f48bf153964306b158809dc2ed82a9502f192e4931e551ea4ccddf0a447c3f0d

Analysis

max time kernel
150s
max time network
121s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
04/06/2024, 01:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1f8b3a25ad390fed053f5ff32bcf0230_NeikiAnalytics.exe
Size

184KB
MD5

1f8b3a25ad390fed053f5ff32bcf0230
SHA1

f371ace3f9dfdaad6eb373171bc81098a06cdf16
SHA256

f48bf153964306b158809dc2ed82a9502f192e4931e551ea4ccddf0a447c3f0d
SHA512

793c472a6e4b2a8f5533533e5bf393a4047cea0bc2340b52368282864dcb9d4f71cd821a96fd9ae3da4f36552789e17620163b415b35966a813e8a47685eb976
SSDEEP

3072:1tDntolMpV3l4vYFpsjpxDFIKYpfCHKktjKO5t1HGDhlnVOFPnT:1tJoiV4vBjPDFI/Ax6hlnVOFP

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
760	Unicorn-4078.exe
2920	Unicorn-46414.exe
2200	Unicorn-28494.exe
2052	Unicorn-9167.exe
2560	Unicorn-21974.exe
2748	Unicorn-41840.exe
2388	Unicorn-51887.exe
2372	Unicorn-32213.exe
2692	Unicorn-52079.exe
2720	Unicorn-46739.exe
764	Unicorn-1067.exe
2300	Unicorn-25710.exe
628	Unicorn-36762.exe
2248	Unicorn-21687.exe
1936	Unicorn-26478.exe
2264	Unicorn-26478.exe
2092	Unicorn-26670.exe
2364	Unicorn-22263.exe
608	Unicorn-34195.exe
896	Unicorn-34195.exe
452	Unicorn-57843.exe
2112	Unicorn-38169.exe
1812	Unicorn-25939.exe
1668	Unicorn-27885.exe
1368	Unicorn-23670.exe
1780	Unicorn-38937.exe
1632	Unicorn-38937.exe
2740	Unicorn-58803.exe
876	Unicorn-50101.exe
1960	Unicorn-14776.exe
1608	Unicorn-48217.exe
2076	Unicorn-17813.exe
2008	Unicorn-17813.exe
2176	Unicorn-30261.exe
2572	Unicorn-51087.exe
2496	Unicorn-64278.exe
3004	Unicorn-33874.exe
2612	Unicorn-14200.exe
2636	Unicorn-39468.exe
2400	Unicorn-34869.exe
2616	Unicorn-4849.exe
2072	Unicorn-22447.exe
344	Unicorn-52659.exe
1908	Unicorn-9398.exe
1540	Unicorn-26996.exe
320	Unicorn-7130.exe
1508	Unicorn-24692.exe
2036	Unicorn-5018.exe
2276	Unicorn-40535.exe
2800	Unicorn-42481.exe
2792	Unicorn-42673.exe
672	Unicorn-38266.exe
1048	Unicorn-56248.exe
1220	Unicorn-44245.exe
1840	Unicorn-64110.exe
1804	Unicorn-65070.exe
304	Unicorn-60856.exe
2912	Unicorn-29902.exe
2972	Unicorn-42708.exe
2824	Unicorn-12688.exe
1568	Unicorn-12880.exe
1604	Unicorn-12880.exe
3028	Unicorn-30478.exe
2744	Unicorn-14826.exe

Loads dropped DLL 64 IoCs

pid	Process
2192	1f8b3a25ad390fed053f5ff32bcf0230_NeikiAnalytics.exe
2192	1f8b3a25ad390fed053f5ff32bcf0230_NeikiAnalytics.exe
760	Unicorn-4078.exe
760	Unicorn-4078.exe
2192	1f8b3a25ad390fed053f5ff32bcf0230_NeikiAnalytics.exe
2192	1f8b3a25ad390fed053f5ff32bcf0230_NeikiAnalytics.exe
2920	Unicorn-46414.exe
2920	Unicorn-46414.exe
2200	Unicorn-28494.exe
2200	Unicorn-28494.exe
760	Unicorn-4078.exe
760	Unicorn-4078.exe
2508	WerFault.exe
2508	WerFault.exe
2508	WerFault.exe
2508	WerFault.exe
2508	WerFault.exe
2560	Unicorn-21974.exe
2560	Unicorn-21974.exe
2920	Unicorn-46414.exe
2920	Unicorn-46414.exe
2052	Unicorn-9167.exe
2200	Unicorn-28494.exe
2052	Unicorn-9167.exe
2200	Unicorn-28494.exe
2748	Unicorn-41840.exe
2748	Unicorn-41840.exe
2312	WerFault.exe
2312	WerFault.exe
2312	WerFault.exe
2312	WerFault.exe
1044	WerFault.exe
1044	WerFault.exe
1044	WerFault.exe
1044	WerFault.exe
1044	WerFault.exe
2312	WerFault.exe
2388	Unicorn-51887.exe
2388	Unicorn-51887.exe
2560	Unicorn-21974.exe
2560	Unicorn-21974.exe
2748	Unicorn-41840.exe
2748	Unicorn-41840.exe
2720	Unicorn-46739.exe
2692	Unicorn-52079.exe
2692	Unicorn-52079.exe
2720	Unicorn-46739.exe
2372	Unicorn-32213.exe
2372	Unicorn-32213.exe
2052	Unicorn-9167.exe
2052	Unicorn-9167.exe
1376	WerFault.exe
1376	WerFault.exe
1376	WerFault.exe
1376	WerFault.exe
1376	WerFault.exe
1480	WerFault.exe
1480	WerFault.exe
1480	WerFault.exe
1480	WerFault.exe
1480	WerFault.exe
2204	WerFault.exe
2204	WerFault.exe
2204	WerFault.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2632	2192	WerFault.exe	27
2508	760	WerFault.exe	28
2312	2920	WerFault.exe	29
1044	2200	WerFault.exe	30
1376	2560	WerFault.exe	34
1480	2052	WerFault.exe	32
2204	2748	WerFault.exe	33
1684	2388	WerFault.exe	36
1984	2692	WerFault.exe	38
2936	2720	WerFault.exe	39
576	2372	WerFault.exe	37
2680	2248	WerFault.exe	45
1948	628	WerFault.exe	44
2684	2264	WerFault.exe	47
1892	1936	WerFault.exe	46
2484	2092	WerFault.exe	48
1944	2364	WerFault.exe	49
2868	896	WerFault.exe	53
2644	2112	WerFault.exe	56
2444	608	WerFault.exe	54
2664	452	WerFault.exe	55
1244	1668	WerFault.exe	58
1920	1780	WerFault.exe	61
1432	2740	WerFault.exe	62
844	1368	WerFault.exe	59
1992	1632	WerFault.exe	60
1288	1812	WerFault.exe	57
2640	876	WerFault.exe	67
2500	1960	WerFault.exe	68
2456	2008	WerFault.exe	70
2668	2076	WerFault.exe	71
2368	2176	WerFault.exe	72
1932	1608	WerFault.exe	69
3064	2496	WerFault.exe	74
696	2572	WerFault.exe	73
2900	3004	WerFault.exe	75
1968	2612	WerFault.exe	76
2816	2400	WerFault.exe	78
2464	2072	WerFault.exe	80
1964	344	WerFault.exe	81
2576	2616	WerFault.exe	79
2628	2636	WerFault.exe	77
3332	1908	WerFault.exe	87
3376	2584	WerFault.exe	111
3404	2800	WerFault.exe	94
3464	2792	WerFault.exe	96
3512	3028	WerFault.exe	108
3548	320	WerFault.exe	89
3628	1540	WerFault.exe	90
3632	2844	WerFault.exe	110
3720	1268	WerFault.exe	122
3764	908	WerFault.exe	125
3808	884	WerFault.exe	129
3816	1756	WerFault.exe	127
3936	2216	WerFault.exe	124
3960	1220	WerFault.exe	98
3980	2036	WerFault.exe	92
4080	2516	WerFault.exe	109
4088	1604	WerFault.exe	106
3196	1736	WerFault.exe	130
3232	2944	WerFault.exe	126
3156	1508	WerFault.exe	91
3328	2528	WerFault.exe	134
3236	2228	WerFault.exe	135

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2192	1f8b3a25ad390fed053f5ff32bcf0230_NeikiAnalytics.exe
760	Unicorn-4078.exe
2920	Unicorn-46414.exe
2200	Unicorn-28494.exe
2560	Unicorn-21974.exe
2052	Unicorn-9167.exe
2748	Unicorn-41840.exe
2388	Unicorn-51887.exe
2720	Unicorn-46739.exe
2692	Unicorn-52079.exe
2372	Unicorn-32213.exe
2300	Unicorn-25710.exe
628	Unicorn-36762.exe
2248	Unicorn-21687.exe
2264	Unicorn-26478.exe
1936	Unicorn-26478.exe
2092	Unicorn-26670.exe
2364	Unicorn-22263.exe
896	Unicorn-34195.exe
608	Unicorn-34195.exe
452	Unicorn-57843.exe
2112	Unicorn-38169.exe
1812	Unicorn-25939.exe
1668	Unicorn-27885.exe
1368	Unicorn-23670.exe
1632	Unicorn-38937.exe
1780	Unicorn-38937.exe
2740	Unicorn-58803.exe
876	Unicorn-50101.exe
1960	Unicorn-14776.exe
1608	Unicorn-48217.exe
2008	Unicorn-17813.exe
2076	Unicorn-17813.exe
2176	Unicorn-30261.exe
2572	Unicorn-51087.exe
2496	Unicorn-64278.exe
3004	Unicorn-33874.exe
2612	Unicorn-14200.exe
2400	Unicorn-34869.exe
2636	Unicorn-39468.exe
2616	Unicorn-4849.exe
2072	Unicorn-22447.exe
344	Unicorn-52659.exe
1908	Unicorn-9398.exe
1540	Unicorn-26996.exe
320	Unicorn-7130.exe
1508	Unicorn-24692.exe
2036	Unicorn-5018.exe
2276	Unicorn-40535.exe
2800	Unicorn-42481.exe
672	Unicorn-38266.exe
2792	Unicorn-42673.exe
1048	Unicorn-56248.exe
1220	Unicorn-44245.exe
1840	Unicorn-64110.exe
1804	Unicorn-65070.exe
304	Unicorn-60856.exe
2912	Unicorn-29902.exe
2972	Unicorn-42708.exe
2824	Unicorn-12688.exe
1604	Unicorn-12880.exe
1568	Unicorn-12880.exe
2844	Unicorn-25879.exe
2744	Unicorn-14826.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2192 wrote to memory of 760	2192	1f8b3a25ad390fed053f5ff32bcf0230_NeikiAnalytics.exe	28
PID 2192 wrote to memory of 760	2192	1f8b3a25ad390fed053f5ff32bcf0230_NeikiAnalytics.exe	28
PID 2192 wrote to memory of 760	2192	1f8b3a25ad390fed053f5ff32bcf0230_NeikiAnalytics.exe	28
PID 2192 wrote to memory of 760	2192	1f8b3a25ad390fed053f5ff32bcf0230_NeikiAnalytics.exe	28
PID 760 wrote to memory of 2920	760	Unicorn-4078.exe	29
PID 760 wrote to memory of 2920	760	Unicorn-4078.exe	29
PID 760 wrote to memory of 2920	760	Unicorn-4078.exe	29
PID 760 wrote to memory of 2920	760	Unicorn-4078.exe	29
PID 2192 wrote to memory of 2200	2192	1f8b3a25ad390fed053f5ff32bcf0230_NeikiAnalytics.exe	30
PID 2192 wrote to memory of 2200	2192	1f8b3a25ad390fed053f5ff32bcf0230_NeikiAnalytics.exe	30
PID 2192 wrote to memory of 2200	2192	1f8b3a25ad390fed053f5ff32bcf0230_NeikiAnalytics.exe	30
PID 2192 wrote to memory of 2200	2192	1f8b3a25ad390fed053f5ff32bcf0230_NeikiAnalytics.exe	30
PID 2192 wrote to memory of 2632	2192	1f8b3a25ad390fed053f5ff32bcf0230_NeikiAnalytics.exe	31
PID 2192 wrote to memory of 2632	2192	1f8b3a25ad390fed053f5ff32bcf0230_NeikiAnalytics.exe	31
PID 2192 wrote to memory of 2632	2192	1f8b3a25ad390fed053f5ff32bcf0230_NeikiAnalytics.exe	31
PID 2192 wrote to memory of 2632	2192	1f8b3a25ad390fed053f5ff32bcf0230_NeikiAnalytics.exe	31
PID 2920 wrote to memory of 2052	2920	Unicorn-46414.exe	32
PID 2920 wrote to memory of 2052	2920	Unicorn-46414.exe	32
PID 2920 wrote to memory of 2052	2920	Unicorn-46414.exe	32
PID 2920 wrote to memory of 2052	2920	Unicorn-46414.exe	32
PID 2200 wrote to memory of 2748	2200	Unicorn-28494.exe	33
PID 2200 wrote to memory of 2748	2200	Unicorn-28494.exe	33
PID 2200 wrote to memory of 2748	2200	Unicorn-28494.exe	33
PID 2200 wrote to memory of 2748	2200	Unicorn-28494.exe	33
PID 760 wrote to memory of 2560	760	Unicorn-4078.exe	34
PID 760 wrote to memory of 2560	760	Unicorn-4078.exe	34
PID 760 wrote to memory of 2560	760	Unicorn-4078.exe	34
PID 760 wrote to memory of 2560	760	Unicorn-4078.exe	34
PID 760 wrote to memory of 2508	760	Unicorn-4078.exe	35
PID 760 wrote to memory of 2508	760	Unicorn-4078.exe	35
PID 760 wrote to memory of 2508	760	Unicorn-4078.exe	35
PID 760 wrote to memory of 2508	760	Unicorn-4078.exe	35
PID 2560 wrote to memory of 2388	2560	Unicorn-21974.exe	36
PID 2560 wrote to memory of 2388	2560	Unicorn-21974.exe	36
PID 2560 wrote to memory of 2388	2560	Unicorn-21974.exe	36
PID 2560 wrote to memory of 2388	2560	Unicorn-21974.exe	36
PID 2920 wrote to memory of 2372	2920	Unicorn-46414.exe	37
PID 2920 wrote to memory of 2372	2920	Unicorn-46414.exe	37
PID 2920 wrote to memory of 2372	2920	Unicorn-46414.exe	37
PID 2920 wrote to memory of 2372	2920	Unicorn-46414.exe	37
PID 2052 wrote to memory of 2692	2052	Unicorn-9167.exe	38
PID 2052 wrote to memory of 2692	2052	Unicorn-9167.exe	38
PID 2052 wrote to memory of 2692	2052	Unicorn-9167.exe	38
PID 2052 wrote to memory of 2692	2052	Unicorn-9167.exe	38
PID 2200 wrote to memory of 2720	2200	Unicorn-28494.exe	39
PID 2200 wrote to memory of 2720	2200	Unicorn-28494.exe	39
PID 2200 wrote to memory of 2720	2200	Unicorn-28494.exe	39
PID 2200 wrote to memory of 2720	2200	Unicorn-28494.exe	39
PID 2748 wrote to memory of 764	2748	Unicorn-41840.exe	40
PID 2748 wrote to memory of 764	2748	Unicorn-41840.exe	40
PID 2748 wrote to memory of 764	2748	Unicorn-41840.exe	40
PID 2748 wrote to memory of 764	2748	Unicorn-41840.exe	40
PID 2920 wrote to memory of 2312	2920	Unicorn-46414.exe	41
PID 2920 wrote to memory of 2312	2920	Unicorn-46414.exe	41
PID 2920 wrote to memory of 2312	2920	Unicorn-46414.exe	41
PID 2920 wrote to memory of 2312	2920	Unicorn-46414.exe	41
PID 2200 wrote to memory of 1044	2200	Unicorn-28494.exe	42
PID 2200 wrote to memory of 1044	2200	Unicorn-28494.exe	42
PID 2200 wrote to memory of 1044	2200	Unicorn-28494.exe	42
PID 2200 wrote to memory of 1044	2200	Unicorn-28494.exe	42
PID 2388 wrote to memory of 2300	2388	Unicorn-51887.exe	43
PID 2388 wrote to memory of 2300	2388	Unicorn-51887.exe	43
PID 2388 wrote to memory of 2300	2388	Unicorn-51887.exe	43
PID 2388 wrote to memory of 2300	2388	Unicorn-51887.exe	43

C:\Users\Admin\AppData\Local\Temp\1f8b3a25ad390fed053f5ff32bcf0230_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\1f8b3a25ad390fed053f5ff32bcf0230_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2192
- C:\Users\Admin\AppData\Local\Temp\Unicorn-4078.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-4078.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:760
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46414.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46414.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9167.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9167.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52079.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26478.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25939.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22447.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12880.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52938.exe
        10⤵
        
        PID:1420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55287.exe
        11⤵
        
        PID:3564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46672.exe
        12⤵
        
        PID:5152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37470.exe
        13⤵
        
        PID:6188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39993.exe
        14⤵
        
        PID:8908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1554.exe
        15⤵
        
        PID:11976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9431.exe
        16⤵
        
        PID:9772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8908 -s 216
        15⤵
        
        PID:11608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6188 -s 220
        14⤵
        
        PID:9528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5152 -s 216
        13⤵
        
        PID:7824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3564 -s 236
        12⤵
        
        PID:6124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1420 -s 216
        11⤵
        
        PID:4464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33309.exe
        10⤵
        
        PID:3800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34767.exe
        11⤵
        
        PID:4980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26811.exe
        12⤵
        
        PID:5472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10324.exe
        13⤵
        
        PID:8832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26502.exe
        14⤵
        
        PID:11556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60090.exe
        15⤵
        
        PID:7692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8832 -s 216
        14⤵
        
        PID:12220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5472 -s 216
        13⤵
        
        PID:9992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4980 -s 216
        12⤵
        
        PID:7660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3800 -s 236
        11⤵
        
        PID:5944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1604 -s 240
        10⤵
        Program crash
        
        PID:4088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-400.exe
        9⤵
        
        PID:1520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38458.exe
        10⤵
        
        PID:3676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24539.exe
        11⤵
        
        PID:4704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38807.exe
        12⤵
        
        PID:7064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56623.exe
        13⤵
        
        PID:9784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56925.exe
        14⤵
        
        PID:12764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9784 -s 236
        14⤵
        
        PID:6540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7064 -s 216
        13⤵
        
        PID:10956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4704 -s 216
        12⤵
        
        PID:8332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3676 -s 216
        11⤵
        
        PID:6576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1520 -s 236
        10⤵
        
        PID:4400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2072 -s 240
        9⤵
        Program crash
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10612.exe
        8⤵
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52746.exe
        9⤵
        
        PID:2408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55287.exe
        10⤵
        
        PID:3556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32100.exe
        11⤵
        
        PID:4956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33836.exe
        12⤵
        
        PID:7244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6253.exe
        13⤵
        
        PID:10484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31992.exe
        14⤵
        
        PID:6616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10484 -s 216
        14⤵
        
        PID:7272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7244 -s 216
        13⤵
        
        PID:11344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4956 -s 216
        12⤵
        
        PID:8952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3556 -s 216
        11⤵
        
        PID:6936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2408 -s 236
        10⤵
        
        PID:4928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33309.exe
        9⤵
        
        PID:3776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34767.exe
        10⤵
        
        PID:4988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64930.exe
        11⤵
        
        PID:6716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20090.exe
        12⤵
        
        PID:9520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13188.exe
        13⤵
        
        PID:12400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9520 -s 216
        13⤵
        
        PID:13208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6716 -s 236
        12⤵
        
        PID:10856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4988 -s 216
        11⤵
        
        PID:8064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3776 -s 216
        10⤵
        
        PID:5904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2516 -s 220
        9⤵
        Program crash
        
        PID:4080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1812 -s 240
        8⤵
        Program crash
        
        PID:1288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52659.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30478.exe
        8⤵
        Executes dropped EXE
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41487.exe
        9⤵
        
        PID:3356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28192.exe
        10⤵
        
        PID:4152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37589.exe
        11⤵
        
        PID:5744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42037.exe
        12⤵
        
        PID:8728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26502.exe
        13⤵
        
        PID:11564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9410.exe
        14⤵
        
        PID:9036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8728 -s 216
        13⤵
        
        PID:12232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5744 -s 216
        12⤵
        
        PID:9968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4152 -s 216
        11⤵
        
        PID:7552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3356 -s 236
        10⤵
        
        PID:5792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3028 -s 216
        9⤵
        Program crash
        
        PID:3512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15283.exe
        8⤵
        
        PID:2504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-793.exe
        9⤵
        
        PID:3220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10231.exe
        10⤵
        
        PID:4960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16700.exe
        11⤵
        
        PID:6432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47144.exe
        12⤵
        
        PID:9292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37412.exe
        13⤵
        
        PID:12108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9292 -s 216
        13⤵
        
        PID:13128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6432 -s 220
        12⤵
        
        PID:10596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4960 -s 216
        11⤵
        
        PID:7348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3220 -s 216
        10⤵
        
        PID:6756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2504 -s 216
        9⤵
        
        PID:4516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 344 -s 240
        8⤵
        Program crash
        
        PID:1964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2264 -s 240
        7⤵
        Program crash
        
        PID:2684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23670.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4849.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45745.exe
        8⤵
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6869.exe
        9⤵
        
        PID:3384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52535.exe
        10⤵
        
        PID:3480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30651.exe
        11⤵
        
        PID:5160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60013.exe
        12⤵
        
        PID:9104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41074.exe
        13⤵
        
        PID:11800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32602.exe
        14⤵
        
        PID:8340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9104 -s 216
        13⤵
        
        PID:3904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5160 -s 216
        12⤵
        
        PID:10096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3480 -s 216
        11⤵
        
        PID:7676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3384 -s 236
        10⤵
        
        PID:5936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2584 -s 236
        9⤵
        Program crash
        
        PID:3376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2616 -s 236
        8⤵
        Program crash
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10804.exe
        7⤵
        
        PID:2132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20266.exe
        8⤵
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23383.exe
        9⤵
        
        PID:3780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29702.exe
        10⤵
        
        PID:4372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62389.exe
        11⤵
        
        PID:5172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26215.exe
        12⤵
        
        PID:8760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21313.exe
        13⤵
        
        PID:11888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64698.exe
        14⤵
        
        PID:9188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8760 -s 216
        13⤵
        
        PID:12056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5172 -s 216
        12⤵
        
        PID:9940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4372 -s 236
        11⤵
        
        PID:7620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3780 -s 236
        10⤵
        
        PID:5856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2260 -s 236
        9⤵
        
        PID:4408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48961.exe
        8⤵
        
        PID:3872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56900.exe
        9⤵
        
        PID:4388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2341.exe
        10⤵
        
        PID:6424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52083.exe
        11⤵
        
        PID:9628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24677.exe
        12⤵
        
        PID:12984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9628 -s 216
        12⤵
        
        PID:7432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6424 -s 220
        11⤵
        
        PID:10748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4388 -s 216
        10⤵
        
        PID:8636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3872 -s 236
        9⤵
        
        PID:6980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2132 -s 240
        8⤵
        
        PID:4996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1368 -s 220
        7⤵
        Program crash
        
        PID:844
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2692 -s 240
        6⤵
        Program crash
        
        PID:1984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22263.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58803.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39468.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14826.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34791.exe
        9⤵
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49501.exe
        10⤵
        
        PID:3372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64030.exe
        11⤵
        
        PID:5004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4387.exe
        12⤵
        
        PID:6656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5348.exe
        13⤵
        
        PID:8736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2027.exe
        14⤵
        
        PID:11724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8736 -s 216
        14⤵
        
        PID:13012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6656 -s 220
        13⤵
        
        PID:10340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5004 -s 216
        12⤵
        
        PID:8048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3372 -s 216
        11⤵
        
        PID:5456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1980 -s 236
        10⤵
        
        PID:4828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53211.exe
        9⤵
        
        PID:3592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3387.exe
        10⤵
        
        PID:5476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38039.exe
        11⤵
        
        PID:6528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63821.exe
        12⤵
        
        PID:9348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26213.exe
        13⤵
        
        PID:5832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9348 -s 216
        13⤵
        
        PID:7416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6528 -s 216
        12⤵
        
        PID:10480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5476 -s 216
        11⤵
        
        PID:8420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3592 -s 216
        10⤵
        
        PID:6860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2744 -s 240
        9⤵
        
        PID:4624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15117.exe
        8⤵
        
        PID:948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21079.exe
        9⤵
        
        PID:3916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8285.exe
        10⤵
        
        PID:5048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39767.exe
        11⤵
        
        PID:6624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5414.exe
        12⤵
        
        PID:10076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36633.exe
        13⤵
        
        PID:12364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10076 -s 216
        13⤵
        
        PID:12352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6624 -s 216
        12⤵
        
        PID:11168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5048 -s 216
        11⤵
        
        PID:8500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3916 -s 216
        10⤵
        
        PID:6780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 948 -s 216
        9⤵
        
        PID:4540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2636 -s 240
        8⤵
        Program crash
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25879.exe
        7⤵
        Suspicious use of SetWindowsHookEx
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42255.exe
        8⤵
        
        PID:3416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15010.exe
        9⤵
        
        PID:4436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47488.exe
        10⤵
        
        PID:6244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22993.exe
        11⤵
        
        PID:9372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43100.exe
        12⤵
        
        PID:5264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9372 -s 216
        12⤵
        
        PID:5668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6244 -s 216
        11⤵
        
        PID:10724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4436 -s 216
        10⤵
        
        PID:7220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3416 -s 216
        9⤵
        
        PID:5920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2844 -s 216
        8⤵
        Program crash
        
        PID:3632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2740 -s 240
        7⤵
        Program crash
        
        PID:1432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34869.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12880.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1708.exe
        8⤵
        
        PID:404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58717.exe
        9⤵
        
        PID:3848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34596.exe
        10⤵
        
        PID:4696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52929.exe
        11⤵
        
        PID:6204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15987.exe
        12⤵
        
        PID:8804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60589.exe
        13⤵
        
        PID:12128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24315.exe
        14⤵
        
        PID:9740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8804 -s 216
        13⤵
        
        PID:12476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6204 -s 220
        12⤵
        
        PID:9444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4696 -s 216
        11⤵
        
        PID:7844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3848 -s 216
        10⤵
        
        PID:6140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 404 -s 236
        9⤵
        
        PID:4864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45479.exe
        8⤵
        
        PID:3896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5094.exe
        9⤵
        
        PID:5092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52730.exe
        10⤵
        
        PID:7096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29587.exe
        11⤵
        
        PID:9408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57131.exe
        12⤵
        
        PID:12920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9408 -s 216
        12⤵
        
        PID:7428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7096 -s 216
        11⤵
        
        PID:10516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5092 -s 220
        10⤵
        
        PID:8404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3896 -s 216
        9⤵
        
        PID:7040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1568 -s 220
        8⤵
        
        PID:4140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65169.exe
        7⤵
        
        PID:2492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-985.exe
        8⤵
        
        PID:3272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54809.exe
        9⤵
        
        PID:5372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1573.exe
        10⤵
        
        PID:7036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61398.exe
        11⤵
        
        PID:9424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54752.exe
        12⤵
        
        PID:13300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9424 -s 216
        12⤵
        
        PID:7076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7036 -s 216
        11⤵
        
        PID:11028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5372 -s 216
        10⤵
        
        PID:8604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3272 -s 216
        9⤵
        
        PID:6652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2492 -s 216
        8⤵
        
        PID:5064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2400 -s 220
        7⤵
        Program crash
        
        PID:2816
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2364 -s 240
        6⤵
        Program crash
        
        PID:1944
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2052 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:1480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32213.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32213.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26670.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48217.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40535.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30541.exe
        8⤵
        
        PID:1392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35194.exe
        9⤵
        
        PID:3996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60527.exe
        10⤵
        
        PID:4208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30478.exe
        11⤵
        
        PID:5464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8325.exe
        12⤵
        
        PID:9728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18968.exe
        13⤵
        
        PID:12976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9728 -s 236
        13⤵
        
        PID:12876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5464 -s 236
        12⤵
        
        PID:10932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4208 -s 216
        11⤵
        
        PID:8240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3996 -s 216
        10⤵
        
        PID:5548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1392 -s 216
        9⤵
        
        PID:4192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28867.exe
        8⤵
        
        PID:3140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51067.exe
        9⤵
        
        PID:4728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28989.exe
        10⤵
        
        PID:5592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54447.exe
        11⤵
        
        PID:8624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64439.exe
        12⤵
        
        PID:11936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11936 -s 220
        13⤵
        
        PID:8344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8624 -s 216
        12⤵
        
        PID:11828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5592 -s 216
        11⤵
        
        PID:9916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4728 -s 216
        10⤵
        
        PID:8112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3140 -s 216
        9⤵
        
        PID:6688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2276 -s 240
        8⤵
        
        PID:4712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28272.exe
        7⤵
        
        PID:1348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51037.exe
        8⤵
        
        PID:4028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58555.exe
        9⤵
        
        PID:4112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12543.exe
        10⤵
        
        PID:6852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26302.exe
        11⤵
        
        PID:10032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21558.exe
        12⤵
        
        PID:12412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10032 -s 216
        12⤵
        
        PID:7300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6852 -s 216
        11⤵
        
        PID:11136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4112 -s 216
        10⤵
        
        PID:8568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4028 -s 216
        9⤵
        
        PID:6704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1348 -s 216
        8⤵
        
        PID:4548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1608 -s 240
        7⤵
        Program crash
        
        PID:1932
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2092 -s 216
        6⤵
        Program crash
        
        PID:2484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38937.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33874.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29902.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52170.exe
        8⤵
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34426.exe
        9⤵
        
        PID:3880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3880 -s 220
        10⤵
        
        PID:5056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1596 -s 236
        9⤵
        
        PID:4132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63076.exe
        8⤵
        
        PID:3944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5717.exe
        9⤵
        
        PID:5332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52730.exe
        10⤵
        
        PID:6228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46276.exe
        11⤵
        
        PID:9272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21387.exe
        12⤵
        
        PID:12708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6228 -s 216
        11⤵
        
        PID:10300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5332 -s 216
        10⤵
        
        PID:8396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3944 -s 216
        9⤵
        
        PID:6676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2912 -s 220
        8⤵
        
        PID:4660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3004 -s 236
        7⤵
        Program crash
        
        PID:2900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42708.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52746.exe
        7⤵
        
        PID:2120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22615.exe
        8⤵
        
        PID:3476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23263.exe
        9⤵
        
        PID:5520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26156.exe
        10⤵
        
        PID:7276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23223.exe
        11⤵
        
        PID:10624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11919.exe
        12⤵
        
        PID:13004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10624 -s 216
        12⤵
        
        PID:8236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7276 -s 216
        11⤵
        
        PID:11388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5520 -s 216
        10⤵
        
        PID:8364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3476 -s 216
        9⤵
        
        PID:6952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2120 -s 236
        8⤵
        
        PID:4692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3517.exe
        7⤵
        
        PID:3748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-605.exe
        8⤵
        
        PID:4600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38039.exe
        9⤵
        
        PID:6488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27283.exe
        10⤵
        
        PID:9464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42103.exe
        11⤵
        
        PID:7104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9464 -s 220
        11⤵
        
        PID:5680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6488 -s 220
        10⤵
        
        PID:2808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4600 -s 220
        9⤵
        
        PID:8412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3748 -s 216
        8⤵
        
        PID:6772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2972 -s 240
        7⤵
        
        PID:4676
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1780 -s 220
        6⤵
        Program crash
        
        PID:1920
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2372 -s 240
        5⤵
        Program crash
        
        PID:576
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2920 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:2312
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21974.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21974.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51887.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51887.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25710.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34195.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50101.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9398.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38387.exe
        9⤵
        
        PID:1268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38738.exe
        10⤵
        
        PID:3088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55711.exe
        11⤵
        
        PID:4848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56596.exe
        12⤵
        
        PID:7024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45316.exe
        13⤵
        
        PID:10196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57131.exe
        14⤵
        
        PID:12880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10196 -s 216
        14⤵
        
        PID:7404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4848 -s 216
        12⤵
        
        PID:8448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3088 -s 216
        11⤵
        
        PID:6632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1268 -s 236
        10⤵
        Program crash
        
        PID:3720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36853.exe
        9⤵
        
        PID:3120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21591.exe
        10⤵
        
        PID:3148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11325.exe
        11⤵
        
        PID:5496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9489.exe
        12⤵
        
        PID:9248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9248 -s 212
        13⤵
        
        PID:3176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5496 -s 216
        12⤵
        
        PID:10552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3148 -s 216
        11⤵
        
        PID:7764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3120 -s 236
        10⤵
        
        PID:5896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1908 -s 240
        9⤵
        Program crash
        
        PID:3332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34364.exe
        8⤵
        
        PID:2216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2216 -s 240
        9⤵
        Program crash
        
        PID:3936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 876 -s 240
        8⤵
        Program crash
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7130.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4754.exe
        8⤵
        
        PID:884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39506.exe
        9⤵
        
        PID:3180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14242.exe
        10⤵
        
        PID:4340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37781.exe
        11⤵
        
        PID:5972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44123.exe
        12⤵
        
        PID:9060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17068.exe
        13⤵
        
        PID:11640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47869.exe
        14⤵
        
        PID:4076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9060 -s 236
        13⤵
        
        PID:12180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5972 -s 220
        12⤵
        
        PID:10140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4340 -s 236
        11⤵
        
        PID:7560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3180 -s 236
        10⤵
        
        PID:5824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 884 -s 236
        9⤵
        Program crash
        
        PID:3808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2069.exe
        8⤵
        
        PID:3248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42115.exe
        9⤵
        
        PID:4308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41647.exe
        10⤵
        
        PID:5504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59271.exe
        11⤵
        
        PID:8860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30773.exe
        12⤵
        
        PID:11728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26432.exe
        13⤵
        
        PID:8880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8860 -s 216
        12⤵
        
        PID:12276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5504 -s 216
        11⤵
        
        PID:9708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4308 -s 216
        10⤵
        
        PID:7508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3248 -s 236
        9⤵
        
        PID:5752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 320 -s 220
        8⤵
        Program crash
        
        PID:3548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 896 -s 240
        7⤵
        Program crash
        
        PID:2868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14776.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26996.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54998.exe
        8⤵
        
        PID:908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38738.exe
        9⤵
        
        PID:3096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38394.exe
        10⤵
        
        PID:3188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57106.exe
        11⤵
        
        PID:5540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51928.exe
        12⤵
        
        PID:9176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35168.exe
        13⤵
        
        PID:11412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56753.exe
        14⤵
        
        PID:8672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9176 -s 216
        13⤵
        
        PID:11932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5540 -s 216
        12⤵
        
        PID:9184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3188 -s 236
        11⤵
        
        PID:7520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3096 -s 216
        10⤵
        
        PID:5772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 908 -s 216
        9⤵
        Program crash
        
        PID:3764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52313.exe
        8⤵
        
        PID:3132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29702.exe
        9⤵
        
        PID:4380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55233.exe
        10⤵
        
        PID:6452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39993.exe
        11⤵
        
        PID:8792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11487.exe
        12⤵
        
        PID:11532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8792 -s 216
        12⤵
        
        PID:12892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6452 -s 220
        11⤵
        
        PID:9428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4380 -s 216
        10⤵
        
        PID:7952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3132 -s 216
        9⤵
        
        PID:5228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1540 -s 240
        8⤵
        Program crash
        
        PID:3628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52730.exe
        7⤵
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52163.exe
        8⤵
        
        PID:3528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20486.exe
        9⤵
        
        PID:4604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2117.exe
        10⤵
        
        PID:6568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28058.exe
        11⤵
        
        PID:9484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28430.exe
        12⤵
        
        PID:12564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9484 -s 216
        12⤵
        
        PID:12396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6568 -s 216
        11⤵
        
        PID:10848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4604 -s 216
        10⤵
        
        PID:7612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3528 -s 236
        9⤵
        
        PID:6132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2944 -s 236
        8⤵
        Program crash
        
        PID:3232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1960 -s 240
        7⤵
        Program crash
        
        PID:2500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38169.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17813.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24692.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64941.exe
        8⤵
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42464.exe
        9⤵
        
        PID:3644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43506.exe
        10⤵
        
        PID:4364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55278.exe
        11⤵
        
        PID:6396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38497.exe
        12⤵
        
        PID:9944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65273.exe
        13⤵
        
        PID:13280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9944 -s 216
        13⤵
        
        PID:13292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6396 -s 216
        12⤵
        
        PID:11072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4364 -s 216
        11⤵
        
        PID:8248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3644 -s 236
        10⤵
        
        PID:6268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2528 -s 236
        9⤵
        Program crash
        
        PID:3328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20102.exe
        8⤵
        
        PID:3712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58773.exe
        9⤵
        
        PID:4280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35358.exe
        10⤵
        
        PID:6288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9411.exe
        11⤵
        
        PID:8964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1746.exe
        12⤵
        
        PID:12004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20070.exe
        13⤵
        
        PID:9660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8964 -s 216
        12⤵
        
        PID:2344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6288 -s 216
        11⤵
        
        PID:9808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4280 -s 216
        10⤵
        
        PID:7868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3712 -s 216
        9⤵
        
        PID:5200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1508 -s 240
        8⤵
        Program crash
        
        PID:3156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12787.exe
        7⤵
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8255.exe
        8⤵
        
        PID:3832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3438.exe
        9⤵
        
        PID:5112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25081.exe
        10⤵
        
        PID:6472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50097.exe
        11⤵
        
        PID:9324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16385.exe
        12⤵
        
        PID:11524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9324 -s 216
        12⤵
        
        PID:13236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6472 -s 220
        11⤵
        
        PID:10660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5112 -s 236
        10⤵
        
        PID:7384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3832 -s 216
        9⤵
        
        PID:5784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2228 -s 236
        8⤵
        Program crash
        
        PID:3236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2008 -s 240
        7⤵
        Program crash
        
        PID:2456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5018.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37811.exe
        7⤵
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19849.exe
        8⤵
        
        PID:3468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34767.exe
        9⤵
        
        PID:4948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53479.exe
        10⤵
        
        PID:6504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24342.exe
        11⤵
        
        PID:8268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39723.exe
        12⤵
        
        PID:12260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8268 -s 220
        12⤵
        
        PID:12620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6504 -s 216
        11⤵
        
        PID:10228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4948 -s 216
        10⤵
        
        PID:7960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3468 -s 216
        9⤵
        
        PID:5384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1736 -s 236
        8⤵
        Program crash
        
        PID:3196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47757.exe
        7⤵
        
        PID:3500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34217.exe
        8⤵
        
        PID:4764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8466.exe
        9⤵
        
        PID:6964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60013.exe
        10⤵
        
        PID:9080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21313.exe
        11⤵
        
        PID:11880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49836.exe
        12⤵
        
        PID:8552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9080 -s 216
        11⤵
        
        PID:12076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6964 -s 216
        10⤵
        
        PID:10172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4764 -s 216
        9⤵
        
        PID:8164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2036 -s 240
        7⤵
        Program crash
        
        PID:3980
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2112 -s 240
        6⤵
        Program crash
        
        PID:2644
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2388 -s 240
        5⤵
        Program crash
        
        PID:1684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36762.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36762.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57843.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51087.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65070.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36327.exe
        8⤵
        
        PID:1152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35194.exe
        9⤵
        
        PID:4008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14165.exe
        10⤵
        
        PID:5276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62071.exe
        11⤵
        
        PID:6744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38220.exe
        12⤵
        
        PID:8580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40783.exe
        13⤵
        
        PID:11476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26432.exe
        14⤵
        
        PID:8840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8580 -s 216
        13⤵
        
        PID:12052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6744 -s 216
        12⤵
        
        PID:9904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5276 -s 216
        11⤵
        
        PID:7528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4008 -s 216
        10⤵
        
        PID:6640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1152 -s 216
        9⤵
        
        PID:4760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13792.exe
        8⤵
        
        PID:3308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1347.exe
        9⤵
        
        PID:4524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36676.exe
        10⤵
        
        PID:6596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4222.exe
        11⤵
        
        PID:8456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24767.exe
        12⤵
        
        PID:12160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8456 -s 204
        12⤵
        
        PID:12540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6596 -s 216
        11⤵
        
        PID:10268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4524 -s 216
        10⤵
        
        PID:8024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3308 -s 216
        9⤵
        
        PID:5552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1804 -s 240
        8⤵
        
        PID:4856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64977.exe
        7⤵
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48733.exe
        8⤵
        
        PID:3168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3246.exe
        9⤵
        
        PID:5068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62408.exe
        10⤵
        
        PID:7016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35867.exe
        11⤵
        
        PID:9108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17068.exe
        12⤵
        
        PID:11632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9436.exe
        13⤵
        
        PID:7232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9108 -s 216
        12⤵
        
        PID:12184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7016 -s 216
        11⤵
        
        PID:10160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5068 -s 216
        10⤵
        
        PID:8136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3168 -s 216
        9⤵
        
        PID:5676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1732 -s 216
        8⤵
        
        PID:4284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2572 -s 240
        7⤵
        Program crash
        
        PID:696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60856.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2118.exe
        7⤵
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4825.exe
        8⤵
        
        PID:3424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15810.exe
        9⤵
        
        PID:5448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51988.exe
        10⤵
        
        PID:6608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-520.exe
        11⤵
        
        PID:9620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13518.exe
        12⤵
        
        PID:12856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9620 -s 216
        12⤵
        
        PID:6908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6608 -s 216
        11⤵
        
        PID:10896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5448 -s 216
        10⤵
        
        PID:8300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3424 -s 216
        9⤵
        
        PID:6824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2032 -s 236
        8⤵
        
        PID:4796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18592.exe
        7⤵
        
        PID:3656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62681.exe
        8⤵
        
        PID:5304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16700.exe
        9⤵
        
        PID:6428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15987.exe
        10⤵
        
        PID:8808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54154.exe
        11⤵
        
        PID:11992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37641.exe
        12⤵
        
        PID:9608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8808 -s 216
        11⤵
        
        PID:5624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6428 -s 220
        10⤵
        
        PID:9492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5304 -s 216
        9⤵
        
        PID:7376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3656 -s 216
        8⤵
        
        PID:7048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 304 -s 240
        7⤵
        
        PID:4236
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 452 -s 240
        6⤵
        Program crash
        
        PID:2664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64278.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64110.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30349.exe
        7⤵
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35194.exe
        8⤵
        
        PID:4016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36090.exe
        9⤵
        
        PID:3192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48256.exe
        10⤵
        
        PID:6284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22993.exe
        11⤵
        
        PID:9364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24906.exe
        12⤵
        
        PID:11848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9364 -s 216
        12⤵
        
        PID:13308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6284 -s 216
        11⤵
        
        PID:10732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3192 -s 216
        10⤵
        
        PID:7252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4016 -s 236
        9⤵
        
        PID:5988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20064.exe
        8⤵
        
        PID:3344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61403.exe
        9⤵
        
        PID:5340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15987.exe
        10⤵
        
        PID:8828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23594.exe
        11⤵
        
        PID:12088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34258.exe
        12⤵
        
        PID:12864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8828 -s 216
        11⤵
        
        PID:12340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5340 -s 220
        10⤵
        
        PID:9640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3344 -s 216
        9⤵
        
        PID:7732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2852 -s 220
        8⤵
        
        PID:6020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46657.exe
        7⤵
        
        PID:3240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5094.exe
        8⤵
        
        PID:4900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22945.exe
        9⤵
        
        PID:6532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63090.exe
        10⤵
        
        PID:9012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35168.exe
        11⤵
        
        PID:11420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50723.exe
        12⤵
        
        PID:8704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9012 -s 216
        11⤵
        
        PID:11928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6532 -s 220
        10⤵
        
        PID:10132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4900 -s 236
        9⤵
        
        PID:7972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3240 -s 216
        8⤵
        
        PID:5412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1840 -s 240
        7⤵
        
        PID:4160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43347.exe
        6⤵
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8255.exe
        7⤵
        
        PID:3840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55180.exe
        8⤵
        
        PID:5644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23606.exe
        9⤵
        
        PID:5596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2256.exe
        10⤵
        
        PID:11292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59415.exe
        11⤵
        
        PID:8372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5596 -s 216
        10⤵
        
        PID:11620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5644 -s 216
        9⤵
        
        PID:8720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3840 -s 216
        8⤵
        
        PID:6328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2224 -s 216
        7⤵
        
        PID:4504
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2496 -s 240
        6⤵
        Program crash
        
        PID:3064
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 628 -s 240
        5⤵
        Program crash
        
        PID:1948
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2560 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1376
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 760 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2508
- C:\Users\Admin\AppData\Local\Temp\Unicorn-28494.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-28494.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2200
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41840.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41840.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1067.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1067.exe
      4⤵
      Executes dropped EXE
      PID:764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21687.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21687.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34195.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17813.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42481.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54640.exe
        8⤵
        
        PID:640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3045.exe
        9⤵
        
        PID:3584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24949.exe
        10⤵
        
        PID:4664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51201.exe
        11⤵
        
        PID:6340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39993.exe
        12⤵
        
        PID:8940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27959.exe
        13⤵
        
        PID:11496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8940 -s 216
        13⤵
        
        PID:12836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6340 -s 220
        12⤵
        
        PID:10028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4664 -s 216
        11⤵
        
        PID:7880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3584 -s 236
        10⤵
        
        PID:5192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 640 -s 236
        9⤵
        
        PID:4200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16236.exe
        8⤵
        
        PID:3612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52535.exe
        9⤵
        
        PID:3516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15383.exe
        10⤵
        
        PID:5528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22925.exe
        11⤵
        
        PID:8996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6216.exe
        12⤵
        
        PID:11448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26432.exe
        13⤵
        
        PID:8868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8996 -s 216
        12⤵
        
        PID:11968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5528 -s 216
        11⤵
        
        PID:9924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3516 -s 236
        10⤵
        
        PID:7700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3612 -s 216
        9⤵
        
        PID:5928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2800 -s 220
        8⤵
        Program crash
        
        PID:3404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27094.exe
        7⤵
        
        PID:1676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9791.exe
        8⤵
        
        PID:3680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9894.exe
        9⤵
        
        PID:4968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62026.exe
        10⤵
        
        PID:6900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62987.exe
        11⤵
        
        PID:9132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27573.exe
        12⤵
        
        PID:12036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9132 -s 216
        12⤵
        
        PID:13140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6900 -s 216
        11⤵
        
        PID:10536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4968 -s 216
        10⤵
        
        PID:8120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3680 -s 216
        9⤵
        
        PID:6480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1676 -s 236
        8⤵
        
        PID:4744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2076 -s 240
        7⤵
        Program crash
        
        PID:2668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38266.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47370.exe
        7⤵
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17405.exe
        8⤵
        
        PID:3952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24949.exe
        9⤵
        
        PID:4672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1315.exe
        10⤵
        
        PID:6376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10490.exe
        11⤵
        
        PID:8980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17068.exe
        12⤵
        
        PID:11648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9410.exe
        13⤵
        
        PID:8932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8980 -s 216
        12⤵
        
        PID:12176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6376 -s 216
        11⤵
        
        PID:10124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4672 -s 216
        10⤵
        
        PID:7908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3952 -s 216
        9⤵
        
        PID:5296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2580 -s 236
        8⤵
        
        PID:4184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60964.exe
        7⤵
        
        PID:4060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29.exe
        8⤵
        
        PID:4420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8466.exe
        9⤵
        
        PID:6956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47144.exe
        10⤵
        
        PID:9280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45769.exe
        11⤵
        
        PID:11856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9280 -s 236
        11⤵
        
        PID:13048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6956 -s 220
        10⤵
        
        PID:10688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4420 -s 216
        9⤵
        
        PID:8156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4060 -s 216
        8⤵
        
        PID:6748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 672 -s 240
        7⤵
        
        PID:4640
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 608 -s 220
        6⤵
        Program crash
        
        PID:2444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30261.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42673.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37043.exe
        7⤵
        
        PID:1756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38956.exe
        8⤵
        
        PID:3208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29702.exe
        9⤵
        
        PID:4356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34180.exe
        10⤵
        
        PID:6404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39993.exe
        11⤵
        
        PID:8972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27362.exe
        12⤵
        
        PID:11300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8972 -s 216
        12⤵
        
        PID:12720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6404 -s 220
        11⤵
        
        PID:9736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4356 -s 216
        10⤵
        
        PID:7900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3208 -s 236
        9⤵
        
        PID:5284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1756 -s 236
        8⤵
        Program crash
        
        PID:3816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17528.exe
        7⤵
        
        PID:3288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5337.exe
        8⤵
        
        PID:3264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11325.exe
        9⤵
        
        PID:5872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15987.exe
        10⤵
        
        PID:8600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4154.exe
        11⤵
        
        PID:11436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8600 -s 216
        11⤵
        
        PID:12752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5872 -s 220
        10⤵
        
        PID:9396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3264 -s 216
        9⤵
        
        PID:7752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3288 -s 216
        8⤵
        
        PID:6064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2792 -s 240
        7⤵
        Program crash
        
        PID:3464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59959.exe
        6⤵
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55235.exe
        7⤵
        
        PID:3740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41923.exe
        8⤵
        
        PID:4272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37781.exe
        9⤵
        
        PID:6012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25576.exe
        10⤵
        
        PID:8576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35515.exe
        11⤵
        
        PID:12000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8576 -s 216
        11⤵
        
        PID:13108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6012 -s 216
        10⤵
        
        PID:10412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4272 -s 216
        9⤵
        
        PID:7568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3740 -s 216
        8⤵
        
        PID:5800
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2176 -s 240
        6⤵
        Program crash
        
        PID:2368
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2248 -s 240
        5⤵
        Program crash
        
        PID:2680
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2748 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:2204
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46739.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46739.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26478.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26478.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27885.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56248.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14863.exe
        7⤵
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7487.exe
        8⤵
        
        PID:3756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2619.exe
        9⤵
        
        PID:5416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61277.exe
        10⤵
        
        PID:6620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54319.exe
        11⤵
        
        PID:9700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27992.exe
        12⤵
        
        PID:12912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9700 -s 220
        12⤵
        
        PID:5808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6620 -s 216
        11⤵
        
        PID:10940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5416 -s 216
        10⤵
        
        PID:8520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3756 -s 216
        9⤵
        
        PID:6788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2196 -s 236
        8⤵
        
        PID:4328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20870.exe
        7⤵
        
        PID:3788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38151.exe
        8⤵
        
        PID:4348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7790.exe
        9⤵
        
        PID:7356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38729.exe
        10⤵
        
        PID:10824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22743.exe
        11⤵
        
        PID:7344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10824 -s 216
        11⤵
        
        PID:7368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7356 -s 216
        10⤵
        
        PID:11716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4348 -s 216
        9⤵
        
        PID:8620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3788 -s 236
        8⤵
        
        PID:7056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1048 -s 240
        7⤵
        
        PID:4476
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1668 -s 236
        6⤵
        Program crash
        
        PID:1244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14200.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12688.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31117.exe
        7⤵
        
        PID:276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49501.exe
        8⤵
        
        PID:3392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54839.exe
        9⤵
        
        PID:3200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7630.exe
        10⤵
        
        PID:5440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52120.exe
        11⤵
        
        PID:9208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6958.exe
        12⤵
        
        PID:11516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9410.exe
        13⤵
        
        PID:9140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9208 -s 216
        12⤵
        
        PID:12144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5440 -s 216
        11⤵
        
        PID:9244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3200 -s 236
        10⤵
        
        PID:7484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3392 -s 236
        9⤵
        
        PID:5728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47745.exe
        8⤵
        
        PID:3284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36271.exe
        9⤵
        
        PID:5344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29842.exe
        10⤵
        
        PID:8944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17068.exe
        11⤵
        
        PID:11656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28087.exe
        12⤵
        
        PID:12772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8944 -s 216
        11⤵
        
        PID:12200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5344 -s 216
        10⤵
        
        PID:10116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3284 -s 236
        9⤵
        
        PID:7456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 276 -s 220
        8⤵
        
        PID:5684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35421.exe
        7⤵
        
        PID:3492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41970.exe
        8⤵
        
        PID:3260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36913.exe
        9⤵
        
        PID:6768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5414.exe
        10⤵
        
        PID:10084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29482.exe
        11⤵
        
        PID:13176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10084 -s 216
        11⤵
        
        PID:13196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6768 -s 216
        10⤵
        
        PID:11176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3260 -s 216
        9⤵
        
        PID:8316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3492 -s 216
        8⤵
        
        PID:6316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2824 -s 240
        7⤵
        
        PID:4104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61329.exe
        6⤵
        
        PID:1356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32890.exe
        7⤵
        
        PID:3080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14336.exe
        8⤵
        
        PID:4164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57994.exe
        9⤵
        
        PID:6828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27538.exe
        10⤵
        
        PID:8796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64239.exe
        11⤵
        
        PID:11600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64698.exe
        12⤵
        
        PID:8740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8796 -s 216
        11⤵
        
        PID:12156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6828 -s 216
        10⤵
        
        PID:9984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4164 -s 216
        9⤵
        
        PID:8104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3080 -s 216
        8⤵
        
        PID:6232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1356 -s 236
        7⤵
        
        PID:4820
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2612 -s 240
        6⤵
        Program crash
        
        PID:1968
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1936 -s 240
        5⤵
        Program crash
        
        PID:1892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38937.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38937.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44245.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32653.exe
        6⤵
        
        PID:2396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3045.exe
        7⤵
        
        PID:3576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16859.exe
        8⤵
        
        PID:4304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47672.exe
        9⤵
        
        PID:5560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9193.exe
        10⤵
        
        PID:9164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36339.exe
        11⤵
        
        PID:12060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26453.exe
        12⤵
        
        PID:8656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9164 -s 216
        11⤵
        
        PID:12316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5560 -s 216
        10⤵
        
        PID:10204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4304 -s 216
        9⤵
        
        PID:7668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3576 -s 216
        8⤵
        
        PID:6000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2396 -s 216
        7⤵
        
        PID:4588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16236.exe
        6⤵
        
        PID:3604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-968.exe
        7⤵
        
        PID:4720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32761.exe
        8⤵
        
        PID:6332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5421.exe
        9⤵
        
        PID:9388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10764.exe
        10⤵
        
        PID:12212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9388 -s 216
        10⤵
        
        PID:12584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6332 -s 236
        9⤵
        
        PID:10768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4720 -s 216
        8⤵
        
        PID:7288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3604 -s 216
        7⤵
        
        PID:5364
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1220 -s 240
        6⤵
        Program crash
        
        PID:3960
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1632 -s 236
        5⤵
        Program crash
        
        PID:1992
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2720 -s 240
      4⤵
      Program crash
      PID:2936
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2200 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:1044
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2192 -s 240
  2⤵
  - Program crash
  PID:2632

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-21387.exe

Filesize
184KB

MD5
eae9b6273991e0147b74b01370ea9039

SHA1
c9d46847950f219a51fab335a1dc827873a338de

SHA256
3e470793b19e148716d697979a27488fc764b592a0f9cd20eba05209db7d2d55

SHA512
2a0f13d567516d7ea6356773bce9442caf118688d210652e1b473acb75a9b4452cc58ae83b9fb38e4356b15486b26bb51324ad705ff53f7bba6eee1d9b2232b5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21591.exe

Filesize
184KB

MD5
69e0593bbe2c95dc04c30eb902f6be2c

SHA1
3fb50dfc0732c94d8629f9d3f0b73fc907f1f3b2

SHA256
b099764522a19fe20f00297f554658a4c16d018a9587e8021f604a72a86144d7

SHA512
12e041978b7b2f280c13fedf11e5cba81633bddc99729718170cb0c6730a66ce94c9e46ef143791cbf8870b04fff1ce97c14b6f2ac28f51a6b8d8219ad29f7dc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41840.exe

Filesize
184KB

MD5
663724b787d21a62cbbf908cc3880542

SHA1
90bb279ce244d9d82559fa69dd88420c8fa111ed

SHA256
6f9e2c15878d6b7f4b4362a0115738acb47b1a3736fc90ba8609feda882633e4

SHA512
d3f1c09cf433adde221f5e601cdb1b4a1c7a0c8a0bb2eafe715670b7feb51549f8aaaa3d03900fda4ea52a9d6d538cfa5251a5bcd46d6f00de3890c5dbfb1f8a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53479.exe

Filesize
184KB

MD5
b896b528b74853adbff104de806aff4d

SHA1
d91c04ff4148f8a7731723df510212e029b0ddc8

SHA256
09ef1c396969c4dafd471d3deece53f2df31c0e2aed47fe6af76c3fd15616e3d

SHA512
2940fe65c7a66435ed82005077cb17ed5f43dd01d0c9eed6b2013f27d1eb7911e8c34c1c6cd6ebd17118266eb3f66ff0f4e8c8044a576c1b61b8034518d8efa1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56596.exe

Filesize
184KB

MD5
02c389206875bac3214f1835241fd701

SHA1
55ea4f2e83ccc67b7989211cc105be71d4e5b68c

SHA256
35149be54048189ba5ee8a25ec65434cdc70d5e69c107a860e058e2e2c97213a

SHA512
2545249c594d546afb6db158262448b5af9b52a0df96dc597fe170e375d2882acfb7a0c220665e4418ba30aa0bcff20c1dd1ab2779bce9f3991f05b9657b1612

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56900.exe

Filesize
184KB

MD5
b310a1058395fc7e26c520a4a7b2fcd9

SHA1
493bc7be0dedd6c05fcb8fd5cdbcccee1eeb12a8

SHA256
4634a473568961ad05025aa763080c69927ed5be4aa5901db1ddbfae441aa585

SHA512
e8f6d8d377b31de338813f58bf2acd53828cf7e62f8d0744ff8e926c33d5c8e31215fc1b33d854d832a159b7e728195cb9ff4564976f24e2f1d2516f6adfac7a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5717.exe

Filesize
184KB

MD5
9b19314cef1f42bb0633b36156b22aa5

SHA1
cdd2e16cb5e68d9bb2084594ae7601df8cabb0a8

SHA256
1d23ab1eb55a331cb1d12a9661d07e8c91c51036e520bab4366f2f255bb2d9a1

SHA512
fdf34d9c7b045eddc9e5d6a59ba784f5abfd8b17b8c16edc4431475e54b2cac1cb2e7d925a9dad2a9b0e5c98465f50a4f22a0cdf7b88c547db9c560dcede32a0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-1067.exe

Filesize
184KB

MD5
7089ff4474a23691e7eec798d4b56ace

SHA1
1337fb39d6d13fbdff3a66f6ecfa1ee9e25199e5

SHA256
48cba16ef99b360e84e6f1b2371995897a7630a2bdfd913704aa881106315a35

SHA512
68dc2c2302a97bb2902f855f0b962a1e2a26e277be359d994686b4a9b64edd4f9f3f4c7603c138075d9a38fd4f59d355b766dd88ebf36f4fc158497d6bd5af1e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-21687.exe

Filesize
184KB

MD5
7596fecf0d8fb3b45e642fee690768c7

SHA1
7e4e3e1e7df01fa6dc09ab92fe72d1bbbe211d1d

SHA256
0911699fe071bd1079c55267a8f5648823988bbb33f91348f21cdc03661744ff

SHA512
e48dbd54248e4e5b6729c3dd6e21cd6b795a28ad23e248ec7626cb28fea4cc1c9a83690febfde40980dc2ebb36c91e1240b87f17a7668e9422000b4a954bbf2c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-21974.exe

Filesize
184KB

MD5
ca29e29de2029e19c7dbe23d7f4117e5

SHA1
3aa5f8a8fc1cb4cb189df466edc34fa56770c5f7

SHA256
f061f9035ab866d770c1281a5035f611fa938324d5b6d94b6951bb37dd286804

SHA512
cafd239c9f31166ed3771b5036b8b2897f4f6d612348aee057dfa78fec4c6885b3fc713711da43a477f06fafc3512569a4cf4f751c96e1cfbfe6f2822c3715a0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-25710.exe

Filesize
184KB

MD5
5c736132bf236fb02f755d9247c22bd5

SHA1
db069f08c8256ac0417722609ced32c23d4eae48

SHA256
8e65d75f8146611fd1cee44f224b16f3bf9f902db3d68d167e23b5c5a98e24b3

SHA512
ace71d39feec49371579856a33be31cee08585b35110c19c54d7d206226377eff4f578acb61c800e81a744a329250b65d336a578619742ae2386e3e55545a1c3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-28494.exe

Filesize
184KB

MD5
fcd5b8123aeb0a6220bebca876f9a716

SHA1
5f22357e0ddd47aa99b326122372cb741b73f10b

SHA256
726fb5ab52edc79675337a4b587d49fa5db2d7a3f8c45132c007b984b5595b3d

SHA512
e8f9a30abb67e94c5778c70bad3ed776597caff7eead2801e33f6b9871d8c5d6f9e6a4231442870660e176cbadcebbcdf5569d230ece6f86f8cae504f2613487

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-32213.exe

Filesize
184KB

MD5
1c80a6b5525311b8c1f7a6421aaddc9b

SHA1
61b2ba407cf8290f4b3a57f517104584793fbbb0

SHA256
1f09f75bd1d0d8454c73df4b13317670cafb6e3df5ba886c986bc5e9ad791bff

SHA512
b83db2c6814641392f1ccb22410ca2f1fd2c9c5a98929b50a4b92e321a91aa384741f6b97b501a15faec2bbf0d430ed235388c3f270adc452bd3806f8d10795a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-36762.exe

Filesize
184KB

MD5
0a72f45112c8094e761b9315d4488bdb

SHA1
7916339525c96b5a868a51b98dc51cde48468df2

SHA256
7502aa8cbaca91ba9dac47820e724080783be6783bc9089d8b6bba925be45f2f

SHA512
5bb40616309edc8260c1d4107fea208deb4e60e6fba4ee2d405b60f3f91062f1df8fb354b9b371fe7b3b92fd6a73600fc954d9a49332d6fedabdd418b08f8377

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-4078.exe

Filesize
184KB

MD5
772c3a4214869bca58d2db2e246cf5ba

SHA1
9b4004e81b0595c6ec64d6c872f5b82914338b40

SHA256
a3d61576f83cd8c64887bc81f8c71d442b47db86f7b06cba578adc5601c17f4f

SHA512
2ce6e8fe633b820febe7ef3bc4e4260c61b772913188f30feda27a1ac27cf91cd7655fdf6f1322b1da110b1527d2241d661d85fded046f8368416b2825c96f30

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-46414.exe

Filesize
184KB

MD5
387108739ab557590393a771c6a6e79b

SHA1
f1a17b4e5c662fe4cce6ce7df15d48eb7623e3dc

SHA256
27e03a0702e362d4d5c83081a0d9bd37283a816006e809f66a7b4e58679633b9

SHA512
b9c74ed2a1ead9ad50b775ee979a6dcedc870692fa065736381835c4df529f569a1b4964397437313132d117b07e784eaccad4210785671ccb9db346e6d9e29e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-46739.exe

Filesize
184KB

MD5
81b80ac9045f37fc17eff8e3b12999fa

SHA1
77c82f7f4265d88c0e4c05aae2ce456b08897ff7

SHA256
b5b01deb16f1af228b429ee151448255d2ab397d48b98e51dda91b64f0d50998

SHA512
dbbf726ea3860de8be53edfb3d5f0a3878a339935df1f53e5f77963602300f41b5d46cac957fd2716972a422e169f1c8d5bd4dbab15770f89053747d6fad5637

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-51887.exe

Filesize
184KB

MD5
bc4845661580bab7ed86f407f0d5606c

SHA1
f1e5beed4da9451ecd47b2fabaed36721e5bd15f

SHA256
02d5bf0c51bbe2f349dd9f20beee656a9be06f09a45e0de1349bc149a173ed72

SHA512
bec7d9cf9f27f5dda4375ee1fd6dfde0969c0a7f5e140c3fa978ac0925f9c3c3897bd7273a64de3d52cad2f080e16a93e31a03a2e5896ad295ae3eda60f7b0de

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-52079.exe

Filesize
184KB

MD5
b91cf41dd0e0a3c9fe81c0d456fd28da

SHA1
03a0b1e3d60e382c914e472155df09261a365f0b

SHA256
c0d3e8121e71a061706d2161b8d947b61d1282cb998f7656f8989cbe4d56a6f1

SHA512
24bd72fd1fcf620795c9200a19b150b21b0767e5b0519c305f7bc8ebe08a26a020b8cfc42701c5683856e22c890ce2c44b05b71827147bca1de5b870aaeaa97c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9167.exe

Filesize
184KB

MD5
1af2ee8173c2d76b1d79d7a1b4b04c89

SHA1
ef38913a9a88f9f3202056480455d2615395bd85

SHA256
6ba1de9bc406b3abc100afadac2dbd9dbd1aca21bde867ef505d854b885e80e0

SHA512
3c9fd3fe177fcf1571a054b88eec0cf1a192ce37cccd2d7f4c9a3d607a4ecea199ce132f5807fcd82c0a31866679b0f678832646c277fced9cd5e6e786bb696a

Download Submit
memory/2324-1117-0x0000000002890000-0x00000000029EC000-memory.dmp

Filesize
1.4MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads