952	WerFault.exe
2952	WerFault.exe
2952	WerFault.exe
2952	WerFault.exe
2952	WerFault.exe
2188	Unicorn-31818.exe
2188	Unicorn-31818.exe
2808	Unicorn-59375.exe
2808	Unicorn-59375.exe
2940	Unicorn-45523.exe
2940	Unicorn-45523.exe
2912	Unicorn-13007.exe
2560	Unicorn-19168.exe
2560	Unicorn-19168.exe
2912	Unicorn-13007.exe
1552	Unicorn-12829.exe
1552	Unicorn-12829.exe
1628	Unicorn-12912.exe
1628	Unicorn-12912.exe
1752	WerFault.exe
1752	WerFault.exe
1752	WerFault.exe
1752	WerFault.exe
1752	WerFault.exe
848	WerFault.exe
848	WerFault.exe
848	WerFault.exe
848	WerFault.exe
848	WerFault.exe
1820	WerFault.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2684	2468	WerFault.exe	27
2076	1264	WerFault.exe	28
2812	2128	WerFault.exe	29
2952	2700	WerFault.exe	30
1752	2912	WerFault.exe	33
848	2808	WerFault.exe	32
1820	2560	WerFault.exe	34
1848	2188	WerFault.exe	37
1924	2940	WerFault.exe	36
1756	1660	WerFault.exe	39
2760	1628	WerFault.exe	40
3000	1552	WerFault.exe	38
2064	1312	WerFault.exe	43
2536	2152	WerFault.exe	44
1036	776	WerFault.exe	45
2512	1956	WerFault.exe	46
1092	2352	WerFault.exe	47
2120	2220	WerFault.exe	49
1248	3012	WerFault.exe	48
956	968	WerFault.exe	53
2540	2496	WerFault.exe	54
2368	1672	WerFault.exe	55
2420	1944	WerFault.exe	56
1484	1384	WerFault.exe	57
2040	1252	WerFault.exe	58
2600	2336	WerFault.exe	60
2872	1796	WerFault.exe	59
2668	1636	WerFault.exe	61
2640	832	WerFault.exe	62
1616	2144	WerFault.exe	63
1648	3052	WerFault.exe	64
3252	2180	WerFault.exe	66
3336	2384	WerFault.exe	70
3472	2744	WerFault.exe	68
3504	2844	WerFault.exe	74
3520	2632	WerFault.exe	77
3528	2596	WerFault.exe	75
3588	1320	WerFault.exe	87
3596	2096	WerFault.exe	73
3604	2588	WerFault.exe	76
3752	1612	WerFault.exe	82
3760	2816	WerFault.exe	83
3980	1328	WerFault.exe	81
3156	2800	WerFault.exe	84
3484	2856	WerFault.exe	85
3704	1604	WerFault.exe	88
3776	2724	WerFault.exe	78
4048	2892	WerFault.exe	86
4092	2820	WerFault.exe	79
3144	2232	WerFault.exe	80
3536	2656	WerFault.exe	117
3580	2556	WerFault.exe	110
3668	2260	WerFault.exe	105
3860	2976	WerFault.exe	114
3900	1960	WerFault.exe	119
4044	316	WerFault.exe	122
2324	1516	WerFault.exe	120
4136	2568	WerFault.exe	111
4152	2100	WerFault.exe	123
4160	2584	WerFault.exe	109
4204	1192	WerFault.exe	121
4228	1580	WerFault.exe	128
4260	1744	WerFault.exe	129
4276	2476	WerFault.exe	131

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2468	40528f5a0109739f894377c9c3862240_NeikiAnalytics.exe
1264	Unicorn-61044.exe
2128	Unicorn-26139.exe
2700	Unicorn-58297.exe
2808	Unicorn-59375.exe
2912	Unicorn-13007.exe
2560	Unicorn-19168.exe
2940	Unicorn-45523.exe
2188	Unicorn-31818.exe
1660	Unicorn-51444.exe
1628	Unicorn-12912.exe
1552	Unicorn-12829.exe
1312	Unicorn-15072.exe
2152	Unicorn-7550.exe
776	Unicorn-38049.exe
1956	Unicorn-6014.exe
2220	Unicorn-25880.exe
2352	Unicorn-6014.exe
3012	Unicorn-8090.exe
968	Unicorn-27500.exe
2496	Unicorn-37099.exe
1672	Unicorn-54469.exe
1944	Unicorn-39564.exe
1384	Unicorn-25388.exe
1252	Unicorn-27343.exe
1796	Unicorn-12782.exe
2336	Unicorn-45673.exe
1636	Unicorn-12102.exe
832	Unicorn-31968.exe
2144	Unicorn-9170.exe
3052	Unicorn-29036.exe
2180	Unicorn-10575.exe
2744	Unicorn-36921.exe
2384	Unicorn-38998.exe
2096	Unicorn-61395.exe
2844	Unicorn-61395.exe
2596	Unicorn-7487.exe
2588	Unicorn-59859.exe
2632	Unicorn-26288.exe
2724	Unicorn-47114.exe
2820	Unicorn-20109.exe
1328	Unicorn-50643.exe
2816	Unicorn-17072.exe
2232	Unicorn-30777.exe
1612	Unicorn-55604.exe
1320	Unicorn-37898.exe
2856	Unicorn-56564.exe
2800	Unicorn-56564.exe
2892	Unicorn-18032.exe
1604	Unicorn-18909.exe
2740	Unicorn-24871.exe
908	Unicorn-43655.exe
1028	Unicorn-39256.exe
2484	Unicorn-37511.exe
1824	Unicorn-25883.exe
1936	Unicorn-35224.exe
1932	Unicorn-13246.exe
3048	Unicorn-4414.exe
764	Unicorn-3153.exe
2260	Unicorn-7761.exe
1676	Unicorn-26044.exe
2176	Unicorn-7761.exe
2024	Unicorn-53781.exe
2544	Unicorn-51897.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2468 wrote to memory of 1264	2468	40528f5a0109739f894377c9c3862240_NeikiAnalytics.exe	28
PID 2468 wrote to memory of 1264	2468	40528f5a0109739f894377c9c3862240_NeikiAnalytics.exe	28
PID 2468 wrote to memory of 1264	2468	40528f5a0109739f894377c9c3862240_NeikiAnalytics.exe	28
PID 2468 wrote to memory of 1264	2468	40528f5a0109739f894377c9c3862240_NeikiAnalytics.exe	28
PID 1264 wrote to memory of 2128	1264	Unicorn-61044.exe	29
PID 1264 wrote to memory of 2128	1264	Unicorn-61044.exe	29
PID 1264 wrote to memory of 2128	1264	Unicorn-61044.exe	29
PID 1264 wrote to memory of 2128	1264	Unicorn-61044.exe	29
PID 2468 wrote to memory of 2700	2468	40528f5a0109739f894377c9c3862240_NeikiAnalytics.exe	30
PID 2468 wrote to memory of 2700	2468	40528f5a0109739f894377c9c3862240_NeikiAnalytics.exe	30
PID 2468 wrote to memory of 2700	2468	40528f5a0109739f894377c9c3862240_NeikiAnalytics.exe	30
PID 2468 wrote to memory of 2700	2468	40528f5a0109739f894377c9c3862240_NeikiAnalytics.exe	30
PID 2468 wrote to memory of 2684	2468	40528f5a0109739f894377c9c3862240_NeikiAnalytics.exe	31
PID 2468 wrote to memory of 2684	2468	40528f5a0109739f894377c9c3862240_NeikiAnalytics.exe	31
PID 2468 wrote to memory of 2684	2468	40528f5a0109739f894377c9c3862240_NeikiAnalytics.exe	31
PID 2468 wrote to memory of 2684	2468	40528f5a0109739f894377c9c3862240_NeikiAnalytics.exe	31
PID 2128 wrote to memory of 2808	2128	Unicorn-26139.exe	32
PID 2128 wrote to memory of 2808	2128	Unicorn-26139.exe	32
PID 2128 wrote to memory of 2808	2128	Unicorn-26139.exe	32
PID 2128 wrote to memory of 2808	2128	Unicorn-26139.exe	32
PID 1264 wrote to memory of 2912	1264	Unicorn-61044.exe	33
PID 1264 wrote to memory of 2912	1264	Unicorn-61044.exe	33
PID 1264 wrote to memory of 2912	1264	Unicorn-61044.exe	33
PID 1264 wrote to memory of 2912	1264	Unicorn-61044.exe	33
PID 2700 wrote to memory of 2560	2700	Unicorn-58297.exe	34
PID 2700 wrote to memory of 2560	2700	Unicorn-58297.exe	34
PID 2700 wrote to memory of 2560	2700	Unicorn-58297.exe	34
PID 2700 wrote to memory of 2560	2700	Unicorn-58297.exe	34
PID 1264 wrote to memory of 2076	1264	Unicorn-61044.exe	35
PID 1264 wrote to memory of 2076	1264	Unicorn-61044.exe	35
PID 1264 wrote to memory of 2076	1264	Unicorn-61044.exe	35
PID 1264 wrote to memory of 2076	1264	Unicorn-61044.exe	35
PID 2912 wrote to memory of 2940	2912	Unicorn-13007.exe	36
PID 2912 wrote to memory of 2940	2912	Unicorn-13007.exe	36
PID 2912 wrote to memory of 2940	2912	Unicorn-13007.exe	36
PID 2912 wrote to memory of 2940	2912	Unicorn-13007.exe	36
PID 2808 wrote to memory of 2188	2808	Unicorn-59375.exe	37
PID 2808 wrote to memory of 2188	2808	Unicorn-59375.exe	37
PID 2808 wrote to memory of 2188	2808	Unicorn-59375.exe	37
PID 2808 wrote to memory of 2188	2808	Unicorn-59375.exe	37
PID 2128 wrote to memory of 1552	2128	Unicorn-26139.exe	38
PID 2128 wrote to memory of 1552	2128	Unicorn-26139.exe	38
PID 2128 wrote to memory of 1552	2128	Unicorn-26139.exe	38
PID 2128 wrote to memory of 1552	2128	Unicorn-26139.exe	38
PID 2560 wrote to memory of 1660	2560	Unicorn-19168.exe	39
PID 2560 wrote to memory of 1660	2560	Unicorn-19168.exe	39
PID 2560 wrote to memory of 1660	2560	Unicorn-19168.exe	39
PID 2560 wrote to memory of 1660	2560	Unicorn-19168.exe	39
PID 2700 wrote to memory of 1628	2700	Unicorn-58297.exe	40
PID 2700 wrote to memory of 1628	2700	Unicorn-58297.exe	40
PID 2700 wrote to memory of 1628	2700	Unicorn-58297.exe	40
PID 2700 wrote to memory of 1628	2700	Unicorn-58297.exe	40
PID 2128 wrote to memory of 2812	2128	Unicorn-26139.exe	41
PID 2128 wrote to memory of 2812	2128	Unicorn-26139.exe	41
PID 2128 wrote to memory of 2812	2128	Unicorn-26139.exe	41
PID 2128 wrote to memory of 2812	2128	Unicorn-26139.exe	41
PID 2700 wrote to memory of 2952	2700	Unicorn-58297.exe	42
PID 2700 wrote to memory of 2952	2700	Unicorn-58297.exe	42
PID 2700 wrote to memory of 2952	2700	Unicorn-58297.exe	42
PID 2700 wrote to memory of 2952	2700	Unicorn-58297.exe	42
PID 2188 wrote to memory of 1312	2188	Unicorn-31818.exe	43
PID 2188 wrote to memory of 1312	2188	Unicorn-31818.exe	43
PID 2188 wrote to memory of 1312	2188	Unicorn-31818.exe	43
PID 2188 wrote to memory of 1312	2188	Unicorn-31818.exe	43

C:\Users\Admin\AppData\Local\Temp\40528f5a0109739f894377c9c3862240_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\40528f5a0109739f894377c9c3862240_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2468
- C:\Users\Admin\AppData\Local\Temp\Unicorn-61044.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-61044.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1264
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26139.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26139.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59375.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59375.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31818.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15072.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27500.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10575.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24871.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60110.exe
        10⤵
        
        PID:1580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20444.exe
        11⤵
        
        PID:3280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37118.exe
        12⤵
        
        PID:4936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60890.exe
        13⤵
        
        PID:6604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10451.exe
        14⤵
        
        PID:10056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62322.exe
        15⤵
        
        PID:2060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10056 -s 216
        15⤵
        
        PID:12496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6604 -s 216
        14⤵
        
        PID:10260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4936 -s 236
        13⤵
        
        PID:7472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3280 -s 236
        12⤵
        
        PID:5688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1580 -s 236
        11⤵
        Program crash
        
        PID:4228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17599.exe
        10⤵
        
        PID:3308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64004.exe
        11⤵
        
        PID:3140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29993.exe
        12⤵
        
        PID:6932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62807.exe
        13⤵
        
        PID:10212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33158.exe
        14⤵
        
        PID:1324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10212 -s 216
        14⤵
        
        PID:6824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6932 -s 216
        13⤵
        
        PID:10416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3140 -s 216
        12⤵
        
        PID:7568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3308 -s 236
        11⤵
        
        PID:6176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2740 -s 240
        10⤵
        
        PID:4308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26731.exe
        9⤵
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5394.exe
        10⤵
        
        PID:3352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25473.exe
        11⤵
        
        PID:5008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21664.exe
        12⤵
        
        PID:6404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25864.exe
        13⤵
        
        PID:10160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2110.exe
        14⤵
        
        PID:12612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10160 -s 220
        14⤵
        
        PID:13052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6404 -s 216
        13⤵
        
        PID:1360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5008 -s 216
        12⤵
        
        PID:7984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3352 -s 236
        11⤵
        
        PID:5940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1744 -s 236
        10⤵
        Program crash
        
        PID:4260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2180 -s 240
        9⤵
        Program crash
        
        PID:3252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43655.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45637.exe
        9⤵
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58518.exe
        10⤵
        
        PID:3396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23937.exe
        11⤵
        
        PID:5064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58415.exe
        12⤵
        
        PID:7088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64343.exe
        13⤵
        
        PID:10120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16137.exe
        14⤵
        
        PID:5800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 216
        14⤵
        
        PID:12512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7088 -s 216
        13⤵
        
        PID:10288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5064 -s 216
        12⤵
        
        PID:7636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3396 -s 236
        11⤵
        
        PID:5988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2476 -s 236
        10⤵
        Program crash
        
        PID:4276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39228.exe
        9⤵
        
        PID:3440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13049.exe
        10⤵
        
        PID:4108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64611.exe
        11⤵
        
        PID:6732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64343.exe
        12⤵
        
        PID:10112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45748.exe
        13⤵
        
        PID:12540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10112 -s 216
        13⤵
        
        PID:6960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6732 -s 216
        12⤵
        
        PID:10300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4108 -s 216
        11⤵
        
        PID:7524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3440 -s 216
        10⤵
        
        PID:6024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 908 -s 240
        9⤵
        
        PID:4300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 968 -s 240
        8⤵
        Program crash
        
        PID:956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36921.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25883.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1963.exe
        9⤵
        
        PID:2112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14582.exe
        10⤵
        
        PID:3796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41929.exe
        11⤵
        
        PID:4904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55277.exe
        12⤵
        
        PID:6708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61732.exe
        13⤵
        
        PID:10060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8795.exe
        14⤵
        
        PID:948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10060 -s 216
        14⤵
        
        PID:13256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6708 -s 216
        13⤵
        
        PID:10876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4904 -s 216
        12⤵
        
        PID:7752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3796 -s 216
        11⤵
        
        PID:5212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2112 -s 236
        10⤵
        
        PID:4464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11738.exe
        9⤵
        
        PID:3824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21187.exe
        10⤵
        
        PID:4744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14168.exe
        11⤵
        
        PID:7512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40138.exe
        12⤵
        
        PID:10204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54388.exe
        13⤵
        
        PID:12456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10204 -s 204
        13⤵
        
        PID:12920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7512 -s 216
        12⤵
        
        PID:10624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4744 -s 216
        11⤵
        
        PID:8592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3824 -s 236
        10⤵
        
        PID:6312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1824 -s 240
        9⤵
        
        PID:4440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28968.exe
        8⤵
        
        PID:1004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35252.exe
        9⤵
        
        PID:3908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7886.exe
        10⤵
        
        PID:4968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65180.exe
        11⤵
        
        PID:7584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31446.exe
        12⤵
        
        PID:10280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48768.exe
        13⤵
        
        PID:12404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10280 -s 216
        13⤵
        
        PID:12884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7584 -s 216
        12⤵
        
        PID:11204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4968 -s 220
        11⤵
        
        PID:8616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3908 -s 216
        10⤵
        
        PID:6364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1004 -s 216
        9⤵
        
        PID:4496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2744 -s 240
        8⤵
        Program crash
        
        PID:3472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1312 -s 240
        7⤵
        Program crash
        
        PID:2064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37099.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38998.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39256.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19400.exe
        9⤵
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5708.exe
        10⤵
        
        PID:3564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52681.exe
        11⤵
        
        PID:4364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8597.exe
        12⤵
        
        PID:7400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14735.exe
        13⤵
        
        PID:10108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7279.exe
        14⤵
        
        PID:12808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10108 -s 216
        14⤵
        
        PID:13140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7400 -s 216
        13⤵
        
        PID:10924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4364 -s 216
        12⤵
        
        PID:8452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3564 -s 216
        11⤵
        
        PID:6280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2964 -s 236
        10⤵
        
        PID:4368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3933.exe
        9⤵
        
        PID:3692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25595.exe
        10⤵
        
        PID:5584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11874.exe
        11⤵
        
        PID:7376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18574.exe
        12⤵
        
        PID:11256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32695.exe
        13⤵
        
        PID:8372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7376 -s 216
        12⤵
        
        PID:12064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5584 -s 216
        11⤵
        
        PID:8856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3692 -s 216
        10⤵
        
        PID:7036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1028 -s 240
        9⤵
        
        PID:4376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21163.exe
        8⤵
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52688.exe
        9⤵
        
        PID:3660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25100.exe
        10⤵
        
        PID:4800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32726.exe
        11⤵
        
        PID:7436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20880.exe
        12⤵
        
        PID:9456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41898.exe
        13⤵
        
        PID:12824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9456 -s 204
        13⤵
        
        PID:13180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7436 -s 216
        12⤵
        
        PID:10708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4800 -s 216
        11⤵
        
        PID:8436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3660 -s 216
        10⤵
        
        PID:6340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2968 -s 236
        9⤵
        
        PID:4456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2384 -s 240
        8⤵
        Program crash
        
        PID:3336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37511.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60271.exe
        8⤵
        
        PID:580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31604.exe
        9⤵
        
        PID:3852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49573.exe
        10⤵
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31678.exe
        11⤵
        
        PID:7896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39687.exe
        12⤵
        
        PID:10420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18217.exe
        13⤵
        
        PID:12964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10420 -s 216
        13⤵
        
        PID:7220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7896 -s 216
        12⤵
        
        PID:11324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2284 -s 216
        11⤵
        
        PID:8880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3852 -s 216
        10⤵
        
        PID:6468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 580 -s 236
        9⤵
        
        PID:4644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63902.exe
        8⤵
        
        PID:3880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4897.exe
        9⤵
        
        PID:5016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11473.exe
        10⤵
        
        PID:6864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7264.exe
        11⤵
        
        PID:10196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42631.exe
        12⤵
        
        PID:11764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10196 -s 216
        12⤵
        
        PID:12428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6864 -s 216
        11⤵
        
        PID:11032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3880 -s 216
        9⤵
        
        PID:5968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2484 -s 240
        8⤵
        
        PID:4808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2496 -s 240
        7⤵
        Program crash
        
        PID:2540
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2188 -s 240
        6⤵
        Program crash
        
        PID:1848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7550.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54469.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61395.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37769.exe
        8⤵
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52273.exe
        9⤵
        
        PID:4080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51109.exe
        10⤵
        
        PID:4408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52505.exe
        11⤵
        
        PID:7348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11663.exe
        12⤵
        
        PID:760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7279.exe
        13⤵
        
        PID:12780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 760 -s 216
        13⤵
        
        PID:13132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7348 -s 216
        12⤵
        
        PID:11136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4408 -s 216
        11⤵
        
        PID:8420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4080 -s 216
        10⤵
        
        PID:6588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2044 -s 236
        9⤵
        
        PID:4924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 216
        8⤵
        Program crash
        
        PID:3596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53158.exe
        7⤵
        Executes dropped EXE
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20158.exe
        8⤵
        
        PID:844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14316.exe
        9⤵
        
        PID:3404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58646.exe
        10⤵
        
        PID:5556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35190.exe
        11⤵
        
        PID:7604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28890.exe
        12⤵
        
        PID:10944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25256.exe
        13⤵
        
        PID:12788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10944 -s 236
        13⤵
        
        PID:8724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7604 -s 236
        12⤵
        
        PID:11860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5556 -s 236
        11⤵
        
        PID:8736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3404 -s 216
        10⤵
        
        PID:7852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 844 -s 216
        9⤵
        
        PID:5400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2556 -s 216
        8⤵
        Program crash
        
        PID:3580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1672 -s 220
        7⤵
        Program crash
        
        PID:2368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7487.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3153.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57635.exe
        8⤵
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53809.exe
        9⤵
        
        PID:3940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18027.exe
        10⤵
        
        PID:4104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31678.exe
        11⤵
        
        PID:7868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1923.exe
        12⤵
        
        PID:10376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10376 -s 212
        13⤵
        
        PID:13148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7868 -s 216
        12⤵
        
        PID:11304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4104 -s 216
        11⤵
        
        PID:8872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3940 -s 216
        10⤵
        
        PID:6508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2452 -s 236
        9⤵
        
        PID:4844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31831.exe
        8⤵
        
        PID:3992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48834.exe
        9⤵
        
        PID:5836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51973.exe
        10⤵
        
        PID:8176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7930.exe
        11⤵
        
        PID:10740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-283.exe
        12⤵
        
        PID:7224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10740 -s 216
        12⤵
        
        PID:7888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8176 -s 216
        11⤵
        
        PID:12184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5836 -s 216
        10⤵
        
        PID:9312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3992 -s 216
        9⤵
        
        PID:5508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 764 -s 240
        8⤵
        
        PID:4520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18636.exe
        7⤵
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21739.exe
        8⤵
        
        PID:4072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53641.exe
        9⤵
        
        PID:4632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-844.exe
        10⤵
        
        PID:7312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11663.exe
        11⤵
        
        PID:9404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23418.exe
        12⤵
        
        PID:12356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9404 -s 220
        12⤵
        
        PID:12836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7312 -s 216
        11⤵
        
        PID:11104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4632 -s 216
        10⤵
        
        PID:8428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4072 -s 216
        9⤵
        
        PID:6288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2908 -s 216
        8⤵
        
        PID:4384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2596 -s 240
        7⤵
        Program crash
        
        PID:3528
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2152 -s 240
        6⤵
        Program crash
        
        PID:2536
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2808 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12829.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12829.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8090.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29036.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37898.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7761.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1024.exe
        9⤵
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53616.exe
        10⤵
        
        PID:3788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58646.exe
        11⤵
        
        PID:5628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52162.exe
        12⤵
        
        PID:4984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14099.exe
        13⤵
        
        PID:9496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56972.exe
        14⤵
        
        PID:5596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9496 -s 216
        14⤵
        
        PID:6900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4984 -s 216
        13⤵
        
        PID:10452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5628 -s 216
        12⤵
        
        PID:7424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3788 -s 216
        11⤵
        
        PID:6936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2648 -s 236
        10⤵
        
        PID:5476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2260 -s 216
        9⤵
        Program crash
        
        PID:3668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21034.exe
        8⤵
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37562.exe
        9⤵
        
        PID:3808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10235.exe
        10⤵
        
        PID:5488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57919.exe
        11⤵
        
        PID:7528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40815.exe
        12⤵
        
        PID:10916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6444.exe
        13⤵
        
        PID:6724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10916 -s 216
        13⤵
        
        PID:8796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7528 -s 216
        12⤵
        
        PID:11876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5488 -s 216
        11⤵
        
        PID:8640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3808 -s 216
        10⤵
        
        PID:6980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1720 -s 236
        9⤵
        
        PID:5028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1320 -s 220
        8⤵
        Program crash
        
        PID:3588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21087.exe
        7⤵
        Executes dropped EXE
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58881.exe
        8⤵
        
        PID:1156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17912.exe
        9⤵
        
        PID:4764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5218.exe
        10⤵
        
        PID:6160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25864.exe
        11⤵
        
        PID:9544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39242.exe
        12⤵
        
        PID:5796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9544 -s 216
        12⤵
        
        PID:12292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6160 -s 216
        11⤵
        
        PID:11196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4764 -s 216
        10⤵
        
        PID:7748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1156 -s 216
        9⤵
        
        PID:6108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2584 -s 216
        8⤵
        Program crash
        
        PID:4160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3052 -s 240
        7⤵
        Program crash
        
        PID:1648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18909.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33273.exe
        7⤵
        
        PID:1952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46468.exe
        8⤵
        
        PID:1788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4640.exe
        9⤵
        
        PID:3680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24922.exe
        10⤵
        
        PID:6032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31255.exe
        11⤵
        
        PID:7760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19384.exe
        12⤵
        
        PID:11160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32695.exe
        13⤵
        
        PID:8072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7760 -s 216
        12⤵
        
        PID:12260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6032 -s 216
        11⤵
        
        PID:9388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3680 -s 216
        10⤵
        
        PID:6516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1788 -s 216
        9⤵
        
        PID:5252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28158.exe
        8⤵
        
        PID:3148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25563.exe
        9⤵
        
        PID:5696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62108.exe
        10⤵
        
        PID:7476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20880.exe
        11⤵
        
        PID:10024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11580.exe
        12⤵
        
        PID:5132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10024 -s 216
        12⤵
        
        PID:12620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7476 -s 216
        11⤵
        
        PID:11004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5696 -s 216
        10⤵
        
        PID:8512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3148 -s 216
        9⤵
        
        PID:7380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1952 -s 220
        8⤵
        
        PID:5348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12653.exe
        7⤵
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46335.exe
        8⤵
        
        PID:3388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-555.exe
        9⤵
        
        PID:5500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44473.exe
        10⤵
        
        PID:6768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26642.exe
        11⤵
        
        PID:10088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53907.exe
        12⤵
        
        PID:5792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10088 -s 216
        12⤵
        
        PID:12332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6768 -s 216
        11⤵
        
        PID:10868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5500 -s 236
        10⤵
        
        PID:7780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3388 -s 236
        9⤵
        
        PID:6428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2028 -s 236
        8⤵
        
        PID:5512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1604 -s 240
        7⤵
        Program crash
        
        PID:3704
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3012 -s 240
        6⤵
        Program crash
        
        PID:1248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9170.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56564.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53781.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63489.exe
        8⤵
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6591.exe
        9⤵
        
        PID:3836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37817.exe
        10⤵
        
        PID:5432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25813.exe
        11⤵
        
        PID:7712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46923.exe
        12⤵
        
        PID:10992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13600.exe
        13⤵
        
        PID:4088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10992 -s 216
        13⤵
        
        PID:12976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7712 -s 216
        12⤵
        
        PID:11916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5432 -s 216
        11⤵
        
        PID:8924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3836 -s 216
        10⤵
        
        PID:6944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2960 -s 236
        9⤵
        
        PID:4488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3747.exe
        8⤵
        
        PID:3956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43925.exe
        9⤵
        
        PID:5672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58205.exe
        10⤵
        
        PID:8180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47956.exe
        11⤵
        
        PID:11152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38951.exe
        12⤵
        
        PID:6912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11152 -s 216
        12⤵
        
        PID:9188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8180 -s 216
        11⤵
        
        PID:12020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5672 -s 216
        10⤵
        
        PID:9020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3956 -s 216
        9⤵
        
        PID:7052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2024 -s 220
        8⤵
        
        PID:4236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47272.exe
        7⤵
        
        PID:884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63073.exe
        8⤵
        
        PID:3972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6437.exe
        9⤵
        
        PID:5156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56770.exe
        10⤵
        
        PID:6452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11341.exe
        11⤵
        
        PID:10036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42858.exe
        12⤵
        
        PID:12720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10036 -s 204
        12⤵
        
        PID:7840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6452 -s 216
        11⤵
        
        PID:10608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5156 -s 216
        10⤵
        
        PID:8240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3972 -s 216
        9⤵
        
        PID:6964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 884 -s 236
        8⤵
        
        PID:5324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2800 -s 240
        7⤵
        Program crash
        
        PID:3156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51897.exe
        6⤵
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2560.exe
        7⤵
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50335.exe
        8⤵
        
        PID:4612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50013.exe
        9⤵
        
        PID:7112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26793.exe
        10⤵
        
        PID:9360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24518.exe
        11⤵
        
        PID:12312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9360 -s 216
        11⤵
        
        PID:12672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7112 -s 216
        10⤵
        
        PID:11076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4612 -s 216
        9⤵
        
        PID:7592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2264 -s 216
        8⤵
        
        PID:6040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2568 -s 216
        7⤵
        Program crash
        
        PID:4136
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2144 -s 240
        6⤵
        Program crash
        
        PID:1616
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1552 -s 240
        5⤵
        Program crash
        
        PID:3000
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2128 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:2812
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13007.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13007.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45523.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45523.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38049.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25388.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59859.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53255.exe
        8⤵
        
        PID:3008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51697.exe
        9⤵
        
        PID:4028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35816.exe
        10⤵
        
        PID:4824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39177.exe
        11⤵
        
        PID:8100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12772.exe
        12⤵
        
        PID:10668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12762.exe
        13⤵
        
        PID:12900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10668 -s 216
        13⤵
        
        PID:13296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8100 -s 236
        12⤵
        
        PID:11580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4824 -s 216
        11⤵
        
        PID:9076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4028 -s 216
        10⤵
        
        PID:6500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3008 -s 236
        9⤵
        
        PID:4752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2588 -s 216
        8⤵
        Program crash
        
        PID:3604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51897.exe
        7⤵
        Suspicious use of SetWindowsHookEx
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64.exe
        8⤵
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42279.exe
        9⤵
        
        PID:3916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64127.exe
        10⤵
        
        PID:5600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63773.exe
        11⤵
        
        PID:7956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7120.exe
        12⤵
        
        PID:11096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26538.exe
        13⤵
        
        PID:7008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11096 -s 216
        13⤵
        
        PID:6264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7956 -s 216
        12⤵
        
        PID:12004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5600 -s 216
        11⤵
        
        PID:9096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3916 -s 216
        10⤵
        
        PID:7044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1680 -s 236
        9⤵
        
        PID:4736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49352.exe
        8⤵
        
        PID:3092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2202.exe
        9⤵
        
        PID:5808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43019.exe
        10⤵
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64251.exe
        11⤵
        
        PID:10984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25880.exe
        12⤵
        
        PID:8760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2056 -s 216
        11⤵
        
        PID:12232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5808 -s 216
        10⤵
        
        PID:9368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3092 -s 216
        9⤵
        
        PID:6304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2544 -s 240
        8⤵
        
        PID:5184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1384 -s 240
        7⤵
        Program crash
        
        PID:1484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26288.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4414.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10079.exe
        8⤵
        
        PID:944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11562.exe
        9⤵
        
        PID:3216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35816.exe
        10⤵
        
        PID:4864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27070.exe
        11⤵
        
        PID:7816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1975.exe
        12⤵
        
        PID:10348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17596.exe
        13⤵
        
        PID:12652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10348 -s 216
        13⤵
        
        PID:1776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7816 -s 216
        12⤵
        
        PID:10556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4864 -s 220
        11⤵
        
        PID:8812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3216 -s 216
        10⤵
        
        PID:6492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 944 -s 236
        9⤵
        
        PID:4708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9678.exe
        8⤵
        
        PID:3320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57253.exe
        9⤵
        
        PID:4220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7287.exe
        10⤵
        
        PID:7740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1975.exe
        11⤵
        
        PID:10356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19753.exe
        12⤵
        
        PID:12928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10356 -s 216
        12⤵
        
        PID:8144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7740 -s 216
        11⤵
        
        PID:10808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4220 -s 216
        10⤵
        
        PID:8716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3320 -s 216
        9⤵
        
        PID:6420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3048 -s 240
        8⤵
        
        PID:4532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51283.exe
        7⤵
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30120.exe
        8⤵
        
        PID:3128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59368.exe
        9⤵
        
        PID:4324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39641.exe
        10⤵
        
        PID:7484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5086.exe
        11⤵
        
        PID:10820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56838.exe
        12⤵
        
        PID:13068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7484 -s 236
        11⤵
        
        PID:12216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4324 -s 216
        10⤵
        
        PID:8564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3128 -s 236
        9⤵
        
        PID:6648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2696 -s 236
        8⤵
        
        PID:4916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2632 -s 240
        7⤵
        Program crash
        
        PID:3520
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 776 -s 240
        6⤵
        Program crash
        
        PID:1036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27343.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47114.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26044.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31307.exe
        8⤵
        
        PID:3360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64814.exe
        9⤵
        
        PID:4608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48445.exe
        10⤵
        
        PID:7988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11586.exe
        11⤵
        
        PID:10536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18705.exe
        12⤵
        
        PID:13104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10536 -s 220
        12⤵
        
        PID:12608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7988 -s 220
        11⤵
        
        PID:11460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4608 -s 216
        10⤵
        
        PID:8944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3360 -s 216
        9⤵
        
        PID:6560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1676 -s 216
        8⤵
        
        PID:4836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47272.exe
        7⤵
        
        PID:2444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14892.exe
        8⤵
        
        PID:3212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52621.exe
        9⤵
        
        PID:5228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57652.exe
        10⤵
        
        PID:9108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61679.exe
        11⤵
        
        PID:11744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9108 -s 236
        11⤵
        
        PID:11732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5228 -s 236
        10⤵
        
        PID:9876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3212 -s 220
        9⤵
        
        PID:7688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2444 -s 216
        8⤵
        
        PID:5296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2724 -s 220
        7⤵
        Program crash
        
        PID:3776
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1252 -s 236
        6⤵
        Program crash
        
        PID:2040
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2940 -s 240
        5⤵
        Program crash
        
        PID:1924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6014.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6014.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12782.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50643.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24508.exe
        7⤵
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27387.exe
        8⤵
        
        PID:1128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26891.exe
        9⤵
        
        PID:3624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19155.exe
        10⤵
        
        PID:6116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56965.exe
        11⤵
        
        PID:8836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31050.exe
        12⤵
        
        PID:11980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8836 -s 216
        12⤵
        
        PID:5196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6116 -s 216
        11⤵
        
        PID:9432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3624 -s 216
        10⤵
        
        PID:7640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1128 -s 216
        9⤵
        
        PID:5692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2976 -s 236
        8⤵
        Program crash
        
        PID:3860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38055.exe
        7⤵
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62497.exe
        8⤵
        
        PID:3888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26977.exe
        9⤵
        
        PID:5976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29719.exe
        10⤵
        
        PID:7328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17848.exe
        11⤵
        
        PID:11244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55584.exe
        12⤵
        
        PID:9044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7328 -s 236
        11⤵
        
        PID:11188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5976 -s 216
        10⤵
        
        PID:9396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3888 -s 216
        9⤵
        
        PID:7132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2692 -s 216
        8⤵
        
        PID:5244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1328 -s 240
        7⤵
        Program crash
        
        PID:3980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13983.exe
        6⤵
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43448.exe
        7⤵
        
        PID:1404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18590.exe
        8⤵
        
        PID:3228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4698.exe
        9⤵
        
        PID:5776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6254.exe
        10⤵
        
        PID:7804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49866.exe
        11⤵
        
        PID:10588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20729.exe
        12⤵
        
        PID:8656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7804 -s 216
        11⤵
        
        PID:12144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5776 -s 216
        10⤵
        
        PID:9232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3228 -s 216
        9⤵
        
        PID:6212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1404 -s 236
        8⤵
        
        PID:5144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50312.exe
        7⤵
        
        PID:3572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57511.exe
        8⤵
        
        PID:6004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58250.exe
        9⤵
        
        PID:5016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40388.exe
        10⤵
        
        PID:10952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17422.exe
        11⤵
        
        PID:8540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5016 -s 216
        10⤵
        
        PID:11520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6004 -s 216
        9⤵
        
        PID:9464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3572 -s 216
        8⤵
        
        PID:7152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1692 -s 240
        7⤵
        
        PID:5232
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1796 -s 240
        6⤵
        Program crash
        
        PID:2872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17072.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6225.exe
        6⤵
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18046.exe
        7⤵
        
        PID:628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40634.exe
        8⤵
        
        PID:4008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53951.exe
        9⤵
        
        PID:5712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53670.exe
        10⤵
        
        PID:7632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27225.exe
        11⤵
        
        PID:10532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65348.exe
        12⤵
        
        PID:12908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10532 -s 236
        12⤵
        
        PID:4560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7632 -s 216
        11⤵
        
        PID:12152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5712 -s 216
        10⤵
        
        PID:8732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4008 -s 216
        9⤵
        
        PID:7072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 628 -s 236
        8⤵
        
        PID:4284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31754.exe
        7⤵
        
        PID:3112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43349.exe
        8⤵
        
        PID:5644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29856.exe
        9⤵
        
        PID:7488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3410.exe
        10⤵
        
        PID:10304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61553.exe
        11⤵
        
        PID:12436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7488 -s 236
        10⤵
        
        PID:12104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5644 -s 216
        9⤵
        
        PID:8860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3112 -s 216
        8⤵
        
        PID:7028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2348 -s 240
        7⤵
        
        PID:5072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29674.exe
        6⤵
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36711.exe
        7⤵
        
        PID:3372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3162.exe
        8⤵
        
        PID:5864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8976.exe
        9⤵
        
        PID:7560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21081.exe
        10⤵
        
        PID:11060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64530.exe
        11⤵
        
        PID:7892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7560 -s 216
        10⤵
        
        PID:12240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5864 -s 216
        9⤵
        
        PID:9380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3372 -s 216
        8⤵
        
        PID:6460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2576 -s 236
        7⤵
        
        PID:5168
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2816 -s 240
        6⤵
        Program crash
        
        PID:3760
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1956 -s 240
        5⤵
        Program crash
        
        PID:2512
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2912 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1752
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1264 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2076
- C:\Users\Admin\AppData\Local\Temp\Unicorn-58297.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-58297.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2700
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19168.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19168.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51444.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51444.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39564.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61395.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35224.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52451.exe
        8⤵
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61038.exe
        9⤵
        
        PID:3100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31784.exe
        10⤵
        
        PID:4656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63608.exe
        11⤵
        
        PID:7788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36978.exe
        12⤵
        
        PID:10316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20556.exe
        13⤵
        
        PID:12992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10316 -s 216
        13⤵
        
        PID:13228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7788 -s 216
        12⤵
        
        PID:10900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4656 -s 220
        11⤵
        
        PID:8772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3100 -s 216
        10⤵
        
        PID:6476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1540 -s 236
        9⤵
        
        PID:4664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11214.exe
        8⤵
        
        PID:3172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41153.exe
        9⤵
        
        PID:5900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5900 -s 200
        10⤵
        
        PID:6916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3172 -s 216
        9⤵
        
        PID:6620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1936 -s 240
        8⤵
        
        PID:4548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29653.exe
        7⤵
        
        PID:2304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21739.exe
        8⤵
        
        PID:4064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34280.exe
        9⤵
        
        PID:4192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21813.exe
        10⤵
        
        PID:7664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36978.exe
        11⤵
        
        PID:10324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4099.exe
        12⤵
        
        PID:4480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10324 -s 216
        12⤵
        
        PID:12420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7664 -s 216
        11⤵
        
        PID:10804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4192 -s 216
        10⤵
        
        PID:8684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4064 -s 216
        9⤵
        
        PID:6552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2304 -s 216
        8⤵
        
        PID:4876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2844 -s 240
        7⤵
        Program crash
        
        PID:3504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13246.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57059.exe
        7⤵
        
        PID:2376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31080.exe
        8⤵
        
        PID:3180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9505.exe
        9⤵
        
        PID:5084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15083.exe
        10⤵
        
        PID:6208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14099.exe
        11⤵
        
        PID:9500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32121.exe
        12⤵
        
        PID:12584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9500 -s 216
        12⤵
        
        PID:13032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6208 -s 216
        11⤵
        
        PID:10444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5084 -s 236
        10⤵
        
        PID:7564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3180 -s 216
        9⤵
        
        PID:6388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9678.exe
        7⤵
        
        PID:3296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10382.exe
        8⤵
        
        PID:4672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31029.exe
        9⤵
        
        PID:7552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7552 -s 200
        10⤵
        
        PID:10136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4672 -s 216
        9⤵
        
        PID:8600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3296 -s 216
        8⤵
        
        PID:6412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1932 -s 240
        7⤵
        
        PID:4512
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1944 -s 240
        6⤵
        Program crash
        
        PID:2420
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1660 -s 216
        5⤵
        Program crash
        
        PID:1756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6014.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6014.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45673.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20109.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16252.exe
        7⤵
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28487.exe
        8⤵
        
        PID:1872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1568.exe
        9⤵
        
        PID:3188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58066.exe
        10⤵
        
        PID:5532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-675.exe
        11⤵
        
        PID:7832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64017.exe
        12⤵
        
        PID:11124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41939.exe
        13⤵
        
        PID:7580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11124 -s 216
        13⤵
        
        PID:8756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7832 -s 216
        12⤵
        
        PID:12012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5532 -s 216
        11⤵
        
        PID:9056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3188 -s 216
        10⤵
        
        PID:6988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1872 -s 216
        9⤵
        
        PID:4748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21889.exe
        8⤵
        
        PID:3416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24346.exe
        9⤵
        
        PID:6060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7762.exe
        10⤵
        
        PID:8212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15473.exe
        11⤵
        
        PID:10728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3804.exe
        12⤵
        
        PID:8268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8212 -s 216
        11⤵
        
        PID:11476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6060 -s 216
        10⤵
        
        PID:9512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3416 -s 216
        9⤵
        
        PID:6536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2340 -s 240
        8⤵
        
        PID:5276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47272.exe
        7⤵
        
        PID:1376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5261.exe
        8⤵
        
        PID:3924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-841.exe
        9⤵
        
        PID:6052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54699.exe
        10⤵
        
        PID:9032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31835.exe
        11⤵
        
        PID:11700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9032 -s 216
        11⤵
        
        PID:11740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6052 -s 216
        10⤵
        
        PID:9844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3924 -s 216
        9⤵
        
        PID:7608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1376 -s 216
        8⤵
        
        PID:5608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2820 -s 240
        7⤵
        Program crash
        
        PID:4092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43256.exe
        6⤵
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2560.exe
        7⤵
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-653.exe
        8⤵
        
        PID:3244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15387.exe
        9⤵
        
        PID:5832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15015.exe
        10⤵
        
        PID:7372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26645.exe
        11⤵
        
        PID:10792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61620.exe
        12⤵
        
        PID:12628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10792 -s 236
        12⤵
        
        PID:12736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7372 -s 216
        11⤵
        
        PID:11776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5832 -s 216
        10⤵
        
        PID:9200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3244 -s 216
        9⤵
        
        PID:7944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2196 -s 216
        8⤵
        
        PID:5748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2656 -s 216
        7⤵
        Program crash
        
        PID:3536
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2336 -s 240
        6⤵
        Program crash
        
        PID:2600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30777.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51830.exe
        6⤵
        
        PID:1516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9405.exe
        7⤵
        
        PID:1280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39828.exe
        8⤵
        
        PID:4036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39209.exe
        9⤵
        
        PID:6188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12916.exe
        10⤵
        
        PID:9532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54979.exe
        11⤵
        
        PID:11720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9532 -s 236
        11⤵
        
        PID:12636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6188 -s 236
        10⤵
        
        PID:10612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4036 -s 216
        9⤵
        
        PID:7320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1280 -s 216
        8⤵
        
        PID:5680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1516 -s 236
        7⤵
        Program crash
        
        PID:2324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55077.exe
        6⤵
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65230.exe
        7⤵
        
        PID:3448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48589.exe
        8⤵
        
        PID:6012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56585.exe
        9⤵
        
        PID:8848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27315.exe
        10⤵
        
        PID:11632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8848 -s 216
        10⤵
        
        PID:11348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6012 -s 216
        9⤵
        
        PID:9752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3448 -s 216
        8⤵
        
        PID:7540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1764 -s 216
        7⤵
        
        PID:5580
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2232 -s 240
        6⤵
        Program crash
        
        PID:3144
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2352 -s 240
        5⤵
        Program crash
        
        PID:1092
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2560 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1820
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12912.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12912.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25880.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25880.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31968.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56564.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33273.exe
        7⤵
        
        PID:1960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58881.exe
        8⤵
        
        PID:1136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57788.exe
        9⤵
        
        PID:3948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11017.exe
        10⤵
        
        PID:5944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13943.exe
        11⤵
        
        PID:8532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29382.exe
        12⤵
        
        PID:11404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59232.exe
        13⤵
        
        PID:9156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8532 -s 216
        12⤵
        
        PID:11976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5944 -s 216
        11⤵
        
        PID:9660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3948 -s 216
        10⤵
        
        PID:7500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1136 -s 216
        9⤵
        
        PID:6128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1960 -s 236
        8⤵
        Program crash
        
        PID:3900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23582.exe
        7⤵
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17490.exe
        8⤵
        
        PID:4088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40480.exe
        9⤵
        
        PID:5040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15754.exe
        10⤵
        
        PID:7248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57361.exe
        11⤵
        
        PID:10052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38415.exe
        12⤵
        
        PID:5136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10052 -s 216
        12⤵
        
        PID:12604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7248 -s 216
        11⤵
        
        PID:10684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5040 -s 216
        10⤵
        
        PID:8320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2488 -s 236
        8⤵
        
        PID:5356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2856 -s 240
        7⤵
        Program crash
        
        PID:3484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31964.exe
        6⤵
        
        PID:1192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10365.exe
        7⤵
        
        PID:1520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25525.exe
        8⤵
        
        PID:4852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52205.exe
        9⤵
        
        PID:6624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18069.exe
        10⤵
        
        PID:10028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20877.exe
        11⤵
        
        PID:11604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10028 -s 216
        11⤵
        
        PID:12324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6624 -s 216
        10⤵
        
        PID:10844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4852 -s 236
        9⤵
        
        PID:7676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1520 -s 236
        8⤵
        
        PID:6084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1192 -s 236
        7⤵
        Program crash
        
        PID:4204
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 832 -s 220
        6⤵
        Program crash
        
        PID:2640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18032.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7761.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29447.exe
        7⤵
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27415.exe
        8⤵
        
        PID:3408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60035.exe
        9⤵
        
        PID:6016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2462.exe
        10⤵
        
        PID:9408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37940.exe
        11⤵
        
        PID:11824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9408 -s 216
        11⤵
        
        PID:12688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6016 -s 216
        10⤵
        
        PID:10492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3408 -s 236
        9⤵
        
        PID:7256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3028 -s 236
        8⤵
        
        PID:5452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9472.exe
        6⤵
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5261.exe
        7⤵
        
        PID:4020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18579.exe
        8⤵
        
        PID:6088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34310.exe
        9⤵
        
        PID:8960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32411.exe
        10⤵
        
        PID:11672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8960 -s 216
        10⤵
        
        PID:11680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6088 -s 236
        9⤵
        
        PID:9800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4020 -s 216
        8⤵
        
        PID:7624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1740 -s 216
        7⤵
        
        PID:5616
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2892 -s 220
        6⤵
        Program crash
        
        PID:4048
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2220 -s 240
        5⤵
        Program crash
        
        PID:2120
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12102.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12102.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55604.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64767.exe
        6⤵
        
        PID:316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56385.exe
        7⤵
        
        PID:2388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26730.exe
        8⤵
        
        PID:3232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23497.exe
        9⤵
        
        PID:6152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45947.exe
        10⤵
        
        PID:9488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46902.exe
        11⤵
        
        PID:11964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9488 -s 216
        11⤵
        
        PID:12768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6152 -s 216
        10⤵
        
        PID:10572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3232 -s 236
        9⤵
        
        PID:7292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2388 -s 216
        8⤵
        
        PID:5428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 316 -s 236
        7⤵
        Program crash
        
        PID:4044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24542.exe
        6⤵
        
        PID:1352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2144.exe
        7⤵
        
        PID:3292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59047.exe
        8⤵
        
        PID:5948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7762.exe
        9⤵
        
        PID:8224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23367.exe
        10⤵
        
        PID:11108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55295.exe
        11⤵
        
        PID:8556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8224 -s 236
        10⤵
        
        PID:11452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5948 -s 216
        9⤵
        
        PID:9520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3292 -s 216
        8⤵
        
        PID:6884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1352 -s 236
        7⤵
        
        PID:5204
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1612 -s 240
        6⤵
        Program crash
        
        PID:3752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12447.exe
        5⤵
        
        PID:2100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33095.exe
        6⤵
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51954.exe
        7⤵
        
        PID:4728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4642.exe
        8⤵
        
        PID:6200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16648.exe
        9⤵
        
        PID:9860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1316.exe
        10⤵
        
        PID:12504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9860 -s 216
        10⤵
        
        PID:13000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6200 -s 216
        9⤵
        
        PID:11236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4728 -s 216
        8⤵
        
        PID:7828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2412 -s 216
        7⤵
        
        PID:6096
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2100 -s 216
        6⤵
        Program crash
        
        PID:4152
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1636 -s 240
        5⤵
        Program crash
        
        PID:2668
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1628 -s 240
      4⤵
      Program crash
      PID:2760
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2700 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2952
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2468 -s 240
  2⤵
  - Program crash
  PID:2684

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-12829.exe

Filesize
184KB

MD5
cda805e6edc9f528eca79b95caf397e4

SHA1
69488ed912d6e2a990618b209c51bd9664da78ba

SHA256
5345edeb2aaf37f6fe353b17468928161ccd132abe375f29be00b145251f3798

SHA512
d23c856e38f65c34312441180aca6dc42dc53b5ec771fd26ea6c081a635c77ca11b701c90b67021566d85d79ebc13136959584ac8771a733b924612c377be811

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-12912.exe

Filesize
184KB

MD5
e8f002c2b2e47a93fd3c50ee209841b7

SHA1
d1652750c41a4289b9952ed08a1e4ca7c7e9763b

SHA256
97893f72250b52b4e6658c3570ce1d059cf362e4b766fd5bcc37d20cb83d7d97

SHA512
b04922c54f718902ced77109ecf8a64c5fdbb8c9f16d79ad92d9b8eab45e8dd15905a038cb0b14f51ae2cfceed88d0256a1f32673536f6fbc9c341563f5403c0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19168.exe

Filesize
184KB

MD5
da4f46e4dd449d5c9f5f657c486c3003

SHA1
e6afa36f172aab2cdd9407710885c275cf43b690

SHA256
ae6467e71dc4577abc9bb6b98096e9d1253f8951bc3b78746d2a6a8cda7f7eec

SHA512
9a5c668f701f02b017f51a2c5c78aa9895c1fed595091e4dc914a65610c51d3af78a4f7d1d53083a24804ad46210d1ca7f285998809113436827b9d6907e2630

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45523.exe

Filesize
184KB

MD5
e70f0b132780275be1092f8244a2273e

SHA1
81bab2db558ab79f00b4f28afcb22933cd21e651

SHA256
3cb991c39208a3800e59847138efa11bc3aa11f9695a1cf41f58699f4b26e142

SHA512
ea957ef1a9f48c21c183779c12ad5a5f8f59382f157cf7dace198ea415be5d055f945990377fa6f2ad8ea02ebef0bdabc26248cf98a86a20a834115db971d611

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5708.exe

Filesize
184KB

MD5
563efd5c029572baef9a81be4ea51e49

SHA1
2ed3b77933edadb23da3d43fd43fdcbd600f550b

SHA256
e58da2eabb89f2fe6489878a6c03045b648d3457cf03885950448e334c7197b4

SHA512
ed31690263ceb20928c81027b0922d44186794a937b78946459e627b60e30c71cfa41f46bde91fa60c527a2c06527afe2db3a4779d045b8ffd6b3fcaa7e3ad0e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58250.exe

Filesize
184KB

MD5
c94c58a1de780629fae795ac6a50249c

SHA1
2896971b85647e5bc3c212b021976c661ce1a8b6

SHA256
705dd7d59367bf7b14ee7ed6a393d796562d0328dcf858b7fdc811dc61df6714

SHA512
a76c0d780f628f26ab8bbe22790ab9df5d063f9d8f1017a1b8ebd148dbf74f3be99cf212933068123f8d9bddd9704863dbf0c71fa1369b8e66c0523f5e3ffb07

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59375.exe

Filesize
184KB

MD5
65e50293a2f229d69826e892132cecc9

SHA1
535fdbd31341fd55b23f428309c35db85e2990d3

SHA256
3e9299c24af622d23795b45a5c2814097bda94db8d35fe9b9edbc018da9aa2eb

SHA512
f5ab465a968f71b8edb670453ca0740ee6b39dc820856ed0bb67a00c1413f72e29ede9892078cca7ccd909d2b0cab899f057cc2b7f8c1c8c81495eda5f606a6e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60890.exe

Filesize
184KB

MD5
dbae615578fcc3bab86f58347b2bfa2a

SHA1
c260a40232740e1855fc1c57096d8632e7be42ce

SHA256
dcc3799e0fd041979fd8ffd24ac0ceeff3a30b19e7a5d631ecc0e2307f6a09ab

SHA512
8819ab4518f1d48bce52721a0e38097ea9d3485067837da704ef62b6df79358ffdd3c0cf2f39b1c85a5a7593bd56b933a2169d80f8b77135771c19f97d12aa05

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6225.exe

Filesize
184KB

MD5
71b5e73933a099e1bbabb11d55ad63b8

SHA1
9bc8b30c37c8fb3802fb226ebbf12d652905b610

SHA256
f8b7686ed11e9533c16aba4b874f7a0c81b3dd6718a8f86cbf8b259e597bcaf9

SHA512
4468712dc1e2ffaf671c3d007a83a4f2b5ffe11f9414b42361241f3cff3f8f9c701ec50fe16f84f13ac09d381ca5661bd279bb0218248105f7e346eae3347a22

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6591.exe

Filesize
184KB

MD5
ca6393f4678620f5739a11ac0da751f7

SHA1
e1f72fdf6008f5a007f2ed618d8336e95c0ce637

SHA256
fd0a2f729825b2397b00aaa6feb8d704d9e25195264ad2ad8aa3ba9f8231d273

SHA512
c0301728b8d4c435063895e6177bd16f0946a5ed05b3a59f2f9f19405fd5ef58ef3643dc442a6dfaab424fe1691ed0fcce315e04009ea4a8156cda46c1bf3a21

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9678.exe

Filesize
184KB

MD5
e75c6033d9f0347a5425311a9746f281

SHA1
ee86f5f5bc8120ed98329713e9a3b66cda8666ff

SHA256
76d86884480e0d29473c47cc4cb11e21231b82966368c1bb485abf5ecee716bb

SHA512
e68a4643370eec61be12bd42910670f3637c7b3457804db0543b23ab7ae047c53c7e02f432b6987f1c0bde140cfc23236997d445658bdc7bf05d4bbcfe17d933

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-13007.exe

Filesize
184KB

MD5
e644d5e6e05c7f9884325399e5218fb3

SHA1
6b19338fd01345cb9dfbd2ba87573ac326dfb3b2

SHA256
3518030c66740c5e8f84b714f19fda33c18dc62171167d194222bb1ef9926698

SHA512
223b0338eabf2198c86e7969065b699d0e2a6f28ec6094b58995e1dbac7c165d876e8ce4935da8057442aba48b73f06251aac8511ef6f085cc42d9d9e654a4d2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-15072.exe

Filesize
184KB

MD5
fea984d9f59951d918be2644d455fdc3

SHA1
ab8b6e169bcb1ae53b2b76a47104ad3cb49df6c7

SHA256
24a5fd5d5bd13db4e33dc9d929c8f75e1b4bd287fbe28c801bb78bbb49ef91aa

SHA512
d1dc8681aaa62cc792f70d66dfa364e8f4cfa6a290b6925fdb5814c5e95ee0d8600c158ebaf3be74f1dd6a6eed8d88d0c43b263f3eb6552650d73ec5fcfdb06c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26139.exe

Filesize
184KB

MD5
467f8b3b7a404ac99a8eff5c6142ff74

SHA1
35831bcd2b035198dfc14dff211b812c4a918082

SHA256
6e4e617fd5f23e779b9ef7a8a562378cace724a673738d10f71c626edf5ee70d

SHA512
e3c35ad82fcba7a138eaef1b03de70280cb85281800b3f34ac89a57ad0f597cb56d6a59717b8220b4b7322a07c33ecddf6e784e01e9dbd8b4a6ebbbf0821dd00

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-31818.exe

Filesize
184KB

MD5
3bd947cc4ab2a6d024ffe202af22ac1a

SHA1
f006bba38c7ef63d8f799e61f5fc43526c433c59

SHA256
64a979d33b37b275b470fa87e78c8ae05dfe28835e31597d6ec533d337ecdef8

SHA512
cf9e4ba1dffda29713e59a64e70b4cbb3f30557d75c47f470d607c12cef36c5926d6ed1b5b595b7b5eb6a2b7ed2cb2d3ee9148d2e47cc7c7f1e023b0e20baceb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-51444.exe

Filesize
184KB

MD5
b70622d606e44c56893e34b00599a544

SHA1
8b3b184861acf2d73a8c8aa5c78112fdf7d8daaa

SHA256
abce600dfa0cee86060701bcfd6640984a542e003d6a4c1d4bc4a77be7181aba

SHA512
819632aa106207dc02855777784730eb00384d262b183d215f1b3ac646bb7d5a2a80cc18cc52aebe187318c0ad9da69c2de5b63b24dc0634244045addb9a18f4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-58297.exe

Filesize
184KB

MD5
bb10e2c4e2e40d8fcfdc88614246cd38

SHA1
baffed6c91578b64b88231d70ee094c8d607cb8b

SHA256
eba02c3b4641583815ebee776552c722fe0d7d86435d9cb468996f9d5fe561c4

SHA512
fe47b5e00cc8a2ff3726b682781edb0c58ca882835d46c628b0ce5b6816c94f36def0696ae0318578d7bf1254df208c8db6b635a4cf2b04394ba0c52721ddc83

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-61044.exe

Filesize
184KB

MD5
4e2bf593523275ee5be67eb37809d48c

SHA1
00c8c48f97b5317e4162226c30a1c1d31a380d8b

SHA256
d672b653cf1bda437e8c346b8cbf88c64baf9e90ed0e94b3cd7eb03bd03207f5

SHA512
912f052fd65cb2ec8f2c7e3bd8b4ce7d8c357b5704b2f277250910c761ad725b2c7631eb7b3d7439af3aee84dc201d2e86b2e56f57a46b7d0904afb7d26e48e1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-7550.exe

Filesize
184KB

MD5
0ac8158b570503c6a7a008c0a50e5c4f

SHA1
29258be69ca28dedf93ce4ba311f0083a8cb9a5c

SHA256
67de7452fad560022a669abd142777657482b5f571b361688ff659d2261540a0

SHA512
b5e3198d2f5c5a532d6969edd48b9d6b774c523e138754457769062e45856beb1085bd9ee96b810d447606c68faeca6e0bf6c46fc0e2fe0bb9c43f15dc054b6c

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads