3e7be730d18ec4c2ec99c5735fa5f6be3ed85dd6a911f6f50aab62cdf1bcc7e5

Analysis

max time kernel
150s
max time network
121s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
31/05/2024, 23:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

83a9860388e899fbf53641a36f189440_NeikiAnalytics.exe
Size

184KB
MD5

83a9860388e899fbf53641a36f189440
SHA1

b14f21306145214c9fa97654a8a95f19d2aceefa
SHA256

3e7be730d18ec4c2ec99c5735fa5f6be3ed85dd6a911f6f50aab62cdf1bcc7e5
SHA512

750950c601ec4363c6ebf3748e2a07f2a3b82ebf944eb15f7b621142612c56cf3e78db88735498ada06fdbdc5eee913460a8bd4f84425ba9b4e31651de40eb9a
SSDEEP

3072:BBU8hTolcj8DuMHie/ZLpxLjIKwx5p4c+P3W5qbUDwhlnVOF5:BBBol6MHvLPLjIczbbhlnVOF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2208	Unicorn-52094.exe
2536	Unicorn-20059.exe
2772	Unicorn-39925.exe
2456	Unicorn-49245.exe
2488	Unicorn-60106.exe
2728	Unicorn-14434.exe
1296	Unicorn-24788.exe
2088	Unicorn-4922.exe
1608	Unicorn-2037.exe
932	Unicorn-2037.exe
1476	Unicorn-12898.exe
1580	Unicorn-12618.exe
1764	Unicorn-14050.exe
2276	Unicorn-28763.exe
1104	Unicorn-54336.exe
2284	Unicorn-11912.exe
268	Unicorn-14372.exe
1020	Unicorn-60044.exe
2008	Unicorn-21747.exe
1756	Unicorn-40775.exe
3068	Unicorn-60641.exe
1792	Unicorn-7356.exe
1144	Unicorn-18217.exe
956	Unicorn-18217.exe
1732	Unicorn-22301.exe
1180	Unicorn-42167.exe
704	Unicorn-54611.exe
2100	Unicorn-58695.exe
2904	Unicorn-32053.exe
2908	Unicorn-12187.exe
1584	Unicorn-48472.exe
1964	Unicorn-32690.exe
1968	Unicorn-36774.exe
1420	Unicorn-25914.exe
1840	Unicorn-56640.exe
2568	Unicorn-60724.exe
2452	Unicorn-44943.exe
1196	Unicorn-54694.exe
936	Unicorn-23968.exe
2700	Unicorn-28052.exe
2176	Unicorn-1409.exe
1632	Unicorn-12270.exe
320	Unicorn-10153.exe
1280	Unicorn-40880.exe
2688	Unicorn-59909.exe
2800	Unicorn-14237.exe
1512	Unicorn-25098.exe
2968	Unicorn-25098.exe
1776	Unicorn-44964.exe
1664	Unicorn-30849.exe
1548	Unicorn-17528.exe
1796	Unicorn-63199.exe
1832	Unicorn-21612.exe
960	Unicorn-5830.exe
2144	Unicorn-27319.exe
2932	Unicorn-51269.exe
1752	Unicorn-37756.exe
2368	Unicorn-20351.exe
2212	Unicorn-41840.exe
2580	Unicorn-64953.exe
2776	Unicorn-43463.exe
2640	Unicorn-64953.exe
2092	Unicorn-1876.exe
2732	Unicorn-38310.exe

Loads dropped DLL 64 IoCs

pid	Process
2364	83a9860388e899fbf53641a36f189440_NeikiAnalytics.exe
2364	83a9860388e899fbf53641a36f189440_NeikiAnalytics.exe
2364	83a9860388e899fbf53641a36f189440_NeikiAnalytics.exe
2364	83a9860388e899fbf53641a36f189440_NeikiAnalytics.exe
2208	Unicorn-52094.exe
2208	Unicorn-52094.exe
2536	Unicorn-20059.exe
2536	Unicorn-20059.exe
2772	Unicorn-39925.exe
2772	Unicorn-39925.exe
2208	Unicorn-52094.exe
2208	Unicorn-52094.exe
2504	WerFault.exe
2504	WerFault.exe
2504	WerFault.exe
2504	WerFault.exe
2504	WerFault.exe
2456	Unicorn-49245.exe
2536	Unicorn-20059.exe
2456	Unicorn-49245.exe
2536	Unicorn-20059.exe
2728	Unicorn-14434.exe
2488	Unicorn-60106.exe
2728	Unicorn-14434.exe
2488	Unicorn-60106.exe
2772	Unicorn-39925.exe
2772	Unicorn-39925.exe
2680	WerFault.exe
2680	WerFault.exe
2680	WerFault.exe
2680	WerFault.exe
2540	WerFault.exe
2540	WerFault.exe
2540	WerFault.exe
2540	WerFault.exe
2540	WerFault.exe
2680	WerFault.exe
1296	Unicorn-24788.exe
1296	Unicorn-24788.exe
2456	Unicorn-49245.exe
2456	Unicorn-49245.exe
2088	Unicorn-4922.exe
2088	Unicorn-4922.exe
932	Unicorn-2037.exe
932	Unicorn-2037.exe
2488	Unicorn-60106.exe
2488	Unicorn-60106.exe
1608	Unicorn-2037.exe
1608	Unicorn-2037.exe
2728	Unicorn-14434.exe
2728	Unicorn-14434.exe
592	WerFault.exe
592	WerFault.exe
592	WerFault.exe
592	WerFault.exe
592	WerFault.exe
1460	WerFault.exe
1460	WerFault.exe
1460	WerFault.exe
1460	WerFault.exe
1060	WerFault.exe
1060	WerFault.exe
1060	WerFault.exe
1060	WerFault.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2656	2364	WerFault.exe	27
2504	2208	WerFault.exe	28
2680	2536	WerFault.exe	29
2540	2772	WerFault.exe	30
592	2456	WerFault.exe	32
1460	2728	WerFault.exe	33
1060	2488	WerFault.exe	34
2036	1296	WerFault.exe	36
1976	2088	WerFault.exe	37
2200	932	WerFault.exe	39
2392	1476	WerFault.exe	40
2416	1964	WerFault.exe	69
2720	1608	WerFault.exe	38
2104	1764	WerFault.exe	44
540	2276	WerFault.exe	45
1236	1104	WerFault.exe	46
684	2284	WerFault.exe	47
584	268	WerFault.exe	48
2744	1020	WerFault.exe	49
876	2008	WerFault.exe	53
2928	1756	WerFault.exe	54
2432	3068	WerFault.exe	55
1116	1792	WerFault.exe	56
2376	1732	WerFault.exe	59
1748	1144	WerFault.exe	57
2880	956	WerFault.exe	58
892	1180	WerFault.exe	60
1660	2908	WerFault.exe	63
1568	704	WerFault.exe	61
2972	2100	WerFault.exe	62
2920	1420	WerFault.exe	72
2608	2700	WerFault.exe	80
2032	1584	WerFault.exe	67
2472	1968	WerFault.exe	71
412	2452	WerFault.exe	77
2604	1632	WerFault.exe	82
772	2568	WerFault.exe	75
3120	1196	WerFault.exe	78
3196	1280	WerFault.exe	84
3204	2800	WerFault.exe	86
3264	2176	WerFault.exe	81
3272	936	WerFault.exe	79
3280	320	WerFault.exe	83
3352	1512	WerFault.exe	88
3360	2688	WerFault.exe	85
3376	1776	WerFault.exe	89
3384	2968	WerFault.exe	87
3684	1580	WerFault.exe	43
4004	1664	WerFault.exe	96
4032	1832	WerFault.exe	99
3164	2792	WerFault.exe	118
3160	1468	WerFault.exe	120
3328	2188	WerFault.exe	115
3408	960	WerFault.exe	100
3344	2660	WerFault.exe	111
3472	2932	WerFault.exe	102
3648	2212	WerFault.exe	105
3740	2368	WerFault.exe	104
3828	1796	WerFault.exe	98
3260	1220	WerFault.exe	113
4292	3012	WerFault.exe	132
4304	2144	WerFault.exe	101
4676	2232	WerFault.exe	139
4880	1128	WerFault.exe	142

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2364	83a9860388e899fbf53641a36f189440_NeikiAnalytics.exe
2208	Unicorn-52094.exe
2536	Unicorn-20059.exe
2772	Unicorn-39925.exe
2456	Unicorn-49245.exe
2728	Unicorn-14434.exe
2488	Unicorn-60106.exe
1296	Unicorn-24788.exe
2088	Unicorn-4922.exe
932	Unicorn-2037.exe
1608	Unicorn-2037.exe
1476	Unicorn-12898.exe
1580	Unicorn-12618.exe
1764	Unicorn-14050.exe
2276	Unicorn-28763.exe
1104	Unicorn-54336.exe
2284	Unicorn-11912.exe
268	Unicorn-14372.exe
1020	Unicorn-60044.exe
2008	Unicorn-21747.exe
1756	Unicorn-40775.exe
3068	Unicorn-60641.exe
1792	Unicorn-7356.exe
1144	Unicorn-18217.exe
956	Unicorn-18217.exe
1732	Unicorn-22301.exe
1180	Unicorn-42167.exe
704	Unicorn-54611.exe
2100	Unicorn-58695.exe
2904	Unicorn-32053.exe
2908	Unicorn-12187.exe
1584	Unicorn-48472.exe
1964	Unicorn-32690.exe
1420	Unicorn-25914.exe
1968	Unicorn-36774.exe
2568	Unicorn-60724.exe
1840	Unicorn-56640.exe
2452	Unicorn-44943.exe
1196	Unicorn-54694.exe
936	Unicorn-23968.exe
2700	Unicorn-28052.exe
2176	Unicorn-1409.exe
1632	Unicorn-12270.exe
1280	Unicorn-40880.exe
320	Unicorn-10153.exe
2800	Unicorn-14237.exe
2688	Unicorn-59909.exe
1512	Unicorn-25098.exe
2968	Unicorn-25098.exe
1776	Unicorn-44964.exe
1664	Unicorn-30849.exe
1796	Unicorn-63199.exe
1548	Unicorn-17528.exe
1832	Unicorn-21612.exe
960	Unicorn-5830.exe
2144	Unicorn-27319.exe
2932	Unicorn-51269.exe
2368	Unicorn-20351.exe
1752	Unicorn-37756.exe
2212	Unicorn-41840.exe
2580	Unicorn-64953.exe
2776	Unicorn-43463.exe
2640	Unicorn-64953.exe
2732	Unicorn-38310.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2364 wrote to memory of 2208	2364	83a9860388e899fbf53641a36f189440_NeikiAnalytics.exe	28
PID 2364 wrote to memory of 2208	2364	83a9860388e899fbf53641a36f189440_NeikiAnalytics.exe	28
PID 2364 wrote to memory of 2208	2364	83a9860388e899fbf53641a36f189440_NeikiAnalytics.exe	28
PID 2364 wrote to memory of 2208	2364	83a9860388e899fbf53641a36f189440_NeikiAnalytics.exe	28
PID 2364 wrote to memory of 2536	2364	83a9860388e899fbf53641a36f189440_NeikiAnalytics.exe	29
PID 2364 wrote to memory of 2536	2364	83a9860388e899fbf53641a36f189440_NeikiAnalytics.exe	29
PID 2364 wrote to memory of 2536	2364	83a9860388e899fbf53641a36f189440_NeikiAnalytics.exe	29
PID 2364 wrote to memory of 2536	2364	83a9860388e899fbf53641a36f189440_NeikiAnalytics.exe	29
PID 2208 wrote to memory of 2772	2208	Unicorn-52094.exe	30
PID 2208 wrote to memory of 2772	2208	Unicorn-52094.exe	30
PID 2208 wrote to memory of 2772	2208	Unicorn-52094.exe	30
PID 2208 wrote to memory of 2772	2208	Unicorn-52094.exe	30
PID 2364 wrote to memory of 2656	2364	83a9860388e899fbf53641a36f189440_NeikiAnalytics.exe	31
PID 2364 wrote to memory of 2656	2364	83a9860388e899fbf53641a36f189440_NeikiAnalytics.exe	31
PID 2364 wrote to memory of 2656	2364	83a9860388e899fbf53641a36f189440_NeikiAnalytics.exe	31
PID 2364 wrote to memory of 2656	2364	83a9860388e899fbf53641a36f189440_NeikiAnalytics.exe	31
PID 2536 wrote to memory of 2456	2536	Unicorn-20059.exe	32
PID 2536 wrote to memory of 2456	2536	Unicorn-20059.exe	32
PID 2536 wrote to memory of 2456	2536	Unicorn-20059.exe	32
PID 2536 wrote to memory of 2456	2536	Unicorn-20059.exe	32
PID 2772 wrote to memory of 2728	2772	Unicorn-39925.exe	33
PID 2772 wrote to memory of 2728	2772	Unicorn-39925.exe	33
PID 2772 wrote to memory of 2728	2772	Unicorn-39925.exe	33
PID 2772 wrote to memory of 2728	2772	Unicorn-39925.exe	33
PID 2208 wrote to memory of 2488	2208	Unicorn-52094.exe	34
PID 2208 wrote to memory of 2488	2208	Unicorn-52094.exe	34
PID 2208 wrote to memory of 2488	2208	Unicorn-52094.exe	34
PID 2208 wrote to memory of 2488	2208	Unicorn-52094.exe	34
PID 2208 wrote to memory of 2504	2208	Unicorn-52094.exe	35
PID 2208 wrote to memory of 2504	2208	Unicorn-52094.exe	35
PID 2208 wrote to memory of 2504	2208	Unicorn-52094.exe	35
PID 2208 wrote to memory of 2504	2208	Unicorn-52094.exe	35
PID 2456 wrote to memory of 1296	2456	Unicorn-49245.exe	36
PID 2456 wrote to memory of 1296	2456	Unicorn-49245.exe	36
PID 2456 wrote to memory of 1296	2456	Unicorn-49245.exe	36
PID 2456 wrote to memory of 1296	2456	Unicorn-49245.exe	36
PID 2536 wrote to memory of 2088	2536	Unicorn-20059.exe	37
PID 2536 wrote to memory of 2088	2536	Unicorn-20059.exe	37
PID 2536 wrote to memory of 2088	2536	Unicorn-20059.exe	37
PID 2536 wrote to memory of 2088	2536	Unicorn-20059.exe	37
PID 2728 wrote to memory of 1608	2728	Unicorn-14434.exe	38
PID 2728 wrote to memory of 1608	2728	Unicorn-14434.exe	38
PID 2728 wrote to memory of 1608	2728	Unicorn-14434.exe	38
PID 2728 wrote to memory of 1608	2728	Unicorn-14434.exe	38
PID 2488 wrote to memory of 932	2488	Unicorn-60106.exe	39
PID 2488 wrote to memory of 932	2488	Unicorn-60106.exe	39
PID 2488 wrote to memory of 932	2488	Unicorn-60106.exe	39
PID 2488 wrote to memory of 932	2488	Unicorn-60106.exe	39
PID 2772 wrote to memory of 1476	2772	Unicorn-39925.exe	40
PID 2772 wrote to memory of 1476	2772	Unicorn-39925.exe	40
PID 2772 wrote to memory of 1476	2772	Unicorn-39925.exe	40
PID 2772 wrote to memory of 1476	2772	Unicorn-39925.exe	40
PID 2536 wrote to memory of 2680	2536	Unicorn-20059.exe	41
PID 2536 wrote to memory of 2680	2536	Unicorn-20059.exe	41
PID 2536 wrote to memory of 2680	2536	Unicorn-20059.exe	41
PID 2536 wrote to memory of 2680	2536	Unicorn-20059.exe	41
PID 2772 wrote to memory of 2540	2772	Unicorn-39925.exe	42
PID 2772 wrote to memory of 2540	2772	Unicorn-39925.exe	42
PID 2772 wrote to memory of 2540	2772	Unicorn-39925.exe	42
PID 2772 wrote to memory of 2540	2772	Unicorn-39925.exe	42
PID 1296 wrote to memory of 1580	1296	Unicorn-24788.exe	43
PID 1296 wrote to memory of 1580	1296	Unicorn-24788.exe	43
PID 1296 wrote to memory of 1580	1296	Unicorn-24788.exe	43
PID 1296 wrote to memory of 1580	1296	Unicorn-24788.exe	43

C:\Users\Admin\AppData\Local\Temp\83a9860388e899fbf53641a36f189440_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\83a9860388e899fbf53641a36f189440_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2364
- C:\Users\Admin\AppData\Local\Temp\Unicorn-52094.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-52094.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2208
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39925.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39925.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14434.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14434.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2037.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14372.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58695.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14237.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1876.exe
        9⤵
        Executes dropped EXE
        
        PID:2092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30019.exe
        10⤵
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1897.exe
        11⤵
        
        PID:3604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64393.exe
        12⤵
        
        PID:4656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34238.exe
        13⤵
        
        PID:6260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30803.exe
        14⤵
        
        PID:10504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41055.exe
        15⤵
        
        PID:8048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10504 -s 216
        15⤵
        
        PID:9244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6260 -s 220
        14⤵
        
        PID:11548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4656 -s 216
        13⤵
        
        PID:7492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3604 -s 216
        12⤵
        
        PID:5884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65140.exe
        11⤵
        
        PID:4776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38322.exe
        12⤵
        
        PID:6336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47139.exe
        13⤵
        
        PID:10540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38917.exe
        14⤵
        
        PID:8144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10540 -s 216
        14⤵
        
        PID:9264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6336 -s 220
        13⤵
        
        PID:11580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4776 -s 216
        12⤵
        
        PID:8196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1672 -s 240
        11⤵
        
        PID:6112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16842.exe
        10⤵
        
        PID:3656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61015.exe
        11⤵
        
        PID:6000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19843.exe
        12⤵
        
        PID:8992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46807.exe
        13⤵
        
        PID:11768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26961.exe
        14⤵
        
        PID:8588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8992 -s 204
        13⤵
        
        PID:12716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6000 -s 216
        12⤵
        
        PID:9960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3656 -s 216
        11⤵
        
        PID:7316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2092 -s 220
        10⤵
        
        PID:5432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18321.exe
        9⤵
        
        PID:1864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4227.exe
        10⤵
        
        PID:3188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61700.exe
        11⤵
        
        PID:5732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54077.exe
        12⤵
        
        PID:8736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48478.exe
        13⤵
        
        PID:12112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26961.exe
        14⤵
        
        PID:8948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8736 -s 216
        13⤵
        
        PID:12620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5732 -s 216
        12⤵
        
        PID:9860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3188 -s 216
        11⤵
        
        PID:7164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1864 -s 236
        10⤵
        
        PID:4260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2800 -s 240
        9⤵
        Program crash
        
        PID:3204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2100 -s 236
        8⤵
        Program crash
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25098.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18213.exe
        8⤵
        
        PID:1208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36433.exe
        9⤵
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4035.exe
        10⤵
        
        PID:3392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55130.exe
        11⤵
        
        PID:5356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41934.exe
        12⤵
        
        PID:7792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49381.exe
        13⤵
        
        PID:11356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7792 -s 216
        13⤵
        
        PID:11608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5356 -s 216
        12⤵
        
        PID:8256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3392 -s 216
        11⤵
        
        PID:6888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2936 -s 236
        10⤵
        
        PID:4968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23064.exe
        9⤵
        
        PID:3452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1077.exe
        10⤵
        
        PID:4848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56962.exe
        11⤵
        
        PID:7728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14295.exe
        12⤵
        
        PID:10716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55549.exe
        13⤵
        
        PID:8552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7728 -s 216
        12⤵
        
        PID:11612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4848 -s 216
        11⤵
        
        PID:8692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3452 -s 236
        10⤵
        
        PID:6608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1208 -s 240
        9⤵
        
        PID:4148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47294.exe
        8⤵
        
        PID:1676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34762.exe
        9⤵
        
        PID:3104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3104 -s 240
        10⤵
        
        PID:5908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1676 -s 236
        9⤵
        
        PID:4612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2968 -s 240
        8⤵
        Program crash
        
        PID:3384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 268 -s 240
        7⤵
        Program crash
        
        PID:584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12187.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40880.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1601.exe
        8⤵
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48192.exe
        9⤵
        
        PID:3320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20647.exe
        10⤵
        
        PID:3876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28618.exe
        11⤵
        
        PID:6240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36091.exe
        12⤵
        
        PID:9700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41164.exe
        13⤵
        
        PID:12548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9700 -s 216
        13⤵
        
        PID:13284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6240 -s 216
        12⤵
        
        PID:11024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3876 -s 216
        11⤵
        
        PID:7956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3320 -s 236
        10⤵
        
        PID:5232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17117.exe
        9⤵
        
        PID:3860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50984.exe
        10⤵
        
        PID:6208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6208 -s 220
        11⤵
        
        PID:9660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3860 -s 216
        10⤵
        
        PID:7944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1604 -s 240
        9⤵
        
        PID:5264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1280 -s 216
        8⤵
        Program crash
        
        PID:3196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38310.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58991.exe
        8⤵
        
        PID:3048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3048 -s 220
        9⤵
        
        PID:4432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41538.exe
        8⤵
        
        PID:4036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26013.exe
        9⤵
        
        PID:6124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25873.exe
        10⤵
        
        PID:9152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19179.exe
        11⤵
        
        PID:11848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9152 -s 216
        11⤵
        
        PID:12964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6124 -s 236
        10⤵
        
        PID:10056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4036 -s 216
        9⤵
        
        PID:7432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2732 -s 240
        8⤵
        
        PID:5528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2908 -s 240
        7⤵
        Program crash
        
        PID:1660
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1608 -s 240
        6⤵
        Program crash
        
        PID:2720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60044.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32053.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44964.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22489.exe
        8⤵
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5706.exe
        9⤵
        
        PID:1092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24648.exe
        10⤵
        
        PID:3468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18037.exe
        11⤵
        
        PID:5928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17321.exe
        12⤵
        
        PID:8832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41270.exe
        13⤵
        
        PID:11312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8832 -s 216
        13⤵
        
        PID:12708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5928 -s 216
        12⤵
        
        PID:9812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3468 -s 216
        11⤵
        
        PID:7292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1092 -s 236
        10⤵
        
        PID:5312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8674.exe
        9⤵
        
        PID:3572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16044.exe
        10⤵
        
        PID:5548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10714.exe
        11⤵
        
        PID:8248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19423.exe
        12⤵
        
        PID:11748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29758.exe
        13⤵
        
        PID:10112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8248 -s 216
        12⤵
        
        PID:12416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5548 -s 216
        11⤵
        
        PID:9448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3572 -s 216
        10⤵
        
        PID:6724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2796 -s 240
        9⤵
        
        PID:4144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59354.exe
        8⤵
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47014.exe
        9⤵
        
        PID:3624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35058.exe
        10⤵
        
        PID:5760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56407.exe
        11⤵
        
        PID:8636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44970.exe
        12⤵
        
        PID:12196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8636 -s 216
        12⤵
        
        PID:12660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5760 -s 216
        11⤵
        
        PID:9644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3624 -s 216
        10⤵
        
        PID:6276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2960 -s 236
        9⤵
        
        PID:4664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1776 -s 240
        8⤵
        Program crash
        
        PID:3376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33349.exe
        7⤵
        
        PID:1468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39208.exe
        8⤵
        
        PID:3832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27637.exe
        9⤵
        
        PID:4820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19848.exe
        10⤵
        
        PID:6648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32749.exe
        11⤵
        
        PID:10472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58652.exe
        12⤵
        
        PID:7560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10472 -s 216
        12⤵
        
        PID:8612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4820 -s 216
        10⤵
        
        PID:8280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3832 -s 236
        9⤵
        
        PID:5200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1468 -s 236
        8⤵
        Program crash
        
        PID:3160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25098.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14128.exe
        7⤵
        
        PID:2188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5706.exe
        8⤵
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55182.exe
        9⤵
        
        PID:3764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5353.exe
        10⤵
        
        PID:5060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56324.exe
        11⤵
        
        PID:7716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63771.exe
        12⤵
        
        PID:11304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5253.exe
        13⤵
        
        PID:9652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7716 -s 216
        12⤵
        
        PID:11372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5060 -s 216
        11⤵
        
        PID:9140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3764 -s 216
        10⤵
        
        PID:7088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2916 -s 236
        9⤵
        
        PID:4492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4590.exe
        8⤵
        
        PID:3808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61871.exe
        9⤵
        
        PID:4448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16977.exe
        10⤵
        
        PID:7484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15702.exe
        11⤵
        
        PID:11232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42721.exe
        12⤵
        
        PID:8360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7484 -s 216
        11⤵
        
        PID:12240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4448 -s 216
        10⤵
        
        PID:8304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3808 -s 236
        9⤵
        
        PID:5680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2188 -s 220
        8⤵
        Program crash
        
        PID:3328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28627.exe
        7⤵
        
        PID:2632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55374.exe
        8⤵
        
        PID:3368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29474.exe
        9⤵
        
        PID:4224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49718.exe
        10⤵
        
        PID:7860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36745.exe
        11⤵
        
        PID:10764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43572.exe
        12⤵
        
        PID:10136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7860 -s 216
        11⤵
        
        PID:11960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4224 -s 216
        10⤵
        
        PID:9036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3368 -s 236
        9⤵
        
        PID:6740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2632 -s 236
        8⤵
        
        PID:4360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1512 -s 240
        7⤵
        Program crash
        
        PID:3352
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1020 -s 240
        6⤵
        Program crash
        
        PID:2744
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2728 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:1460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12898.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12898.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18217.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28052.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17528.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30211.exe
        8⤵
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40984.exe
        9⤵
        
        PID:3988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3599.exe
        10⤵
        
        PID:4952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1155.exe
        11⤵
        
        PID:8396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43626.exe
        12⤵
        
        PID:11900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52700.exe
        13⤵
        
        PID:9540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8396 -s 216
        12⤵
        
        PID:12532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4952 -s 216
        11⤵
        
        PID:9544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3988 -s 236
        10⤵
        
        PID:7036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1636 -s 236
        9⤵
        
        PID:4376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25202.exe
        8⤵
        
        PID:4016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14445.exe
        9⤵
        
        PID:5688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4684.exe
        10⤵
        
        PID:8336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26906.exe
        11⤵
        
        PID:11836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8336 -s 216
        11⤵
        
        PID:12484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5688 -s 216
        10⤵
        
        PID:9472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4016 -s 216
        9⤵
        
        PID:6292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1548 -s 240
        8⤵
        
        PID:4620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14429.exe
        7⤵
        
        PID:1128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16096.exe
        8⤵
        
        PID:3792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54087.exe
        9⤵
        
        PID:4112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63210.exe
        10⤵
        
        PID:6428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47523.exe
        11⤵
        
        PID:10820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56213.exe
        12⤵
        
        PID:12740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10820 -s 216
        12⤵
        
        PID:9172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6428 -s 220
        11⤵
        
        PID:11700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4112 -s 216
        10⤵
        
        PID:8596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3792 -s 236
        9⤵
        
        PID:5520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1128 -s 236
        8⤵
        Program crash
        
        PID:4880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2700 -s 240
        7⤵
        Program crash
        
        PID:2608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5830.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13682.exe
        7⤵
        
        PID:1688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29116.exe
        8⤵
        
        PID:4008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13246.exe
        9⤵
        
        PID:4572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7403.exe
        10⤵
        
        PID:6760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52510.exe
        11⤵
        
        PID:9556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25212.exe
        12⤵
        
        PID:12896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9556 -s 216
        12⤵
        
        PID:8452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6760 -s 216
        11⤵
        
        PID:11200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4572 -s 216
        10⤵
        
        PID:8080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4008 -s 236
        9⤵
        
        PID:5824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32275.exe
        8⤵
        
        PID:4580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62826.exe
        9⤵
        
        PID:7100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-569.exe
        10⤵
        
        PID:10280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1283.exe
        11⤵
        
        PID:7612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10280 -s 216
        11⤵
        
        PID:8656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7100 -s 216
        10⤵
        
        PID:11292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4580 -s 216
        9⤵
        
        PID:7856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1688 -s 240
        8⤵
        
        PID:5816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13334.exe
        7⤵
        
        PID:3212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37751.exe
        8⤵
        
        PID:4700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3511.exe
        9⤵
        
        PID:6448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55499.exe
        10⤵
        
        PID:10432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58652.exe
        11⤵
        
        PID:7572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10432 -s 216
        11⤵
        
        PID:8680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6448 -s 216
        10⤵
        
        PID:11628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4700 -s 216
        9⤵
        
        PID:8216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3212 -s 236
        8⤵
        
        PID:5924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 960 -s 240
        7⤵
        Program crash
        
        PID:3408
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 956 -s 240
        6⤵
        Program crash
        
        PID:2880
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1476 -s 216
        5⤵
        Program crash
        
        PID:2392
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2772 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:2540
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60106.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60106.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2037.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2037.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54336.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42167.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1409.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9769.exe
        8⤵
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60636.exe
        9⤵
        
        PID:3444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47097.exe
        10⤵
        
        PID:4156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31249.exe
        11⤵
        
        PID:6132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64331.exe
        12⤵
        
        PID:9484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57308.exe
        13⤵
        
        PID:13268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9484 -s 216
        13⤵
        
        PID:8784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6132 -s 216
        12⤵
        
        PID:10912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4156 -s 216
        11⤵
        
        PID:7676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3444 -s 236
        10⤵
        
        PID:5176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19639.exe
        9⤵
        
        PID:4268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41254.exe
        10⤵
        
        PID:6496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5172.exe
        11⤵
        
        PID:9872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12575.exe
        12⤵
        
        PID:5652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9872 -s 216
        12⤵
        
        PID:12528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6496 -s 216
        11⤵
        
        PID:11080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4268 -s 216
        10⤵
        
        PID:7224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2696 -s 240
        9⤵
        
        PID:1364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2176 -s 236
        8⤵
        Program crash
        
        PID:3264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20905.exe
        7⤵
        
        PID:2492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20097.exe
        8⤵
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61596.exe
        9⤵
        
        PID:4060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16236.exe
        10⤵
        
        PID:5328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39796.exe
        11⤵
        
        PID:7372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18271.exe
        12⤵
        
        PID:2192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31896.exe
        13⤵
        
        PID:10236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7372 -s 216
        12⤵
        
        PID:12216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5328 -s 216
        11⤵
        
        PID:8732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4060 -s 216
        10⤵
        
        PID:6892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2324 -s 236
        9⤵
        
        PID:4988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45815.exe
        8⤵
        
        PID:4088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52992.exe
        9⤵
        
        PID:5208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6931.exe
        10⤵
        
        PID:7972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41021.exe
        11⤵
        
        PID:11428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3115.exe
        12⤵
        
        PID:10168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7972 -s 216
        11⤵
        
        PID:11764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5208 -s 216
        10⤵
        
        PID:9224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4088 -s 216
        9⤵
        
        PID:6288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2492 -s 220
        8⤵
        
        PID:4752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1180 -s 240
        7⤵
        Program crash
        
        PID:892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12270.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37756.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30019.exe
        8⤵
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14149.exe
        9⤵
        
        PID:3844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42878.exe
        10⤵
        
        PID:5284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3423.exe
        11⤵
        
        PID:7804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47243.exe
        12⤵
        
        PID:11572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11117.exe
        13⤵
        
        PID:5960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7804 -s 216
        12⤵
        
        PID:11852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5284 -s 216
        11⤵
        
        PID:9328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3844 -s 216
        10⤵
        
        PID:6796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2692 -s 216
        9⤵
        
        PID:4924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29094.exe
        8⤵
        
        PID:3920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10169.exe
        9⤵
        
        PID:5800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21405.exe
        10⤵
        
        PID:8860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32225.exe
        11⤵
        
        PID:11824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8860 -s 216
        11⤵
        
        PID:12724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5800 -s 216
        10⤵
        
        PID:9828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3920 -s 216
        9⤵
        
        PID:6516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1752 -s 240
        8⤵
        
        PID:5036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18321.exe
        7⤵
        
        PID:1464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51290.exe
        8⤵
        
        PID:3316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16044.exe
        9⤵
        
        PID:5540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52624.exe
        10⤵
        
        PID:7636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22739.exe
        11⤵
        
        PID:11484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17506.exe
        12⤵
        
        PID:2584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7636 -s 216
        11⤵
        
        PID:11804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5540 -s 216
        10⤵
        
        PID:9300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3316 -s 216
        9⤵
        
        PID:6732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1464 -s 236
        8⤵
        
        PID:4168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1632 -s 220
        7⤵
        Program crash
        
        PID:2604
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1104 -s 240
        6⤵
        Program crash
        
        PID:1236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22301.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54694.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41840.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13682.exe
        8⤵
        
        PID:1576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39038.exe
        9⤵
        
        PID:3112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20128.exe
        10⤵
        
        PID:5564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31903.exe
        11⤵
        
        PID:8576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46532.exe
        12⤵
        
        PID:12160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8576 -s 216
        12⤵
        
        PID:12640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5564 -s 216
        11⤵
        
        PID:9600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3112 -s 216
        10⤵
        
        PID:6952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1576 -s 236
        9⤵
        
        PID:4212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53983.exe
        8⤵
        
        PID:3240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17139.exe
        9⤵
        
        PID:4972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8171.exe
        10⤵
        
        PID:7136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10574.exe
        11⤵
        
        PID:10748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57967.exe
        12⤵
        
        PID:12296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10748 -s 216
        12⤵
        
        PID:8544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7136 -s 220
        11⤵
        
        PID:11708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4972 -s 220
        10⤵
        
        PID:8512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3240 -s 236
        9⤵
        
        PID:5868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2212 -s 220
        8⤵
        Program crash
        
        PID:3648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63438.exe
        7⤵
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16288.exe
        8⤵
        
        PID:3680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65436.exe
        9⤵
        
        PID:5236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5236 -s 220
        10⤵
        
        PID:7752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3680 -s 216
        9⤵
        
        PID:6756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2804 -s 236
        8⤵
        
        PID:4772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1196 -s 240
        7⤵
        Program crash
        
        PID:3120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64953.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54907.exe
        7⤵
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5981.exe
        8⤵
        
        PID:3640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55130.exe
        9⤵
        
        PID:5380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33958.exe
        10⤵
        
        PID:7968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51711.exe
        11⤵
        
        PID:11600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5380 -s 216
        10⤵
        
        PID:9380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3640 -s 216
        9⤵
        
        PID:6916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2348 -s 236
        8⤵
        
        PID:5020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55737.exe
        7⤵
        
        PID:3776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61015.exe
        8⤵
        
        PID:6012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3506.exe
        9⤵
        
        PID:8940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13942.exe
        10⤵
        
        PID:11560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8940 -s 216
        10⤵
        
        PID:12756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6012 -s 216
        9⤵
        
        PID:9924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3776 -s 216
        8⤵
        
        PID:7324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2580 -s 240
        7⤵
        
        PID:5448
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1732 -s 240
        6⤵
        Program crash
        
        PID:2376
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 932 -s 240
        5⤵
        Program crash
        
        PID:2200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11912.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11912.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54611.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10153.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40771.exe
        7⤵
        
        PID:1220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44409.exe
        8⤵
        
        PID:2992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12374.exe
        8⤵
        
        PID:3904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8970.exe
        9⤵
        
        PID:4180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1757.exe
        10⤵
        
        PID:6488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61913.exe
        11⤵
        
        PID:10768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21019.exe
        12⤵
        
        PID:7632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10768 -s 216
        12⤵
        
        PID:13204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6488 -s 220
        11⤵
        
        PID:11668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4180 -s 216
        10⤵
        
        PID:8616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3904 -s 216
        9⤵
        
        PID:6148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1220 -s 220
        8⤵
        Program crash
        
        PID:3260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 320 -s 236
        7⤵
        Program crash
        
        PID:3280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63884.exe
        6⤵
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1622.exe
        7⤵
        
        PID:864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36708.exe
        8⤵
        
        PID:3716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59214.exe
        9⤵
        
        PID:5396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27736.exe
        10⤵
        
        PID:7348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47243.exe
        11⤵
        
        PID:11564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7348 -s 236
        11⤵
        
        PID:11812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5396 -s 216
        10⤵
        
        PID:9356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3716 -s 236
        9⤵
        
        PID:6964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 864 -s 236
        8⤵
        
        PID:5044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59821.exe
        7⤵
        
        PID:3840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63646.exe
        8⤵
        
        PID:5604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7206.exe
        9⤵
        
        PID:8480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1223.exe
        10⤵
        
        PID:11952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8480 -s 220
        10⤵
        
        PID:12568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5604 -s 216
        9⤵
        
        PID:9560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3840 -s 216
        8⤵
        
        PID:7020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2412 -s 220
        7⤵
        
        PID:4440
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 704 -s 240
        6⤵
        Program crash
        
        PID:1568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59909.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18213.exe
        6⤵
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49515.exe
        7⤵
        
        PID:3744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64393.exe
        8⤵
        
        PID:4668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5073.exe
        9⤵
        
        PID:6836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22277.exe
        10⤵
        
        PID:9288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4407.exe
        11⤵
        
        PID:12672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9288 -s 216
        11⤵
        
        PID:12452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6836 -s 216
        10⤵
        
        PID:11188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4668 -s 216
        9⤵
        
        PID:7252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3744 -s 216
        8⤵
        
        PID:5892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2792 -s 236
        7⤵
        Program crash
        
        PID:3164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35041.exe
        6⤵
        
        PID:1988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60096.exe
        7⤵
        
        PID:4200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54383.exe
        8⤵
        
        PID:5140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64679.exe
        9⤵
        
        PID:9612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22882.exe
        10⤵
        
        PID:12304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9612 -s 216
        10⤵
        
        PID:8100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5140 -s 216
        9⤵
        
        PID:10980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4200 -s 216
        8⤵
        
        PID:7780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1988 -s 236
        7⤵
        
        PID:5260
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2688 -s 220
        6⤵
        Program crash
        
        PID:3360
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2284 -s 240
        5⤵
        Program crash
        
        PID:684
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2488 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1060
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2208 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2504
- C:\Users\Admin\AppData\Local\Temp\Unicorn-20059.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-20059.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2536
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49245.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49245.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24788.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24788.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12618.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21747.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48472.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38741.exe
        8⤵
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1129.exe
        9⤵
        
        PID:3180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36983.exe
        10⤵
        
        PID:3948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20834.exe
        11⤵
        
        PID:6316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52427.exe
        12⤵
        
        PID:9752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55746.exe
        13⤵
        
        PID:4252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9752 -s 216
        13⤵
        
        PID:8120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6316 -s 236
        12⤵
        
        PID:11048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3948 -s 236
        11⤵
        
        PID:8108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3180 -s 236
        10⤵
        
        PID:5268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29561.exe
        9⤵
        
        PID:3588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41939.exe
        10⤵
        
        PID:6268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17617.exe
        11⤵
        
        PID:9724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51470.exe
        12⤵
        
        PID:12764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9724 -s 216
        12⤵
        
        PID:12788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6268 -s 216
        11⤵
        
        PID:11040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3588 -s 216
        10⤵
        
        PID:8016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2740 -s 240
        9⤵
        
        PID:5324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1584 -s 216
        8⤵
        Program crash
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27319.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7652.exe
        8⤵
        
        PID:2388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24264.exe
        9⤵
        
        PID:3864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58363.exe
        10⤵
        
        PID:4852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32676.exe
        11⤵
        
        PID:6824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20497.exe
        12⤵
        
        PID:10568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37848.exe
        13⤵
        
        PID:13096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10568 -s 216
        13⤵
        
        PID:9060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6824 -s 216
        12⤵
        
        PID:11588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4852 -s 216
        11⤵
        
        PID:8324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3864 -s 236
        10⤵
        
        PID:5304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54834.exe
        9⤵
        
        PID:4936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59318.exe
        10⤵
        
        PID:6528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32749.exe
        11⤵
        
        PID:10480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36779.exe
        12⤵
        
        PID:7920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10480 -s 216
        12⤵
        
        PID:2172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6528 -s 216
        11⤵
        
        PID:11408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4936 -s 216
        10⤵
        
        PID:8296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2388 -s 240
        9⤵
        
        PID:5492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53407.exe
        8⤵
        
        PID:3952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49894.exe
        9⤵
        
        PID:4640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57647.exe
        10⤵
        
        PID:7640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16626.exe
        11⤵
        
        PID:10592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16463.exe
        12⤵
        
        PID:9088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7640 -s 236
        11⤵
        
        PID:11504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4640 -s 216
        10⤵
        
        PID:8476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3952 -s 236
        9⤵
        
        PID:6532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2144 -s 240
        8⤵
        Program crash
        
        PID:4304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2008 -s 240
        7⤵
        Program crash
        
        PID:876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32690.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1964 -s 188
        7⤵
        Program crash
        
        PID:2416
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1580 -s 240
        6⤵
        Program crash
        
        PID:3684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40775.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56640.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20351.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44409.exe
        8⤵
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63926.exe
        9⤵
        
        PID:3940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39313.exe
        10⤵
        
        PID:4480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19848.exe
        11⤵
        
        PID:6552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32749.exe
        12⤵
        
        PID:10488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1283.exe
        13⤵
        
        PID:7592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10488 -s 216
        13⤵
        
        PID:7600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6552 -s 216
        12⤵
        
        PID:11416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4480 -s 216
        11⤵
        
        PID:8272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3940 -s 236
        10⤵
        
        PID:5700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54258.exe
        9⤵
        
        PID:4536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34046.exe
        10⤵
        
        PID:6716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5940.exe
        11⤵
        
        PID:10204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5429.exe
        12⤵
        
        PID:2236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10204 -s 216
        12⤵
        
        PID:9044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6716 -s 216
        11⤵
        
        PID:11168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4536 -s 216
        10⤵
        
        PID:8024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2628 -s 240
        9⤵
        
        PID:5756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48145.exe
        8⤵
        
        PID:3984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25307.exe
        9⤵
        
        PID:5028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30730.exe
        10⤵
        
        PID:7008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10574.exe
        11⤵
        
        PID:10740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38917.exe
        12⤵
        
        PID:8148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10740 -s 216
        12⤵
        
        PID:9268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7008 -s 220
        11⤵
        
        PID:11676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5028 -s 220
        10⤵
        
        PID:8428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3984 -s 236
        9⤵
        
        PID:6036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2368 -s 240
        8⤵
        Program crash
        
        PID:3740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64953.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60745.exe
        7⤵
        
        PID:3064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14149.exe
        8⤵
        
        PID:3912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27959.exe
        9⤵
        
        PID:6048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19651.exe
        10⤵
        
        PID:9116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34747.exe
        11⤵
        
        PID:12176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9116 -s 216
        11⤵
        
        PID:12916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6048 -s 216
        10⤵
        
        PID:10016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3912 -s 216
        9⤵
        
        PID:7376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2452.exe
        7⤵
        
        PID:3968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40740.exe
        8⤵
        
        PID:5152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43880.exe
        9⤵
        
        PID:7584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5826.exe
        10⤵
        
        PID:10832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7584 -s 216
        10⤵
        
        PID:12204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5152 -s 216
        9⤵
        
        PID:8900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3968 -s 216
        8⤵
        
        PID:6188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2640 -s 240
        7⤵
        
        PID:4716
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1756 -s 240
        6⤵
        Program crash
        
        PID:2928
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1296 -s 240
        5⤵
        Program crash
        
        PID:2036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14050.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14050.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60641.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25914.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30849.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27881.exe
        8⤵
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62582.exe
        9⤵
        
        PID:3088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-994.exe
        10⤵
        
        PID:4892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44928.exe
        11⤵
        
        PID:6932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2406.exe
        12⤵
        
        PID:10696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31325.exe
        13⤵
        
        PID:12448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10696 -s 216
        13⤵
        
        PID:8568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6932 -s 220
        12⤵
        
        PID:11660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4892 -s 216
        11⤵
        
        PID:8436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3088 -s 236
        10⤵
        
        PID:5368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3012 -s 236
        9⤵
        Program crash
        
        PID:4292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7906.exe
        8⤵
        
        PID:3132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52141.exe
        9⤵
        
        PID:4624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46106.exe
        10⤵
        
        PID:6972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-185.exe
        11⤵
        
        PID:9760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21128.exe
        12⤵
        
        PID:7532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9760 -s 216
        12⤵
        
        PID:8520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6972 -s 216
        11⤵
        
        PID:11068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4624 -s 216
        10⤵
        
        PID:8128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3132 -s 236
        9⤵
        
        PID:5852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1664 -s 240
        8⤵
        Program crash
        
        PID:4004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12099.exe
        7⤵
        
        PID:2524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1129.exe
        8⤵
        
        PID:3172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49427.exe
        9⤵
        
        PID:3980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40164.exe
        10⤵
        
        PID:4244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60024.exe
        11⤵
        
        PID:7936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40829.exe
        12⤵
        
        PID:10780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7936 -s 216
        12⤵
        
        PID:11984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4244 -s 216
        11⤵
        
        PID:9160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3980 -s 236
        10⤵
        
        PID:7156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3172 -s 236
        9⤵
        
        PID:4868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60096.exe
        8⤵
        
        PID:4192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23081.exe
        9⤵
        
        PID:6044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41581.exe
        10⤵
        
        PID:9512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57308.exe
        11⤵
        
        PID:13276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9512 -s 216
        11⤵
        
        PID:7976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6044 -s 236
        10⤵
        
        PID:10920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4192 -s 216
        9⤵
        
        PID:7668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2524 -s 220
        8⤵
        
        PID:5168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1420 -s 240
        7⤵
        Program crash
        
        PID:2920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63199.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5130.exe
        7⤵
        
        PID:2020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1705.exe
        8⤵
        
        PID:3564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64647.exe
        9⤵
        
        PID:4800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52878.exe
        10⤵
        
        PID:7696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10102.exe
        11⤵
        
        PID:10860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39488.exe
        12⤵
        
        PID:9820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7696 -s 216
        11⤵
        
        PID:12048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4800 -s 216
        10⤵
        
        PID:8660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3564 -s 236
        9⤵
        
        PID:6580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23531.exe
        8⤵
        
        PID:4508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13241.exe
        9⤵
        
        PID:6852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6852 -s 212
        10⤵
        
        PID:10528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4508 -s 216
        9⤵
        
        PID:7660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2020 -s 240
        8⤵
        
        PID:5740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51461.exe
        7⤵
        
        PID:3592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23361.exe
        8⤵
        
        PID:5112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19464.exe
        9⤵
        
        PID:7012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10491.exe
        10⤵
        
        PID:9624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37464.exe
        11⤵
        
        PID:6548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9624 -s 216
        11⤵
        
        PID:924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7012 -s 220
        10⤵
        
        PID:10928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5112 -s 216
        9⤵
        
        PID:7556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3592 -s 216
        8⤵
        
        PID:5340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1796 -s 240
        7⤵
        Program crash
        
        PID:3828
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3068 -s 240
        6⤵
        Program crash
        
        PID:2432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36774.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21612.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56853.exe
        7⤵
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22126.exe
        8⤵
        
        PID:3628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46111.exe
        9⤵
        
        PID:4740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7595.exe
        10⤵
        
        PID:6492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32749.exe
        11⤵
        
        PID:10464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23458.exe
        12⤵
        
        PID:7896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10464 -s 216
        12⤵
        
        PID:9176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6492 -s 216
        11⤵
        
        PID:11508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4740 -s 216
        10⤵
        
        PID:8236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3628 -s 236
        9⤵
        
        PID:6076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2232 -s 236
        8⤵
        Program crash
        
        PID:4676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6344.exe
        7⤵
        
        PID:3660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37175.exe
        8⤵
        
        PID:4352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5073.exe
        9⤵
        
        PID:6812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1747.exe
        10⤵
        
        PID:9912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64106.exe
        11⤵
        
        PID:6636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9912 -s 216
        11⤵
        
        PID:9204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6812 -s 216
        10⤵
        
        PID:10304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4352 -s 216
        9⤵
        
        PID:7192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3660 -s 236
        8⤵
        
        PID:5560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1832 -s 240
        7⤵
        Program crash
        
        PID:4032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41071.exe
        6⤵
        
        PID:1960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34570.exe
        7⤵
        
        PID:3704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10532.exe
        8⤵
        
        PID:4380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64580.exe
        9⤵
        
        PID:6936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63200.exe
        10⤵
        
        PID:9784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-899.exe
        11⤵
        
        PID:6396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9784 -s 216
        11⤵
        
        PID:12804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6936 -s 216
        10⤵
        
        PID:10320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4380 -s 216
        9⤵
        
        PID:8012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3704 -s 236
        8⤵
        
        PID:5580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64564.exe
        7⤵
        
        PID:4412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17326.exe
        8⤵
        
        PID:6880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46672.exe
        9⤵
        
        PID:10000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63914.exe
        10⤵
        
        PID:13288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10000 -s 216
        10⤵
        
        PID:8036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6880 -s 216
        9⤵
        
        PID:10520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4412 -s 216
        8⤵
        
        PID:7736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1960 -s 240
        7⤵
        
        PID:5596
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1968 -s 240
        6⤵
        Program crash
        
        PID:2472
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1764 -s 240
        5⤵
        Program crash
        
        PID:2104
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2456 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:592
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4922.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4922.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28763.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28763.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7356.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60724.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54886.exe
        7⤵
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40024.exe
        8⤵
        
        PID:3232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59541.exe
        9⤵
        
        PID:3976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16667.exe
        10⤵
        
        PID:5372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63672.exe
        11⤵
        
        PID:9124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11340.exe
        12⤵
        
        PID:13104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9124 -s 216
        12⤵
        
        PID:6820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5372 -s 216
        11⤵
        
        PID:9952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3976 -s 216
        10⤵
        
        PID:7548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3232 -s 236
        9⤵
        
        PID:5900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21201.exe
        8⤵
        
        PID:3732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30948.exe
        9⤵
        
        PID:6420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36091.exe
        10⤵
        
        PID:9692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4407.exe
        11⤵
        
        PID:12628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9692 -s 216
        11⤵
        
        PID:12364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6420 -s 216
        10⤵
        
        PID:11032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3732 -s 236
        9⤵
        
        PID:8084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2136 -s 240
        8⤵
        
        PID:5276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2568 -s 216
        7⤵
        Program crash
        
        PID:772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43463.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64829.exe
        7⤵
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65488.exe
        8⤵
        
        PID:3148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44824.exe
        9⤵
        
        PID:5180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21898.exe
        10⤵
        
        PID:7440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39075.exe
        11⤵
        
        PID:11524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7440 -s 216
        11⤵
        
        PID:4348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5180 -s 216
        10⤵
        
        PID:9292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3148 -s 216
        9⤵
        
        PID:6220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2512 -s 236
        8⤵
        
        PID:4724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18980.exe
        7⤵
        
        PID:3296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3407.exe
        8⤵
        
        PID:5064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59832.exe
        9⤵
        
        PID:7172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10102.exe
        10⤵
        
        PID:10868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7172 -s 216
        10⤵
        
        PID:12032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5064 -s 216
        9⤵
        
        PID:8288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3296 -s 216
        8⤵
        
        PID:6172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2776 -s 240
        7⤵
        
        PID:4556
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1792 -s 240
        6⤵
        Program crash
        
        PID:1116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44943.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51269.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56661.exe
        7⤵
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14149.exe
        8⤵
        
        PID:3896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42110.exe
        9⤵
        
        PID:5092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43112.exe
        10⤵
        
        PID:7768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4181.exe
        11⤵
        
        PID:10812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22877.exe
        12⤵
        
        PID:8824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7768 -s 216
        11⤵
        
        PID:11692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5092 -s 216
        10⤵
        
        PID:8840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3896 -s 216
        9⤵
        
        PID:6664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2124 -s 236
        8⤵
        
        PID:4400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2932 -s 236
        7⤵
        Program crash
        
        PID:3472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40879.exe
        6⤵
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53044.exe
        7⤵
        
        PID:4012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5353.exe
        8⤵
        
        PID:4864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45634.exe
        9⤵
        
        PID:8004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26631.exe
        10⤵
        
        PID:10996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5253.exe
        11⤵
        
        PID:9272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8004 -s 216
        10⤵
        
        PID:12120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4864 -s 216
        9⤵
        
        PID:2912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4012 -s 216
        8⤵
        
        PID:7080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2248 -s 216
        7⤵
        
        PID:4464
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2452 -s 240
        6⤵
        Program crash
        
        PID:412
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2276 -s 240
        5⤵
        Program crash
        
        PID:540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18217.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18217.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23968.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58176.exe
        6⤵
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13682.exe
        7⤵
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20372.exe
        8⤵
        
        PID:3768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30289.exe
        9⤵
        
        PID:5972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25489.exe
        10⤵
        
        PID:8904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30471.exe
        11⤵
        
        PID:11636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8904 -s 220
        11⤵
        
        PID:12772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5972 -s 216
        10⤵
        
        PID:9840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3768 -s 216
        9⤵
        
        PID:7304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1668 -s 236
        8⤵
        
        PID:5440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44061.exe
        7⤵
        
        PID:3932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37751.exe
        8⤵
        
        PID:4688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48052.exe
        9⤵
        
        PID:6908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12821.exe
        10⤵
        
        PID:9908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49716.exe
        11⤵
        
        PID:6868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9908 -s 216
        11⤵
        
        PID:6616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6908 -s 216
        10⤵
        
        PID:10852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4688 -s 216
        9⤵
        
        PID:6372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3932 -s 216
        8⤵
        
        PID:5940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2660 -s 240
        7⤵
        Program crash
        
        PID:3344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63438.exe
        6⤵
        
        PID:1524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55182.exe
        7⤵
        
        PID:3712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42110.exe
        8⤵
        
        PID:5080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51472.exe
        9⤵
        
        PID:7812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30632.exe
        10⤵
        
        PID:10788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53987.exe
        11⤵
        
        PID:5676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7812 -s 216
        10⤵
        
        PID:11720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5080 -s 216
        9⤵
        
        PID:8852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3712 -s 236
        8⤵
        
        PID:6680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1524 -s 236
        7⤵
        
        PID:4500
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 936 -s 240
        6⤵
        Program crash
        
        PID:3272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59800.exe
        5⤵
        
        PID:2824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46739.exe
        6⤵
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61404.exe
        7⤵
        
        PID:4052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18338.exe
        8⤵
        
        PID:5836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18883.exe
        9⤵
        
        PID:8528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31758.exe
        10⤵
        
        PID:12036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17506.exe
        11⤵
        
        PID:928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8528 -s 216
        10⤵
        
        PID:12592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5836 -s 216
        9⤵
        
        PID:9592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4052 -s 216
        8⤵
        
        PID:7196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2496 -s 236
        7⤵
        
        PID:3964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41538.exe
        6⤵
        
        PID:4056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44487.exe
        7⤵
        
        PID:6080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7398.exe
        8⤵
        
        PID:9072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34747.exe
        9⤵
        
        PID:12136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9072 -s 216
        9⤵
        
        PID:12860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6080 -s 216
        8⤵
        
        PID:10024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4056 -s 216
        7⤵
        
        PID:7388
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2824 -s 240
        6⤵
        
        PID:5476
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1144 -s 240
        5⤵
        Program crash
        
        PID:1748
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2088 -s 240
      4⤵
      Program crash
      PID:1976
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2536 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2680
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2364 -s 240
  2⤵
  - Program crash
  PID:2656

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-14434.exe

Filesize
184KB

MD5
e43432b9549f0a5a77f4e8ef39ff7d99

SHA1
202a7d7e45d171df527f3b76c20da61ce296a268

SHA256
e1f688cf98a3ff39c09fb39d08d4aa8228955753d9166ee93aa954f236bee740

SHA512
9bd6cf36b0f2f38140132d64e65b8d6282788a9f36bfe8d094ebae3881a1997de98c95d717c15d36f3e11eaf14d73bf3b470ae97248b9d3aa05211c6314c14f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20059.exe

Filesize
184KB

MD5
172e89caf3b846504f5b9d656269111e

SHA1
8e184719bf6302dfff5290c211a97644f5ed2889

SHA256
eb76b08c083fb17f63298206bd0d66eae15a58c398879ad49832f441df4b9e0a

SHA512
92fe3796311f443440f9824e6984f711a98f1183f1021470d6d30ae1f17dc14797c71592e8364e233e55e536fda25e808022c618f7b1003c1aa6a30649ede93f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2037.exe

Filesize
184KB

MD5
46c0a46a7956dfde033db53fade5c9e4

SHA1
4c690e6ea00a01ff4df3cedb1889694cd3b96b37

SHA256
dc410a73d3ad6eab29110f253b2726ba024cd8a2648f978b791051ef76d20fdc

SHA512
ec4269f2f1c7d3df86faf196a1b2be1202d457f7377920200166167da9093e016af9a6f61611315934206cc549a411745c6d427be8122786f975e59fd0e2fb26

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24648.exe

Filesize
184KB

MD5
00e58344beb4272aa2d68a5a59b5d61b

SHA1
04652d82228f80eb0e2dcaff0694126c1fca7602

SHA256
85e32c7420622bfa38e91656a60ac98c67cd59a1c750cd4ca7279b20b70d4744

SHA512
a0b2b674936b8a7fb64a1d4250765a04c5b6d6e9e689cab687a0910fdc745cc76c2c48216415e5f34b08d1e73c580176d8fe18040fc15c9652034caf661c2538

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32225.exe

Filesize
184KB

MD5
a47ada9c1bf3130627427e5df9bde019

SHA1
f206b8b06f6b0a15266b006cdd5f815a23a035f3

SHA256
54a1511d0561318dc47c5779d4f1ae1c61c2e45acb0e95eef768e7a07483f52d

SHA512
acbb08eeae9be330106dfeac7d606bc72b18afe8646078c2f194eb65a0da42ac503909a9418d90f3980e5608b19fca8e3511d02fbf293bf43097a0f25ea7ae7c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32676.exe

Filesize
184KB

MD5
007765af797d8e8f2e796c8da7033936

SHA1
dfc073632c55ae3cad7fe48fe483154e5ac4b492

SHA256
3aa5133b2079b02aca9afd5f15f55f73badf3ab3020320e9e4811cb06bc04aaa

SHA512
6e53f86c002ea84a6b3218f109ee639d9c124780090669060f9d453fdee1a774af7b281184e5cf976bb314b124efb2e25c157823d08428bccb8bec2e290156db

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40879.exe

Filesize
184KB

MD5
94f2bc54210b2a9daa94581dcb5435fe

SHA1
4e1852b66e27fd9855a3b9629afb8b77c19c671f

SHA256
9e712672366dfef751bb4c8f3f0fe71cd3a28cc3783e40690348acb3e6f0ba22

SHA512
aca326ae09cc2c2433f4f3a0c563b82b251cd7848238e2490c5a8e48dca146dab02cd70307ba879bd76850fa62efbf975f57b0ad57b1fb166dbf1ad0ca253d7e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4922.exe

Filesize
184KB

MD5
0d4141c0d53d4fdd1b929f626c0c6d04

SHA1
afc9354e32600b6e6ece9055c7ee9855cbf8007f

SHA256
79ed08fa9748f727d94349ab67ba44db03643722a2887ad370060b259a45d6a9

SHA512
d77a658bd9eb6b518af65c31cf6512a3f8c2452db62e93bebab3329c10642efa668549daf996bb4d60ced7888af806cfa74eaef2404f5c74e3cacb9032733a82

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49245.exe

Filesize
184KB

MD5
87a32ae6ae6b4cccfa6a7ed658155de5

SHA1
c7a9396f560ebe26acdc65f06d0aab78fa2eb5fd

SHA256
9ea89f7e893ad7deffb2e089a122b5abe613fb6c4dcb4a0bef3f41098e756435

SHA512
aa81bf89bf15d00607f64070b4a20103e00399d4ff5ec32babc36d639fda18d211ca22bc833253d718873e58696135ca5020b8052229663c057e99d6eb26cd31

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-12618.exe

Filesize
184KB

MD5
a2fafdc280a08c0dc37625e305d8ae2a

SHA1
8be912658bf2f91b624269637c22e8e9f3ba6756

SHA256
e268c93d9990c5f7fcb97f7dc395175bee7d24b884fce166ca124e88899eccb2

SHA512
904423ec8df5a8c58f64b8f07f8d487d38f216a4fb0ff706ba25241a93e109ed8d842075e2bc1748ad3cff19e2f99069339a375308fc04bdf7aa248fbbcfab82

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-12898.exe

Filesize
184KB

MD5
25bc14329978acf4e4c082e882304624

SHA1
3448955e7a5e5e17ee8f9ea9503ea1e5d7bcf5ad

SHA256
34635b5a9536f8bce1399a2b155684cac38b4e9157cd8221a27b3386abb5edb0

SHA512
a9637a911a360fbaff52b2ba8da497399cf15848c7c37ab44c0650f3100e1de502b20e19ec981cf6b942ec1e57ab53620b54009ea4b3f00b34bb29e46bf06665

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-14050.exe

Filesize
184KB

MD5
61fc3db1795df5e5a87777ebe89d7ea4

SHA1
03d72fd24a2b6d3558536841ef5110987fd85ffb

SHA256
798f9badef53bfd6d60f76ecd9b9c40dd01abece11db1b4fb6d5fc06d9b03011

SHA512
a7eebac32684328435dc38039c6beff8b37dac6ac8476e734c84bbab766c458ab8a3c82a831bf16efcec74da04363267c1e0b2f9e3c0073afebade4cbceef42c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-24788.exe

Filesize
184KB

MD5
bdf319b1709a85b8605709a22900102e

SHA1
1c9d13dec0212596d03b78629515dbbe33ef19eb

SHA256
2c3fd75a0f07e821bf6076e0e93714521d7d1f6809fc5b1a58edb568b9f8ca92

SHA512
b44b0d6254d048be9451cef118ca4308160bd543a9a295a04c01b09ccc017312c99ba9745d6b7d3e67363ff6d9e2ae708097266038bfff00e5965a64aaeee3fe

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-28763.exe

Filesize
184KB

MD5
99b79a52cd07633f550028ce0d26db3a

SHA1
658e1f19a7e06594fe4e33a3b4a633747f0f16f6

SHA256
b4eb10eb33715901915e7bc3274e4947e42d150b490836d3a0da97701b839c3a

SHA512
b322e1c97cf82f689ef7c9fca831d61e043be766b09c2206bed45a1ef5723ce59c35bad45695f119500cd8fb47c2f774e530f75f0497be77a1ffb5b4a8da02ed

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-39925.exe

Filesize
184KB

MD5
38c84a846c68cb765d9c356bedac1e67

SHA1
8cb2fde163250cb7a438c340189133a7cb916cb9

SHA256
45f705d5b1cb08242cb6699fa4e8bea4dd42da6a5b9fc129ed13d44ffcc1f35c

SHA512
4935e627fca5eae9ce7fa895f22f1a8c6bab52eab6e19687601f8e5e18287a0ab2362929a112ff6d2a866e30db09e29c1a8eae01b02bd5ca6a3ac77eacb1271a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-52094.exe

Filesize
184KB

MD5
668faa45410ad9bbf3fd4feaf2d08123

SHA1
50bdf9c5e43c271914d846f779317375a405ab9f

SHA256
cd8a18132892edc9ab64a08ce3983df79ec0e4b93b6813347f1d86b5816e579d

SHA512
acbfb0c4e45a1b8ba5f573bdcd12c4287b5d996d668cc4fac35fee754cda7c520e09369bad9739bcc15d98ad0ec423baba1b4cd518e46a0e0b2cc91599fc6f1a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60106.exe

Filesize
184KB

MD5
8cabde733d6903939e5740a6704a4ea0

SHA1
6d22c686a8bce17f1f2126da11788924719ac00c

SHA256
8aa3bd74eb9b40916b15009e46251e28763ff9314009a4af57f399fd991bb1e1

SHA512
10cd421027b37096ad745e656aedffc6bd11c18d7d884c96087a428d8c3f5b2ca0aa45b4ae64b644b71b06384864e005f09bb202cd345666c36eb5bc169ebbe8

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads