be5e96e289591075528218152ad723f20fe406a59e9aa7a05c4d299c6f5d6264

Analysis

max time kernel
146s
max time network
120s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
28/05/2024, 01:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2c04dfa294029bc0e834111338c55630_NeikiAnalytics.exe
Size

184KB
MD5

2c04dfa294029bc0e834111338c55630
SHA1

a5230ad2ef010216199953bbc40c20658db898d4
SHA256

be5e96e289591075528218152ad723f20fe406a59e9aa7a05c4d299c6f5d6264
SHA512

c15c23c53d3cb047e9eaf8d129218c2826595cc6a2596cde269874310fe55f6fe29a8ab44ff92a4bf1be75d70b6fbccf486d22a7e7a06ea925d86ed20e5f2030
SSDEEP

3072:UnfEUgolNpw5DR1YeUqpHXjACYQasgtE+BlOCqvUuIhlnVOFknr:UnEomZR1TRXjAd7i4hlnVOFk

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2224	Unicorn-15321.exe
2124	Unicorn-20805.exe
2572	Unicorn-939.exe
2720	Unicorn-44531.exe
2600	Unicorn-48293.exe
2740	Unicorn-2621.exe
2792	Unicorn-56140.exe
2812	Unicorn-21007.exe
2932	Unicorn-57100.exe
1740	Unicorn-21967.exe
1676	Unicorn-41833.exe
1552	Unicorn-52962.exe
1704	Unicorn-32904.exe
2884	Unicorn-20098.exe
2256	Unicorn-17794.exe
2328	Unicorn-17794.exe
536	Unicorn-13771.exe
1812	Unicorn-38256.exe
1560	Unicorn-22989.exe
1072	Unicorn-3123.exe
2092	Unicorn-6159.exe
1608	Unicorn-51639.exe
1636	Unicorn-30384.exe
1700	Unicorn-43382.exe
1332	Unicorn-63248.exe
568	Unicorn-58458.exe
1132	Unicorn-26246.exe
2928	Unicorn-41705.exe
2752	Unicorn-6188.exe
2648	Unicorn-21839.exe
340	Unicorn-21647.exe
2668	Unicorn-9224.exe
2656	Unicorn-9032.exe
2760	Unicorn-7148.exe
2480	Unicorn-42281.exe
2488	Unicorn-9800.exe
2220	Unicorn-60070.exe
1756	Unicorn-60070.exe
2240	Unicorn-40204.exe
2788	Unicorn-51030.exe
2852	Unicorn-5358.exe
2308	Unicorn-60283.exe
2052	Unicorn-60631.exe
2832	Unicorn-47180.exe
2524	Unicorn-2084.exe
2288	Unicorn-34949.exe
1168	Unicorn-29914.exe
2432	Unicorn-55810.exe
1084	Unicorn-17492.exe
2336	Unicorn-5924.exe
1880	Unicorn-5924.exe
1976	Unicorn-23906.exe
1032	Unicorn-19499.exe
1068	Unicorn-39365.exe
3032	Unicorn-30490.exe
2044	Unicorn-50356.exe
1416	Unicorn-36712.exe
2076	Unicorn-36712.exe
1624	Unicorn-52556.exe
3044	Unicorn-6884.exe
3056	Unicorn-57154.exe
2984	Unicorn-25453.exe
1468	Unicorn-11145.exe
2116	Unicorn-56397.exe

Loads dropped DLL 64 IoCs

pid	Process
2388	2c04dfa294029bc0e834111338c55630_NeikiAnalytics.exe
2388	2c04dfa294029bc0e834111338c55630_NeikiAnalytics.exe
2388	2c04dfa294029bc0e834111338c55630_NeikiAnalytics.exe
2224	Unicorn-15321.exe
2224	Unicorn-15321.exe
2388	2c04dfa294029bc0e834111338c55630_NeikiAnalytics.exe
2124	Unicorn-20805.exe
2124	Unicorn-20805.exe
2224	Unicorn-15321.exe
2224	Unicorn-15321.exe
2572	Unicorn-939.exe
2572	Unicorn-939.exe
2636	WerFault.exe
2636	WerFault.exe
2636	WerFault.exe
2636	WerFault.exe
2636	WerFault.exe
2720	Unicorn-44531.exe
2720	Unicorn-44531.exe
2124	Unicorn-20805.exe
2124	Unicorn-20805.exe
2740	Unicorn-2621.exe
2740	Unicorn-2621.exe
2572	Unicorn-939.exe
2572	Unicorn-939.exe
2600	Unicorn-48293.exe
2600	Unicorn-48293.exe
1568	WerFault.exe
1568	WerFault.exe
1568	WerFault.exe
1568	WerFault.exe
2780	WerFault.exe
2780	WerFault.exe
2780	WerFault.exe
2780	WerFault.exe
2780	WerFault.exe
1568	WerFault.exe
2792	Unicorn-56140.exe
2792	Unicorn-56140.exe
2720	Unicorn-44531.exe
2720	Unicorn-44531.exe
2812	Unicorn-21007.exe
2812	Unicorn-21007.exe
1676	Unicorn-41833.exe
1740	Unicorn-21967.exe
1676	Unicorn-41833.exe
1740	Unicorn-21967.exe
2600	Unicorn-48293.exe
2600	Unicorn-48293.exe
764	WerFault.exe
764	WerFault.exe
764	WerFault.exe
764	WerFault.exe
764	WerFault.exe
600	WerFault.exe
600	WerFault.exe
600	WerFault.exe
600	WerFault.exe
600	WerFault.exe
3052	WerFault.exe
3052	WerFault.exe
3052	WerFault.exe
3052	WerFault.exe
3052	WerFault.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2596	2388	WerFault.exe	27
2636	2224	WerFault.exe	28
1568	2124	WerFault.exe	30
2780	2572	WerFault.exe	29
764	2720	WerFault.exe	32
600	2740	WerFault.exe	34
3052	2600	WerFault.exe	33
1152	2792	WerFault.exe	36
2324	2812	WerFault.exe	37
896	2932	WerFault.exe	38
2208	1676	WerFault.exe	40
2180	1740	WerFault.exe	39
1464	1552	WerFault.exe	43
2440	1704	WerFault.exe	44
1904	2884	WerFault.exe	45
2348	2328	WerFault.exe	47
1600	2256	WerFault.exe	46
2096	536	WerFault.exe	48
2652	2092	WerFault.exe	55
2464	1560	WerFault.exe	53
2584	1812	WerFault.exe	52
2516	1072	WerFault.exe	54
2816	1608	WerFault.exe	56
2844	1332	WerFault.exe	59
1264	1636	WerFault.exe	57
1640	1700	WerFault.exe	58
2040	568	WerFault.exe	60
2824	1132	WerFault.exe	66
408	2928	WerFault.exe	67
1040	2668	WerFault.exe	71
1424	2752	WerFault.exe	68
1340	2648	WerFault.exe	69
2936	340	WerFault.exe	70
2616	2760	WerFault.exe	73
2380	2220	WerFault.exe	77
1776	2488	WerFault.exe	75
2764	2480	WerFault.exe	74
592	2656	WerFault.exe	72
1176	1756	WerFault.exe	78
940	2852	WerFault.exe	80
1944	2788	WerFault.exe	79
820	2240	WerFault.exe	76
3744	2892	WerFault.exe	136
3416	1548	WerFault.exe	87
3448	2308	WerFault.exe	88
3712	2052	WerFault.exe	89
3740	2832	WerFault.exe	90
3804	1168	WerFault.exe	93
3824	2044	WerFault.exe	102
3864	3044	WerFault.exe	106
3888	1976	WerFault.exe	98
3916	1084	WerFault.exe	95
3928	2076	WerFault.exe	104
3960	1624	WerFault.exe	105
4048	1032	WerFault.exe	99
3076	2524	WerFault.exe	91
3128	2432	WerFault.exe	94
3144	2288	WerFault.exe	92
3312	1068	WerFault.exe	100
3408	3032	WerFault.exe	101
3524	3056	WerFault.exe	107
3676	1880	WerFault.exe	96
3172	1416	WerFault.exe	103
3484	2336	WerFault.exe	97

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2388	2c04dfa294029bc0e834111338c55630_NeikiAnalytics.exe
2224	Unicorn-15321.exe
2124	Unicorn-20805.exe
2572	Unicorn-939.exe
2720	Unicorn-44531.exe
2600	Unicorn-48293.exe
2740	Unicorn-2621.exe
2792	Unicorn-56140.exe
2812	Unicorn-21007.exe
1676	Unicorn-41833.exe
2932	Unicorn-57100.exe
1740	Unicorn-21967.exe
1552	Unicorn-52962.exe
1704	Unicorn-32904.exe
2884	Unicorn-20098.exe
2328	Unicorn-17794.exe
536	Unicorn-13771.exe
2256	Unicorn-17794.exe
1812	Unicorn-38256.exe
1560	Unicorn-22989.exe
1072	Unicorn-3123.exe
2092	Unicorn-6159.exe
1608	Unicorn-51639.exe
1636	Unicorn-30384.exe
1700	Unicorn-43382.exe
1332	Unicorn-63248.exe
568	Unicorn-58458.exe
2928	Unicorn-41705.exe
2648	Unicorn-21839.exe
2752	Unicorn-6188.exe
2668	Unicorn-9224.exe
340	Unicorn-21647.exe
2656	Unicorn-9032.exe
2760	Unicorn-7148.exe
2480	Unicorn-42281.exe
2220	Unicorn-60070.exe
2488	Unicorn-9800.exe
1756	Unicorn-60070.exe
2240	Unicorn-40204.exe
2788	Unicorn-51030.exe
2852	Unicorn-5358.exe
1548	Unicorn-29687.exe
2308	Unicorn-60283.exe
2052	Unicorn-60631.exe
2832	Unicorn-47180.exe
2524	Unicorn-2084.exe
2288	Unicorn-34949.exe
1168	Unicorn-29914.exe
2432	Unicorn-55810.exe
1880	Unicorn-5924.exe
1084	Unicorn-17492.exe
2336	Unicorn-5924.exe
1976	Unicorn-23906.exe
1032	Unicorn-19499.exe
1068	Unicorn-39365.exe
2044	Unicorn-50356.exe
2076	Unicorn-36712.exe
3032	Unicorn-30490.exe
1416	Unicorn-36712.exe
1624	Unicorn-52556.exe
3044	Unicorn-6884.exe
3056	Unicorn-57154.exe
2984	Unicorn-25453.exe
2800	Unicorn-55857.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2388 wrote to memory of 2224	2388	2c04dfa294029bc0e834111338c55630_NeikiAnalytics.exe	28
PID 2388 wrote to memory of 2224	2388	2c04dfa294029bc0e834111338c55630_NeikiAnalytics.exe	28
PID 2388 wrote to memory of 2224	2388	2c04dfa294029bc0e834111338c55630_NeikiAnalytics.exe	28
PID 2388 wrote to memory of 2224	2388	2c04dfa294029bc0e834111338c55630_NeikiAnalytics.exe	28
PID 2224 wrote to memory of 2124	2224	Unicorn-15321.exe	30
PID 2224 wrote to memory of 2124	2224	Unicorn-15321.exe	30
PID 2224 wrote to memory of 2124	2224	Unicorn-15321.exe	30
PID 2224 wrote to memory of 2124	2224	Unicorn-15321.exe	30
PID 2388 wrote to memory of 2572	2388	2c04dfa294029bc0e834111338c55630_NeikiAnalytics.exe	29
PID 2388 wrote to memory of 2572	2388	2c04dfa294029bc0e834111338c55630_NeikiAnalytics.exe	29
PID 2388 wrote to memory of 2572	2388	2c04dfa294029bc0e834111338c55630_NeikiAnalytics.exe	29
PID 2388 wrote to memory of 2572	2388	2c04dfa294029bc0e834111338c55630_NeikiAnalytics.exe	29
PID 2388 wrote to memory of 2596	2388	2c04dfa294029bc0e834111338c55630_NeikiAnalytics.exe	31
PID 2388 wrote to memory of 2596	2388	2c04dfa294029bc0e834111338c55630_NeikiAnalytics.exe	31
PID 2388 wrote to memory of 2596	2388	2c04dfa294029bc0e834111338c55630_NeikiAnalytics.exe	31
PID 2388 wrote to memory of 2596	2388	2c04dfa294029bc0e834111338c55630_NeikiAnalytics.exe	31
PID 2124 wrote to memory of 2720	2124	Unicorn-20805.exe	32
PID 2124 wrote to memory of 2720	2124	Unicorn-20805.exe	32
PID 2124 wrote to memory of 2720	2124	Unicorn-20805.exe	32
PID 2124 wrote to memory of 2720	2124	Unicorn-20805.exe	32
PID 2224 wrote to memory of 2600	2224	Unicorn-15321.exe	33
PID 2224 wrote to memory of 2600	2224	Unicorn-15321.exe	33
PID 2224 wrote to memory of 2600	2224	Unicorn-15321.exe	33
PID 2224 wrote to memory of 2600	2224	Unicorn-15321.exe	33
PID 2572 wrote to memory of 2740	2572	Unicorn-939.exe	34
PID 2572 wrote to memory of 2740	2572	Unicorn-939.exe	34
PID 2572 wrote to memory of 2740	2572	Unicorn-939.exe	34
PID 2572 wrote to memory of 2740	2572	Unicorn-939.exe	34
PID 2224 wrote to memory of 2636	2224	Unicorn-15321.exe	35
PID 2224 wrote to memory of 2636	2224	Unicorn-15321.exe	35
PID 2224 wrote to memory of 2636	2224	Unicorn-15321.exe	35
PID 2224 wrote to memory of 2636	2224	Unicorn-15321.exe	35
PID 2720 wrote to memory of 2792	2720	Unicorn-44531.exe	36
PID 2720 wrote to memory of 2792	2720	Unicorn-44531.exe	36
PID 2720 wrote to memory of 2792	2720	Unicorn-44531.exe	36
PID 2720 wrote to memory of 2792	2720	Unicorn-44531.exe	36
PID 2124 wrote to memory of 2812	2124	Unicorn-20805.exe	37
PID 2124 wrote to memory of 2812	2124	Unicorn-20805.exe	37
PID 2124 wrote to memory of 2812	2124	Unicorn-20805.exe	37
PID 2124 wrote to memory of 2812	2124	Unicorn-20805.exe	37
PID 2740 wrote to memory of 2932	2740	Unicorn-2621.exe	38
PID 2740 wrote to memory of 2932	2740	Unicorn-2621.exe	38
PID 2740 wrote to memory of 2932	2740	Unicorn-2621.exe	38
PID 2740 wrote to memory of 2932	2740	Unicorn-2621.exe	38
PID 2572 wrote to memory of 1740	2572	Unicorn-939.exe	39
PID 2572 wrote to memory of 1740	2572	Unicorn-939.exe	39
PID 2572 wrote to memory of 1740	2572	Unicorn-939.exe	39
PID 2572 wrote to memory of 1740	2572	Unicorn-939.exe	39
PID 2600 wrote to memory of 1676	2600	Unicorn-48293.exe	40
PID 2600 wrote to memory of 1676	2600	Unicorn-48293.exe	40
PID 2600 wrote to memory of 1676	2600	Unicorn-48293.exe	40
PID 2600 wrote to memory of 1676	2600	Unicorn-48293.exe	40
PID 2124 wrote to memory of 1568	2124	Unicorn-20805.exe	41
PID 2124 wrote to memory of 1568	2124	Unicorn-20805.exe	41
PID 2124 wrote to memory of 1568	2124	Unicorn-20805.exe	41
PID 2124 wrote to memory of 1568	2124	Unicorn-20805.exe	41
PID 2572 wrote to memory of 2780	2572	Unicorn-939.exe	42
PID 2572 wrote to memory of 2780	2572	Unicorn-939.exe	42
PID 2572 wrote to memory of 2780	2572	Unicorn-939.exe	42
PID 2572 wrote to memory of 2780	2572	Unicorn-939.exe	42
PID 2792 wrote to memory of 1552	2792	Unicorn-56140.exe	43
PID 2792 wrote to memory of 1552	2792	Unicorn-56140.exe	43
PID 2792 wrote to memory of 1552	2792	Unicorn-56140.exe	43
PID 2792 wrote to memory of 1552	2792	Unicorn-56140.exe	43

C:\Users\Admin\AppData\Local\Temp\2c04dfa294029bc0e834111338c55630_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2c04dfa294029bc0e834111338c55630_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2388
- C:\Users\Admin\AppData\Local\Temp\Unicorn-15321.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-15321.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2224
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20805.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20805.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44531.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44531.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56140.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52962.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38256.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9224.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2084.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43408.exe
        10⤵
        
        PID:924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43759.exe
        11⤵
        
        PID:3272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4608.exe
        12⤵
        
        PID:4952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47986.exe
        13⤵
        
        PID:6192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20198.exe
        14⤵
        
        PID:9164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26671.exe
        15⤵
        
        PID:12232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9164 -s 216
        15⤵
        
        PID:12808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6192 -s 216
        14⤵
        
        PID:9920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4952 -s 216
        13⤵
        
        PID:7876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3272 -s 236
        12⤵
        
        PID:5404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 924 -s 236
        11⤵
        
        PID:4460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43052.exe
        10⤵
        
        PID:3300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31059.exe
        11⤵
        
        PID:4988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60233.exe
        12⤵
        
        PID:6600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55444.exe
        13⤵
        
        PID:8500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39425.exe
        14⤵
        
        PID:11612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8500 -s 216
        14⤵
        
        PID:13224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6600 -s 216
        13⤵
        
        PID:10564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4988 -s 216
        12⤵
        
        PID:8156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3300 -s 216
        11⤵
        
        PID:5420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2524 -s 240
        10⤵
        Program crash
        
        PID:3076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23350.exe
        9⤵
        
        PID:1824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30822.exe
        10⤵
        
        PID:3336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47836.exe
        11⤵
        
        PID:3520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30643.exe
        12⤵
        
        PID:5540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29938.exe
        13⤵
        
        PID:8564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38840.exe
        14⤵
        
        PID:12088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8564 -s 216
        14⤵
        
        PID:12800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5540 -s 220
        13⤵
        
        PID:10168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3520 -s 216
        12⤵
        
        PID:7344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3336 -s 236
        11⤵
        
        PID:5608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40933.exe
        10⤵
        
        PID:3252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15838.exe
        11⤵
        
        PID:5812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63570.exe
        12⤵
        
        PID:8620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16338.exe
        13⤵
        
        PID:11280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8620 -s 216
        13⤵
        
        PID:12876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5812 -s 216
        12⤵
        
        PID:10192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3252 -s 216
        11⤵
        
        PID:7464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1824 -s 240
        10⤵
        
        PID:5636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2668 -s 240
        9⤵
        Program crash
        
        PID:1040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29914.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34288.exe
        9⤵
        
        PID:1796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11086.exe
        10⤵
        
        PID:3364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6668.exe
        11⤵
        
        PID:4100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45220.exe
        12⤵
        
        PID:5856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23820.exe
        13⤵
        
        PID:8768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60173.exe
        14⤵
        
        PID:11816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6652.exe
        15⤵
        
        PID:9584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8768 -s 216
        14⤵
        
        PID:11912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5856 -s 216
        13⤵
        
        PID:9392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4100 -s 216
        12⤵
        
        PID:7472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3364 -s 216
        11⤵
        
        PID:5932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17171.exe
        10⤵
        
        PID:4200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62728.exe
        11⤵
        
        PID:5236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41564.exe
        12⤵
        
        PID:8308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58958.exe
        13⤵
        
        PID:11292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36300.exe
        14⤵
        
        PID:9328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8308 -s 216
        13⤵
        
        PID:12016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5236 -s 216
        12⤵
        
        PID:8296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4200 -s 236
        11⤵
        
        PID:6808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1796 -s 240
        10⤵
        
        PID:4876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10764.exe
        9⤵
        
        PID:3380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22154.exe
        10⤵
        
        PID:4292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15646.exe
        11⤵
        
        PID:6104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58604.exe
        12⤵
        
        PID:8628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13271.exe
        13⤵
        
        PID:12056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8628 -s 216
        13⤵
        
        PID:12784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6104 -s 216
        12⤵
        
        PID:9624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4292 -s 216
        11⤵
        
        PID:7540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3380 -s 216
        10⤵
        
        PID:6096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1168 -s 240
        9⤵
        Program crash
        
        PID:3804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1812 -s 240
        8⤵
        Program crash
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7148.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17492.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9228.exe
        9⤵
        
        PID:3560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37229.exe
        10⤵
        
        PID:4324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55666.exe
        11⤵
        
        PID:5920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8910.exe
        12⤵
        
        PID:9072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6769.exe
        13⤵
        
        PID:12148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9072 -s 216
        13⤵
        
        PID:12692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5920 -s 216
        12⤵
        
        PID:9960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4324 -s 216
        11⤵
        
        PID:7772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3560 -s 236
        10⤵
        
        PID:5980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1084 -s 216
        9⤵
        Program crash
        
        PID:3916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52549.exe
        8⤵
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51517.exe
        9⤵
        
        PID:3792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15293.exe
        10⤵
        
        PID:4544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52509.exe
        11⤵
        
        PID:6184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39594.exe
        12⤵
        
        PID:9448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3340.exe
        13⤵
        
        PID:6892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-480.exe
        14⤵
        
        PID:10068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9448 -s 216
        13⤵
        
        PID:5596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6184 -s 236
        12⤵
        
        PID:10980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4544 -s 220
        11⤵
        
        PID:7704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3792 -s 236
        10⤵
        
        PID:6288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3040 -s 236
        9⤵
        
        PID:5064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2760 -s 240
        8⤵
        Program crash
        
        PID:2616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1552 -s 240
        7⤵
        Program crash
        
        PID:1464
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2792 -s 236
        6⤵
        Program crash
        
        PID:1152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32904.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22989.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41705.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60631.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56397.exe
        9⤵
        Executes dropped EXE
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34008.exe
        10⤵
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5900.exe
        11⤵
        
        PID:3360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60487.exe
        12⤵
        
        PID:5888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30296.exe
        13⤵
        
        PID:8300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56821.exe
        14⤵
        
        PID:12104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8300 -s 216
        14⤵
        
        PID:12792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5888 -s 216
        13⤵
        
        PID:10160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3360 -s 216
        12⤵
        
        PID:7488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2588 -s 236
        11⤵
        
        PID:5904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2116 -s 236
        10⤵
        
        PID:3356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36207.exe
        9⤵
        
        PID:2060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45532.exe
        10⤵
        
        PID:3456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62739.exe
        11⤵
        
        PID:5464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29938.exe
        12⤵
        
        PID:8708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35949.exe
        13⤵
        
        PID:11800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8708 -s 216
        13⤵
        
        PID:11880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5464 -s 216
        12⤵
        
        PID:2580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3456 -s 216
        11⤵
        
        PID:7336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2060 -s 236
        10⤵
        
        PID:5520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2052 -s 240
        9⤵
        Program crash
        
        PID:3712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21648.exe
        8⤵
        
        PID:2112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33432.exe
        9⤵
        
        PID:1876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52296.exe
        10⤵
        
        PID:3488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10782.exe
        11⤵
        
        PID:5620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53977.exe
        12⤵
        
        PID:8636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8636 -s 220
        13⤵
        
        PID:12280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5620 -s 216
        12⤵
        
        PID:9532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3488 -s 216
        11⤵
        
        PID:7092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1876 -s 236
        10⤵
        
        PID:4580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54304.exe
        9⤵
        
        PID:3544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11960.exe
        10⤵
        
        PID:5556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51673.exe
        11⤵
        
        PID:8692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1880.exe
        12⤵
        
        PID:11540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34239.exe
        13⤵
        
        PID:8736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8692 -s 220
        12⤵
        
        PID:11412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5556 -s 216
        11⤵
        
        PID:9484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3544 -s 236
        10⤵
        
        PID:7056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2112 -s 240
        9⤵
        
        PID:4344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2928 -s 240
        8⤵
        Program crash
        
        PID:408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47180.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8649.exe
        8⤵
        
        PID:560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-951.exe
        9⤵
        
        PID:1080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62143.exe
        10⤵
        
        PID:3880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9900.exe
        11⤵
        
        PID:5948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34730.exe
        12⤵
        
        PID:9076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46582.exe
        13⤵
        
        PID:11712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43622.exe
        14⤵
        
        PID:9748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9076 -s 204
        13⤵
        
        PID:11472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5948 -s 216
        12⤵
        
        PID:9820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3880 -s 216
        11⤵
        
        PID:6836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1080 -s 236
        10⤵
        
        PID:4412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29340.exe
        9⤵
        
        PID:3268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28458.exe
        10⤵
        
        PID:6056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10630.exe
        11⤵
        
        PID:9128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34989.exe
        12⤵
        
        PID:11748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9128 -s 216
        12⤵
        
        PID:12000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6056 -s 216
        11⤵
        
        PID:9940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3268 -s 216
        10⤵
        
        PID:7192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 560 -s 220
        9⤵
        
        PID:5136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3151.exe
        8⤵
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17660.exe
        9⤵
        
        PID:4112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12931.exe
        10⤵
        
        PID:5964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40597.exe
        11⤵
        
        PID:2300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26671.exe
        12⤵
        
        PID:12244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2300 -s 216
        12⤵
        
        PID:12824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5964 -s 216
        11⤵
        
        PID:9460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4112 -s 216
        10⤵
        
        PID:7512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2392 -s 236
        9⤵
        
        PID:6084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2832 -s 240
        8⤵
        Program crash
        
        PID:3740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1560 -s 240
        7⤵
        Program crash
        
        PID:2464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21647.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55810.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43821.exe
        8⤵
        
        PID:3420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48848.exe
        9⤵
        
        PID:5008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61001.exe
        10⤵
        
        PID:6712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28247.exe
        11⤵
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22238.exe
        12⤵
        
        PID:11884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6712 -s 220
        11⤵
        
        PID:10604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5008 -s 216
        10⤵
        
        PID:7240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3420 -s 216
        9⤵
        
        PID:5460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2432 -s 236
        8⤵
        Program crash
        
        PID:3128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21988.exe
        7⤵
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51709.exe
        8⤵
        
        PID:3756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27411.exe
        9⤵
        
        PID:4508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14545.exe
        10⤵
        
        PID:6160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64463.exe
        11⤵
        
        PID:8560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46487.exe
        12⤵
        
        PID:11680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8764.exe
        13⤵
        
        PID:9516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8560 -s 216
        12⤵
        
        PID:13256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6160 -s 220
        11⤵
        
        PID:10232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4508 -s 216
        10⤵
        
        PID:7836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3756 -s 216
        9⤵
        
        PID:6072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8313.exe
        8⤵
        
        PID:4608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30747.exe
        9⤵
        
        PID:6300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8817.exe
        10⤵
        
        PID:9208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20939.exe
        11⤵
        
        PID:13128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9208 -s 216
        11⤵
        
        PID:12356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6300 -s 216
        10⤵
        
        PID:10712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4608 -s 220
        9⤵
        
        PID:7976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2856 -s 240
        8⤵
        
        PID:4708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 340 -s 240
        7⤵
        Program crash
        
        PID:2936
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1704 -s 240
        6⤵
        Program crash
        
        PID:2440
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2720 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21007.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21007.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20098.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6159.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26246.exe
        7⤵
        Executes dropped EXE
        
        PID:1132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29687.exe
        8⤵
        Suspicious use of SetWindowsHookEx
        
        PID:1548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25453.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30936.exe
        10⤵
        
        PID:2344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7376.exe
        11⤵
        
        PID:3464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50011.exe
        12⤵
        
        PID:4216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62614.exe
        13⤵
        
        PID:5584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5461.exe
        14⤵
        
        PID:8600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28304.exe
        15⤵
        
        PID:11932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8600 -s 216
        15⤵
        
        PID:11972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5584 -s 216
        14⤵
        
        PID:9496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4216 -s 236
        13⤵
        
        PID:6824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21477.exe
        12⤵
        
        PID:5752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21907.exe
        13⤵
        
        PID:8752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28304.exe
        14⤵
        
        PID:11916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17291.exe
        15⤵
        
        PID:8700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8752 -s 216
        14⤵
        
        PID:12212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5752 -s 216
        13⤵
        
        PID:9716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3464 -s 240
        12⤵
        
        PID:6172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2344 -s 236
        11⤵
        
        PID:4912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4724.exe
        10⤵
        
        PID:3508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42362.exe
        11⤵
        
        PID:4740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51794.exe
        12⤵
        
        PID:7584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40626.exe
        13⤵
        
        PID:11152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43865.exe
        14⤵
        
        PID:8324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7584 -s 216
        13⤵
        
        PID:11552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4740 -s 236
        12⤵
        
        PID:9200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3508 -s 216
        11⤵
        
        PID:6224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2984 -s 240
        10⤵
        
        PID:4888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26529.exe
        9⤵
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38295.exe
        10⤵
        
        PID:3640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9497.exe
        11⤵
        
        PID:4820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32661.exe
        12⤵
        
        PID:7660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56303.exe
        13⤵
        
        PID:11184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64436.exe
        14⤵
        
        PID:8388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7660 -s 216
        13⤵
        
        PID:11576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4820 -s 216
        12⤵
        
        PID:8492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3640 -s 216
        11⤵
        
        PID:6248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2448 -s 236
        10⤵
        
        PID:4972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1548 -s 240
        9⤵
        Program crash
        
        PID:3416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55857.exe
        8⤵
        Suspicious use of SetWindowsHookEx
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14106.exe
        9⤵
        
        PID:696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24590.exe
        10⤵
        
        PID:3528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20733.exe
        11⤵
        
        PID:4652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58872.exe
        12⤵
        
        PID:7432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57185.exe
        13⤵
        
        PID:11068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58053.exe
        14⤵
        
        PID:8908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7432 -s 216
        13⤵
        
        PID:11268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4652 -s 236
        12⤵
        
        PID:8848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3528 -s 216
        11⤵
        
        PID:6156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 696 -s 236
        10⤵
        
        PID:4920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20567.exe
        9⤵
        
        PID:3572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31340.exe
        10⤵
        
        PID:4576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34721.exe
        11⤵
        
        PID:7384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60423.exe
        12⤵
        
        PID:10944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2142.exe
        13⤵
        
        PID:8400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7384 -s 216
        12⤵
        
        PID:12188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4576 -s 236
        11⤵
        
        PID:8740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3572 -s 216
        10⤵
        
        PID:7128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2800 -s 240
        9⤵
        
        PID:4868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1132 -s 240
        8⤵
        Program crash
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60283.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11145.exe
        8⤵
        Executes dropped EXE
        
        PID:1468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22057.exe
        9⤵
        
        PID:1768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37997.exe
        10⤵
        
        PID:4436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17348.exe
        11⤵
        
        PID:5436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6103.exe
        12⤵
        
        PID:8544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17848.exe
        13⤵
        
        PID:11548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8544 -s 216
        13⤵
        
        PID:12664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5436 -s 220
        12⤵
        
        PID:10664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4436 -s 216
        11⤵
        
        PID:7624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1768 -s 236
        10⤵
        
        PID:5256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1468 -s 236
        9⤵
        
        PID:3372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46815.exe
        8⤵
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24886.exe
        9⤵
        
        PID:3692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42573.exe
        10⤵
        
        PID:6008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34154.exe
        11⤵
        
        PID:9024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22166.exe
        12⤵
        
        PID:11640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9024 -s 216
        12⤵
        
        PID:12068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6008 -s 216
        11⤵
        
        PID:9804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3692 -s 236
        10⤵
        
        PID:7176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2236 -s 236
        9⤵
        
        PID:4960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2308 -s 240
        8⤵
        Program crash
        
        PID:3448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2092 -s 240
        7⤵
        Program crash
        
        PID:2652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21839.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34949.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46122.exe
        8⤵
        
        PID:1224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5253.exe
        9⤵
        
        PID:1300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44432.exe
        10⤵
        
        PID:4856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62293.exe
        11⤵
        
        PID:5852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58848.exe
        12⤵
        
        PID:8648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25922.exe
        13⤵
        
        PID:11848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8648 -s 204
        13⤵
        
        PID:12376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5852 -s 216
        12⤵
        
        PID:10304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4856 -s 216
        11⤵
        
        PID:7808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1300 -s 216
        10⤵
        
        PID:5300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1224 -s 236
        9⤵
        
        PID:4160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-847.exe
        8⤵
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13295.exe
        9⤵
        
        PID:5036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50098.exe
        10⤵
        
        PID:6328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56544.exe
        11⤵
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53244.exe
        12⤵
        
        PID:11964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1764 -s 204
        12⤵
        
        PID:5156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6328 -s 216
        11⤵
        
        PID:10352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5036 -s 220
        10⤵
        
        PID:7984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1964 -s 216
        9⤵
        
        PID:5836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2288 -s 240
        8⤵
        Program crash
        
        PID:3144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58929.exe
        7⤵
        
        PID:1360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1719.exe
        8⤵
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22060.exe
        9⤵
        
        PID:4444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12931.exe
        10⤵
        
        PID:5972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14278.exe
        11⤵
        
        PID:9172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37049.exe
        12⤵
        
        PID:11596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44104.exe
        13⤵
        
        PID:8348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9172 -s 216
        12⤵
        
        PID:12276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5972 -s 216
        11⤵
        
        PID:9948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4444 -s 216
        10⤵
        
        PID:7520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2612 -s 216
        9⤵
        
        PID:6020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1360 -s 236
        8⤵
        
        PID:4148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2648 -s 240
        7⤵
        Program crash
        
        PID:1340
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2884 -s 240
        6⤵
        Program crash
        
        PID:1904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51639.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42281.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23906.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6109.exe
        8⤵
        
        PID:968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52882.exe
        9⤵
        
        PID:3256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43211.exe
        10⤵
        
        PID:5280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23199.exe
        11⤵
        
        PID:8420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51880.exe
        12⤵
        
        PID:11424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8420 -s 216
        12⤵
        
        PID:12132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5280 -s 216
        11⤵
        
        PID:9296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3256 -s 236
        10⤵
        
        PID:6880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 968 -s 236
        9⤵
        
        PID:4936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56644.exe
        8⤵
        
        PID:4012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62911.exe
        9⤵
        
        PID:3688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59018.exe
        10⤵
        
        PID:5128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49805.exe
        11⤵
        
        PID:9000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65471.exe
        12⤵
        
        PID:11524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9000 -s 220
        12⤵
        
        PID:11380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5128 -s 216
        11⤵
        
        PID:9812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3688 -s 216
        10⤵
        
        PID:7224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4012 -s 236
        9⤵
        
        PID:5260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1976 -s 240
        8⤵
        Program crash
        
        PID:3888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2480 -s 216
        7⤵
        Program crash
        
        PID:2764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30490.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40914.exe
        7⤵
        
        PID:3632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43742.exe
        8⤵
        
        PID:4376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12921.exe
        9⤵
        
        PID:7064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49186.exe
        10⤵
        
        PID:8796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59382.exe
        11⤵
        
        PID:13276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8796 -s 204
        11⤵
        
        PID:6552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7064 -s 216
        10⤵
        
        PID:10728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4376 -s 216
        9⤵
        
        PID:7764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3632 -s 216
        8⤵
        
        PID:6204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3032 -s 236
        7⤵
        Program crash
        
        PID:3408
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1608 -s 240
        6⤵
        Program crash
        
        PID:2816
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2812 -s 240
        5⤵
        Program crash
        
        PID:2324
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2124 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1568
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48293.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48293.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41833.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41833.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17794.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63248.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9800.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5924.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33328.exe
        9⤵
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52477.exe
        10⤵
        
        PID:3904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12003.exe
        11⤵
        
        PID:4720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25833.exe
        12⤵
        
        PID:6760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40291.exe
        13⤵
        
        PID:8876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24578.exe
        14⤵
        
        PID:11808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8876 -s 204
        14⤵
        
        PID:12304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6760 -s 220
        13⤵
        
        PID:10392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4720 -s 220
        12⤵
        
        PID:7360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3904 -s 216
        11⤵
        
        PID:6408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2244 -s 216
        10⤵
        
        PID:5096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43795.exe
        9⤵
        
        PID:3964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27463.exe
        10⤵
        
        PID:4756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19069.exe
        11⤵
        
        PID:7144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50419.exe
        12⤵
        
        PID:9372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6578.exe
        13⤵
        
        PID:6616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9372 -s 236
        13⤵
        
        PID:6592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7144 -s 216
        12⤵
        
        PID:10916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4756 -s 216
        11⤵
        
        PID:7904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3964 -s 236
        10⤵
        
        PID:6416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2336 -s 240
        9⤵
        Program crash
        
        PID:3484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19684.exe
        8⤵
        
        PID:1900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11761.exe
        9⤵
        
        PID:3324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61192.exe
        10⤵
        
        PID:5344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9851.exe
        11⤵
        
        PID:8392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52072.exe
        12⤵
        
        PID:11404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8392 -s 216
        12⤵
        
        PID:12120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5344 -s 216
        11⤵
        
        PID:9264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3324 -s 216
        10⤵
        
        PID:6924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1900 -s 236
        9⤵
        
        PID:3996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2488 -s 240
        8⤵
        Program crash
        
        PID:1776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19499.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22337.exe
        8⤵
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41891.exe
        9⤵
        
        PID:3136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4940.exe
        10⤵
        
        PID:4392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47026.exe
        11⤵
        
        PID:5916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1422.exe
        12⤵
        
        PID:9212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23342.exe
        12⤵
        
        PID:8852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21987.exe
        13⤵
        
        PID:12656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8852 -s 216
        13⤵
        
        PID:6876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5916 -s 220
        12⤵
        
        PID:10688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4392 -s 216
        11⤵
        
        PID:7824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3136 -s 236
        10⤵
        
        PID:6044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7545.exe
        9⤵
        
        PID:4492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50404.exe
        10⤵
        
        PID:5772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48513.exe
        11⤵
        
        PID:8360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8227.exe
        12⤵
        
        PID:11976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18396.exe
        13⤵
        
        PID:8112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8360 -s 204
        12⤵
        
        PID:12592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5772 -s 216
        11⤵
        
        PID:10136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4492 -s 216
        10⤵
        
        PID:7640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2728 -s 240
        9⤵
        
        PID:5352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22025.exe
        8⤵
        
        PID:3124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62335.exe
        9⤵
        
        PID:3540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17898.exe
        10⤵
        
        PID:5376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48516.exe
        11⤵
        
        PID:8356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-774.exe
        12⤵
        
        PID:11288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8356 -s 216
        12⤵
        
        PID:13160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5376 -s 216
        11⤵
        
        PID:10532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3540 -s 216
        10⤵
        
        PID:7284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3124 -s 236
        9⤵
        
        PID:5468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1032 -s 220
        8⤵
        Program crash
        
        PID:4048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1332 -s 240
        7⤵
        Program crash
        
        PID:2844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40204.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57154.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54625.exe
        8⤵
        
        PID:576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19421.exe
        9⤵
        
        PID:3844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44484.exe
        10⤵
        
        PID:4676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10590.exe
        11⤵
        
        PID:5696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13266.exe
        12⤵
        
        PID:8812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8574.exe
        13⤵
        
        PID:11460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8812 -s 204
        13⤵
        
        PID:11480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5696 -s 216
        12⤵
        
        PID:9608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4676 -s 236
        11⤵
        
        PID:7120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3844 -s 216
        10⤵
        
        PID:5304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 576 -s 236
        9⤵
        
        PID:5072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43795.exe
        8⤵
        
        PID:3952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47582.exe
        9⤵
        
        PID:4448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58889.exe
        10⤵
        
        PID:6772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32611.exe
        11⤵
        
        PID:9016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8620.exe
        12⤵
        
        PID:12180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9016 -s 216
        12⤵
        
        PID:12964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6772 -s 216
        11⤵
        
        PID:10448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4448 -s 220
        10⤵
        
        PID:7400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3952 -s 216
        9⤵
        
        PID:6272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3056 -s 220
        8⤵
        Program crash
        
        PID:3524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52549.exe
        7⤵
        
        PID:2156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41891.exe
        8⤵
        
        PID:3152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48028.exe
        9⤵
        
        PID:3344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41037.exe
        10⤵
        
        PID:6116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31082.exe
        11⤵
        
        PID:8988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39955.exe
        12⤵
        
        PID:11684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8988 -s 216
        12⤵
        
        PID:11308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6116 -s 216
        11⤵
        
        PID:9796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3344 -s 216
        10⤵
        
        PID:7216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3152 -s 236
        9⤵
        
        PID:5220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57955.exe
        8⤵
        
        PID:3680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9246.exe
        9⤵
        
        PID:5796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19193.exe
        10⤵
        
        PID:8724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23702.exe
        11⤵
        
        PID:11568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8724 -s 216
        11⤵
        
        PID:12216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5796 -s 216
        10⤵
        
        PID:9504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3680 -s 236
        9⤵
        
        PID:6220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2156 -s 240
        8⤵
        
        PID:4836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2240 -s 240
        7⤵
        Program crash
        
        PID:820
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2256 -s 240
        6⤵
        Program crash
        
        PID:1600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58458.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5358.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27024.exe
        7⤵
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5061.exe
        8⤵
        
        PID:3108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23788.exe
        9⤵
        
        PID:4348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40461.exe
        10⤵
        
        PID:5848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38753.exe
        10⤵
        
        PID:6228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42351.exe
        11⤵
        
        PID:9112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46302.exe
        12⤵
        
        PID:12028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6228 -s 216
        11⤵
        
        PID:9980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4348 -s 240
        10⤵
        
        PID:7896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3108 -s 216
        9⤵
        
        PID:4848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1728 -s 236
        8⤵
        
        PID:4244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2852 -s 236
        7⤵
        Program crash
        
        PID:940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52556.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39358.exe
        7⤵
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36634.exe
        8⤵
        
        PID:3872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25683.exe
        9⤵
        
        PID:4796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25833.exe
        10⤵
        
        PID:6748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12787.exe
        11⤵
        
        PID:2016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47998.exe
        12⤵
        
        PID:11992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2016 -s 216
        12⤵
        
        PID:13288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6748 -s 220
        11⤵
        
        PID:10596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4796 -s 220
        10⤵
        
        PID:7380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3872 -s 236
        9⤵
        
        PID:5288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39641.exe
        8⤵
        
        PID:4904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29942.exe
        9⤵
        
        PID:5664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63152.exe
        10⤵
        
        PID:8772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28304.exe
        11⤵
        
        PID:11940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25573.exe
        12⤵
        
        PID:9120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8772 -s 216
        11⤵
        
        PID:12008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5664 -s 216
        10⤵
        
        PID:9548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4904 -s 216
        9⤵
        
        PID:7108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1628 -s 220
        8⤵
        
        PID:4532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43795.exe
        7⤵
        
        PID:3972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47338.exe
        8⤵
        
        PID:4644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4628.exe
        9⤵
        
        PID:5820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64463.exe
        10⤵
        
        PID:8548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-607.exe
        11⤵
        
        PID:11496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8548 -s 204
        11⤵
        
        PID:13172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5820 -s 220
        10⤵
        
        PID:10360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4644 -s 216
        9⤵
        
        PID:7752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3972 -s 236
        8⤵
        
        PID:5784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1624 -s 220
        7⤵
        Program crash
        
        PID:3960
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 568 -s 240
        6⤵
        Program crash
        
        PID:2040
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1676 -s 240
        5⤵
        Program crash
        
        PID:2208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13771.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13771.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6188.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35545.exe
        6⤵
        
        PID:920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-951.exe
        7⤵
        
        PID:840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31059.exe
        8⤵
        
        PID:4996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29429.exe
        9⤵
        
        PID:5600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20774.exe
        10⤵
        
        PID:8444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22805.exe
        11⤵
        
        PID:12200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8444 -s 216
        11⤵
        
        PID:12752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5600 -s 216
        10⤵
        
        PID:10016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4996 -s 216
        9⤵
        
        PID:7784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 840 -s 216
        8⤵
        
        PID:5576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 920 -s 236
        7⤵
        
        PID:4000
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2752 -s 236
        6⤵
        Program crash
        
        PID:1424
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 536 -s 236
        5⤵
        Program crash
        
        PID:2096
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2600 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:3052
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2224 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2636
- C:\Users\Admin\AppData\Local\Temp\Unicorn-939.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-939.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2572
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2621.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2621.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57100.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57100.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3123.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9032.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39365.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24065.exe
        8⤵
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12046.exe
        9⤵
        
        PID:3468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3695.exe
        10⤵
        
        PID:4180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43045.exe
        11⤵
        
        PID:5144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6945.exe
        12⤵
        
        PID:8336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52072.exe
        13⤵
        
        PID:11392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37234.exe
        14⤵
        
        PID:8304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8336 -s 216
        13⤵
        
        PID:12128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5144 -s 216
        12⤵
        
        PID:8608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4180 -s 236
        11⤵
        
        PID:6744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3468 -s 216
        10⤵
        
        PID:4592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2724 -s 236
        9⤵
        
        PID:4772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11724.exe
        8⤵
        
        PID:3496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27297.exe
        9⤵
        
        PID:5112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61193.exe
        10⤵
        
        PID:6656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23846.exe
        11⤵
        
        PID:8780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49891.exe
        12⤵
        
        PID:11372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8780 -s 204
        12⤵
        
        PID:13012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6656 -s 216
        11⤵
        
        PID:10312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5112 -s 216
        10⤵
        
        PID:8188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3496 -s 216
        9⤵
        
        PID:5312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1068 -s 220
        8⤵
        Program crash
        
        PID:3312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2656 -s 236
        7⤵
        Program crash
        
        PID:592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36712.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39358.exe
        7⤵
        
        PID:1816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19421.exe
        8⤵
        
        PID:3828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15241.exe
        9⤵
        
        PID:4700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38473.exe
        10⤵
        
        PID:7100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58771.exe
        11⤵
        
        PID:9340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4108.exe
        12⤵
        
        PID:9124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9340 -s 216
        12⤵
        
        PID:2368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7100 -s 216
        11⤵
        
        PID:10908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4700 -s 216
        10⤵
        
        PID:5708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3828 -s 236
        9⤵
        
        PID:5552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25168.exe
        8⤵
        
        PID:4760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17529.exe
        9⤵
        
        PID:5392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48959.exe
        10⤵
        
        PID:8488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42910.exe
        10⤵
        
        PID:8448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49395.exe
        11⤵
        
        PID:12256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47249.exe
        12⤵
        
        PID:8212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8448 -s 220
        11⤵
        
        PID:12816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5392 -s 220
        10⤵
        
        PID:10152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4760 -s 216
        9⤵
        
        PID:6972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1816 -s 220
        8⤵
        
        PID:4132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17344.exe
        7⤵
        
        PID:3940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12003.exe
        8⤵
        
        PID:4732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20849.exe
        9⤵
        
        PID:6524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61784.exe
        10⤵
        
        PID:9932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61443.exe
        11⤵
        
        PID:6472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9932 -s 216
        11⤵
        
        PID:10028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6524 -s 216
        10⤵
        
        PID:11216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4732 -s 216
        9⤵
        
        PID:8468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3940 -s 216
        8⤵
        
        PID:6400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1416 -s 240
        7⤵
        Program crash
        
        PID:3172
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1072 -s 240
        6⤵
        Program crash
        
        PID:2516
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2932 -s 236
        5⤵
        Program crash
        
        PID:896
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2740 -s 236
      4⤵
      Loads dropped DLL
      Program crash
      PID:600
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21967.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21967.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17794.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17794.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30384.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60070.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50356.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35632.exe
        8⤵
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60780.exe
        9⤵
        
        PID:3644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3644 -s 220
        10⤵
        
        PID:4560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27472.exe
        9⤵
        
        PID:4656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14711.exe
        10⤵
        
        PID:6512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55034.exe
        11⤵
        
        PID:9152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16618.exe
        12⤵
        
        PID:11420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9152 -s 220
        12⤵
        
        PID:13144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6512 -s 216
        11⤵
        
        PID:10516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4656 -s 216
        10⤵
        
        PID:8124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2592 -s 240
        9⤵
        
        PID:5124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12274.exe
        8⤵
        
        PID:3700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60275.exe
        9⤵
        
        PID:4568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6740.exe
        10⤵
        
        PID:5940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20966.exe
        11⤵
        
        PID:8288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8288 -s 208
        12⤵
        
        PID:11856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5940 -s 216
        11⤵
        
        PID:9692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4568 -s 216
        10⤵
        
        PID:7684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3700 -s 236
        9⤵
        
        PID:5440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2044 -s 240
        8⤵
        Program crash
        
        PID:3824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37063.exe
        7⤵
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28186.exe
        8⤵
        
        PID:4072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49206.exe
        9⤵
        
        PID:3332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26346.exe
        10⤵
        
        PID:5272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52109.exe
        11⤵
        
        PID:8936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4184.exe
        12⤵
        
        PID:11624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8936 -s 216
        12⤵
        
        PID:12264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5272 -s 216
        11⤵
        
        PID:9768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3332 -s 216
        10⤵
        
        PID:7264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4072 -s 236
        9⤵
        
        PID:5380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43045.exe
        8⤵
        
        PID:3412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42573.exe
        9⤵
        
        PID:5984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61616.exe
        10⤵
        
        PID:8840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65471.exe
        11⤵
        
        PID:11516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8840 -s 220
        11⤵
        
        PID:11144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5984 -s 216
        10⤵
        
        PID:9640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3412 -s 216
        9⤵
        
        PID:6696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2948 -s 240
        8⤵
        
        PID:4476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1756 -s 240
        7⤵
        Program crash
        
        PID:1176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36712.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7666.exe
        7⤵
        
        PID:3588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38235.exe
        8⤵
        
        PID:4812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30408.exe
        9⤵
        
        PID:6648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61784.exe
        10⤵
        
        PID:9924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61780.exe
        11⤵
        
        PID:8040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35365.exe
        12⤵
        
        PID:9136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9924 -s 216
        11⤵
        
        PID:8924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6648 -s 216
        10⤵
        
        PID:11224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4812 -s 216
        9⤵
        
        PID:8664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3588 -s 216
        8⤵
        
        PID:6452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2076 -s 216
        7⤵
        Program crash
        
        PID:3928
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1636 -s 240
        6⤵
        Program crash
        
        PID:1264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51030.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6884.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54433.exe
        7⤵
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60858.exe
        8⤵
        
        PID:4040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38765.exe
        9⤵
        
        PID:3584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12266.exe
        10⤵
        
        PID:5172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9659.exe
        11⤵
        
        PID:8364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29000.exe
        12⤵
        
        PID:11336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15510.exe
        13⤵
        
        PID:9312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8364 -s 216
        12⤵
        
        PID:12036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5172 -s 216
        11⤵
        
        PID:9228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3584 -s 236
        10⤵
        
        PID:6784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4040 -s 236
        9⤵
        
        PID:4232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19667.exe
        8⤵
        
        PID:4172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12931.exe
        9⤵
        
        PID:5956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27468.exe
        10⤵
        
        PID:8856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48170.exe
        11⤵
        
        PID:11896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8856 -s 204
        11⤵
        
        PID:12384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5956 -s 216
        10⤵
        
        PID:9556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4172 -s 216
        9⤵
        
        PID:7504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2252 -s 240
        8⤵
        
        PID:6028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22025.exe
        7⤵
        
        PID:3088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22750.exe
        8⤵
        
        PID:4032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20840.exe
        9⤵
        
        PID:5424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-853.exe
        10⤵
        
        PID:8520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28304.exe
        11⤵
        
        PID:11924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10258.exe
        12⤵
        
        PID:9108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8520 -s 216
        11⤵
        
        PID:12160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5424 -s 216
        10⤵
        
        PID:9404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4032 -s 236
        9⤵
        
        PID:7024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3088 -s 236
        8⤵
        
        PID:4288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3044 -s 240
        7⤵
        Program crash
        
        PID:3864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51781.exe
        6⤵
        
        PID:992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63660.exe
        7⤵
        
        PID:3984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37037.exe
        8⤵
        
        PID:4220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59490.exe
        9⤵
        
        PID:3840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3297.exe
        10⤵
        
        PID:8276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27656.exe
        11⤵
        
        PID:10960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12485.exe
        12⤵
        
        PID:9672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8276 -s 216
        11⤵
        
        PID:11488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3840 -s 216
        10⤵
        
        PID:9168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4220 -s 236
        9⤵
        
        PID:6720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3984 -s 216
        8⤵
        
        PID:4272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17939.exe
        7⤵
        
        PID:4352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49828.exe
        8⤵
        
        PID:5232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8142.exe
        9⤵
        
        PID:8956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32704.exe
        10⤵
        
        PID:11448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8956 -s 216
        10⤵
        
        PID:11788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5232 -s 216
        9⤵
        
        PID:9364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4352 -s 216
        8⤵
        
        PID:7572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 992 -s 240
        7⤵
        
        PID:5188
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2788 -s 240
        6⤵
        Program crash
        
        PID:1944
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2328 -s 240
        5⤵
        Program crash
        
        PID:2348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43382.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43382.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60070.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5924.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56929.exe
        7⤵
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19421.exe
        8⤵
        
        PID:3836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45278.exe
        9⤵
        
        PID:4240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38925.exe
        10⤵
        
        PID:5892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40464.exe
        11⤵
        
        PID:8568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52072.exe
        12⤵
        
        PID:11384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8568 -s 216
        12⤵
        
        PID:12144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5892 -s 216
        11⤵
        
        PID:9424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4240 -s 236
        10⤵
        
        PID:6664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2840 -s 216
        8⤵
        
        PID:5080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17344.exe
        7⤵
        
        PID:3932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48926.exe
        8⤵
        
        PID:4604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26959.exe
        9⤵
        
        PID:6912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53384.exe
        10⤵
        
        PID:9180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12977.exe
        11⤵
        
        PID:12360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4348.exe
        12⤵
        
        PID:6632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9180 -s 216
        11⤵
        
        PID:12344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6912 -s 236
        10⤵
        
        PID:10656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4604 -s 216
        9⤵
        
        PID:7496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3932 -s 236
        8⤵
        
        PID:6360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1880 -s 240
        7⤵
        Program crash
        
        PID:3676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34567.exe
        6⤵
        
        PID:2892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2892 -s 240
        7⤵
        Program crash
        
        PID:3744
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2220 -s 220
        6⤵
        Program crash
        
        PID:2380
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1700 -s 236
        5⤵
        Program crash
        
        PID:1640
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1740 -s 240
      4⤵
      Program crash
      PID:2180
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2572 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2780
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2388 -s 240
  2⤵
  - Program crash
  PID:2596

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-21967.exe

Filesize
184KB

MD5
93f424f0babca0c9660271c9074d5931

SHA1
7e3512876de092e8885600364ce9db204661d29a

SHA256
f8d5d74cae1e1065a8ca1c52d9da187e972ffae4dfb65f8f5cab33679659c7aa

SHA512
2de8c087e061e09f849f08d30c7769a695d39e4541c22546bbece5e6180b57fcb5a1c9173ca11c69b2f4de79998c0a872811a72feebcb612e9f8c76b2af71f16

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23846.exe

Filesize
184KB

MD5
3762365a8114a56fcc7c7c27112d87c1

SHA1
7ec4c4ee0336b4712bc4a912b5679435950464eb

SHA256
3dfdcf0caa1710f01e72ed1ccebb6dc1e51fff78305d6d7f77bb0f358148dc82

SHA512
89216f1438e6df6e099011f3fe1fa1a2f41bd346da1ccc4739c554812dc0de9f0876dfe8b746c0ff27f451cfc63794ffa8cb357d174c839af2df465947ad31f8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40204.exe

Filesize
184KB

MD5
0c989b1e75987411472c4ba6cc7a22c0

SHA1
9ef66ba17b50ea332342596211d7777f7a68b1ef

SHA256
af75b4f796a3b42ee48f73f68f4ab5a8ef2794fd282040580adc9e59203b93e2

SHA512
63bb6c4d9db4873ca876ba173b11cad058a169cdf77fb9b6a57c0faa2b96cbf31f058bf7a9972e12345c2a1cec3d51537a2a4616df536ad3997448308934aabb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40914.exe

Filesize
184KB

MD5
d24bae7c44b1e8bb190fffe4233a15f1

SHA1
ade76c33466f26ad0160b73238272090b2645ace

SHA256
c834a5942e551bd8cd236355729ce8c7a625c7a3d4b854addb7ecdb00fdec0a7

SHA512
ff84209cedeeccc0ec707733a2f55ba675a54d83fcefc32918b9da965c6e9543dad47e3440530bc9865940ee3afc3fed402d8fbcd9490a66e9de74cf5be5cda9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40933.exe

Filesize
184KB

MD5
afa448811d4b807515e29d68805eafe4

SHA1
9b38e4ace4c4eb3e6249b5bb88a9151e6b6e2883

SHA256
93d623926bf6afbe09e695c649af628c1b48562508116189806e5d93cb2ce9c5

SHA512
ff4f58df4b75b60bbc101b4db583b81c77dd5931ca8177db6292d9d429bd9c50f1fdb99d1b1923ea8a6a923382dbf1d689d82b28a815ba24d8da9ed69dd78fd1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56303.exe

Filesize
184KB

MD5
f6373e391301c848e71efcfd11965295

SHA1
d4cf1de0a11e0bd11bdbd6663afc94e24e31bada

SHA256
f9858782750773b882f7f71496766fd5fc68116119478b99547a1050287205aa

SHA512
10101d95ecc9a32ae3c389d203480009f5e8699851afc8c8360e4b0b8175b14a44d011f4620235fbd544cbf5a08420b16c6867cfd4b2a67dcd6165dc22e4551e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56644.exe

Filesize
184KB

MD5
fb01d69a11150b3a37b73396f0e99a8b

SHA1
3be642e8934e88d4308db6f898292ced4afab78e

SHA256
30496217c0f48254af66a6f12dbff6f94089cd80176f45826b20056b0c6ef446

SHA512
0833e5e20a3a7211a55eef9eccccb4b2cb5969581f8d572c66bf84764492ffcc58aca40a74092b225607260a1f5f756fbaebcfb3620292e528aed539643096e7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56929.exe

Filesize
184KB

MD5
706b4442d608a01145486882c8314efb

SHA1
75691fc70eaa98fb490e168d652870a9eb0613c5

SHA256
ecf3d683689ee0c349b931da7e72686bc557075913da8b8ac25ed4f284159daa

SHA512
96f36b91f527fb01d50cd66ba38edd31dec938a1728df787264f4e56678c74b4cba69003c5ed76c179fbc9a890c2e9b369c8df58935bbab0c77450196587e2f8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5900.exe

Filesize
184KB

MD5
ba2fc8153838564ea32715723d17ca7f

SHA1
da10332036a250f919d43f13139e246841c336f5

SHA256
718c6b4c45d2d53acebee1b82da4413c9144e8eceadf550f9d0ac8b1ea77879b

SHA512
2d8672d185f7e839f57ca1a907fb8d337791264e878bc956e20b19b3f1b940431e712ebfb6f22af43a1fb3fc08a1c3bd428b9264c348cab5216d4bd9abca0f5f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6109.exe

Filesize
184KB

MD5
5ed5e7b389061fc119ccc7f3779af32f

SHA1
acb33e36b8617df14475e1a38ceb83e5e5519c40

SHA256
338c661b988d25349e5527378c2ecc7d7490d38d4cf5c3cd573e318359dc5a11

SHA512
312b0aaffaa8581c19fe42f2e2efef35fffc567821b5b65e6e0dcd0162cd76a621949a9ecf75dd0a875999fe0731272e219710e091c8b33274df495069faad80

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6159.exe

Filesize
184KB

MD5
1086704db95fad7102aa6a5681220e25

SHA1
02b7c10af2684cb414f19949edb61b2911f899bb

SHA256
f53f784e7f641a46b26cb219f0e7c965a36030a1815c88daa18ebef5dc9b309f

SHA512
b01d569564faba7fc67ed306b8494805df35dffe0e8e03a64ec26f9b002676cafbed628d8a59d675313437328bc9742977159ead30ab7a1987beedfe02b2a099

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6578.exe

Filesize
184KB

MD5
6de822ef713140bc023db17726c186f4

SHA1
872c5a4bdaee4585ba5efcc6cb024ca9d933d359

SHA256
ba5a485f2e75a1e6f5dd81fa6ece4cf2855d83287f360eb1c2fbf29eeb1f521a

SHA512
fe553e6d1108c84249ac9de9acac6b861198912a722492ad1e1cb34d87e31ebad0365f856dbddfcbb9a7a90dfff639596dea69bcaf780a992da7ff0845bbe404

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6668.exe

Filesize
184KB

MD5
fd15903c62c67025e65087e39e373213

SHA1
8eac76419f3f7fd9453eab543ca02477dd654b9b

SHA256
6d1a226f7ac68c76868b7395d56c95bf00f646d25221f912085b2f0a79f2f18a

SHA512
2965d56d07e3398b9e27ce806e31ec346590fcd3e5e9bad59a67b9470d44f6cf703690191f0cf021d8d3c6d0e69874a812ecf705e3dbadcf6540c5b62a599ff7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-15321.exe

Filesize
184KB

MD5
ef67bc72547ef4402f136fc39fd9fadd

SHA1
05fc4c7874773bbf2aa3009210b83bf0645dacad

SHA256
cecc9011a902726440ab9574a44f0cba037f2088829a5db841e463c475a8ca7a

SHA512
5c3b923a99a97f66b0105a5868a0d3bd13559ddb157717555c77328ad3d6b06a21dd788919c31db19fc58e662d42a7067a2cdaad065b9fa219ccab00cb316c0a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-20098.exe

Filesize
184KB

MD5
64320d8f37b2077d9abfce219994fe07

SHA1
aba5c90675c70b0722b604f86a099c30719fddd8

SHA256
a17174764283f26f93881a261e37a3799a58e3198f0da051b0385e0fc7b26bd8

SHA512
9e3e10455f9f3e8c9c9158b443dfa03ce79123ace0b62839487663138cd9953a03df1b4e22269c524f8a573d766d1b8876a56c03a95cc6517820365582062849

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-20805.exe

Filesize
184KB

MD5
3fd6be4f8c06fa5d8e3b08264aa76dc2

SHA1
212f55d455bfd390569c1d08bda4fd533e6a660a

SHA256
8e980902e8c2a4a7c22f10894e2cc89e07538fe8d38f1fc97ed74bcd97741ee8

SHA512
b88877ac2b12c7e635188be96f0198516b0d4d20de4ee85ed1c9f45c846c8ff15dec5ede9cdbc828d94278ad8e399d55f3fd9fe2558ec50f028b3432b4531ac7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-21007.exe

Filesize
184KB

MD5
d28e59df92e283ab108fef28a1bd1054

SHA1
a83ead10a540f8ef1658f1908509a2504220440b

SHA256
f66ec9e09175820884c1b4515eb1f9491e3e2bd1da0ee18215a056da65bc5661

SHA512
9bfeb25abb361d5c085f85bfa2cc1758fda826c25b3120db9b1ccf8ba243dc71b228cee8fd4f2590cf3cf41ee7dae47dea8107541933cd098898365ce4aae184

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-2621.exe

Filesize
184KB

MD5
96d37f183f6734d2fa6c0bafb9f3a1f4

SHA1
631860ca61a7fbe28a6bdc8f2bce454d50c167b2

SHA256
369f5091496b386a07d7b53cfae4333c4b8a46aefaec4318a5ea98b78cfc626f

SHA512
17b171cdc9965260285fa778d34e8d7ad2c5d9dfa33e4b671cb92cfeea3b66110b1d465822da01ec7dba89b47bb6249dc6c568ee19e61d12cc610ef251697682

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-32904.exe

Filesize
184KB

MD5
67e9d54edbf704c7273e522237975c97

SHA1
5b66679e7e0c8cff2d28b61e2f8c02f7f8a3765b

SHA256
fe117b1d7d9e9de0a4cc1b76ea3c1ab0921927f01634d19d0d8743e31a228bec

SHA512
8502930261480f794e8ffe06bf757c8f88f7871d1b66908c744b7e69df986e1617a63942e9c1d52f882a45012c4d35245c09b719193235afe80d3cec1b8e8449

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-41833.exe

Filesize
184KB

MD5
1b0c377499b48f01b331bd895cd7a6e1

SHA1
ad73c979ff201865787dedaef6226cd97b708716

SHA256
c87b22992570500b41dfbd20706667e861ac5e79c8e4deaf999be7e07da285fb

SHA512
977c2a987877b835390abfed486649d5892c09f8b7b6164c37e02ddae61d859b74b835a13fda8a42b883c0687be3a38c1de8a1a945705fb8e8ed7f0c9277d88f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-44531.exe

Filesize
184KB

MD5
b1cb025c26fafe00eb81e417301817db

SHA1
e6db1c9182e15685842fa178837b8ab85f131290

SHA256
f72525943355ebac0247ab4749e1335271f3d1768823c63c8b8bb9d66dce7c45

SHA512
6233ac7821abf9d2e2cc47cfeba22f548233284b005a8bd501d35155cc19185bc4aebf0c91aeb52695df1a86aab07e3c6980fa28dcc7b6d1f6474b6ac9a8e07d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48293.exe

Filesize
184KB

MD5
7bd793054b098de2a4eebc823441ee2b

SHA1
ac667e8dc1f3f3b8270acd29be7db640a2590b1d

SHA256
5c0954b1ab7e634db758e74fd62c6260745c8218af51752dd54b017a815b1daa

SHA512
c2726d25c89921d283c79f7686f370e5e6b8c12ffa6521bd0327f39cb9090572609f461f9c73806c91accc34b98489f546cfeaa7957ecd51a0b5a8b91da58d94

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-52962.exe

Filesize
184KB

MD5
3f34344462d8f7319f6e1bfcd0d4ecc8

SHA1
f4fc32850a0d03bebc285edb731a1d31aeabe136

SHA256
50cb4ac53c0520a00506f297587738521472db151f4c8f8d1428678b0f6dd65e

SHA512
497e5ae7af973a6fa57229b87269a9f8921bda64461b660727b35cd9bdf666cd1d40dd6a4c44436fcd999fb7654b4097971f5cb0d5f54ffa86bad32876909b93

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-56140.exe

Filesize
184KB

MD5
00706032e799606d3fe80fad4eb505b8

SHA1
5f27f29df33047eb469b3ef5694a87075bde4dd3

SHA256
9a41d62c0f788e49e2f3e00b0ea15afbb746987e250145a272690d614e2f2097

SHA512
1eb57b7bd568e17e2f6606116672f62e5a52c30c75689a46fb3e540321a9c3d8a4f61b63e4e4b5d01225654679821b9089ab16b5d6602c2244f92c774857abb2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-57100.exe

Filesize
184KB

MD5
69b63f9065b813a01d3e846dd2d94ae1

SHA1
7086c3d731c1062dd22a61158ad7ac35f48bbfc1

SHA256
837f53ab998c5ebc3ecf9ec9bd092a34477c3b20a1b15e1f378f781a0729f51c

SHA512
fc8f92e575edfdc9379e5be99d7b935c545a68baaf2eb544f67fc1b87667922178372675b56d36d0ae85f37303134bf0d0ca6258a8c01e79a81d491f07572938

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-939.exe

Filesize
184KB

MD5
b0452558c374cb1475f89bc5e0d94799

SHA1
48f79e20ca55643a4eaad1b3f5a50a9b596aa650

SHA256
ecbce5146f8857dff72911cbfe90b4586eb917408c965634c26b60356eb4a6bd

SHA512
ad1951eb7494b4903efdd8ad41dccff62edb55b990327e09002144ee3c3a13a7935672aed2f27ccb13a971c14aec46ced447fd5d2f2e9f4cc16a35e900f01602

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads