b9ab13e171f0aa223c6471ff67b590af9ace49c5433c0518938bde63c1ae0547

Analysis

max time kernel
150s
max time network
121s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
30/05/2024, 09:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b73a50fe77b8a4323046a8fa75f0f8a0_NeikiAnalytics.exe
Size

184KB
MD5

b73a50fe77b8a4323046a8fa75f0f8a0
SHA1

ae6bee82a44e7043c9591b98b2ec2199133c8704
SHA256

b9ab13e171f0aa223c6471ff67b590af9ace49c5433c0518938bde63c1ae0547
SHA512

16dc22dd78b5216a5800f44afb6d206b5de6f9f53ea5cb4f24e74871cdebf3f01a2ba0f8aae171d3827788f6c38fb313d727818cb05bdbf0d214d8092b2f82b5
SSDEEP

3072:Oww388ofC4o5d4aWeNGLRGsvhlnViFFn3:Ow4o+34a+LksvhlnViFF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2144	Unicorn-1900.exe
2252	Unicorn-38979.exe
2572	Unicorn-15029.exe
1976	Unicorn-40214.exe
2592	Unicorn-32600.exe
2640	Unicorn-60634.exe
1644	Unicorn-53701.exe
2824	Unicorn-29751.exe
2964	Unicorn-416.exe
2996	Unicorn-54256.exe
2780	Unicorn-18048.exe
1636	Unicorn-2266.exe
2016	Unicorn-30300.exe
2700	Unicorn-29231.exe
1056	Unicorn-58888.exe
2028	Unicorn-39022.exe
1096	Unicorn-14129.exe
1632	Unicorn-55717.exe
916	Unicorn-30466.exe
2436	Unicorn-6516.exe
1332	Unicorn-26382.exe
2012	Unicorn-50886.exe
920	Unicorn-43272.exe
1364	Unicorn-50886.exe
1920	Unicorn-63138.exe
1032	Unicorn-43272.exe
3052	Unicorn-3076.exe
1508	Unicorn-44664.exe
2376	Unicorn-64529.exe
1700	Unicorn-27581.exe
2256	Unicorn-3631.exe
2192	Unicorn-31665.exe
3048	Unicorn-45453.exe
2656	Unicorn-21503.exe
1828	Unicorn-336.exe
2736	Unicorn-891.exe
2784	Unicorn-891.exe
2524	Unicorn-12588.exe
2804	Unicorn-8504.exe
2480	Unicorn-16673.exe
2660	Unicorn-28925.exe
2836	Unicorn-4975.exe
2124	Unicorn-62235.exe
1528	Unicorn-30352.exe
1360	Unicorn-22738.exe
2164	Unicorn-50772.exe
1716	Unicorn-1571.exe
324	Unicorn-38328.exe
1848	Unicorn-54664.exe
1772	Unicorn-54664.exe
820	Unicorn-30714.exe
1048	Unicorn-51135.exe
848	Unicorn-51135.exe
2060	Unicorn-57679.exe
1540	Unicorn-1934.exe
1820	Unicorn-21800.exe
1028	Unicorn-29968.exe
2592	Unicorn-865.exe
2216	Unicorn-54472.exe
1824	Unicorn-54472.exe
1764	Unicorn-54472.exe
1580	Unicorn-42774.exe
3060	Unicorn-58556.exe
2260	Unicorn-38690.exe

Loads dropped DLL 64 IoCs

pid	Process
2208	b73a50fe77b8a4323046a8fa75f0f8a0_NeikiAnalytics.exe
2208	b73a50fe77b8a4323046a8fa75f0f8a0_NeikiAnalytics.exe
2144	Unicorn-1900.exe
2144	Unicorn-1900.exe
2208	b73a50fe77b8a4323046a8fa75f0f8a0_NeikiAnalytics.exe
2208	b73a50fe77b8a4323046a8fa75f0f8a0_NeikiAnalytics.exe
2252	Unicorn-38979.exe
2252	Unicorn-38979.exe
2144	Unicorn-1900.exe
2144	Unicorn-1900.exe
2572	Unicorn-15029.exe
2572	Unicorn-15029.exe
2980	WerFault.exe
2980	WerFault.exe
2980	WerFault.exe
2980	WerFault.exe
2980	WerFault.exe
1976	Unicorn-40214.exe
1976	Unicorn-40214.exe
2252	Unicorn-38979.exe
2252	Unicorn-38979.exe
2640	Unicorn-60634.exe
2640	Unicorn-60634.exe
2572	Unicorn-15029.exe
2572	Unicorn-15029.exe
2352	WerFault.exe
2352	WerFault.exe
2352	WerFault.exe
2352	WerFault.exe
2352	WerFault.exe
1420	WerFault.exe
1420	WerFault.exe
1420	WerFault.exe
1420	WerFault.exe
1420	WerFault.exe
1644	Unicorn-53701.exe
1644	Unicorn-53701.exe
1976	Unicorn-40214.exe
1976	Unicorn-40214.exe
2824	Unicorn-29751.exe
2824	Unicorn-29751.exe
2964	Unicorn-416.exe
2964	Unicorn-416.exe
2996	Unicorn-54256.exe
2996	Unicorn-54256.exe
2640	Unicorn-60634.exe
2640	Unicorn-60634.exe
112	WerFault.exe
112	WerFault.exe
112	WerFault.exe
112	WerFault.exe
112	WerFault.exe
592	WerFault.exe
592	WerFault.exe
592	WerFault.exe
592	WerFault.exe
592	WerFault.exe
2780	Unicorn-18048.exe
2780	Unicorn-18048.exe
1644	Unicorn-53701.exe
1644	Unicorn-53701.exe
2016	Unicorn-30300.exe
2016	Unicorn-30300.exe
2824	Unicorn-29751.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2620	2208	WerFault.exe	27
2980	2144	WerFault.exe	28
2352	2252	WerFault.exe	29
1420	2572	WerFault.exe	30
112	1976	WerFault.exe	32
592	2640	WerFault.exe	34
752	1644	WerFault.exe	36
1696	2824	WerFault.exe	37
2356	2964	WerFault.exe	38
980	2996	WerFault.exe	39
1812	2780	WerFault.exe	42
1156	2016	WerFault.exe	44
2344	1636	WerFault.exe	43
1988	1056	WerFault.exe	46
1736	2700	WerFault.exe	45
1876	2376	WerFault.exe	65
2528	2028	WerFault.exe	47
1124	1828	WerFault.exe	72
3020	1096	WerFault.exe	50
2516	1632	WerFault.exe	51
2488	916	WerFault.exe	52
2512	1332	WerFault.exe	54
2540	2436	WerFault.exe	53
1088	1364	WerFault.exe	56
2652	2012	WerFault.exe	55
2944	920	WerFault.exe	58
2840	1032	WerFault.exe	59
768	1920	WerFault.exe	57
2112	3052	WerFault.exe	64
2892	1508	WerFault.exe	66
3004	1700	WerFault.exe	67
452	3048	WerFault.exe	70
1308	2256	WerFault.exe	68
2308	2192	WerFault.exe	69
2120	2480	WerFault.exe	78
3068	2836	WerFault.exe	79
2796	2656	WerFault.exe	71
2464	2660	WerFault.exe	77
772	2524	WerFault.exe	75
2688	2784	WerFault.exe	74
2676	2736	WerFault.exe	73
3532	1528	WerFault.exe	88
3548	2124	WerFault.exe	87
3560	2164	WerFault.exe	90
3580	1360	WerFault.exe	89
3648	1716	WerFault.exe	91
3680	1772	WerFault.exe	93
3704	1048	WerFault.exe	96
3716	848	WerFault.exe	97
3748	1848	WerFault.exe	94
3752	1820	WerFault.exe	100
3796	3060	WerFault.exe	109
3800	1764	WerFault.exe	106
3892	2060	WerFault.exe	98
3952	1028	WerFault.exe	101
3944	1824	WerFault.exe	105
4040	324	WerFault.exe	92
3396	2260	WerFault.exe	108
3392	2592	WerFault.exe	102
4152	1540	WerFault.exe	99
4184	2216	WerFault.exe	104
4720	820	WerFault.exe	95
4772	1580	WerFault.exe	107
4816	2576	WerFault.exe	134

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2208	b73a50fe77b8a4323046a8fa75f0f8a0_NeikiAnalytics.exe
2144	Unicorn-1900.exe
2252	Unicorn-38979.exe
2572	Unicorn-15029.exe
1976	Unicorn-40214.exe
2592	Unicorn-32600.exe
2640	Unicorn-60634.exe
1644	Unicorn-53701.exe
2824	Unicorn-29751.exe
2964	Unicorn-416.exe
2996	Unicorn-54256.exe
2780	Unicorn-18048.exe
1636	Unicorn-2266.exe
2016	Unicorn-30300.exe
2700	Unicorn-29231.exe
1056	Unicorn-58888.exe
2028	Unicorn-39022.exe
1096	Unicorn-14129.exe
1632	Unicorn-55717.exe
916	Unicorn-30466.exe
2436	Unicorn-6516.exe
1332	Unicorn-26382.exe
2012	Unicorn-50886.exe
920	Unicorn-43272.exe
1920	Unicorn-63138.exe
1364	Unicorn-50886.exe
1032	Unicorn-43272.exe
1508	Unicorn-44664.exe
2376	Unicorn-64529.exe
3052	Unicorn-3076.exe
1700	Unicorn-27581.exe
2256	Unicorn-3631.exe
2192	Unicorn-31665.exe
3048	Unicorn-45453.exe
2656	Unicorn-21503.exe
2784	Unicorn-891.exe
2736	Unicorn-891.exe
1828	Unicorn-336.exe
2524	Unicorn-12588.exe
2804	Unicorn-8504.exe
2660	Unicorn-28925.exe
2480	Unicorn-16673.exe
2836	Unicorn-4975.exe
2124	Unicorn-62235.exe
1528	Unicorn-30352.exe
1360	Unicorn-22738.exe
2164	Unicorn-50772.exe
1716	Unicorn-1571.exe
324	Unicorn-38328.exe
1848	Unicorn-54664.exe
1772	Unicorn-54664.exe
1048	Unicorn-51135.exe
820	Unicorn-30714.exe
848	Unicorn-51135.exe
2060	Unicorn-57679.exe
1820	Unicorn-21800.exe
1540	Unicorn-1934.exe
2592	Unicorn-865.exe
1028	Unicorn-29968.exe
2216	Unicorn-54472.exe
1764	Unicorn-54472.exe
1824	Unicorn-54472.exe
1580	Unicorn-42774.exe
2260	Unicorn-38690.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2208 wrote to memory of 2144	2208	b73a50fe77b8a4323046a8fa75f0f8a0_NeikiAnalytics.exe	28
PID 2208 wrote to memory of 2144	2208	b73a50fe77b8a4323046a8fa75f0f8a0_NeikiAnalytics.exe	28
PID 2208 wrote to memory of 2144	2208	b73a50fe77b8a4323046a8fa75f0f8a0_NeikiAnalytics.exe	28
PID 2208 wrote to memory of 2144	2208	b73a50fe77b8a4323046a8fa75f0f8a0_NeikiAnalytics.exe	28
PID 2144 wrote to memory of 2252	2144	Unicorn-1900.exe	29
PID 2144 wrote to memory of 2252	2144	Unicorn-1900.exe	29
PID 2144 wrote to memory of 2252	2144	Unicorn-1900.exe	29
PID 2144 wrote to memory of 2252	2144	Unicorn-1900.exe	29
PID 2208 wrote to memory of 2572	2208	b73a50fe77b8a4323046a8fa75f0f8a0_NeikiAnalytics.exe	30
PID 2208 wrote to memory of 2572	2208	b73a50fe77b8a4323046a8fa75f0f8a0_NeikiAnalytics.exe	30
PID 2208 wrote to memory of 2572	2208	b73a50fe77b8a4323046a8fa75f0f8a0_NeikiAnalytics.exe	30
PID 2208 wrote to memory of 2572	2208	b73a50fe77b8a4323046a8fa75f0f8a0_NeikiAnalytics.exe	30
PID 2208 wrote to memory of 2620	2208	b73a50fe77b8a4323046a8fa75f0f8a0_NeikiAnalytics.exe	31
PID 2208 wrote to memory of 2620	2208	b73a50fe77b8a4323046a8fa75f0f8a0_NeikiAnalytics.exe	31
PID 2208 wrote to memory of 2620	2208	b73a50fe77b8a4323046a8fa75f0f8a0_NeikiAnalytics.exe	31
PID 2208 wrote to memory of 2620	2208	b73a50fe77b8a4323046a8fa75f0f8a0_NeikiAnalytics.exe	31
PID 2252 wrote to memory of 1976	2252	Unicorn-38979.exe	32
PID 2252 wrote to memory of 1976	2252	Unicorn-38979.exe	32
PID 2252 wrote to memory of 1976	2252	Unicorn-38979.exe	32
PID 2252 wrote to memory of 1976	2252	Unicorn-38979.exe	32
PID 2144 wrote to memory of 2592	2144	Unicorn-1900.exe	33
PID 2144 wrote to memory of 2592	2144	Unicorn-1900.exe	33
PID 2144 wrote to memory of 2592	2144	Unicorn-1900.exe	33
PID 2144 wrote to memory of 2592	2144	Unicorn-1900.exe	33
PID 2572 wrote to memory of 2640	2572	Unicorn-15029.exe	34
PID 2572 wrote to memory of 2640	2572	Unicorn-15029.exe	34
PID 2572 wrote to memory of 2640	2572	Unicorn-15029.exe	34
PID 2572 wrote to memory of 2640	2572	Unicorn-15029.exe	34
PID 2144 wrote to memory of 2980	2144	Unicorn-1900.exe	35
PID 2144 wrote to memory of 2980	2144	Unicorn-1900.exe	35
PID 2144 wrote to memory of 2980	2144	Unicorn-1900.exe	35
PID 2144 wrote to memory of 2980	2144	Unicorn-1900.exe	35
PID 1976 wrote to memory of 1644	1976	Unicorn-40214.exe	36
PID 1976 wrote to memory of 1644	1976	Unicorn-40214.exe	36
PID 1976 wrote to memory of 1644	1976	Unicorn-40214.exe	36
PID 1976 wrote to memory of 1644	1976	Unicorn-40214.exe	36
PID 2252 wrote to memory of 2824	2252	Unicorn-38979.exe	37
PID 2252 wrote to memory of 2824	2252	Unicorn-38979.exe	37
PID 2252 wrote to memory of 2824	2252	Unicorn-38979.exe	37
PID 2252 wrote to memory of 2824	2252	Unicorn-38979.exe	37
PID 2640 wrote to memory of 2964	2640	Unicorn-60634.exe	38
PID 2640 wrote to memory of 2964	2640	Unicorn-60634.exe	38
PID 2640 wrote to memory of 2964	2640	Unicorn-60634.exe	38
PID 2640 wrote to memory of 2964	2640	Unicorn-60634.exe	38
PID 2572 wrote to memory of 2996	2572	Unicorn-15029.exe	39
PID 2572 wrote to memory of 2996	2572	Unicorn-15029.exe	39
PID 2572 wrote to memory of 2996	2572	Unicorn-15029.exe	39
PID 2572 wrote to memory of 2996	2572	Unicorn-15029.exe	39
PID 2252 wrote to memory of 2352	2252	Unicorn-38979.exe	40
PID 2252 wrote to memory of 2352	2252	Unicorn-38979.exe	40
PID 2252 wrote to memory of 2352	2252	Unicorn-38979.exe	40
PID 2252 wrote to memory of 2352	2252	Unicorn-38979.exe	40
PID 2572 wrote to memory of 1420	2572	Unicorn-15029.exe	41
PID 2572 wrote to memory of 1420	2572	Unicorn-15029.exe	41
PID 2572 wrote to memory of 1420	2572	Unicorn-15029.exe	41
PID 2572 wrote to memory of 1420	2572	Unicorn-15029.exe	41
PID 1644 wrote to memory of 2780	1644	Unicorn-53701.exe	42
PID 1644 wrote to memory of 2780	1644	Unicorn-53701.exe	42
PID 1644 wrote to memory of 2780	1644	Unicorn-53701.exe	42
PID 1644 wrote to memory of 2780	1644	Unicorn-53701.exe	42
PID 1976 wrote to memory of 1636	1976	Unicorn-40214.exe	43
PID 1976 wrote to memory of 1636	1976	Unicorn-40214.exe	43
PID 1976 wrote to memory of 1636	1976	Unicorn-40214.exe	43
PID 1976 wrote to memory of 1636	1976	Unicorn-40214.exe	43

C:\Users\Admin\AppData\Local\Temp\b73a50fe77b8a4323046a8fa75f0f8a0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\b73a50fe77b8a4323046a8fa75f0f8a0_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2208
- C:\Users\Admin\AppData\Local\Temp\Unicorn-1900.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-1900.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2144
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38979.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38979.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40214.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40214.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53701.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18048.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14129.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3076.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30352.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19143.exe
        10⤵
        
        PID:1548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23357.exe
        11⤵
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57155.exe
        12⤵
        
        PID:4052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4763.exe
        13⤵
        
        PID:5468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31619.exe
        14⤵
        
        PID:8848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40221.exe
        15⤵
        
        PID:11760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8848 -s 216
        15⤵
        
        PID:12508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5468 -s 216
        14⤵
        
        PID:9872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4052 -s 216
        13⤵
        
        PID:6924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1980 -s 236
        12⤵
        
        PID:4416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62863.exe
        11⤵
        
        PID:3112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48572.exe
        12⤵
        
        PID:5332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7498.exe
        13⤵
        
        PID:8472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46038.exe
        14⤵
        
        PID:11492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8472 -s 216
        14⤵
        
        PID:11652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5332 -s 216
        13⤵
        
        PID:9628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3112 -s 216
        12⤵
        
        PID:6552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1548 -s 240
        11⤵
        
        PID:4168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11659.exe
        10⤵
        
        PID:1428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24099.exe
        11⤵
        
        PID:4036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48572.exe
        12⤵
        
        PID:5344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23451.exe
        13⤵
        
        PID:8788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21332.exe
        14⤵
        
        PID:11692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8788 -s 204
        14⤵
        
        PID:13236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5344 -s 216
        13⤵
        
        PID:9828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4036 -s 216
        12⤵
        
        PID:6568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1428 -s 216
        11⤵
        
        PID:4128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1528 -s 240
        10⤵
        Program crash
        
        PID:3532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63745.exe
        9⤵
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35609.exe
        10⤵
        
        PID:1004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53071.exe
        11⤵
        
        PID:4084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51888.exe
        12⤵
        
        PID:4216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39403.exe
        13⤵
        
        PID:8240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12924.exe
        14⤵
        
        PID:11048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8240 -s 216
        14⤵
        
        PID:11948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4216 -s 216
        13⤵
        
        PID:9456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4084 -s 236
        12⤵
        
        PID:7128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1004 -s 236
        11⤵
        
        PID:4696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5494.exe
        10⤵
        
        PID:3152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11862.exe
        11⤵
        
        PID:5488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47955.exe
        12⤵
        
        PID:8884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29702.exe
        13⤵
        
        PID:11476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8884 -s 216
        13⤵
        
        PID:11632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5488 -s 216
        12⤵
        
        PID:9916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3152 -s 236
        11⤵
        
        PID:6880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2032 -s 240
        10⤵
        
        PID:4464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3052 -s 240
        9⤵
        Program crash
        
        PID:2112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22738.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22158.exe
        9⤵
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14996.exe
        10⤵
        
        PID:1560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7762.exe
        11⤵
        
        PID:3492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60679.exe
        12⤵
        
        PID:5572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11883.exe
        13⤵
        
        PID:8480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47357.exe
        14⤵
        
        PID:12772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8480 -s 216
        14⤵
        
        PID:9184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5572 -s 216
        13⤵
        
        PID:10564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3492 -s 236
        12⤵
        
        PID:7100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1560 -s 236
        11⤵
        
        PID:4584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20569.exe
        10⤵
        
        PID:4072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24068.exe
        11⤵
        
        PID:5304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3222.exe
        12⤵
        
        PID:8596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37284.exe
        13⤵
        
        PID:11836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8596 -s 220
        13⤵
        
        PID:13188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5304 -s 216
        12⤵
        
        PID:9716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4072 -s 216
        11⤵
        
        PID:6544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2900 -s 240
        10⤵
        
        PID:3340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56584.exe
        9⤵
        
        PID:3100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58847.exe
        10⤵
        
        PID:3148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62215.exe
        11⤵
        
        PID:5328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16134.exe
        12⤵
        
        PID:8592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33574.exe
        13⤵
        
        PID:13280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8592 -s 216
        13⤵
        
        PID:7704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5328 -s 216
        12⤵
        
        PID:9924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3148 -s 220
        11⤵
        
        PID:7484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3100 -s 236
        10⤵
        
        PID:6060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1360 -s 220
        9⤵
        Program crash
        
        PID:3580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1096 -s 240
        8⤵
        Program crash
        
        PID:3020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44664.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50772.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22158.exe
        9⤵
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6828.exe
        10⤵
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44711.exe
        11⤵
        
        PID:3364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3502.exe
        12⤵
        
        PID:5516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55054.exe
        13⤵
        
        PID:8904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56614.exe
        14⤵
        
        PID:12080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8904 -s 204
        14⤵
        
        PID:12792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5516 -s 216
        13⤵
        
        PID:10024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3364 -s 216
        12⤵
        
        PID:7044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2804 -s 236
        11⤵
        
        PID:4544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45266.exe
        10⤵
        
        PID:3404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48380.exe
        11⤵
        
        PID:5428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47955.exe
        12⤵
        
        PID:8876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33387.exe
        13⤵
        
        PID:12604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8876 -s 204
        13⤵
        
        PID:12872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5428 -s 216
        12⤵
        
        PID:9928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3404 -s 216
        11⤵
        
        PID:6828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1964 -s 240
        10⤵
        
        PID:4232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60668.exe
        9⤵
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16123.exe
        10⤵
        
        PID:3268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53040.exe
        11⤵
        
        PID:5048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40171.exe
        12⤵
        
        PID:8528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43791.exe
        13⤵
        
        PID:11588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8528 -s 216
        13⤵
        
        PID:11832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5048 -s 216
        12⤵
        
        PID:9684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3268 -s 216
        11⤵
        
        PID:6248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2752 -s 216
        10⤵
        
        PID:4752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2164 -s 240
        9⤵
        Program crash
        
        PID:3560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47217.exe
        8⤵
        
        PID:992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23165.exe
        9⤵
        
        PID:3164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53455.exe
        10⤵
        
        PID:4060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14939.exe
        11⤵
        
        PID:4864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10622.exe
        12⤵
        
        PID:8304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9281.exe
        13⤵
        
        PID:11448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8304 -s 236
        13⤵
        
        PID:11548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4864 -s 216
        12⤵
        
        PID:9448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4060 -s 236
        11⤵
        
        PID:7144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3164 -s 236
        10⤵
        
        PID:4552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41757.exe
        9⤵
        
        PID:3252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24499.exe
        10⤵
        
        PID:5848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60290.exe
        11⤵
        
        PID:9204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15764.exe
        12⤵
        
        PID:12708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9204 -s 216
        12⤵
        
        PID:12996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5848 -s 220
        11⤵
        
        PID:9248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3252 -s 216
        10⤵
        
        PID:7212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 992 -s 240
        9⤵
        
        PID:5136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1508 -s 240
        8⤵
        Program crash
        
        PID:2892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2780 -s 240
        7⤵
        Program crash
        
        PID:1812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55717.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64529.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2376 -s 240
        8⤵
        Program crash
        
        PID:1876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62235.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13989.exe
        8⤵
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43777.exe
        9⤵
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61623.exe
        10⤵
        
        PID:3312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17566.exe
        11⤵
        
        PID:6212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64421.exe
        12⤵
        
        PID:8608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18769.exe
        13⤵
        
        PID:12660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8608 -s 204
        13⤵
        
        PID:8076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6212 -s 220
        12⤵
        
        PID:10632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3312 -s 216
        11⤵
        
        PID:7956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2084 -s 236
        10⤵
        
        PID:5452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51426.exe
        9⤵
        
        PID:3464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25158.exe
        10⤵
        
        PID:6056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28386.exe
        11⤵
        
        PID:8636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19485.exe
        12⤵
        
        PID:13172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8636 -s 216
        12⤵
        
        PID:12612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6056 -s 216
        11⤵
        
        PID:9780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3464 -s 216
        10⤵
        
        PID:7644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1680 -s 240
        9⤵
        
        PID:5600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44332.exe
        8⤵
        
        PID:1868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24099.exe
        9⤵
        
        PID:3992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56740.exe
        10⤵
        
        PID:5364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52231.exe
        11⤵
        
        PID:8732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48638.exe
        12⤵
        
        PID:12000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8732 -s 220
        12⤵
        
        PID:12740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5364 -s 216
        11⤵
        
        PID:9804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3992 -s 216
        10⤵
        
        PID:6660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1868 -s 236
        9⤵
        
        PID:4176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2124 -s 240
        8⤵
        Program crash
        
        PID:3548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1632 -s 240
        7⤵
        Program crash
        
        PID:2516
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1644 -s 240
        6⤵
        Program crash
        
        PID:752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2266.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26382.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31665.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54664.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49568.exe
        9⤵
        
        PID:3372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4446.exe
        10⤵
        
        PID:3432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53938.exe
        11⤵
        
        PID:5960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44530.exe
        12⤵
        
        PID:8780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5561.exe
        13⤵
        
        PID:12704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8780 -s 204
        13⤵
        
        PID:7340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5960 -s 220
        12⤵
        
        PID:10328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3432 -s 216
        11⤵
        
        PID:7588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3372 -s 236
        10⤵
        
        PID:5204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1848 -s 216
        9⤵
        Program crash
        
        PID:3748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11384.exe
        8⤵
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8748.exe
        9⤵
        
        PID:3968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3968 -s 220
        10⤵
        
        PID:5144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5816.exe
        9⤵
        
        PID:4612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27016.exe
        10⤵
        
        PID:7032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47815.exe
        11⤵
        
        PID:9532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7032 -s 236
        11⤵
        
        PID:11052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4612 -s 216
        10⤵
        
        PID:7700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2044 -s 240
        9⤵
        
        PID:5832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2192 -s 240
        8⤵
        Program crash
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51135.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6745.exe
        8⤵
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20124.exe
        9⤵
        
        PID:3868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38318.exe
        10⤵
        
        PID:4244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34945.exe
        11⤵
        
        PID:6640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22652.exe
        12⤵
        
        PID:9296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6640 -s 216
        12⤵
        
        PID:11164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4244 -s 216
        11⤵
        
        PID:7868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3868 -s 236
        10⤵
        
        PID:6400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2576 -s 216
        9⤵
        Program crash
        
        PID:4816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1048 -s 216
        8⤵
        Program crash
        
        PID:3704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1332 -s 240
        7⤵
        Program crash
        
        PID:2512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21503.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29968.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6553.exe
        8⤵
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20124.exe
        9⤵
        
        PID:3860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2412.exe
        10⤵
        
        PID:4668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12656.exe
        11⤵
        
        PID:8068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46173.exe
        12⤵
        
        PID:11084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8068 -s 236
        12⤵
        
        PID:12048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4668 -s 216
        11⤵
        
        PID:8524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3860 -s 216
        10⤵
        
        PID:6884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1752 -s 236
        9⤵
        
        PID:4840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28846.exe
        8⤵
        
        PID:3908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45142.exe
        9⤵
        
        PID:4196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26511.exe
        9⤵
        
        PID:4420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21510.exe
        10⤵
        
        PID:7664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46728.exe
        11⤵
        
        PID:10908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7664 -s 216
        11⤵
        
        PID:11736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4420 -s 216
        10⤵
        
        PID:8728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3908 -s 220
        9⤵
        
        PID:6736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1028 -s 220
        8⤵
        Program crash
        
        PID:3952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60393.exe
        7⤵
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7679.exe
        8⤵
        
        PID:4088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1561.exe
        9⤵
        
        PID:4136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22121.exe
        10⤵
        
        PID:6020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63990.exe
        11⤵
        
        PID:8264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63267.exe
        12⤵
        
        PID:11468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8264 -s 204
        12⤵
        
        PID:12940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6020 -s 220
        11⤵
        
        PID:9396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4136 -s 236
        10⤵
        
        PID:7320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16646.exe
        9⤵
        
        PID:5244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19559.exe
        10⤵
        
        PID:8660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61601.exe
        11⤵
        
        PID:11820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8660 -s 216
        11⤵
        
        PID:12584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5244 -s 216
        10⤵
        
        PID:9744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4088 -s 220
        9⤵
        
        PID:6388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1672 -s 216
        8⤵
        
        PID:4952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2656 -s 240
        7⤵
        Program crash
        
        PID:2796
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1636 -s 240
        6⤵
        Program crash
        
        PID:2344
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1976 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29751.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29751.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30300.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30466.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27581.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1571.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13605.exe
        9⤵
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22973.exe
        10⤵
        
        PID:3272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30067.exe
        11⤵
        
        PID:3136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29543.exe
        12⤵
        
        PID:5224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40830.exe
        13⤵
        
        PID:8488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6884.exe
        14⤵
        
        PID:13012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8488 -s 204
        14⤵
        
        PID:13248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5224 -s 216
        13⤵
        
        PID:9584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3136 -s 216
        12⤵
        
        PID:7392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3272 -s 236
        11⤵
        
        PID:6068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51042.exe
        10⤵
        
        PID:3344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50238.exe
        11⤵
        
        PID:6292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8588.exe
        12⤵
        
        PID:8644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33574.exe
        13⤵
        
        PID:13272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8644 -s 216
        13⤵
        
        PID:12664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6292 -s 220
        12⤵
        
        PID:10640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3344 -s 216
        11⤵
        
        PID:7996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2116 -s 240
        10⤵
        
        PID:5900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64560.exe
        9⤵
        
        PID:3300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61047.exe
        10⤵
        
        PID:3456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4763.exe
        11⤵
        
        PID:5476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19367.exe
        12⤵
        
        PID:8804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5322.exe
        13⤵
        
        PID:12236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8804 -s 216
        13⤵
        
        PID:12864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5476 -s 216
        12⤵
        
        PID:9852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3456 -s 216
        11⤵
        
        PID:3524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3300 -s 236
        10⤵
        
        PID:4312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1716 -s 240
        9⤵
        Program crash
        
        PID:3648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1908.exe
        8⤵
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31141.exe
        9⤵
        
        PID:3328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33035.exe
        10⤵
        
        PID:3480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-845.exe
        11⤵
        
        PID:5808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56782.exe
        12⤵
        
        PID:8824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6713.exe
        13⤵
        
        PID:940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8824 -s 204
        13⤵
        
        PID:7384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5808 -s 220
        12⤵
        
        PID:10288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3480 -s 216
        11⤵
        
        PID:7572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3328 -s 216
        10⤵
        
        PID:5300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33589.exe
        9⤵
        
        PID:1212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21842.exe
        10⤵
        
        PID:5252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31941.exe
        11⤵
        
        PID:8460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59225.exe
        12⤵
        
        PID:12948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8460 -s 204
        12⤵
        
        PID:8232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5252 -s 216
        11⤵
        
        PID:10556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1212 -s 220
        10⤵
        
        PID:7884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2876 -s 240
        9⤵
        
        PID:5420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1700 -s 240
        8⤵
        Program crash
        
        PID:3004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30714.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35334.exe
        8⤵
        
        PID:700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31909.exe
        9⤵
        
        PID:3808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34042.exe
        10⤵
        
        PID:4524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42921.exe
        11⤵
        
        PID:6676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37727.exe
        12⤵
        
        PID:9336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9365.exe
        13⤵
        
        PID:9012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9336 -s 216
        13⤵
        
        PID:9224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6676 -s 216
        12⤵
        
        PID:11236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4524 -s 216
        11⤵
        
        PID:7968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3808 -s 236
        10⤵
        
        PID:5504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13984.exe
        9⤵
        
        PID:4644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16284.exe
        10⤵
        
        PID:5068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52615.exe
        11⤵
        
        PID:8412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59743.exe
        12⤵
        
        PID:11616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8412 -s 216
        12⤵
        
        PID:11956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5068 -s 216
        11⤵
        
        PID:9596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4644 -s 236
        10⤵
        
        PID:6208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 700 -s 220
        9⤵
        
        PID:4632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28846.exe
        8⤵
        
        PID:3900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2412.exe
        9⤵
        
        PID:4684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33077.exe
        10⤵
        
        PID:8100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63796.exe
        11⤵
        
        PID:11204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8100 -s 216
        11⤵
        
        PID:11852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4684 -s 216
        10⤵
        
        PID:8568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3900 -s 236
        9⤵
        
        PID:6892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 820 -s 220
        8⤵
        Program crash
        
        PID:4720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 916 -s 240
        7⤵
        Program crash
        
        PID:2488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3631.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54664.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46278.exe
        8⤵
        
        PID:1688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49350.exe
        9⤵
        
        PID:3592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32428.exe
        10⤵
        
        PID:5272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11390.exe
        11⤵
        
        PID:8628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58472.exe
        12⤵
        
        PID:12028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8628 -s 216
        12⤵
        
        PID:12500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5272 -s 216
        11⤵
        
        PID:9724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3592 -s 236
        10⤵
        
        PID:6408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1688 -s 216
        9⤵
        
        PID:5056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1772 -s 236
        8⤵
        Program crash
        
        PID:3680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36080.exe
        7⤵
        
        PID:1712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40989.exe
        8⤵
        
        PID:3176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60440.exe
        9⤵
        
        PID:4780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9963.exe
        10⤵
        
        PID:7232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16682.exe
        11⤵
        
        PID:11360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7232 -s 236
        11⤵
        
        PID:11316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4780 -s 216
        10⤵
        
        PID:9252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3176 -s 216
        9⤵
        
        PID:7088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1712 -s 216
        8⤵
        
        PID:4304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2256 -s 220
        7⤵
        Program crash
        
        PID:1308
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2016 -s 240
        6⤵
        Program crash
        
        PID:1156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6516.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45453.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38328.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50362.exe
        8⤵
        
        PID:892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52713.exe
        9⤵
        
        PID:3496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13538.exe
        10⤵
        
        PID:3672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32859.exe
        11⤵
        
        PID:5764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31702.exe
        12⤵
        
        PID:9000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7211.exe
        13⤵
        
        PID:12764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9000 -s 216
        13⤵
        
        PID:6792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5764 -s 220
        12⤵
        
        PID:10164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3672 -s 216
        11⤵
        
        PID:6628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3496 -s 236
        10⤵
        
        PID:4608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18177.exe
        9⤵
        
        PID:4112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58515.exe
        10⤵
        
        PID:5940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60098.exe
        11⤵
        
        PID:9120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32489.exe
        12⤵
        
        PID:11464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9120 -s 216
        12⤵
        
        PID:13056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5940 -s 220
        11⤵
        
        PID:9316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4112 -s 216
        10⤵
        
        PID:7260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 892 -s 240
        9⤵
        
        PID:5744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41015.exe
        8⤵
        
        PID:3524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60528.exe
        9⤵
        
        PID:4600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48645.exe
        10⤵
        
        PID:7808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19064.exe
        11⤵
        
        PID:11072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7808 -s 216
        11⤵
        
        PID:11800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4600 -s 216
        10⤵
        
        PID:8988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 324 -s 240
        8⤵
        Program crash
        
        PID:4040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38664.exe
        7⤵
        
        PID:2316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43284.exe
        8⤵
        
        PID:3720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38126.exe
        9⤵
        
        PID:4560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4462.exe
        10⤵
        
        PID:5660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3030.exe
        11⤵
        
        PID:8764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36957.exe
        12⤵
        
        PID:11512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8764 -s 216
        12⤵
        
        PID:12668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5660 -s 216
        11⤵
        
        PID:9820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4560 -s 216
        10⤵
        
        PID:6280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3720 -s 236
        9⤵
        
        PID:5168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26236.exe
        8⤵
        
        PID:4676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14571.exe
        9⤵
        
        PID:7064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19035.exe
        10⤵
        
        PID:9564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7064 -s 236
        10⤵
        
        PID:11116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4676 -s 216
        9⤵
        
        PID:7736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2316 -s 240
        8⤵
        
        PID:5156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3048 -s 220
        7⤵
        Program crash
        
        PID:452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51135.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2661.exe
        7⤵
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21001.exe
        8⤵
        
        PID:3108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18007.exe
        9⤵
        
        PID:3084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36917.exe
        10⤵
        
        PID:6264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11473.exe
        11⤵
        
        PID:8236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1088.exe
        12⤵
        
        PID:12356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8236 -s 204
        12⤵
        
        PID:4292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6264 -s 216
        11⤵
        
        PID:10484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3084 -s 216
        10⤵
        
        PID:7980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3108 -s 236
        9⤵
        
        PID:5644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6309.exe
        8⤵
        
        PID:3292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41686.exe
        9⤵
        
        PID:5936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44530.exe
        10⤵
        
        PID:8796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13350.exe
        11⤵
        
        PID:12528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8796 -s 216
        11⤵
        
        PID:6116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5936 -s 220
        10⤵
        
        PID:10336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3292 -s 216
        9⤵
        
        PID:7612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2616 -s 240
        8⤵
        
        PID:5496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57435.exe
        7⤵
        
        PID:3160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28951.exe
        8⤵
        
        PID:3732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54706.exe
        9⤵
        
        PID:5736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52169.exe
        10⤵
        
        PID:8548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8548 -s 208
        11⤵
        
        PID:13156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5736 -s 220
        10⤵
        
        PID:10624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3732 -s 216
        9⤵
        
        PID:7892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 848 -s 240
        7⤵
        Program crash
        
        PID:3716
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2436 -s 240
        6⤵
        Program crash
        
        PID:2540
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2824 -s 240
        5⤵
        Program crash
        
        PID:1696
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2252 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:2352
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32600.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32600.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2592
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2144 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2980
- C:\Users\Admin\AppData\Local\Temp\Unicorn-15029.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-15029.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2572
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60634.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60634.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-416.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-416.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29231.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50886.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12588.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54472.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35334.exe
        9⤵
        
        PID:392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52521.exe
        10⤵
        
        PID:3664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30067.exe
        11⤵
        
        PID:3316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9314.exe
        12⤵
        
        PID:5980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51930.exe
        13⤵
        
        PID:9092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30019.exe
        14⤵
        
        PID:12204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9092 -s 216
        14⤵
        
        PID:12852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5980 -s 220
        13⤵
        
        PID:9304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3316 -s 216
        12⤵
        
        PID:7276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3664 -s 216
        11⤵
        
        PID:5800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51042.exe
        10⤵
        
        PID:3140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17374.exe
        11⤵
        
        PID:6368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53622.exe
        12⤵
        
        PID:9196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61669.exe
        13⤵
        
        PID:13216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9196 -s 216
        13⤵
        
        PID:13208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6368 -s 216
        12⤵
        
        PID:10520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3140 -s 216
        11⤵
        
        PID:8032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 392 -s 240
        10⤵
        
        PID:5908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48992.exe
        9⤵
        
        PID:3760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54846.exe
        10⤵
        
        PID:4148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46538.exe
        11⤵
        
        PID:5948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31941.exe
        12⤵
        
        PID:8436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37845.exe
        13⤵
        
        PID:12480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8436 -s 204
        13⤵
        
        PID:7904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5948 -s 216
        12⤵
        
        PID:10580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4148 -s 216
        11⤵
        
        PID:7872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3760 -s 216
        10⤵
        
        PID:5860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2216 -s 220
        9⤵
        Program crash
        
        PID:4184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35888.exe
        8⤵
        
        PID:1556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7679.exe
        9⤵
        
        PID:1200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29574.exe
        10⤵
        
        PID:4732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35360.exe
        11⤵
        
        PID:4520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10622.exe
        12⤵
        
        PID:8312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56391.exe
        13⤵
        
        PID:11680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8312 -s 216
        13⤵
        
        PID:12220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4520 -s 216
        12⤵
        
        PID:9440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4732 -s 236
        11⤵
        
        PID:7152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12754.exe
        10⤵
        
        PID:4788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32003.exe
        11⤵
        
        PID:8500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35639.exe
        12⤵
        
        PID:11524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8500 -s 204
        12⤵
        
        PID:13048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4788 -s 216
        11⤵
        
        PID:9676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1200 -s 240
        10⤵
        
        PID:6232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1556 -s 236
        9⤵
        
        PID:4944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2524 -s 220
        8⤵
        Program crash
        
        PID:772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42774.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55754.exe
        8⤵
        
        PID:412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8748.exe
        9⤵
        
        PID:3984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38510.exe
        10⤵
        
        PID:5072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16331.exe
        11⤵
        
        PID:5816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64374.exe
        12⤵
        
        PID:9048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34347.exe
        13⤵
        
        PID:12652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9048 -s 204
        13⤵
        
        PID:6276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5816 -s 220
        12⤵
        
        PID:10212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5072 -s 216
        11⤵
        
        PID:7204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3984 -s 216
        10⤵
        
        PID:5616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 412 -s 236
        9⤵
        
        PID:4888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45183.exe
        8⤵
        
        PID:4012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43253.exe
        9⤵
        
        PID:4764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46637.exe
        10⤵
        
        PID:7192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59328.exe
        11⤵
        
        PID:10540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7192 -s 216
        11⤵
        
        PID:11868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4764 -s 216
        10⤵
        
        PID:8748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4012 -s 216
        9⤵
        
        PID:6932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1580 -s 240
        8⤵
        Program crash
        
        PID:4772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2012 -s 220
        7⤵
        Program crash
        
        PID:2652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-891.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54472.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6553.exe
        8⤵
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11763.exe
        9⤵
        
        PID:3196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54763.exe
        10⤵
        
        PID:3552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17291.exe
        11⤵
        
        PID:6128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6621.exe
        12⤵
        
        PID:8408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37860.exe
        13⤵
        
        PID:12088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8408 -s 216
        13⤵
        
        PID:12860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6128 -s 220
        12⤵
        
        PID:9476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3552 -s 216
        11⤵
        
        PID:7376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3196 -s 236
        10⤵
        
        PID:6048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30813.exe
        9⤵
        
        PID:3852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58515.exe
        10⤵
        
        PID:5928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39486.exe
        11⤵
        
        PID:9164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60169.exe
        12⤵
        
        PID:12984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9164 -s 204
        12⤵
        
        PID:7428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5928 -s 220
        11⤵
        
        PID:9356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3852 -s 216
        10⤵
        
        PID:7252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2904 -s 240
        9⤵
        
        PID:5752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-66.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-66.exe
        8⤵
        
        PID:3208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43231.exe
        9⤵
        
        PID:4344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45547.exe
        10⤵
        
        PID:7172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49686.exe
        11⤵
        
        PID:10532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7172 -s 236
        11⤵
        
        PID:11568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4344 -s 216
        10⤵
        
        PID:8536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3208 -s 216
        9⤵
        
        PID:6620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1824 -s 240
        8⤵
        Program crash
        
        PID:3944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48141.exe
        7⤵
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10419.exe
        8⤵
        
        PID:3836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54545.exe
        9⤵
        
        PID:4428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-897.exe
        10⤵
        
        PID:7724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14979.exe
        11⤵
        
        PID:11100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7724 -s 216
        11⤵
        
        PID:11808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4428 -s 216
        10⤵
        
        PID:8816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3836 -s 216
        9⤵
        
        PID:6756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1660 -s 216
        8⤵
        
        PID:4808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2784 -s 240
        7⤵
        Program crash
        
        PID:2688
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2700 -s 240
        6⤵
        Program crash
        
        PID:1736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43272.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16673.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57679.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59838.exe
        8⤵
        
        PID:1044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65048.exe
        9⤵
        
        PID:4020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50762.exe
        10⤵
        
        PID:5104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63341.exe
        11⤵
        
        PID:6712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10290.exe
        12⤵
        
        PID:9372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6712 -s 216
        12⤵
        
        PID:10508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5104 -s 216
        11⤵
        
        PID:8004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4020 -s 216
        10⤵
        
        PID:6448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1044 -s 236
        9⤵
        
        PID:4960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53351.exe
        8⤵
        
        PID:4076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46486.exe
        9⤵
        
        PID:4376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21733.exe
        10⤵
        
        PID:6472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61489.exe
        11⤵
        
        PID:8920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43823.exe
        12⤵
        
        PID:12804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8920 -s 204
        12⤵
        
        PID:4360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6472 -s 216
        11⤵
        
        PID:10656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4376 -s 220
        10⤵
        
        PID:8124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4076 -s 236
        9⤵
        
        PID:5400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2060 -s 240
        8⤵
        Program crash
        
        PID:3892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39972.exe
        7⤵
        
        PID:608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20124.exe
        8⤵
        
        PID:3876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62713.exe
        9⤵
        
        PID:4496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50098.exe
        10⤵
        
        PID:7692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34284.exe
        11⤵
        
        PID:10956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7692 -s 216
        11⤵
        
        PID:11748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4496 -s 216
        10⤵
        
        PID:8752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3876 -s 236
        9⤵
        
        PID:6748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 608 -s 216
        8⤵
        
        PID:4824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2480 -s 240
        7⤵
        Program crash
        
        PID:2120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1934.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10829.exe
        7⤵
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40269.exe
        8⤵
        
        PID:3572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1478.exe
        9⤵
        
        PID:3360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16715.exe
        10⤵
        
        PID:5676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31894.exe
        11⤵
        
        PID:8940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45478.exe
        12⤵
        
        PID:12160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8940 -s 216
        12⤵
        
        PID:12924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5676 -s 216
        11⤵
        
        PID:10056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3360 -s 236
        10⤵
        
        PID:6512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3572 -s 236
        9⤵
        
        PID:5084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10201.exe
        8⤵
        
        PID:2444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49771.exe
        9⤵
        
        PID:5440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48998.exe
        10⤵
        
        PID:8552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2416.exe
        11⤵
        
        PID:13104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8552 -s 204
        11⤵
        
        PID:13292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5440 -s 216
        10⤵
        
        PID:9616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2444 -s 216
        9⤵
        
        PID:7512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3036 -s 240
        8⤵
        
        PID:5320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24487.exe
        7⤵
        
        PID:3608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58930.exe
        8⤵
        
        PID:3536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40534.exe
        9⤵
        
        PID:5536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36554.exe
        10⤵
        
        PID:8676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-709.exe
        11⤵
        
        PID:12340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8676 -s 216
        11⤵
        
        PID:7732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5536 -s 216
        10⤵
        
        PID:9840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3536 -s 216
        9⤵
        
        PID:7520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3608 -s 216
        8⤵
        
        PID:5292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1540 -s 240
        7⤵
        Program crash
        
        PID:4152
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1032 -s 240
        6⤵
        Program crash
        
        PID:2840
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2964 -s 240
        5⤵
        Program crash
        
        PID:2356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39022.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39022.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63138.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28925.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43132.exe
        7⤵
        
        PID:1140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10912.exe
        8⤵
        
        PID:3120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16123.exe
        9⤵
        
        PID:3256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19792.exe
        10⤵
        
        PID:5392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31619.exe
        11⤵
        
        PID:8856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38763.exe
        12⤵
        
        PID:11368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8856 -s 204
        12⤵
        
        PID:13024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5392 -s 216
        11⤵
        
        PID:9860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3256 -s 216
        10⤵
        
        PID:6708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3120 -s 236
        9⤵
        
        PID:4240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-341.exe
        8⤵
        
        PID:3324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48572.exe
        9⤵
        
        PID:5352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48147.exe
        10⤵
        
        PID:8700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58472.exe
        11⤵
        
        PID:12040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8700 -s 204
        11⤵
        
        PID:5556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5352 -s 216
        10⤵
        
        PID:9796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3324 -s 216
        9⤵
        
        PID:6588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1140 -s 240
        8⤵
        
        PID:4192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2660 -s 236
        7⤵
        Program crash
        
        PID:2464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-865.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59838.exe
        7⤵
        
        PID:404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48712.exe
        8⤵
        
        PID:3928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12277.exe
        9⤵
        
        PID:4284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41961.exe
        10⤵
        
        PID:6576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65080.exe
        11⤵
        
        PID:8616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57248.exe
        12⤵
        
        PID:8200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8616 -s 216
        12⤵
        
        PID:8836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6576 -s 220
        11⤵
        
        PID:10848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4284 -s 220
        10⤵
        
        PID:7600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3928 -s 236
        9⤵
        
        PID:5284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34321.exe
        8⤵
        
        PID:4324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29709.exe
        9⤵
        
        PID:6536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50005.exe
        10⤵
        
        PID:8372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8986.exe
        11⤵
        
        PID:7824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8372 -s 216
        11⤵
        
        PID:8344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6536 -s 220
        10⤵
        
        PID:10824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4324 -s 220
        9⤵
        
        PID:7440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 404 -s 240
        8⤵
        
        PID:5380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54420.exe
        7⤵
        
        PID:3960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50762.exe
        8⤵
        
        PID:5112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1613.exe
        9⤵
        
        PID:5588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21142.exe
        10⤵
        
        PID:9068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17487.exe
        11⤵
        
        PID:13160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9068 -s 204
        11⤵
        
        PID:7636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5588 -s 216
        10⤵
        
        PID:10428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5112 -s 216
        9⤵
        
        PID:7796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3960 -s 216
        8⤵
        
        PID:5688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2592 -s 240
        7⤵
        Program crash
        
        PID:3392
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1920 -s 240
        6⤵
        Program crash
        
        PID:768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4975.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21800.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23082.exe
        7⤵
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10419.exe
        8⤵
        
        PID:3844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59589.exe
        9⤵
        
        PID:4936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34193.exe
        10⤵
        
        PID:7672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17201.exe
        11⤵
        
        PID:10552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7672 -s 236
        11⤵
        
        PID:11912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4936 -s 216
        10⤵
        
        PID:8900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3844 -s 216
        9⤵
        
        PID:6956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1708 -s 216
        8⤵
        
        PID:4832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1820 -s 236
        7⤵
        Program crash
        
        PID:3752
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2836 -s 236
        6⤵
        Program crash
        
        PID:3068
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2028 -s 240
        5⤵
        Program crash
        
        PID:2528
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2640 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:592
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54256.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54256.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58888.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58888.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50886.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-336.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1828 -s 240
        7⤵
        Program crash
        
        PID:1124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38690.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60030.exe
        7⤵
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56605.exe
        8⤵
        
        PID:3636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54654.exe
        9⤵
        
        PID:4424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36023.exe
        9⤵
        
        PID:4556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64981.exe
        10⤵
        
        PID:7848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62680.exe
        11⤵
        
        PID:11032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7848 -s 216
        11⤵
        
        PID:11792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4556 -s 216
        10⤵
        
        PID:9088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3636 -s 240
        9⤵
        
        PID:6844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63377.exe
        8⤵
        
        PID:4488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22117.exe
        9⤵
        
        PID:6820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5630.exe
        10⤵
        
        PID:9416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6820 -s 236
        10⤵
        
        PID:10928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4488 -s 236
        9⤵
        
        PID:8112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1984 -s 240
        8⤵
        
        PID:5444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44908.exe
        7⤵
        
        PID:3692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5837.exe
        8⤵
        
        PID:5036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2495.exe
        9⤵
        
        PID:4104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60783.exe
        10⤵
        
        PID:8444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40989.exe
        11⤵
        
        PID:11844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8444 -s 216
        11⤵
        
        PID:12592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4104 -s 216
        10⤵
        
        PID:9608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5036 -s 236
        9⤵
        
        PID:6164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49511.exe
        8⤵
        
        PID:5160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52423.exe
        9⤵
        
        PID:8556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54715.exe
        10⤵
        
        PID:12136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8556 -s 216
        10⤵
        
        PID:12820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5160 -s 216
        9⤵
        
        PID:9692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3692 -s 220
        8⤵
        
        PID:6272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2260 -s 240
        7⤵
        Program crash
        
        PID:3396
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1364 -s 240
        6⤵
        Program crash
        
        PID:1088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-891.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58556.exe
        6⤵
        Executes dropped EXE
        
        PID:3060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35334.exe
        7⤵
        
        PID:448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8535.exe
        7⤵
        
        PID:3440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26175.exe
        8⤵
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5038.exe
        9⤵
        
        PID:6092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14789.exe
        10⤵
        
        PID:8456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39002.exe
        11⤵
        
        PID:12564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8456 -s 216
        11⤵
        
        PID:8160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6092 -s 216
        10⤵
        
        PID:9464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2172 -s 216
        9⤵
        
        PID:7368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3440 -s 236
        8⤵
        
        PID:6008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3060 -s 220
        7⤵
        Program crash
        
        PID:3796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35888.exe
        6⤵
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19932.exe
        7⤵
        
        PID:3280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59039.exe
        8⤵
        
        PID:3384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4462.exe
        9⤵
        
        PID:5648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3030.exe
        10⤵
        
        PID:8772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24134.exe
        11⤵
        
        PID:11976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8772 -s 220
        11⤵
        
        PID:12784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5648 -s 216
        10⤵
        
        PID:9812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3384 -s 216
        9⤵
        
        PID:6240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3280 -s 236
        8⤵
        
        PID:5032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59594.exe
        7⤵
        
        PID:3424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1229.exe
        8⤵
        
        PID:6168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3689.exe
        9⤵
        
        PID:8716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37284.exe
        10⤵
        
        PID:11776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8716 -s 216
        10⤵
        
        PID:12616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6168 -s 216
        9⤵
        
        PID:9604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3424 -s 216
        8⤵
        
        PID:7940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 240
        7⤵
        
        PID:5632
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2736 -s 240
        6⤵
        Program crash
        
        PID:2676
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1056 -s 240
        5⤵
        Program crash
        
        PID:1988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43272.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43272.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8504.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54472.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12619.exe
        7⤵
        
        PID:3412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21707.exe
        8⤵
        
        PID:3144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29818.exe
        9⤵
        
        PID:6200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52506.exe
        10⤵
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45826.exe
        11⤵
        
        PID:13304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2276 -s 216
        11⤵
        
        PID:12880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6200 -s 220
        10⤵
        
        PID:10316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3144 -s 216
        9⤵
        
        PID:7948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3412 -s 236
        8⤵
        
        PID:6028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1764 -s 236
        7⤵
        Program crash
        
        PID:3800
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 920 -s 236
        5⤵
        Program crash
        
        PID:2944
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2996 -s 240
      4⤵
      Program crash
      PID:980
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2572 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:1420
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2208 -s 240
  2⤵
  - Program crash
  PID:2620

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-30300.exe

Filesize
184KB

MD5
ce163d5a29b24b5fc3a0399be07f3d9d

SHA1
90d168d5ef4b0055f69331af7881ec86a881cf8c

SHA256
5aa49a9fb4f639e008db4fefe91c324cd25cfe8fc2aa743638ddd51f66a5325c

SHA512
345ac6ae34fed160e1af9c41f7de63763a2a1793a2922f59e69be4cc7642e49278a70c4ec52b65d525867d4e216806a2069926f3ec273d6f21284e3a742b1214

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39972.exe

Filesize
184KB

MD5
6f3ab6c7c1696c93d60231099d406bf5

SHA1
d286b99bddc669232167538e6a98751400368e9b

SHA256
7fe6aa8bf0d137b307b8c647d9cecc9999d08b2559f5da93d5b07009e3821b36

SHA512
fd3e20b49fb6439b5fdfb05fa61f12719b8483ba5311567cd8defbb5aca5376c0aff6413c6a3a0d5079cf0484e3a04171425b87b4a918fbe879f7c3966557776

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40989.exe

Filesize
184KB

MD5
11f77ef2d2c70948602cc99cb664b822

SHA1
068f989de8b26d393251537e70696c890842009a

SHA256
d1ab3360b2e1e1eb587699d60f84005bfbbfaef5bc94cc1ccc202ddd4d8437a6

SHA512
8db3a9b44e4b9a305a69ef6df6f8928131bb042db874c1a5ec8936cb4a31616b749ac7c08de14b4e662e1edd992001be02adae55841e705a1136170aef018304

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41015.exe

Filesize
184KB

MD5
e555a45e18024ea215af275a70bae1e6

SHA1
f295f2f8c4b8d33687e0950b024d9ee9d04f48ec

SHA256
836d7f306f7cabf59078173fe3d00c1bd39b91c502d60842c96fdc5c271b2494

SHA512
615c5803e5ff11bd805e6e1efebc4d1f5ac6f7d904d45d064ca77ca87802783e07df3a60e6c18e0eaaf69d8f3e6f66ddb9d05c06fd94b934d77e15ba306ff87e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5837.exe

Filesize
184KB

MD5
42bfd033a1bb6ec3982e5987277ff08f

SHA1
2b57960b2453a9f29952d41a8ce1a5a0b8404237

SHA256
774287cdd0022b3a0d2fbc261c51502a1bb6905f690aee602056057fbfcd6dc7

SHA512
c4607596340d93d06a360407990b9e620e7974f228ca1223f052b694dbc88a798bcaf4b53c766f78203e7fbe667a0e797e7cbe12ffec1c1aa49acfd9e133e302

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58847.exe

Filesize
184KB

MD5
17a9f4a53cec4b954b09925ef319de95

SHA1
8f07c47bbeb0dbc15b5ad02739d00bdc1c82a6b1

SHA256
cac32b188b20023014720093cdb7cc75521a693efe30dcb62da7e0de2529e306

SHA512
fa5c27abbc30e632f3f6991304fecd7f80e170ccd8d2be87f21ee450b4bdeb648550c0942d0fe9189f745822e2df89ac3653d4f775e2f8509932d9bdabb60c44

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59039.exe

Filesize
184KB

MD5
2570209210023d27641bc073be3eef82

SHA1
bd19a2c9eeacf1946635d67b1bfe39042d95f409

SHA256
87732baca31e306f93e00da89e2489b8840074054b0cd1bf80cd265d85ac7501

SHA512
8af409cfb2c0c924ce58b2ba9bd67ebc1755bb5f5ea216c42ea15411cf1bf887a9aad9c7adf4b20d96363e561733493b6dbfd91e2f451a89eedd7ef8155e643f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60634.exe

Filesize
184KB

MD5
f54cfd2c179996dc5bb5e7deb8854a8f

SHA1
e787ff45dae6127fa34dcd3e0e6052a67983a57d

SHA256
79daccaa9f042d0f107936811e0b2d4b7bd935386063a15e76c44ba0ba4b1c6f

SHA512
a8df8254695c9589cc1712dcd03d978353312a84b657322c096aad9abd9ebbd6bf82a1cf0a96aec83c76aa08954c4122911f15ca2f059548ee44f1694edd5f4e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62680.exe

Filesize
184KB

MD5
a6be15dee3e8bf362c96cfe77dce24e1

SHA1
89b2ce9e6e4bf7f54191bd3cc0db2d5c6e26e3c9

SHA256
740d8bc3418ada540bafe692b2bd8d5def8fdf2447e8a8440ee1e85a476e3795

SHA512
c604c8eb7d67daacbf56d889f74f7047d6160cecfcc458b4815dcb6f305ccc9569798f07bfb0cb9c9521234addaa6116a023b2a45524d0d686d342c73579681d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63990.exe

Filesize
184KB

MD5
13dde321066d7858bf63dbb853fdcd04

SHA1
00d37603915795313156640bc2210c72f17e615c

SHA256
633e74df7f03ad221852753b7ef4c01c807d2fcbb80bc117a97c3998f5079d79

SHA512
09476fd8b88508046721128feb222bee39e2597b13f54a7052ce70798e924a5d2ca056ce0ff6664425d6cc7f55d760cf3e682e8419f28a48f52018b7e76e8eb3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6745.exe

Filesize
184KB

MD5
a3afd8f1b6f911294caa2a9e37e84fec

SHA1
ebfa3831e6869c3b159752e1caf08767ca0d4a77

SHA256
bb546c49cdb71aeb033dd0eea039d652ffb881af79481745a6dc813f6b0d3db5

SHA512
e19dd5efcb23436f9c94303c9d6a67f2b92561b9f785f62c10517ee30a8ec397f5863bd2e6cdae416a8f333d92908849102b77ca1d89141c783b05b770cfb34b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6828.exe

Filesize
184KB

MD5
72256fd1e5215ea68422a9d510c2ab9b

SHA1
0d3c7a583d219e21fd4f0b8e8ec785c5a146b050

SHA256
6878dbfebee28cbbfde6a07c42dade35de0c661e27e312eee266bc3fccf93a3c

SHA512
96ce0c4c311263ccb38917652c087ce9224760d9a9cde05678b4aa07044030328b6c2f2cf82970eaeca984dba2e6388e0a31eaffa77955384f80770a7671bb60

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-15029.exe

Filesize
184KB

MD5
91db53b12038f79f4bb9f583d48e4fcf

SHA1
e0f214f1887b796fe13d79be18ef4a6e84e4432c

SHA256
54e004ce34eff6031bd044a405ff6006dc93809c2fe1fddee2f8b602bad59be6

SHA512
b31805a7d541beac40500b9a1c58a9e95dbad0bb3ed9666a27b3d33e4e827fab7dfabf25864bf2ed0b8caedc7cd66e1a69286b70f235d86a9aaa212ce5383bdd

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-18048.exe

Filesize
184KB

MD5
d57fb56626bdd82b7fc5f01be0c3005a

SHA1
2317cfa24bcd1fcf92758c05a4f409b2b78a58ea

SHA256
c59baf78929ee3ea4a67f6d04880d928941c331045df3d77ca8785a60c0f85dc

SHA512
c87318305c77218ac74e70076bd34556a9f10cc5b663a345b37f1799df6f51893445d1d42600c997cedb7adce4bc47e9c0ee16b2b2cf53fc42f049e3b63ffe07

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-1900.exe

Filesize
184KB

MD5
69c98110c3878abee66fe87a1749e1c4

SHA1
31df50630bb2c935b0a96e04d247dacf228f03ec

SHA256
c8b8cf36a1d2a34eaafb1c6384342f37e96625d34a337c6d44acad2d95909667

SHA512
7069b18af2e77fcbf13094aa9b8b3bedd73d181728ece626566db49691f3c9dc881ce177059dcbb562736b052b61644cb999c241e2876ddca6377d0a0ccc40ff

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-2266.exe

Filesize
184KB

MD5
59922154eda096ed669f868cf4056a72

SHA1
b794534c934cb6de8ce0513b52a452a324262118

SHA256
d3b8024a57969ab145be7a3944170fa87979d31bc0e53ee6ccf69762ace1d66a

SHA512
afc9de0f565e8c65d013478ced4eff7f8a65bd12dda85b3c81debfdca11e5cbbc4a134341ca16e4fd133016d88b053b72fa896ef8b68fcae41a64c1993011d61

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-29231.exe

Filesize
184KB

MD5
49a2077d899b28a3349681e688de30ac

SHA1
4a697ef1ea781988dc6ed0042925a469db4a55d8

SHA256
1d1bea38d0a6af4e1668853ae9da0927803b67ee42a064ecfed94f0df0e6a7ce

SHA512
247fdaaff8300a07c5a4ce44349caaf007a9be810317b5e50842c4dbeb9866a8ee334ba8b84984366b633f4394d0f5b74bc65a7a748aae6f82131ce58e7eeda4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-29751.exe

Filesize
184KB

MD5
1499d8f699adbe1e8cf7c847057ab1e0

SHA1
1e120615dfcd8a58af748cee41f72197f0cbd67f

SHA256
3a40e9e407e8f2e5a4ea35b1fe951e055f3ec7c6a64f3de34feb0f477e96d3cf

SHA512
5ae9a6bf32dccbd1ea83672808beea5296dc2797c877d4f1d5e147a4c40071ba3ef0fb6fe3742a4723ffd05f177596ed971ad6c16154da15cdadeea7c150a92f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-32600.exe

Filesize
184KB

MD5
b2755f354a1942c42b7ce8bdaf8628f8

SHA1
41d5d31453c1655a5804d5c605bc96b2d9a8f412

SHA256
588f6558bacea4885a51ad1125a23410a9e44f1eb0e8374cda9b29e3a13b483d

SHA512
7835c504d456479839a999eb9d07ead8a5042201462a838bce415137a46023e94878c40692d1225b34110711924e19405c80907414b29b2bb79043a73f5ca4f1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-38979.exe

Filesize
184KB

MD5
053416f1e7b65a9b8fc5f217b288ccda

SHA1
fdb3d6ebc59a2d77f58d4f3ad36e54a447c53f6b

SHA256
f254084eb261be2989ec329f6ffe62b58cd72c6ce5c9b904b692e66147849122

SHA512
2fc1b2f2a6ff99e72783a0d1bff1640eb72bc1fdb60b67f15d251baf4652eb58ae03020173c508d9a73a597789d950f5754d36e7ab0bcf856b1d861f9e3e1e2b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-40214.exe

Filesize
184KB

MD5
d1074e7534828a75ef2c3d85ecfcb101

SHA1
063303b2c5e75bce7dbbb734b95f5c334ce52126

SHA256
5f7a59d37f44d805ffdce48fdfa413c7eeb738fed3a74733ded0a337ca6e57da

SHA512
94bfece595615136364dca999837ddc2ed9d1a75269307de7f4d4dea6e54380e4f26f48258ce8e01f29c0903d53c4f5f1be6200448ca07bea5bfce5a4a72ffa5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-416.exe

Filesize
184KB

MD5
49575d2a8a5bae617a8d4195de753d73

SHA1
72a5355c89182ec7c71b62f5b794310483947d06

SHA256
f6562304c16d3349ab05dcb3563aa0dff21747f7b590ca058907963f33d8bf4b

SHA512
3d98c22bf6a71702f2a9f06638ab67ee26f2d82597bc466889bdfff0e4f958e9a35c280c78d2f8956e2e9ea451415f6399000b144e1611eb9bf3050610cb16d2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-53701.exe

Filesize
184KB

MD5
9494a1bcb6a400df5366462bca2d8565

SHA1
631ea4c1efac47348921f7f074541d37d5d7dd49

SHA256
46b98039caf70210c89f91461eef8b2909c43d6e78377ebde34c38d18a102b19

SHA512
f6003071a83477f277b2eeb24d0a05216402071a3610c9be7e2571ccb1699609111392180f6af725b5a6de1f5ce42f7cda1c071a9a4cf56a46e5a57c6f31566d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-54256.exe

Filesize
184KB

MD5
6dde17189cea669d224ffe799573ca65

SHA1
fd12dc17de9fc6bbc16a9fb7451cdf6cd6a204d3

SHA256
2d54813e3ccbea7631bd67ba35e1197f617c386cca7083205d40a063466a5895

SHA512
474b3caf62956163e0b115f10f55eb7dfb02d2970ccd711b7c3994aabbcdfde9e7f922fa622ac78468199e6e74ee07833d8bbb7d29ca4f1aacb50af99202bf6e

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads