6ee55a5728c2e5fe31b3b2a9c696d4e6aa63e778b4001b731fff00b91af19b10

Analysis

max time kernel
150s
max time network
120s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
09/06/2024, 06:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

147bd9a3ad0a2fa6a9f370070f24a650_NeikiAnalytics.exe
Size

184KB
MD5

147bd9a3ad0a2fa6a9f370070f24a650
SHA1

dd0b59a87f4870d95564265e57e37bca045238d2
SHA256

6ee55a5728c2e5fe31b3b2a9c696d4e6aa63e778b4001b731fff00b91af19b10
SHA512

f59d58ca8cddd4cc9e159c565bb12b444a3513a49ce9ce748626cfb0863140cc5dbb74f8ef499dce8380a53bb6cf2894a07f5377311f058f8d4d08080557f289
SSDEEP

1536:67P/6yZddMRxohx1tJOApUwMzmIyvZclPmddB7Lq2+zew7hl5hj5nizpvG:sKsMRxoH7JOddz9WeC7Lqxp7hlnViF+

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2132	Unicorn-1911.exe
2988	Unicorn-5414.exe
2716	Unicorn-45933.exe
2552	Unicorn-27117.exe
2616	Unicorn-15419.exe
2516	Unicorn-35285.exe
3036	Unicorn-64231.exe
2120	Unicorn-18560.exe
1192	Unicorn-26728.exe
344	Unicorn-15414.exe
2288	Unicorn-35280.exe
2724	Unicorn-54086.exe
1232	Unicorn-59109.exe
2496	Unicorn-29774.exe
488	Unicorn-60246.exe
588	Unicorn-24367.exe
2192	Unicorn-4501.exe
2060	Unicorn-16941.exe
1616	Unicorn-33277.exe
2248	Unicorn-13411.exe
1288	Unicorn-31667.exe
1792	Unicorn-51533.exe
1240	Unicorn-2332.exe
2384	Unicorn-56172.exe
2924	Unicorn-35005.exe
1716	Unicorn-35005.exe
2356	Unicorn-23307.exe
1512	Unicorn-9042.exe
1068	Unicorn-62882.exe
756	Unicorn-33739.exe
1268	Unicorn-39446.exe
2504	Unicorn-58243.exe
2660	Unicorn-33931.exe
2524	Unicorn-33931.exe
2428	Unicorn-30401.exe
2664	Unicorn-30401.exe
2740	Unicorn-10303.exe
2512	Unicorn-55975.exe
2564	Unicorn-64143.exe
1884	Unicorn-25086.exe
2460	Unicorn-13388.exe
1552	Unicorn-17110.exe
312	Unicorn-17110.exe
2696	Unicorn-13580.exe
2820	Unicorn-41614.exe
3064	Unicorn-29916.exe
2848	Unicorn-38084.exe
912	Unicorn-54421.exe
812	Unicorn-58142.exe
992	Unicorn-46445.exe
448	Unicorn-15958.exe
2216	Unicorn-32294.exe
1212	Unicorn-12428.exe
772	Unicorn-40462.exe
2900	Unicorn-48630.exe
2348	Unicorn-36434.exe
2960	Unicorn-11738.exe
980	Unicorn-31604.exe
2948	Unicorn-28781.exe
2404	Unicorn-33419.exe
352	Unicorn-28973.exe
1376	Unicorn-3954.exe
2588	Unicorn-60493.exe
2224	Unicorn-43642.exe

Loads dropped DLL 64 IoCs

pid	Process
2004	147bd9a3ad0a2fa6a9f370070f24a650_NeikiAnalytics.exe
2004	147bd9a3ad0a2fa6a9f370070f24a650_NeikiAnalytics.exe
2132	Unicorn-1911.exe
2132	Unicorn-1911.exe
2004	147bd9a3ad0a2fa6a9f370070f24a650_NeikiAnalytics.exe
2004	147bd9a3ad0a2fa6a9f370070f24a650_NeikiAnalytics.exe
2988	Unicorn-5414.exe
2988	Unicorn-5414.exe
2716	Unicorn-45933.exe
2132	Unicorn-1911.exe
2716	Unicorn-45933.exe
2132	Unicorn-1911.exe
2448	WerFault.exe
2448	WerFault.exe
2448	WerFault.exe
2448	WerFault.exe
2448	WerFault.exe
2716	Unicorn-45933.exe
2716	Unicorn-45933.exe
2516	Unicorn-35285.exe
2516	Unicorn-35285.exe
2616	Unicorn-15419.exe
2616	Unicorn-15419.exe
2988	Unicorn-5414.exe
2552	Unicorn-27117.exe
2552	Unicorn-27117.exe
2988	Unicorn-5414.exe
552	WerFault.exe
552	WerFault.exe
552	WerFault.exe
552	WerFault.exe
1528	WerFault.exe
1528	WerFault.exe
1528	WerFault.exe
1528	WerFault.exe
1528	WerFault.exe
552	WerFault.exe
2120	Unicorn-18560.exe
2120	Unicorn-18560.exe
2516	Unicorn-35285.exe
2516	Unicorn-35285.exe
3036	Unicorn-64231.exe
3036	Unicorn-64231.exe
344	Unicorn-15414.exe
344	Unicorn-15414.exe
2288	Unicorn-35280.exe
2288	Unicorn-35280.exe
2616	Unicorn-15419.exe
2616	Unicorn-15419.exe
1748	WerFault.exe
1748	WerFault.exe
1748	WerFault.exe
1748	WerFault.exe
1748	WerFault.exe
1180	WerFault.exe
1180	WerFault.exe
1180	WerFault.exe
1180	WerFault.exe
1180	WerFault.exe
1568	WerFault.exe
1568	WerFault.exe
1568	WerFault.exe
1568	WerFault.exe
1568	WerFault.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2592	2004	WerFault.exe	27
2448	2132	WerFault.exe	28
552	2988	WerFault.exe	29
1528	2716	WerFault.exe	30
1748	2516	WerFault.exe	33
1180	2616	WerFault.exe	34
1568	2552	WerFault.exe	32
2908	2120	WerFault.exe	37
2000	3036	WerFault.exe	36
888	344	WerFault.exe	40
1644	1192	WerFault.exe	38
1256	2288	WerFault.exe	39
296	1232	WerFault.exe	44
2952	2724	WerFault.exe	43
1916	2496	WerFault.exe	45
2572	488	WerFault.exe	46
1948	2192	WerFault.exe	48
1744	588	WerFault.exe	47
1988	2060	WerFault.exe	52
2804	1616	WerFault.exe	53
1520	1288	WerFault.exe	56
2508	2248	WerFault.exe	54
1964	2384	WerFault.exe	58
2956	1716	WerFault.exe	60
3052	2356	WerFault.exe	61
2444	2924	WerFault.exe	59
2664	1240	WerFault.exe	57
2704	1512	WerFault.exe	67
1596	1068	WerFault.exe	68
680	756	WerFault.exe	69
788	1268	WerFault.exe	70
1728	2504	WerFault.exe	71
1572	2660	WerFault.exe	72
768	2740	WerFault.exe	77
2852	2564	WerFault.exe	78
2112	2524	WerFault.exe	73
2088	2512	WerFault.exe	76
760	2428	WerFault.exe	74
3532	1884	WerFault.exe	85
3548	2460	WerFault.exe	86
3580	1552	WerFault.exe	88
3708	2848	WerFault.exe	92
3736	2696	WerFault.exe	89
3744	3064	WerFault.exe	91
3768	2820	WerFault.exe	90
3860	912	WerFault.exe	93
3892	812	WerFault.exe	94
3884	1212	WerFault.exe	97
4048	448	WerFault.exe	96
4076	2216	WerFault.exe	98
2828	992	WerFault.exe	95
4068	2900	WerFault.exe	100
4008	772	WerFault.exe	99
3848	2348	WerFault.exe	102
3452	980	WerFault.exe	106
3868	2960	WerFault.exe	105
3588	2948	WerFault.exe	111
4384	320	WerFault.exe	131
4428	1420	WerFault.exe	120
4620	2860	WerFault.exe	119
4648	1404	WerFault.exe	140
4656	2728	WerFault.exe	129
4684	2108	WerFault.exe	137
4704	1308	WerFault.exe	121

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2004	147bd9a3ad0a2fa6a9f370070f24a650_NeikiAnalytics.exe
2132	Unicorn-1911.exe
2716	Unicorn-45933.exe
2988	Unicorn-5414.exe
2616	Unicorn-15419.exe
2516	Unicorn-35285.exe
2552	Unicorn-27117.exe
3036	Unicorn-64231.exe
1192	Unicorn-26728.exe
2120	Unicorn-18560.exe
344	Unicorn-15414.exe
2288	Unicorn-35280.exe
2724	Unicorn-54086.exe
1232	Unicorn-59109.exe
2496	Unicorn-29774.exe
488	Unicorn-60246.exe
2192	Unicorn-4501.exe
588	Unicorn-24367.exe
2060	Unicorn-16941.exe
1616	Unicorn-33277.exe
1288	Unicorn-31667.exe
2248	Unicorn-13411.exe
1792	Unicorn-51533.exe
1240	Unicorn-2332.exe
2384	Unicorn-56172.exe
2924	Unicorn-35005.exe
1716	Unicorn-35005.exe
2356	Unicorn-23307.exe
1512	Unicorn-9042.exe
1068	Unicorn-62882.exe
756	Unicorn-33739.exe
1268	Unicorn-39446.exe
2504	Unicorn-58243.exe
2660	Unicorn-33931.exe
2524	Unicorn-33931.exe
2740	Unicorn-10303.exe
2512	Unicorn-55975.exe
2428	Unicorn-30401.exe
2564	Unicorn-64143.exe
1884	Unicorn-25086.exe
2460	Unicorn-13388.exe
1552	Unicorn-17110.exe
312	Unicorn-17110.exe
2696	Unicorn-13580.exe
2848	Unicorn-38084.exe
2820	Unicorn-41614.exe
3064	Unicorn-29916.exe
912	Unicorn-54421.exe
812	Unicorn-58142.exe
448	Unicorn-15958.exe
992	Unicorn-46445.exe
1212	Unicorn-12428.exe
2216	Unicorn-32294.exe
772	Unicorn-40462.exe
2900	Unicorn-48630.exe
2348	Unicorn-36434.exe
2960	Unicorn-11738.exe
980	Unicorn-31604.exe
2948	Unicorn-28781.exe
2404	Unicorn-33419.exe
352	Unicorn-28973.exe
1376	Unicorn-3954.exe
2588	Unicorn-60493.exe
2224	Unicorn-43642.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2004 wrote to memory of 2132	2004	147bd9a3ad0a2fa6a9f370070f24a650_NeikiAnalytics.exe	28
PID 2004 wrote to memory of 2132	2004	147bd9a3ad0a2fa6a9f370070f24a650_NeikiAnalytics.exe	28
PID 2004 wrote to memory of 2132	2004	147bd9a3ad0a2fa6a9f370070f24a650_NeikiAnalytics.exe	28
PID 2004 wrote to memory of 2132	2004	147bd9a3ad0a2fa6a9f370070f24a650_NeikiAnalytics.exe	28
PID 2132 wrote to memory of 2988	2132	Unicorn-1911.exe	29
PID 2132 wrote to memory of 2988	2132	Unicorn-1911.exe	29
PID 2132 wrote to memory of 2988	2132	Unicorn-1911.exe	29
PID 2132 wrote to memory of 2988	2132	Unicorn-1911.exe	29
PID 2004 wrote to memory of 2716	2004	147bd9a3ad0a2fa6a9f370070f24a650_NeikiAnalytics.exe	30
PID 2004 wrote to memory of 2716	2004	147bd9a3ad0a2fa6a9f370070f24a650_NeikiAnalytics.exe	30
PID 2004 wrote to memory of 2716	2004	147bd9a3ad0a2fa6a9f370070f24a650_NeikiAnalytics.exe	30
PID 2004 wrote to memory of 2716	2004	147bd9a3ad0a2fa6a9f370070f24a650_NeikiAnalytics.exe	30
PID 2004 wrote to memory of 2592	2004	147bd9a3ad0a2fa6a9f370070f24a650_NeikiAnalytics.exe	31
PID 2004 wrote to memory of 2592	2004	147bd9a3ad0a2fa6a9f370070f24a650_NeikiAnalytics.exe	31
PID 2004 wrote to memory of 2592	2004	147bd9a3ad0a2fa6a9f370070f24a650_NeikiAnalytics.exe	31
PID 2004 wrote to memory of 2592	2004	147bd9a3ad0a2fa6a9f370070f24a650_NeikiAnalytics.exe	31
PID 2988 wrote to memory of 2552	2988	Unicorn-5414.exe	32
PID 2988 wrote to memory of 2552	2988	Unicorn-5414.exe	32
PID 2988 wrote to memory of 2552	2988	Unicorn-5414.exe	32
PID 2988 wrote to memory of 2552	2988	Unicorn-5414.exe	32
PID 2716 wrote to memory of 2516	2716	Unicorn-45933.exe	33
PID 2716 wrote to memory of 2516	2716	Unicorn-45933.exe	33
PID 2716 wrote to memory of 2516	2716	Unicorn-45933.exe	33
PID 2716 wrote to memory of 2516	2716	Unicorn-45933.exe	33
PID 2132 wrote to memory of 2616	2132	Unicorn-1911.exe	34
PID 2132 wrote to memory of 2616	2132	Unicorn-1911.exe	34
PID 2132 wrote to memory of 2616	2132	Unicorn-1911.exe	34
PID 2132 wrote to memory of 2616	2132	Unicorn-1911.exe	34
PID 2132 wrote to memory of 2448	2132	Unicorn-1911.exe	35
PID 2132 wrote to memory of 2448	2132	Unicorn-1911.exe	35
PID 2132 wrote to memory of 2448	2132	Unicorn-1911.exe	35
PID 2132 wrote to memory of 2448	2132	Unicorn-1911.exe	35
PID 2716 wrote to memory of 3036	2716	Unicorn-45933.exe	36
PID 2716 wrote to memory of 3036	2716	Unicorn-45933.exe	36
PID 2716 wrote to memory of 3036	2716	Unicorn-45933.exe	36
PID 2716 wrote to memory of 3036	2716	Unicorn-45933.exe	36
PID 2516 wrote to memory of 2120	2516	Unicorn-35285.exe	37
PID 2516 wrote to memory of 2120	2516	Unicorn-35285.exe	37
PID 2516 wrote to memory of 2120	2516	Unicorn-35285.exe	37
PID 2516 wrote to memory of 2120	2516	Unicorn-35285.exe	37
PID 2616 wrote to memory of 1192	2616	Unicorn-15419.exe	38
PID 2616 wrote to memory of 1192	2616	Unicorn-15419.exe	38
PID 2616 wrote to memory of 1192	2616	Unicorn-15419.exe	38
PID 2616 wrote to memory of 1192	2616	Unicorn-15419.exe	38
PID 2552 wrote to memory of 2288	2552	Unicorn-27117.exe	39
PID 2552 wrote to memory of 2288	2552	Unicorn-27117.exe	39
PID 2552 wrote to memory of 2288	2552	Unicorn-27117.exe	39
PID 2552 wrote to memory of 2288	2552	Unicorn-27117.exe	39
PID 2988 wrote to memory of 344	2988	Unicorn-5414.exe	40
PID 2988 wrote to memory of 344	2988	Unicorn-5414.exe	40
PID 2988 wrote to memory of 344	2988	Unicorn-5414.exe	40
PID 2988 wrote to memory of 344	2988	Unicorn-5414.exe	40
PID 2988 wrote to memory of 552	2988	Unicorn-5414.exe	41
PID 2988 wrote to memory of 552	2988	Unicorn-5414.exe	41
PID 2988 wrote to memory of 552	2988	Unicorn-5414.exe	41
PID 2988 wrote to memory of 552	2988	Unicorn-5414.exe	41
PID 2716 wrote to memory of 1528	2716	Unicorn-45933.exe	42
PID 2716 wrote to memory of 1528	2716	Unicorn-45933.exe	42
PID 2716 wrote to memory of 1528	2716	Unicorn-45933.exe	42
PID 2716 wrote to memory of 1528	2716	Unicorn-45933.exe	42
PID 2120 wrote to memory of 2724	2120	Unicorn-18560.exe	43
PID 2120 wrote to memory of 2724	2120	Unicorn-18560.exe	43
PID 2120 wrote to memory of 2724	2120	Unicorn-18560.exe	43
PID 2120 wrote to memory of 2724	2120	Unicorn-18560.exe	43

C:\Users\Admin\AppData\Local\Temp\147bd9a3ad0a2fa6a9f370070f24a650_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\147bd9a3ad0a2fa6a9f370070f24a650_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2004
- C:\Users\Admin\AppData\Local\Temp\Unicorn-1911.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-1911.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2132
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5414.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5414.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27117.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27117.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35280.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24367.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35005.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1716 -s 220
        8⤵
        Program crash
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30401.exe
        7⤵
        Executes dropped EXE
        
        PID:2664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 588 -s 220
        7⤵
        Program crash
        
        PID:1744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23307.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2356 -s 240
        7⤵
        Program crash
        
        PID:3052
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2288 -s 240
        6⤵
        Program crash
        
        PID:1256
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2552 -s 236
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:1568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15414.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15414.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60246.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2332.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10303.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32294.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61069.exe
        9⤵
        
        PID:860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12823.exe
        10⤵
        
        PID:3272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58703.exe
        11⤵
        
        PID:3656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40961.exe
        12⤵
        
        PID:5268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35334.exe
        13⤵
        
        PID:8580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60314.exe
        14⤵
        
        PID:11552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8580 -s 220
        14⤵
        
        PID:13220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5268 -s 216
        13⤵
        
        PID:10008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3656 -s 236
        12⤵
        
        PID:6348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3272 -s 216
        11⤵
        
        PID:4492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64411.exe
        10⤵
        
        PID:3696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2896.exe
        11⤵
        
        PID:4628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61872.exe
        12⤵
        
        PID:7644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46422.exe
        13⤵
        
        PID:11464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7644 -s 216
        13⤵
        
        PID:11460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4628 -s 216
        12⤵
        
        PID:8504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3696 -s 236
        11⤵
        
        PID:6896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 860 -s 240
        10⤵
        
        PID:4720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1126.exe
        9⤵
        
        PID:3288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2595.exe
        10⤵
        
        PID:4060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11199.exe
        11⤵
        
        PID:4240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13846.exe
        12⤵
        
        PID:7108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42247.exe
        13⤵
        
        PID:10984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22706.exe
        14⤵
        
        PID:13728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7108 -s 216
        13⤵
        
        PID:11632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4240 -s 216
        12⤵
        
        PID:9076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4060 -s 236
        11⤵
        
        PID:6468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40726.exe
        10⤵
        
        PID:4340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18619.exe
        11⤵
        
        PID:8184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15831.exe
        12⤵
        
        PID:11384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42073.exe
        13⤵
        
        PID:8676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8184 -s 216
        12⤵
        
        PID:12036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4340 -s 216
        11⤵
        
        PID:9208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3288 -s 220
        10⤵
        
        PID:6564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2216 -s 240
        9⤵
        Program crash
        
        PID:4076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57540.exe
        8⤵
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53856.exe
        9⤵
        
        PID:3184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42175.exe
        10⤵
        
        PID:3316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7380.exe
        11⤵
        
        PID:5372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62817.exe
        12⤵
        
        PID:8256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31016.exe
        13⤵
        
        PID:13568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8256 -s 216
        13⤵
        
        PID:14100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5372 -s 216
        12⤵
        
        PID:10836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3316 -s 216
        11⤵
        
        PID:8108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3184 -s 236
        10⤵
        
        PID:5860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63534.exe
        9⤵
        
        PID:3392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16950.exe
        10⤵
        
        PID:5704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41639.exe
        11⤵
        
        PID:8780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37699.exe
        12⤵
        
        PID:12136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8780 -s 216
        12⤵
        
        PID:12888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5704 -s 216
        11⤵
        
        PID:10196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3392 -s 216
        10⤵
        
        PID:6768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2584 -s 220
        9⤵
        
        PID:4136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2740 -s 240
        8⤵
        Program crash
        
        PID:768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12428.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11676.exe
        8⤵
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53280.exe
        9⤵
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11894.exe
        10⤵
        
        PID:412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59876.exe
        11⤵
        
        PID:5988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27934.exe
        12⤵
        
        PID:8268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29395.exe
        13⤵
        
        PID:11884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8268 -s 216
        13⤵
        
        PID:13268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5988 -s 220
        12⤵
        
        PID:9860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 412 -s 216
        11⤵
        
        PID:7816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2152 -s 236
        10⤵
        
        PID:5264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16917.exe
        9⤵
        
        PID:3620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55621.exe
        10⤵
        
        PID:6000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46289.exe
        11⤵
        
        PID:8280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55582.exe
        12⤵
        
        PID:13188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8280 -s 216
        12⤵
        
        PID:13956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6000 -s 216
        11⤵
        
        PID:10844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3620 -s 216
        10⤵
        
        PID:7948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2296 -s 240
        9⤵
        
        PID:5444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-550.exe
        8⤵
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9595.exe
        9⤵
        
        PID:4480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29825.exe
        10⤵
        
        PID:6780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37265.exe
        11⤵
        
        PID:10508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9986.exe
        12⤵
        
        PID:13368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6780 -s 216
        11⤵
        
        PID:11412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4480 -s 216
        10⤵
        
        PID:8316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2136 -s 216
        9⤵
        
        PID:6252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1212 -s 240
        8⤵
        Program crash
        
        PID:3884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1240 -s 240
        7⤵
        Program crash
        
        PID:2664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64143.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43642.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45112.exe
        8⤵
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7317.exe
        9⤵
        
        PID:3672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57790.exe
        10⤵
        
        PID:5584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5584 -s 212
        11⤵
        
        PID:8848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3672 -s 216
        10⤵
        
        PID:5740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2520 -s 236
        9⤵
        
        PID:5072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25277.exe
        8⤵
        
        PID:312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61220.exe
        9⤵
        
        PID:5908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20176.exe
        10⤵
        
        PID:8248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30834.exe
        11⤵
        
        PID:13128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8248 -s 216
        11⤵
        
        PID:13824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5908 -s 216
        10⤵
        
        PID:10472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 312 -s 216
        9⤵
        
        PID:7744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2224 -s 220
        8⤵
        
        PID:5168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2564 -s 216
        7⤵
        Program crash
        
        PID:2852
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 488 -s 240
        6⤵
        Program crash
        
        PID:2572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56172.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33931.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58142.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11676.exe
        8⤵
        
        PID:1968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4271.exe
        9⤵
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43436.exe
        10⤵
        
        PID:3416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16618.exe
        11⤵
        
        PID:4536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15536.exe
        12⤵
        
        PID:9352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34973.exe
        13⤵
        
        PID:13760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9352 -s 220
        13⤵
        
        PID:14236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4536 -s 236
        12⤵
        
        PID:10748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3416 -s 220
        11⤵
        
        PID:8084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2432 -s 236
        10⤵
        
        PID:5728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23570.exe
        9⤵
        
        PID:3480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17889.exe
        10⤵
        
        PID:4832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6638.exe
        11⤵
        
        PID:6820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50415.exe
        12⤵
        
        PID:10992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47018.exe
        13⤵
        
        PID:6420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6820 -s 216
        12⤵
        
        PID:11640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4832 -s 236
        11⤵
        
        PID:8920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3480 -s 236
        10⤵
        
        PID:6440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1968 -s 240
        9⤵
        
        PID:4772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17462.exe
        8⤵
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26991.exe
        9⤵
        
        PID:3936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16566.exe
        10⤵
        
        PID:5520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11078.exe
        11⤵
        
        PID:8860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56853.exe
        12⤵
        
        PID:12168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8860 -s 216
        12⤵
        
        PID:12408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5520 -s 220
        11⤵
        
        PID:9232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3936 -s 236
        10⤵
        
        PID:6160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1640 -s 216
        9⤵
        
        PID:5084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 812 -s 220
        8⤵
        Program crash
        
        PID:3892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8147.exe
        7⤵
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45112.exe
        8⤵
        
        PID:356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31438.exe
        9⤵
        
        PID:3468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34111.exe
        10⤵
        
        PID:5400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57285.exe
        11⤵
        
        PID:8628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30735.exe
        12⤵
        
        PID:11912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8628 -s 216
        12⤵
        
        PID:13360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5400 -s 220
        11⤵
        
        PID:10328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 356 -s 236
        9⤵
        
        PID:5960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57566.exe
        8⤵
        
        PID:3500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60286.exe
        9⤵
        
        PID:5944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4363.exe
        10⤵
        
        PID:9040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17165.exe
        11⤵
        
        PID:11360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9040 -s 220
        11⤵
        
        PID:12580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5944 -s 220
        10⤵
        
        PID:9536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3500 -s 236
        9⤵
        
        PID:7244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2256 -s 220
        8⤵
        
        PID:4964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2660 -s 240
        7⤵
        Program crash
        
        PID:1572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46445.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11868.exe
        7⤵
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20992.exe
        8⤵
        
        PID:3324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43436.exe
        9⤵
        
        PID:3492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32269.exe
        10⤵
        
        PID:5768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60819.exe
        11⤵
        
        PID:9952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56234.exe
        12⤵
        
        PID:14040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9952 -s 216
        12⤵
        
        PID:5008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5768 -s 216
        11⤵
        
        PID:10788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3492 -s 216
        10⤵
        
        PID:8140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3324 -s 236
        9⤵
        
        PID:5816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64411.exe
        8⤵
        
        PID:2160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21413.exe
        9⤵
        
        PID:6128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2448.exe
        10⤵
        
        PID:7912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27009.exe
        11⤵
        
        PID:11768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7912 -s 216
        11⤵
        
        PID:12556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6128 -s 216
        10⤵
        
        PID:9436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2160 -s 216
        9⤵
        
        PID:7976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2012 -s 240
        8⤵
        
        PID:5556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9294.exe
        7⤵
        
        PID:3356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2595.exe
        8⤵
        
        PID:4044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50945.exe
        9⤵
        
        PID:4152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44960.exe
        10⤵
        
        PID:8152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30470.exe
        11⤵
        
        PID:11604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8152 -s 216
        11⤵
        
        PID:12424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4152 -s 216
        10⤵
        
        PID:8788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4044 -s 216
        9⤵
        
        PID:7024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3356 -s 216
        8⤵
        
        PID:4736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 992 -s 240
        7⤵
        Program crash
        
        PID:2828
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2384 -s 220
        6⤵
        Program crash
        
        PID:1964
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 344 -s 240
        5⤵
        Program crash
        
        PID:888
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2988 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:552
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15419.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15419.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26728.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26728.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1192
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1192 -s 240
        5⤵
        Program crash
        
        PID:1644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4501.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4501.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35005.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54421.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60877.exe
        7⤵
        
        PID:1264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4463.exe
        8⤵
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58895.exe
        9⤵
        
        PID:3312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3031.exe
        10⤵
        
        PID:4200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46444.exe
        11⤵
        
        PID:7432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38988.exe
        12⤵
        
        PID:10640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15196.exe
        13⤵
        
        PID:7740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7432 -s 216
        12⤵
        
        PID:12200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4200 -s 216
        11⤵
        
        PID:9212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3312 -s 216
        10⤵
        
        PID:6540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40726.exe
        9⤵
        
        PID:4352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37617.exe
        10⤵
        
        PID:7324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30984.exe
        11⤵
        
        PID:11940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7324 -s 216
        11⤵
        
        PID:12692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4352 -s 216
        10⤵
        
        PID:9548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2064 -s 220
        9⤵
        
        PID:6572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-794.exe
        8⤵
        
        PID:3404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35870.exe
        9⤵
        
        PID:5180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34239.exe
        10⤵
        
        PID:8656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44170.exe
        11⤵
        
        PID:11648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8656 -s 216
        11⤵
        
        PID:13236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5180 -s 216
        10⤵
        
        PID:10040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3404 -s 216
        9⤵
        
        PID:6180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1264 -s 220
        8⤵
        
        PID:4800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17654.exe
        7⤵
        
        PID:1780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2595.exe
        8⤵
        
        PID:4040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43737.exe
        9⤵
        
        PID:4864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13029.exe
        10⤵
        
        PID:7844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47896.exe
        11⤵
        
        PID:12040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7844 -s 216
        11⤵
        
        PID:12792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4864 -s 216
        10⤵
        
        PID:9600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4040 -s 216
        9⤵
        
        PID:6812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1780 -s 216
        8⤵
        
        PID:4712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 912 -s 240
        7⤵
        Program crash
        
        PID:3860
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2924 -s 236
        6⤵
        Program crash
        
        PID:2444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55975.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40462.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44349.exe
        7⤵
        
        PID:1788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29160.exe
        8⤵
        
        PID:3364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43436.exe
        9⤵
        
        PID:3436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-421.exe
        10⤵
        
        PID:5600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13112.exe
        11⤵
        
        PID:6116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53568.exe
        12⤵
        
        PID:11864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6116 -s 216
        12⤵
        
        PID:12672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5600 -s 216
        11⤵
        
        PID:9528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3436 -s 216
        10⤵
        
        PID:6228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3364 -s 236
        9⤵
        
        PID:4312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23570.exe
        8⤵
        
        PID:3488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57650.exe
        9⤵
        
        PID:5952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13424.exe
        10⤵
        
        PID:8648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31400.exe
        11⤵
        
        PID:13424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8648 -s 220
        11⤵
        
        PID:14028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5952 -s 216
        10⤵
        
        PID:10820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3488 -s 220
        9⤵
        
        PID:8116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1788 -s 240
        8⤵
        
        PID:5652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19382.exe
        7⤵
        
        PID:3408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42175.exe
        8⤵
        
        PID:3332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9720.exe
        9⤵
        
        PID:4396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56698.exe
        10⤵
        
        PID:7872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38861.exe
        11⤵
        
        PID:11292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30158.exe
        12⤵
        
        PID:8380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7872 -s 236
        11⤵
        
        PID:11500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4396 -s 216
        10⤵
        
        PID:9092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3408 -s 216
        8⤵
        
        PID:4180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 772 -s 240
        7⤵
        Program crash
        
        PID:4008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32651.exe
        6⤵
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53472.exe
        7⤵
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9704.exe
        8⤵
        
        PID:4544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31662.exe
        9⤵
        
        PID:7136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6813.exe
        10⤵
        
        PID:10648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33339.exe
        11⤵
        
        PID:13432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7136 -s 216
        10⤵
        
        PID:11516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4544 -s 236
        9⤵
        
        PID:8704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2856 -s 236
        8⤵
        
        PID:6276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23570.exe
        7⤵
        
        PID:3460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43374.exe
        8⤵
        
        PID:5792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45396.exe
        9⤵
        
        PID:8980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53044.exe
        10⤵
        
        PID:11668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8980 -s 216
        10⤵
        
        PID:13136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5792 -s 220
        9⤵
        
        PID:9464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3460 -s 216
        8⤵
        
        PID:7204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2896 -s 240
        7⤵
        
        PID:4176
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2512 -s 240
        6⤵
        Program crash
        
        PID:2088
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2192 -s 240
        5⤵
        Program crash
        
        PID:1948
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2616 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1180
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2132 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2448
- C:\Users\Admin\AppData\Local\Temp\Unicorn-45933.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-45933.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2716
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35285.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35285.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18560.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18560.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54086.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33277.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33739.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17110.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28973.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37136.exe
        10⤵
        
        PID:3024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43327.exe
        11⤵
        
        PID:3976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39202.exe
        12⤵
        
        PID:5976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63216.exe
        13⤵
        
        PID:7184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4896.exe
        14⤵
        
        PID:11588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7184 -s 216
        14⤵
        
        PID:12416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5976 -s 216
        13⤵
        
        PID:8332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3976 -s 216
        12⤵
        
        PID:7960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3024 -s 216
        11⤵
        
        PID:5628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39797.exe
        10⤵
        
        PID:4000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46685.exe
        11⤵
        
        PID:6124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17327.exe
        12⤵
        
        PID:8936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58005.exe
        13⤵
        
        PID:11472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8936 -s 220
        13⤵
        
        PID:12472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6124 -s 216
        12⤵
        
        PID:9444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4000 -s 216
        11⤵
        
        PID:7992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 352 -s 240
        10⤵
        
        PID:5644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41774.exe
        9⤵
        
        PID:2992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43327.exe
        10⤵
        
        PID:3992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30925.exe
        11⤵
        
        PID:5640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37929.exe
        12⤵
        
        PID:8972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59007.exe
        13⤵
        
        PID:12772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8972 -s 216
        13⤵
        
        PID:13920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5640 -s 216
        12⤵
        
        PID:10756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3992 -s 216
        11⤵
        
        PID:7852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2992 -s 236
        10⤵
        
        PID:5464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3954.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4463.exe
        9⤵
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25647.exe
        10⤵
        
        PID:3080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54853.exe
        11⤵
        
        PID:5256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13808.exe
        12⤵
        
        PID:9264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7279.exe
        13⤵
        
        PID:13476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9264 -s 204
        13⤵
        
        PID:14072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3080 -s 216
        11⤵
        
        PID:8000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3048 -s 236
        10⤵
        
        PID:5748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5781.exe
        9⤵
        
        PID:4056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16047.exe
        10⤵
        
        PID:5836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56724.exe
        11⤵
        
        PID:8284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47839.exe
        12⤵
        
        PID:12276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8284 -s 204
        12⤵
        
        PID:13320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4056 -s 216
        10⤵
        
        PID:7212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1376 -s 240
        9⤵
        
        PID:4376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 756 -s 240
        8⤵
        Program crash
        
        PID:680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13580.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11484.exe
        8⤵
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53856.exe
        9⤵
        
        PID:3176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61884.exe
        10⤵
        
        PID:3704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30032.exe
        11⤵
        
        PID:5068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19574.exe
        12⤵
        
        PID:8224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47979.exe
        13⤵
        
        PID:12280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8224 -s 216
        13⤵
        
        PID:12968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5068 -s 220
        12⤵
        
        PID:9780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3704 -s 216
        11⤵
        
        PID:6644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3176 -s 236
        10⤵
        
        PID:4260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-986.exe
        9⤵
        
        PID:3916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3415.exe
        10⤵
        
        PID:4532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54145.exe
        11⤵
        
        PID:7840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30984.exe
        12⤵
        
        PID:11952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7840 -s 216
        12⤵
        
        PID:12708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4532 -s 216
        11⤵
        
        PID:9516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3916 -s 236
        10⤵
        
        PID:6620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2860 -s 240
        9⤵
        Program crash
        
        PID:4620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58495.exe
        8⤵
        
        PID:3244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2595.exe
        9⤵
        
        PID:3136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37048.exe
        10⤵
        
        PID:5048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24410.exe
        11⤵
        
        PID:7916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23340.exe
        12⤵
        
        PID:11332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22182.exe
        13⤵
        
        PID:8460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7916 -s 216
        12⤵
        
        PID:11980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5048 -s 236
        11⤵
        
        PID:9128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3136 -s 236
        10⤵
        
        PID:6492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17374.exe
        9⤵
        
        PID:5104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12178.exe
        10⤵
        
        PID:7880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13749.exe
        11⤵
        
        PID:11544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7880 -s 236
        11⤵
        
        PID:12308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5104 -s 216
        10⤵
        
        PID:8640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3244 -s 220
        9⤵
        
        PID:6516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2696 -s 240
        8⤵
        Program crash
        
        PID:3736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1616 -s 240
        7⤵
        Program crash
        
        PID:2804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39446.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17110.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28781.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29736.exe
        9⤵
        
        PID:948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32590.exe
        10⤵
        
        PID:3252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52808.exe
        11⤵
        
        PID:4876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52365.exe
        12⤵
        
        PID:7692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29650.exe
        13⤵
        
        PID:1220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17439.exe
        14⤵
        
        PID:14164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7692 -s 216
        13⤵
        
        PID:11340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4876 -s 236
        12⤵
        
        PID:8916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3252 -s 216
        11⤵
        
        PID:6668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 948 -s 236
        10⤵
        
        PID:4924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20892.exe
        9⤵
        
        PID:3296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51661.exe
        10⤵
        
        PID:4360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7110.exe
        11⤵
        
        PID:6140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11763.exe
        12⤵
        
        PID:9148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14590.exe
        13⤵
        
        PID:12180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9148 -s 204
        13⤵
        
        PID:13028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6140 -s 216
        12⤵
        
        PID:10092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4360 -s 236
        11⤵
        
        PID:7456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3296 -s 216
        10⤵
        
        PID:5544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2948 -s 240
        9⤵
        Program crash
        
        PID:3588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26590.exe
        8⤵
        
        PID:1488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57094.exe
        9⤵
        
        PID:3336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34059.exe
        10⤵
        
        PID:4812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38735.exe
        11⤵
        
        PID:6892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11494.exe
        12⤵
        
        PID:11064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5025.exe
        13⤵
        
        PID:6676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6892 -s 216
        12⤵
        
        PID:11688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4812 -s 236
        11⤵
        
        PID:9100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3336 -s 236
        10⤵
        
        PID:6352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63586.exe
        9⤵
        
        PID:4868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45292.exe
        10⤵
        
        PID:7548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45869.exe
        11⤵
        
        PID:10864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20205.exe
        12⤵
        
        PID:13944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7548 -s 216
        11⤵
        
        PID:11392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4868 -s 236
        10⤵
        
        PID:8260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1488 -s 240
        9⤵
        
        PID:6368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1552 -s 240
        8⤵
        Program crash
        
        PID:3580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33419.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29928.exe
        8⤵
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11702.exe
        9⤵
        
        PID:3396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43737.exe
        10⤵
        
        PID:4884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39619.exe
        11⤵
        
        PID:8476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30351.exe
        12⤵
        
        PID:11540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8476 -s 216
        12⤵
        
        PID:13352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4884 -s 216
        11⤵
        
        PID:10320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3396 -s 236
        10⤵
        
        PID:6804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2644 -s 236
        9⤵
        
        PID:4956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60773.exe
        8⤵
        
        PID:3440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43732.exe
        9⤵
        
        PID:6080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43746.exe
        10⤵
        
        PID:9028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48161.exe
        11⤵
        
        PID:12320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9028 -s 236
        11⤵
        
        PID:13632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6080 -s 216
        10⤵
        
        PID:10392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3440 -s 216
        9⤵
        
        PID:7824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 240
        8⤵
        
        PID:5288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1268 -s 220
        7⤵
        Program crash
        
        PID:788
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2724 -s 240
        6⤵
        Program crash
        
        PID:2952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13411.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29916.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35989.exe
        7⤵
        
        PID:1420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45688.exe
        8⤵
        
        PID:3120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58895.exe
        9⤵
        
        PID:3260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18081.exe
        10⤵
        
        PID:5124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59838.exe
        11⤵
        
        PID:8440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19282.exe
        12⤵
        
        PID:11576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8440 -s 220
        12⤵
        
        PID:13228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5124 -s 216
        11⤵
        
        PID:9892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3260 -s 236
        10⤵
        
        PID:7036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3120 -s 216
        9⤵
        
        PID:4852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1420 -s 236
        8⤵
        Program crash
        
        PID:4428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50327.exe
        7⤵
        
        PID:3212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58703.exe
        8⤵
        
        PID:3664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34054.exe
        9⤵
        
        PID:5364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49807.exe
        10⤵
        
        PID:8804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61404.exe
        11⤵
        
        PID:11568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60501.exe
        11⤵
        
        PID:11832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8804 -s 212
        11⤵
        
        PID:13524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5364 -s 216
        10⤵
        
        PID:10204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3664 -s 216
        9⤵
        
        PID:7144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3212 -s 216
        8⤵
        
        PID:4476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3064 -s 240
        7⤵
        Program crash
        
        PID:3744
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2248 -s 216
        6⤵
        Program crash
        
        PID:2508
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2120 -s 240
        5⤵
        Program crash
        
        PID:2908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59109.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59109.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16941.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9042.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36434.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14722.exe
        8⤵
        
        PID:2108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47198.exe
        9⤵
        
        PID:3608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19892.exe
        10⤵
        
        PID:3168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27017.exe
        11⤵
        
        PID:4664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43118.exe
        12⤵
        
        PID:8408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56064.exe
        13⤵
        
        PID:12088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8408 -s 220
        13⤵
        
        PID:12820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4664 -s 216
        12⤵
        
        PID:9876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3168 -s 216
        11⤵
        
        PID:6760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32231.exe
        10⤵
        
        PID:4232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35334.exe
        11⤵
        
        PID:8588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36386.exe
        12⤵
        
        PID:11408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63152.exe
        13⤵
        
        PID:13452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8588 -s 220
        12⤵
        
        PID:13180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4232 -s 220
        11⤵
        
        PID:10024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3608 -s 240
        10⤵
        
        PID:6844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16746.exe
        9⤵
        
        PID:3604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43929.exe
        10⤵
        
        PID:4156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60606.exe
        11⤵
        
        PID:8204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31835.exe
        12⤵
        
        PID:11268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8204 -s 216
        12⤵
        
        PID:13016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4156 -s 220
        11⤵
        
        PID:9768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3604 -s 216
        10⤵
        
        PID:6836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2108 -s 240
        9⤵
        Program crash
        
        PID:4684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43668.exe
        8⤵
        
        PID:3640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3747.exe
        9⤵
        
        PID:3872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36472.exe
        10⤵
        
        PID:4808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55764.exe
        11⤵
        
        PID:7620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23563.exe
        12⤵
        
        PID:11004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64060.exe
        13⤵
        
        PID:14036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7620 -s 216
        12⤵
        
        PID:11508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4808 -s 236
        11⤵
        
        PID:8604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3872 -s 216
        10⤵
        
        PID:6652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15127.exe
        9⤵
        
        PID:4304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13029.exe
        10⤵
        
        PID:6548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56064.exe
        11⤵
        
        PID:12096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6548 -s 220
        11⤵
        
        PID:12812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4304 -s 216
        10⤵
        
        PID:9608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3640 -s 240
        9⤵
        
        PID:6704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2348 -s 240
        8⤵
        Program crash
        
        PID:3848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1512 -s 236
        7⤵
        Program crash
        
        PID:2704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13388.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31604.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30483.exe
        8⤵
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46238.exe
        9⤵
        
        PID:3780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18413.exe
        10⤵
        
        PID:4188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9549.exe
        11⤵
        
        PID:5324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17711.exe
        12⤵
        
        PID:8612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47896.exe
        13⤵
        
        PID:12076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8612 -s 220
        13⤵
        
        PID:12828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5324 -s 220
        12⤵
        
        PID:10032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4188 -s 216
        11⤵
        
        PID:6792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4676.exe
        10⤵
        
        PID:5404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49807.exe
        11⤵
        
        PID:8812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32349.exe
        12⤵
        
        PID:12064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8812 -s 216
        12⤵
        
        PID:12848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3780 -s 240
        10⤵
        
        PID:6944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14883.exe
        9⤵
        
        PID:4248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31807.exe
        10⤵
        
        PID:5188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35365.exe
        11⤵
        
        PID:8232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6998.exe
        12⤵
        
        PID:11380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8232 -s 216
        12⤵
        
        PID:13376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5188 -s 220
        11⤵
        
        PID:10284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4248 -s 236
        10⤵
        
        PID:7508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2532 -s 240
        9⤵
        
        PID:5476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42708.exe
        8⤵
        
        PID:3832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11588.exe
        9⤵
        
        PID:3960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10893.exe
        10⤵
        
        PID:5852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61732.exe
        11⤵
        
        PID:9008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61404.exe
        12⤵
        
        PID:11432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9008 -s 220
        12⤵
        
        PID:4472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5852 -s 220
        11⤵
        
        PID:9500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3960 -s 216
        10⤵
        
        PID:7220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3832 -s 236
        9⤵
        
        PID:5312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 980 -s 220
        8⤵
        Program crash
        
        PID:3452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51458.exe
        7⤵
        
        PID:884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38262.exe
        8⤵
        
        PID:3952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34941.exe
        9⤵
        
        PID:4332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32357.exe
        10⤵
        
        PID:5300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35261.exe
        11⤵
        
        PID:7656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44642.exe
        12⤵
        
        PID:5840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58087.exe
        13⤵
        
        PID:8052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7656 -s 216
        12⤵
        
        PID:12052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5300 -s 216
        11⤵
        
        PID:8692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4332 -s 216
        10⤵
        
        PID:7296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3952 -s 236
        9⤵
        
        PID:5236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1728.exe
        8⤵
        
        PID:4580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7541.exe
        9⤵
        
        PID:6208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46030.exe
        10⤵
        
        PID:10792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33723.exe
        11⤵
        
        PID:13612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6208 -s 216
        10⤵
        
        PID:11452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4580 -s 216
        9⤵
        
        PID:8760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 884 -s 240
        8⤵
        
        PID:6308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2460 -s 240
        7⤵
        Program crash
        
        PID:3548
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2060 -s 240
        6⤵
        Program crash
        
        PID:1988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62882.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25086.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3025.exe
        7⤵
        
        PID:1404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54681.exe
        8⤵
        
        PID:3676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36804.exe
        9⤵
        
        PID:3108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50945.exe
        10⤵
        
        PID:4920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35334.exe
        11⤵
        
        PID:8596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17501.exe
        12⤵
        
        PID:12020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8596 -s 220
        12⤵
        
        PID:13260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4920 -s 216
        11⤵
        
        PID:10016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3108 -s 216
        10⤵
        
        PID:7016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3676 -s 236
        9⤵
        
        PID:4444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25106.exe
        8⤵
        
        PID:3352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51521.exe
        9⤵
        
        PID:3972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61737.exe
        10⤵
        
        PID:8176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25665.exe
        11⤵
        
        PID:11816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8176 -s 216
        11⤵
        
        PID:12620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3972 -s 216
        10⤵
        
        PID:9480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3352 -s 236
        9⤵
        
        PID:6684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1404 -s 240
        8⤵
        Program crash
        
        PID:4648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1884 -s 236
        7⤵
        Program crash
        
        PID:3532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11738.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54987.exe
        7⤵
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30094.exe
        8⤵
        
        PID:3920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10244.exe
        9⤵
        
        PID:4160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9549.exe
        10⤵
        
        PID:5336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49807.exe
        11⤵
        
        PID:8796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26485.exe
        12⤵
        
        PID:12244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8796 -s 220
        12⤵
        
        PID:12664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5336 -s 216
        11⤵
        
        PID:10212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4160 -s 216
        10⤵
        
        PID:6960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3920 -s 236
        9⤵
        
        PID:5388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6715.exe
        8⤵
        
        PID:4216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9741.exe
        9⤵
        
        PID:6036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61348.exe
        10⤵
        
        PID:8904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7268.exe
        11⤵
        
        PID:11984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8904 -s 216
        11⤵
        
        PID:12864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6036 -s 220
        10⤵
        
        PID:9372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4216 -s 216
        9⤵
        
        PID:7340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2420 -s 220
        8⤵
        
        PID:4560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26564.exe
        7⤵
        
        PID:3984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42917.exe
        8⤵
        
        PID:4276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50774.exe
        9⤵
        
        PID:6004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61348.exe
        10⤵
        
        PID:8900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64123.exe
        11⤵
        
        PID:11344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8900 -s 216
        11⤵
        
        PID:13152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6004 -s 220
        10⤵
        
        PID:9348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4276 -s 216
        9⤵
        
        PID:7284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3984 -s 236
        8⤵
        
        PID:5468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2960 -s 220
        7⤵
        Program crash
        
        PID:3868
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1068 -s 240
        6⤵
        Program crash
        
        PID:1596
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1232 -s 240
        5⤵
        Program crash
        
        PID:296
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2516 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1748
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64231.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64231.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:3036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29774.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29774.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51533.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33931.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15958.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52517.exe
        8⤵
        
        PID:880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12247.exe
        9⤵
        
        PID:1304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34967.exe
        10⤵
        
        PID:3824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-805.exe
        11⤵
        
        PID:5224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-606.exe
        12⤵
        
        PID:8716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32541.exe
        13⤵
        
        PID:11736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8716 -s 216
        13⤵
        
        PID:13276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5224 -s 216
        12⤵
        
        PID:10124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3824 -s 216
        11⤵
        
        PID:6244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1304 -s 236
        10⤵
        
        PID:5020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39605.exe
        9⤵
        
        PID:3812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39202.exe
        10⤵
        
        PID:6076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38121.exe
        11⤵
        
        PID:9052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48353.exe
        12⤵
        
        PID:11568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9052 -s 220
        12⤵
        
        PID:13532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6076 -s 216
        11⤵
        
        PID:10772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3812 -s 216
        10⤵
        
        PID:7968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 880 -s 240
        9⤵
        
        PID:5632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17270.exe
        8⤵
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17671.exe
        9⤵
        
        PID:3280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63597.exe
        10⤵
        
        PID:5880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8577.exe
        11⤵
        
        PID:8836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48270.exe
        12⤵
        
        PID:11276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8836 -s 220
        12⤵
        
        PID:13384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5880 -s 220
        11⤵
        
        PID:10352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3280 -s 216
        10⤵
        
        PID:7860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2476 -s 236
        9⤵
        
        PID:5504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 448 -s 240
        8⤵
        Program crash
        
        PID:4048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41203.exe
        7⤵
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53664.exe
        8⤵
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18740.exe
        9⤵
        
        PID:3752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29965.exe
        10⤵
        
        PID:5332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46289.exe
        11⤵
        
        PID:8304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41960.exe
        12⤵
        
        PID:13396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8304 -s 216
        12⤵
        
        PID:14064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5332 -s 216
        11⤵
        
        PID:10852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3752 -s 216
        10⤵
        
        PID:7984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2932 -s 216
        9⤵
        
        PID:5564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14525.exe
        8⤵
        
        PID:3900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27017.exe
        9⤵
        
        PID:4552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2277.exe
        10⤵
        
        PID:8336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47979.exe
        11⤵
        
        PID:12268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8336 -s 216
        11⤵
        
        PID:12952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4552 -s 216
        10⤵
        
        PID:9868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3900 -s 216
        9⤵
        
        PID:6748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2728 -s 240
        8⤵
        Program crash
        
        PID:4656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2524 -s 240
        7⤵
        Program crash
        
        PID:2112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30401.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48630.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3700.exe
        7⤵
        
        PID:320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4463.exe
        8⤵
        
        PID:2440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1536.exe
        9⤵
        
        PID:4516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23686.exe
        10⤵
        
        PID:5920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56398.exe
        11⤵
        
        PID:10688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-474.exe
        12⤵
        
        PID:13488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5920 -s 216
        11⤵
        
        PID:11444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4516 -s 236
        10⤵
        
        PID:8740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2440 -s 216
        9⤵
        
        PID:6268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 320 -s 216
        8⤵
        Program crash
        
        PID:4384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2900 -s 236
        7⤵
        Program crash
        
        PID:4068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57540.exe
        6⤵
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20608.exe
        7⤵
        
        PID:1092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17863.exe
        8⤵
        
        PID:3428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17889.exe
        9⤵
        
        PID:4572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19382.exe
        10⤵
        
        PID:7808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47979.exe
        11⤵
        
        PID:12260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7808 -s 216
        11⤵
        
        PID:12960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4572 -s 220
        10⤵
        
        PID:9744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3428 -s 216
        9⤵
        
        PID:7000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1092 -s 216
        8⤵
        
        PID:4296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23570.exe
        7⤵
        
        PID:3384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32601.exe
        8⤵
        
        PID:5208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35910.exe
        9⤵
        
        PID:8484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60314.exe
        10⤵
        
        PID:11556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8484 -s 220
        10⤵
        
        PID:13208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5208 -s 220
        9⤵
        
        PID:9884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3384 -s 236
        8⤵
        
        PID:6172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2936 -s 240
        7⤵
        
        PID:4844
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2428 -s 240
        6⤵
        Program crash
        
        PID:760
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2496 -s 240
        5⤵
        Program crash
        
        PID:1916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31667.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31667.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58243.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41614.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59626.exe
        7⤵
        
        PID:1548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54598.exe
        8⤵
        
        PID:4024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27925.exe
        9⤵
        
        PID:3796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56887.exe
        10⤵
        
        PID:5912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52801.exe
        11⤵
        
        PID:7672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39728.exe
        12⤵
        
        PID:12024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7672 -s 220
        12⤵
        
        PID:12784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5912 -s 216
        11⤵
        
        PID:9560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3796 -s 216
        10⤵
        
        PID:7228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4024 -s 236
        9⤵
        
        PID:5348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31411.exe
        8⤵
        
        PID:4120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24542.exe
        9⤵
        
        PID:5436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51862.exe
        10⤵
        
        PID:8524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-745.exe
        11⤵
        
        PID:11788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8524 -s 216
        11⤵
        
        PID:13284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5436 -s 216
        10⤵
        
        PID:9916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4120 -s 236
        9⤵
        
        PID:3332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1548 -s 240
        8⤵
        
        PID:4972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2820 -s 236
        7⤵
        Program crash
        
        PID:3768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32459.exe
        6⤵
        
        PID:1308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53664.exe
        7⤵
        
        PID:1016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58895.exe
        8⤵
        
        PID:3172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19560.exe
        9⤵
        
        PID:4400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53678.exe
        10⤵
        
        PID:6168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14647.exe
        11⤵
        
        PID:11904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6168 -s 216
        11⤵
        
        PID:12700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4400 -s 216
        10⤵
        
        PID:9592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3172 -s 236
        9⤵
        
        PID:6588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13207.exe
        8⤵
        
        PID:4592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29257.exe
        9⤵
        
        PID:8104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55488.exe
        10⤵
        
        PID:11964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8104 -s 216
        10⤵
        
        PID:12724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4592 -s 216
        9⤵
        
        PID:9624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1016 -s 240
        8⤵
        
        PID:6628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58163.exe
        7⤵
        
        PID:3348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52097.exe
        8⤵
        
        PID:4392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5245.exe
        9⤵
        
        PID:8068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47787.exe
        10⤵
        
        PID:12212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8068 -s 216
        10⤵
        
        PID:12936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4392 -s 216
        9⤵
        
        PID:9672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3348 -s 216
        8⤵
        
        PID:6856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1308 -s 220
        7⤵
        Program crash
        
        PID:4704
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2504 -s 240
        6⤵
        Program crash
        
        PID:1728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38084.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60493.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37520.exe
        7⤵
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58703.exe
        8⤵
        
        PID:4084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7380.exe
        9⤵
        
        PID:5296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7368.exe
        10⤵
        
        PID:9324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8898.exe
        11⤵
        
        PID:13668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9324 -s 216
        11⤵
        
        PID:14128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5296 -s 216
        10⤵
        
        PID:10876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4084 -s 220
        9⤵
        
        PID:8092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2324 -s 236
        8⤵
        
        PID:5680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64411.exe
        7⤵
        
        PID:3720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48605.exe
        8⤵
        
        PID:5928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36491.exe
        9⤵
        
        PID:7800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62758.exe
        10⤵
        
        PID:11492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7800 -s 216
        10⤵
        
        PID:11900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5928 -s 216
        9⤵
        
        PID:8560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3720 -s 216
        8⤵
        
        PID:8128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2588 -s 240
        7⤵
        
        PID:5700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25822.exe
        6⤵
        
        PID:3112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18055.exe
        7⤵
        
        PID:3840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33094.exe
        8⤵
        
        PID:5660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36081.exe
        9⤵
        
        PID:7668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59297.exe
        10⤵
        
        PID:11728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7668 -s 216
        10⤵
        
        PID:12524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5660 -s 216
        9⤵
        
        PID:9388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3840 -s 216
        8⤵
        
        PID:6376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3112 -s 236
        7⤵
        
        PID:4504
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2848 -s 240
        6⤵
        Program crash
        
        PID:3708
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1288 -s 240
        5⤵
        Program crash
        
        PID:1520
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3036 -s 240
      4⤵
      Program crash
      PID:2000
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2716 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:1528
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2004 -s 240
  2⤵
  - Program crash
  PID:2592

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-15419.exe

Filesize
184KB

MD5
52ac86651b921475adf46b7e83e42e50

SHA1
60afaa2cc2e3bc44fd496495334978d32138d581

SHA256
987f7591013c9d0f018293c6a54bbaced9d8bee5c91c4d314b6dfee260d70663

SHA512
e6720140f0055dac5406dcc8607c9fffe6b472f8ff744ce704e42b3d1022bb0de4a4d498b18a89ec8379c698011bd637182968077f2fb51c449a1754173406f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18560.exe

Filesize
184KB

MD5
05802eeedaa6d34cd3dd94d060e2e911

SHA1
e67ba03327b8d5e53d55c16216008291e0a0515a

SHA256
ee17b321c763e2b1a78923a6eb1762742e416a6ecffff5f424dc17d06a3007b1

SHA512
6510cdf8c460a0802896ab1a740aff4562e7d9128a13bcafe5f0a7bc093706c9deeff6000013586409e9af2f781a46984b8a6ddafee44bafb554b5d133f72f50

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32231.exe

Filesize
184KB

MD5
1044c903b74825fba809c405e99d613d

SHA1
8108bf3cbb347d6ac2f239330e60b617a38db579

SHA256
24449d63777fcbf5894295858c9e7a003b81c9a7cdfc584950fe76a0a7f2ce2f

SHA512
a3edc6c2d973571d7ada8763239eea1e111de390f781671891b64bbb2b0444b875904f4161ff7929e2356dee33573c41a206394be1aa1a24d1939d20725afefc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50774.exe

Filesize
184KB

MD5
047ff364099bb927b44cfaa25642087b

SHA1
3d6368251a9a3baf8aff3a7ca2725652651cc801

SHA256
95bbd2097db6274d31d8b2df551d36473c5e77a8c350644f30eb44ab6575b14a

SHA512
80e3ddbbf737faf4d7e67f686f61fc4c5f7c3bc417d52329cc2cc20bc5d0a18639923335f436203d26ec0b1f1bb6724b22dfeae6d9bdfc0b7ba6e74703c07dc4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-15414.exe

Filesize
184KB

MD5
fd5e62c420b622805a4269d6162ede0f

SHA1
26559886faad3ad459f9280b1a9c70fe1adaf621

SHA256
134a82d652f7e59e3b34a65dfc3169a33047a525802c7359348d8a85dee49a63

SHA512
d31a17ede69ce429a8d6a0dc593cabeffe9847d78d01f78d499621e77d8a614721e9a357d13b93712f890ae5e25bf8e09f6882ceeca3d3cca67dcdf8d7a773e1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-1911.exe

Filesize
184KB

MD5
8b426eb4407e94997a7d93409f57cd1a

SHA1
e95c6703ba552b738b886289c7caadb7b0686040

SHA256
4bd603f9297f35d62d5299e860880f496c3ffbb6daca903c1b77832540b3cb63

SHA512
b4ae9ee0ebdd9d93a6fa82b4d2a565bbacaa529e17ac1e20827f4caed90b701d8838b693c280963a49d61894fca96c760d09d3d234ed0604c9639954e2ee6b4a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26728.exe

Filesize
184KB

MD5
64a2612b80629c0a6e3c1b946ec16c37

SHA1
4489001642fa705a4b276fb824a17578c4c11893

SHA256
342b8922b3dc2af1862fbaae88f2ab03f5b10d87c0ffd41ec715af036afdd8f3

SHA512
b0ece688a9eb01183d811cf7301720f66f34908264d01aa407448d7dc380dd66ee4a30b00f312e5809d58dfb91db7f5f3573d56fd237de8c413268426bd79130

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-27117.exe

Filesize
184KB

MD5
b87dce121657bd12684bf488c9440451

SHA1
3ba3f35f37c8aafd5600cde3848cc1882de093c7

SHA256
84460ffb410c29dd4f98c7ac183cb3613dc621f6077cde126526067de7e43d82

SHA512
14ee27a893edc9c36b55aba774f5dc7c71161d8a59325b1a1da2f22b69f741399ea425187a7466052b35911889b91c289573d208ead14cc6a6a44d96de1d3399

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-29774.exe

Filesize
184KB

MD5
1f955bcabd2adf8b509ae17bb24f4c93

SHA1
dc3c87d26bb18c16569c87d1fa514d98be2a3057

SHA256
684a43fce808e7d96a3dd2b2a70f7918dfb6e73eb73c5448fe4dc24ad9c65290

SHA512
99fff4e7459bf7123d5eea039d59e1f1a35aea854e05859bbabe923bcb3ab54ebb0367199e418273e349208cac15effe1a1dfdc9d4c1842394e32dc4ffca3e91

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-35280.exe

Filesize
184KB

MD5
be4a87b71d6e718b6c0c70b8d3fb3096

SHA1
9e99e5b5e1bf889e919b0b68b164bcaae1564d7f

SHA256
d703295496fa93c3cf7d41fc643f8a1a8cd28290225e72b7b5f6a78f9b69566b

SHA512
3e74902ef4f24ab60b31aa280d2e016f2e26b0cdc0c2140230eb5d36de9a248be8b67092423dcf790c025ce26646d7fe596ae45be21d70e7ce5145ad3a9495c1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-35285.exe

Filesize
184KB

MD5
8720de1d5b8d939e9d548ad804b34ddf

SHA1
7df3616ff0122746448a71aee0b73d8e146ab852

SHA256
9db041d6013b354dccec9183f0f254cec7f75af73333416c99d7ae8a18177239

SHA512
6540adba28cf98e279fd9e2af20ce6b7c8986c1fac3cb336dfac080cbd958ba9990042ce93016be8e881ac18ad6ceeec54a405fa69e38b3fb6268dafe1d08a93

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-45933.exe

Filesize
184KB

MD5
a77baada7158ad547c9a93b4f0ec4b09

SHA1
f45a58d3890a5a49776f3e9877b2c11597edef40

SHA256
3557215fe12fb4ea91b401f85b5aeabfb3e3e97731089ef4ecd72e5f81b3d217

SHA512
ef465039b621415287f91e51dd3e9bd9223a0b446c1cb56cd7f5419bbca4d628c0e418fb1c133c0129534f51fa3137554f0bd4cf7afcb1ede4d538272c11fb5d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-54086.exe

Filesize
184KB

MD5
0c2a65c29a101fbc067e56f9d56e5bc5

SHA1
1944d96f2d3dbdac8aed9579abdefb900604022e

SHA256
331434ae818e6eda0c09fb487c101f5fe2ca138e3f822edee2bec531f7f18c82

SHA512
c798d97b8437536c55d6c6e1c40f77c3fe9799c67678c33afa3ab547a9c9174857c5636631ef9e6768f23e96665ca0b7c0f392d0a15b3f5b53028e1e0d502dfe

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-5414.exe

Filesize
184KB

MD5
c8499f71f49dcef76769cfeb28d1efa2

SHA1
fea7f2c3c46c885386122255e98048ea5289a2f5

SHA256
e239e0ed4df5e4b0822035a0923e380731fd9f43c9d35f804f777644d221bc80

SHA512
3b40079f0328d1bc3b1048b6eeac1634440bbdafb7226c2325d315fa04ac43f45e698ab9f928ae4e41f9373a7740a1f35fb2826109e7117f684b6e3e6e252c81

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-59109.exe

Filesize
184KB

MD5
d1bd69690e78b4dbc00ef6df6e8e56f0

SHA1
b2472824ffaaa3b2545347e9480397a00078f68f

SHA256
8d36e7610463e8d5e0f2a1fe5fa7ce19bd1177b026fb74050bcf49fd52ae2784

SHA512
06b2c35082875628048363f1c78cb1b280dd82c1a478f4ce392a7c3e93078f7225ec1b95c26769f8fd1fbee21f93fd1b126086c96ed02f283cfd74ce35dc38ff

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-64231.exe

Filesize
184KB

MD5
be1b626f2f67ddb31f4eb48cdee69693

SHA1
6233377170d993d2e621db8e073fdbcb3b6cdf1b

SHA256
b4749b4ba1a1ca7db5d2306bb21c130d1f6a2bc8af21416a49caf79be9c61ba2

SHA512
e8ed693abc45a76f2a34b3acab8eb6ab0bbfa418057f96351e65a1156f18dee596c01f0285baf1cdf7699d8e1760eb9b8d1040ab7091b3de6a946c5d5a8bb144

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads