c9b6ce76651a8392cec744b1c9377d90383e30ec83059c299328c961fa29830e

Analysis

max time kernel
150s
max time network
121s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
26-05-2024 05:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

71bc78cc99f510d25cd4e6f2eeaf3630_NeikiAnalytics.exe
Size

184KB
MD5

71bc78cc99f510d25cd4e6f2eeaf3630
SHA1

827212512cd08129bb9ce03c2c3d7eae4d0d5ee3
SHA256

c9b6ce76651a8392cec744b1c9377d90383e30ec83059c299328c961fa29830e
SHA512

06b113be5552b108ea73e9d8f85935b9f978e75048c191e2e55b594d46fbf777186e92231ae07cead59ef6b3ef527d265c3c0347cd6d0368651fedee8432a619
SSDEEP

1536:A7nl6iZmu3y6oRx1tIChllwbHLIyPCZcl6mdcxhLY2cfetbhl5hj5VizpvR:uAq3y6o37ICJqHEDeQhLYPsbhlnniFJ

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
1636	Unicorn-3286.exe
2072	Unicorn-10909.exe
2652	Unicorn-48413.exe
2744	Unicorn-6052.exe
2484	Unicorn-2222.exe
2628	Unicorn-37848.exe
2964	Unicorn-17231.exe
2028	Unicorn-46566.exe
2096	Unicorn-894.exe
380	Unicorn-60375.exe
2800	Unicorn-40509.exe
880	Unicorn-64262.exe
400	Unicorn-15061.exe
308	Unicorn-6701.exe
2008	Unicorn-52373.exe
2220	Unicorn-36036.exe
488	Unicorn-55902.exe
1640	Unicorn-18740.exe
2108	Unicorn-50360.exe
304	Unicorn-63167.exe
1556	Unicorn-45871.exe
1372	Unicorn-25581.exe
1336	Unicorn-55492.exe
764	Unicorn-59021.exe
684	Unicorn-50661.exe
2368	Unicorn-42493.exe
2148	Unicorn-9628.exe
2084	Unicorn-47132.exe
1524	Unicorn-1460.exe
2316	Unicorn-30603.exe
2552	Unicorn-38117.exe
1648	Unicorn-57983.exe
2612	Unicorn-15991.exe
2456	Unicorn-57023.exe
2976	Unicorn-8206.exe
2756	Unicorn-21013.exe
3016	Unicorn-15051.exe
2848	Unicorn-55015.exe
2248	Unicorn-28626.exe
2508	Unicorn-40324.exe
2696	Unicorn-60422.exe
2708	Unicorn-64828.exe
2776	Unicorn-39063.exe
2796	Unicorn-19197.exe
2932	Unicorn-7459.exe
1960	Unicorn-28434.exe
2824	Unicorn-12098.exe
1936	Unicorn-31964.exe
544	Unicorn-52166.exe
1880	Unicorn-6727.exe
1352	Unicorn-10832.exe
1332	Unicorn-11901.exe
924	Unicorn-31999.exe
2284	Unicorn-60910.exe
660	Unicorn-32876.exe
2408	Unicorn-19878.exe
2400	Unicorn-57381.exe
2360	Unicorn-30158.exe
2432	Unicorn-6037.exe
1948	Unicorn-43348.exe
1520	Unicorn-59685.exe
1712	Unicorn-46686.exe
1976	Unicorn-50557.exe
2828	Unicorn-54771.exe

Loads dropped DLL 64 IoCs

pid	Process
1628	71bc78cc99f510d25cd4e6f2eeaf3630_NeikiAnalytics.exe
1628	71bc78cc99f510d25cd4e6f2eeaf3630_NeikiAnalytics.exe
1636	Unicorn-3286.exe
1636	Unicorn-3286.exe
1628	71bc78cc99f510d25cd4e6f2eeaf3630_NeikiAnalytics.exe
1628	71bc78cc99f510d25cd4e6f2eeaf3630_NeikiAnalytics.exe
2652	Unicorn-48413.exe
2652	Unicorn-48413.exe
2072	Unicorn-10909.exe
1636	Unicorn-3286.exe
1636	Unicorn-3286.exe
2072	Unicorn-10909.exe
1656	WerFault.exe
1656	WerFault.exe
1656	WerFault.exe
1656	WerFault.exe
1656	WerFault.exe
2628	Unicorn-37848.exe
2628	Unicorn-37848.exe
2744	Unicorn-6052.exe
2744	Unicorn-6052.exe
2072	Unicorn-10909.exe
2072	Unicorn-10909.exe
2484	Unicorn-2222.exe
2484	Unicorn-2222.exe
2652	Unicorn-48413.exe
2652	Unicorn-48413.exe
2832	WerFault.exe
2832	WerFault.exe
2832	WerFault.exe
2832	WerFault.exe
2832	WerFault.exe
2960	WerFault.exe
2960	WerFault.exe
2960	WerFault.exe
2960	WerFault.exe
2960	WerFault.exe
2028	Unicorn-46566.exe
2028	Unicorn-46566.exe
2964	Unicorn-17231.exe
2964	Unicorn-17231.exe
380	Unicorn-60375.exe
380	Unicorn-60375.exe
2628	Unicorn-37848.exe
2628	Unicorn-37848.exe
2484	Unicorn-2222.exe
2484	Unicorn-2222.exe
2096	Unicorn-894.exe
2096	Unicorn-894.exe
2744	Unicorn-6052.exe
2744	Unicorn-6052.exe
1736	WerFault.exe
1736	WerFault.exe
1736	WerFault.exe
1736	WerFault.exe
1736	WerFault.exe
1692	WerFault.exe
1692	WerFault.exe
1692	WerFault.exe
1692	WerFault.exe
688	WerFault.exe
688	WerFault.exe
688	WerFault.exe
688	WerFault.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2444	1628	WerFault.exe	27
1656	1636	WerFault.exe	28
2832	2652	WerFault.exe	30
2960	2072	WerFault.exe	29
1736	2628	WerFault.exe	33
1692	2744	WerFault.exe	32
688	2484	WerFault.exe	34
1852	2028	WerFault.exe	38
3024	2964	WerFault.exe	36
1516	380	WerFault.exe	39
2632	2096	WerFault.exe	37
2588	2800	WerFault.exe	40
1092	880	WerFault.exe	43
2156	488	WerFault.exe	48
1688	2220	WerFault.exe	47
2416	2008	WerFault.exe	46
832	1640	WerFault.exe	49
828	400	WerFault.exe	44
1760	308	WerFault.exe	45
1980	2108	WerFault.exe	53
1836	304	WerFault.exe	54
2280	1556	WerFault.exe	55
1600	1372	WerFault.exe	56
2644	764	WerFault.exe	58
2664	1336	WerFault.exe	57
2616	684	WerFault.exe	59
2956	2368	WerFault.exe	60
3012	2148	WerFault.exe	61
2844	2316	WerFault.exe	64
2684	1524	WerFault.exe	63
2544	2084	WerFault.exe	62
2152	1648	WerFault.exe	71
3116	2756	WerFault.exe	75
3132	3016	WerFault.exe	76
3360	2932	WerFault.exe	84
3416	2696	WerFault.exe	80
3424	2612	WerFault.exe	72
3472	2976	WerFault.exe	74
3552	2508	WerFault.exe	79
3572	2552	WerFault.exe	70
3856	1936	WerFault.exe	87
3872	1880	WerFault.exe	90
3888	3304	WerFault.exe	186
4020	544	WerFault.exe	89
3452	660	WerFault.exe	99
3652	2432	WerFault.exe	105
3680	2076	WerFault.exe	118
3708	336	WerFault.exe	120
3700	1812	WerFault.exe	122
3736	2248	WerFault.exe	78
3800	2400	WerFault.exe	103
3816	2112	WerFault.exe	121
3836	2192	WerFault.exe	117
3740	1712	WerFault.exe	108
3992	1948	WerFault.exe	106
4048	2796	WerFault.exe	83
4016	1332	WerFault.exe	95
3096	1324	WerFault.exe	112
3092	1996	WerFault.exe	113
3300	2452	WerFault.exe	119
3352	1960	WerFault.exe	85
3400	2776	WerFault.exe	82
3456	1776	WerFault.exe	114
3760	2456	WerFault.exe	73

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1628	71bc78cc99f510d25cd4e6f2eeaf3630_NeikiAnalytics.exe
1636	Unicorn-3286.exe
2072	Unicorn-10909.exe
2652	Unicorn-48413.exe
2628	Unicorn-37848.exe
2744	Unicorn-6052.exe
2484	Unicorn-2222.exe
2028	Unicorn-46566.exe
2964	Unicorn-17231.exe
2800	Unicorn-40509.exe
380	Unicorn-60375.exe
2096	Unicorn-894.exe
880	Unicorn-64262.exe
2008	Unicorn-52373.exe
308	Unicorn-6701.exe
2220	Unicorn-36036.exe
400	Unicorn-15061.exe
488	Unicorn-55902.exe
1640	Unicorn-18740.exe
2108	Unicorn-50360.exe
304	Unicorn-63167.exe
1556	Unicorn-45871.exe
1372	Unicorn-25581.exe
1336	Unicorn-55492.exe
764	Unicorn-59021.exe
684	Unicorn-50661.exe
2368	Unicorn-42493.exe
2148	Unicorn-9628.exe
2084	Unicorn-47132.exe
2316	Unicorn-30603.exe
1524	Unicorn-1460.exe
1648	Unicorn-57983.exe
2552	Unicorn-38117.exe
2612	Unicorn-15991.exe
2456	Unicorn-57023.exe
2976	Unicorn-8206.exe
2756	Unicorn-21013.exe
3016	Unicorn-15051.exe
2848	Unicorn-55015.exe
2248	Unicorn-28626.exe
2696	Unicorn-60422.exe
2508	Unicorn-40324.exe
2708	Unicorn-64828.exe
2776	Unicorn-39063.exe
2932	Unicorn-7459.exe
2824	Unicorn-12098.exe
1960	Unicorn-28434.exe
2796	Unicorn-19197.exe
1936	Unicorn-31964.exe
544	Unicorn-52166.exe
1880	Unicorn-6727.exe
1352	Unicorn-10832.exe
924	Unicorn-31999.exe
1332	Unicorn-11901.exe
2284	Unicorn-60910.exe
660	Unicorn-32876.exe
2408	Unicorn-19878.exe
2400	Unicorn-57381.exe
2360	Unicorn-30158.exe
2432	Unicorn-6037.exe
1948	Unicorn-43348.exe
1520	Unicorn-59685.exe
1712	Unicorn-46686.exe
1976	Unicorn-50557.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1628 wrote to memory of 1636	1628	71bc78cc99f510d25cd4e6f2eeaf3630_NeikiAnalytics.exe	28
PID 1628 wrote to memory of 1636	1628	71bc78cc99f510d25cd4e6f2eeaf3630_NeikiAnalytics.exe	28
PID 1628 wrote to memory of 1636	1628	71bc78cc99f510d25cd4e6f2eeaf3630_NeikiAnalytics.exe	28
PID 1628 wrote to memory of 1636	1628	71bc78cc99f510d25cd4e6f2eeaf3630_NeikiAnalytics.exe	28
PID 1636 wrote to memory of 2072	1636	Unicorn-3286.exe	29
PID 1636 wrote to memory of 2072	1636	Unicorn-3286.exe	29
PID 1636 wrote to memory of 2072	1636	Unicorn-3286.exe	29
PID 1636 wrote to memory of 2072	1636	Unicorn-3286.exe	29
PID 1628 wrote to memory of 2652	1628	71bc78cc99f510d25cd4e6f2eeaf3630_NeikiAnalytics.exe	30
PID 1628 wrote to memory of 2652	1628	71bc78cc99f510d25cd4e6f2eeaf3630_NeikiAnalytics.exe	30
PID 1628 wrote to memory of 2652	1628	71bc78cc99f510d25cd4e6f2eeaf3630_NeikiAnalytics.exe	30
PID 1628 wrote to memory of 2652	1628	71bc78cc99f510d25cd4e6f2eeaf3630_NeikiAnalytics.exe	30
PID 1628 wrote to memory of 2444	1628	71bc78cc99f510d25cd4e6f2eeaf3630_NeikiAnalytics.exe	31
PID 1628 wrote to memory of 2444	1628	71bc78cc99f510d25cd4e6f2eeaf3630_NeikiAnalytics.exe	31
PID 1628 wrote to memory of 2444	1628	71bc78cc99f510d25cd4e6f2eeaf3630_NeikiAnalytics.exe	31
PID 1628 wrote to memory of 2444	1628	71bc78cc99f510d25cd4e6f2eeaf3630_NeikiAnalytics.exe	31
PID 2652 wrote to memory of 2744	2652	Unicorn-48413.exe	32
PID 2652 wrote to memory of 2744	2652	Unicorn-48413.exe	32
PID 2652 wrote to memory of 2744	2652	Unicorn-48413.exe	32
PID 2652 wrote to memory of 2744	2652	Unicorn-48413.exe	32
PID 1636 wrote to memory of 2484	1636	Unicorn-3286.exe	34
PID 1636 wrote to memory of 2484	1636	Unicorn-3286.exe	34
PID 2072 wrote to memory of 2628	2072	Unicorn-10909.exe	33
PID 1636 wrote to memory of 2484	1636	Unicorn-3286.exe	34
PID 1636 wrote to memory of 2484	1636	Unicorn-3286.exe	34
PID 2072 wrote to memory of 2628	2072	Unicorn-10909.exe	33
PID 2072 wrote to memory of 2628	2072	Unicorn-10909.exe	33
PID 2072 wrote to memory of 2628	2072	Unicorn-10909.exe	33
PID 1636 wrote to memory of 1656	1636	Unicorn-3286.exe	35
PID 1636 wrote to memory of 1656	1636	Unicorn-3286.exe	35
PID 1636 wrote to memory of 1656	1636	Unicorn-3286.exe	35
PID 1636 wrote to memory of 1656	1636	Unicorn-3286.exe	35
PID 2628 wrote to memory of 2964	2628	Unicorn-37848.exe	36
PID 2628 wrote to memory of 2964	2628	Unicorn-37848.exe	36
PID 2628 wrote to memory of 2964	2628	Unicorn-37848.exe	36
PID 2628 wrote to memory of 2964	2628	Unicorn-37848.exe	36
PID 2744 wrote to memory of 2096	2744	Unicorn-6052.exe	37
PID 2744 wrote to memory of 2096	2744	Unicorn-6052.exe	37
PID 2744 wrote to memory of 2096	2744	Unicorn-6052.exe	37
PID 2744 wrote to memory of 2096	2744	Unicorn-6052.exe	37
PID 2072 wrote to memory of 2028	2072	Unicorn-10909.exe	38
PID 2072 wrote to memory of 2028	2072	Unicorn-10909.exe	38
PID 2072 wrote to memory of 2028	2072	Unicorn-10909.exe	38
PID 2072 wrote to memory of 2028	2072	Unicorn-10909.exe	38
PID 2484 wrote to memory of 380	2484	Unicorn-2222.exe	39
PID 2484 wrote to memory of 380	2484	Unicorn-2222.exe	39
PID 2484 wrote to memory of 380	2484	Unicorn-2222.exe	39
PID 2484 wrote to memory of 380	2484	Unicorn-2222.exe	39
PID 2652 wrote to memory of 2800	2652	Unicorn-48413.exe	40
PID 2652 wrote to memory of 2800	2652	Unicorn-48413.exe	40
PID 2652 wrote to memory of 2800	2652	Unicorn-48413.exe	40
PID 2652 wrote to memory of 2800	2652	Unicorn-48413.exe	40
PID 2652 wrote to memory of 2832	2652	Unicorn-48413.exe	41
PID 2652 wrote to memory of 2832	2652	Unicorn-48413.exe	41
PID 2652 wrote to memory of 2832	2652	Unicorn-48413.exe	41
PID 2652 wrote to memory of 2832	2652	Unicorn-48413.exe	41
PID 2072 wrote to memory of 2960	2072	Unicorn-10909.exe	42
PID 2072 wrote to memory of 2960	2072	Unicorn-10909.exe	42
PID 2072 wrote to memory of 2960	2072	Unicorn-10909.exe	42
PID 2072 wrote to memory of 2960	2072	Unicorn-10909.exe	42
PID 2028 wrote to memory of 880	2028	Unicorn-46566.exe	43
PID 2028 wrote to memory of 880	2028	Unicorn-46566.exe	43
PID 2028 wrote to memory of 880	2028	Unicorn-46566.exe	43
PID 2028 wrote to memory of 880	2028	Unicorn-46566.exe	43

C:\Users\Admin\AppData\Local\Temp\71bc78cc99f510d25cd4e6f2eeaf3630_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\71bc78cc99f510d25cd4e6f2eeaf3630_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1628
- C:\Users\Admin\AppData\Local\Temp\Unicorn-3286.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-3286.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1636
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10909.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10909.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37848.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37848.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17231.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15061.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9628.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7459.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21387.exe
        9⤵
        
        PID:808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29655.exe
        10⤵
        
        PID:3436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21936.exe
        11⤵
        
        PID:3776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32148.exe
        12⤵
        
        PID:6572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27711.exe
        13⤵
        
        PID:1032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23754.exe
        14⤵
        
        PID:7156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1032 -s 216
        14⤵
        
        PID:6344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6572 -s 216
        13⤵
        
        PID:9376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3776 -s 216
        12⤵
        
        PID:7672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3436 -s 216
        11⤵
        
        PID:5896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26958.exe
        10⤵
        
        PID:3268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30359.exe
        11⤵
        
        PID:5588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43289.exe
        12⤵
        
        PID:8392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25447.exe
        13⤵
        
        PID:10712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8392 -s 204
        13⤵
        
        PID:11676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5588 -s 216
        12⤵
        
        PID:9480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3268 -s 220
        11⤵
        
        PID:7388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 808 -s 240
        10⤵
        
        PID:5904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2932 -s 216
        9⤵
        Program crash
        
        PID:3360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26052.exe
        8⤵
        
        PID:2076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43666.exe
        9⤵
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51427.exe
        10⤵
        
        PID:3612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35569.exe
        11⤵
        
        PID:6420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26834.exe
        12⤵
        
        PID:8644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-873.exe
        13⤵
        
        PID:6776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8644 -s 216
        13⤵
        
        PID:5232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6420 -s 216
        12⤵
        
        PID:10196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3612 -s 216
        11⤵
        
        PID:7556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2056 -s 216
        10⤵
        
        PID:5844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2076 -s 216
        9⤵
        Program crash
        
        PID:3680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2148 -s 240
        8⤵
        Program crash
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28434.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55155.exe
        8⤵
        
        PID:336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26234.exe
        9⤵
        
        PID:3664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5215.exe
        10⤵
        
        PID:4288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24168.exe
        11⤵
        
        PID:5644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-419.exe
        12⤵
        
        PID:8296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33615.exe
        13⤵
        
        PID:10732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8296 -s 204
        13⤵
        
        PID:11668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5644 -s 216
        12⤵
        
        PID:9404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4288 -s 216
        11⤵
        
        PID:6552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3664 -s 236
        10⤵
        
        PID:4572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 336 -s 236
        9⤵
        Program crash
        
        PID:3708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64641.exe
        8⤵
        
        PID:1536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52325.exe
        9⤵
        
        PID:4656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24339.exe
        10⤵
        
        PID:5084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28437.exe
        11⤵
        
        PID:8116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4377.exe
        12⤵
        
        PID:10676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8116 -s 216
        12⤵
        
        PID:10584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5084 -s 236
        11⤵
        
        PID:9192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4656 -s 236
        10⤵
        
        PID:7000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1536 -s 216
        9⤵
        
        PID:5044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1960 -s 240
        8⤵
        Program crash
        
        PID:3352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 400 -s 240
        7⤵
        Program crash
        
        PID:828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47132.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31964.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28643.exe
        8⤵
        
        PID:1812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43666.exe
        9⤵
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27280.exe
        10⤵
        
        PID:4132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52995.exe
        11⤵
        
        PID:6848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13678.exe
        12⤵
        
        PID:8692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55658.exe
        13⤵
        
        PID:3036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6848 -s 216
        12⤵
        
        PID:10048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4132 -s 216
        11⤵
        
        PID:7900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2136 -s 236
        10⤵
        
        PID:5196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1812 -s 216
        9⤵
        Program crash
        
        PID:3700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55404.exe
        8⤵
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18563.exe
        9⤵
        
        PID:3788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50753.exe
        10⤵
        
        PID:6532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27135.exe
        11⤵
        
        PID:8924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2051.exe
        12⤵
        
        PID:5948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8924 -s 216
        12⤵
        
        PID:11604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6532 -s 216
        11⤵
        
        PID:10224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3788 -s 216
        10⤵
        
        PID:7628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1684 -s 216
        9⤵
        
        PID:6008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1936 -s 240
        8⤵
        Program crash
        
        PID:3856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40572.exe
        7⤵
        
        PID:2112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43474.exe
        8⤵
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35475.exe
        9⤵
        
        PID:3632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52066.exe
        10⤵
        
        PID:6100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37342.exe
        11⤵
        
        PID:8632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35587.exe
        12⤵
        
        PID:11096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8632 -s 216
        12⤵
        
        PID:12152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6100 -s 220
        11⤵
        
        PID:9680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3632 -s 216
        10⤵
        
        PID:7040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1596 -s 216
        9⤵
        
        PID:6076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2112 -s 236
        8⤵
        Program crash
        
        PID:3816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2084 -s 240
        7⤵
        Program crash
        
        PID:2544
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2964 -s 240
        6⤵
        Program crash
        
        PID:3024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52373.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59021.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15051.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6037.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35389.exe
        9⤵
        
        PID:1252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51427.exe
        10⤵
        
        PID:3584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38314.exe
        11⤵
        
        PID:5536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45593.exe
        12⤵
        
        PID:8448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44170.exe
        13⤵
        
        PID:10944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8448 -s 216
        13⤵
        
        PID:11896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5536 -s 216
        12⤵
        
        PID:9604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3584 -s 216
        11⤵
        
        PID:7032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1252 -s 236
        10⤵
        
        PID:5396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2432 -s 236
        9⤵
        Program crash
        
        PID:3652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3016 -s 236
        8⤵
        Program crash
        
        PID:3132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43348.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19354.exe
        8⤵
        
        PID:1404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52024.exe
        9⤵
        
        PID:4512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54842.exe
        10⤵
        
        PID:5692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20897.exe
        11⤵
        
        PID:8484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65213.exe
        12⤵
        
        PID:10996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8484 -s 216
        12⤵
        
        PID:12016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5692 -s 216
        11⤵
        
        PID:9552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4512 -s 216
        10⤵
        
        PID:6544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1404 -s 236
        9⤵
        
        PID:5796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1948 -s 236
        8⤵
        Program crash
        
        PID:3992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 764 -s 240
        7⤵
        Program crash
        
        PID:2644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28626.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54771.exe
        7⤵
        Executes dropped EXE
        
        PID:2828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59291.exe
        8⤵
        
        PID:3752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19897.exe
        9⤵
        
        PID:4712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49030.exe
        10⤵
        
        PID:5936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11213.exe
        11⤵
        
        PID:8672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7652.exe
        12⤵
        
        PID:11228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8672 -s 220
        12⤵
        
        PID:12032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5936 -s 216
        11⤵
        
        PID:9696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4712 -s 216
        10⤵
        
        PID:7248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5563.exe
        9⤵
        
        PID:5728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24519.exe
        10⤵
        
        PID:8184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43620.exe
        11⤵
        
        PID:10416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8184 -s 220
        11⤵
        
        PID:11612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5728 -s 220
        10⤵
        
        PID:8340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3752 -s 220
        9⤵
        
        PID:6676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2828 -s 216
        8⤵
        
        PID:4276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40328.exe
        7⤵
        
        PID:1312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28397.exe
        8⤵
        
        PID:4560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43483.exe
        9⤵
        
        PID:6940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13294.exe
        10⤵
        
        PID:8252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41434.exe
        11⤵
        
        PID:6648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6940 -s 216
        10⤵
        
        PID:9640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4560 -s 216
        9⤵
        
        PID:8064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1312 -s 216
        8⤵
        
        PID:5556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2248 -s 240
        7⤵
        Program crash
        
        PID:3736
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2008 -s 240
        6⤵
        Program crash
        
        PID:2416
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2628 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:1736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46566.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46566.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64262.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50360.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57983.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52166.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41336.exe
        9⤵
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60983.exe
        10⤵
        
        PID:3168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20016.exe
        11⤵
        
        PID:3620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57297.exe
        12⤵
        
        PID:6600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35687.exe
        13⤵
        
        PID:9164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59228.exe
        14⤵
        
        PID:11684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9164 -s 216
        14⤵
        
        PID:11724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6600 -s 216
        13⤵
        
        PID:9672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3620 -s 220
        12⤵
        
        PID:7688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3168 -s 236
        11⤵
        
        PID:5980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65495.exe
        10⤵
        
        PID:4068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20079.exe
        11⤵
        
        PID:5612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60523.exe
        12⤵
        
        PID:8812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32349.exe
        13⤵
        
        PID:11164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8812 -s 216
        13⤵
        
        PID:12064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4068 -s 216
        11⤵
        
        PID:7320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2980 -s 220
        10⤵
        
        PID:6104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16613.exe
        9⤵
        
        PID:3196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54800.exe
        10⤵
        
        PID:3384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11334.exe
        11⤵
        
        PID:6120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54669.exe
        12⤵
        
        PID:7500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61554.exe
        13⤵
        
        PID:10772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7500 -s 216
        13⤵
        
        PID:10700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6120 -s 216
        12⤵
        
        PID:8684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3384 -s 216
        11⤵
        
        PID:7280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3196 -s 236
        10⤵
        
        PID:6020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 544 -s 220
        9⤵
        Program crash
        
        PID:4020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5819.exe
        8⤵
        
        PID:2992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2654.exe
        9⤵
        
        PID:3244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10394.exe
        10⤵
        
        PID:3984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37930.exe
        11⤵
        
        PID:5952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54991.exe
        12⤵
        
        PID:1704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4377.exe
        13⤵
        
        PID:10668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1704 -s 216
        13⤵
        
        PID:10760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5952 -s 216
        12⤵
        
        PID:9280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3984 -s 216
        11⤵
        
        PID:6936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3244 -s 236
        10⤵
        
        PID:5940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65111.exe
        9⤵
        
        PID:3148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35185.exe
        10⤵
        
        PID:6336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32698.exe
        11⤵
        
        PID:8284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8984.exe
        12⤵
        
        PID:11500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8284 -s 216
        12⤵
        
        PID:11464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6336 -s 216
        11⤵
        
        PID:10188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3148 -s 216
        10⤵
        
        PID:7492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2992 -s 240
        9⤵
        
        PID:6056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1648 -s 240
        8⤵
        Program crash
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6727.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30864.exe
        8⤵
        
        PID:2300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17839.exe
        9⤵
        
        PID:1044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30457.exe
        10⤵
        
        PID:3996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30883.exe
        11⤵
        
        PID:5224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54778.exe
        12⤵
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53386.exe
        13⤵
        
        PID:10788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2036 -s 216
        13⤵
        
        PID:10720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5224 -s 216
        12⤵
        
        PID:8900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3996 -s 216
        11⤵
        
        PID:7068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1044 -s 236
        10⤵
        
        PID:4872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35671.exe
        9⤵
        
        PID:4060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17069.exe
        10⤵
        
        PID:5672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50424.exe
        11⤵
        
        PID:8536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62021.exe
        12⤵
        
        PID:10928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5672 -s 216
        11⤵
        
        PID:9616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4060 -s 236
        10⤵
        
        PID:6596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2300 -s 240
        9⤵
        
        PID:4296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55342.exe
        8⤵
        
        PID:3076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33939.exe
        9⤵
        
        PID:3960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28247.exe
        10⤵
        
        PID:5440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28043.exe
        11⤵
        
        PID:8872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7403.exe
        12⤵
        
        PID:11364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8872 -s 216
        12⤵
        
        PID:12208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5440 -s 220
        11⤵
        
        PID:9828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3960 -s 216
        10⤵
        
        PID:7296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3076 -s 236
        9⤵
        
        PID:5248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1880 -s 240
        8⤵
        Program crash
        
        PID:3872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2108 -s 240
        7⤵
        Program crash
        
        PID:1980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38117.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10832.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27413.exe
        8⤵
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29956.exe
        9⤵
        
        PID:3596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-955.exe
        10⤵
        
        PID:4448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12782.exe
        11⤵
        
        PID:7204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7721.exe
        12⤵
        
        PID:10052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23204.exe
        13⤵
        
        PID:7220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7204 -s 216
        12⤵
        
        PID:11000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4448 -s 236
        11⤵
        
        PID:8404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3596 -s 216
        10⤵
        
        PID:6280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1664 -s 236
        9⤵
        
        PID:4104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42570.exe
        8⤵
        
        PID:3692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28065.exe
        9⤵
        
        PID:4672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16950.exe
        10⤵
        
        PID:6744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37991.exe
        11⤵
        
        PID:8960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22502.exe
        12⤵
        
        PID:7820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6744 -s 216
        11⤵
        
        PID:9260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4672 -s 216
        10⤵
        
        PID:7784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3692 -s 216
        9⤵
        
        PID:6296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1352 -s 240
        8⤵
        
        PID:4264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48388.exe
        7⤵
        
        PID:2208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8941.exe
        8⤵
        
        PID:3592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2844.exe
        9⤵
        
        PID:5772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16756.exe
        10⤵
        
        PID:8240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43620.exe
        11⤵
        
        PID:10300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8240 -s 220
        11⤵
        
        PID:11620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5772 -s 220
        10⤵
        
        PID:9292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3592 -s 216
        9⤵
        
        PID:6712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2208 -s 236
        8⤵
        
        PID:4760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2552 -s 240
        7⤵
        Program crash
        
        PID:3572
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 880 -s 240
        6⤵
        Program crash
        
        PID:1092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63167.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15991.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11901.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17346.exe
        8⤵
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11162.exe
        9⤵
        
        PID:3212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-239.exe
        10⤵
        
        PID:5568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46610.exe
        11⤵
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24252.exe
        12⤵
        
        PID:11148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2920 -s 216
        12⤵
        
        PID:11296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5568 -s 216
        11⤵
        
        PID:8868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3212 -s 216
        10⤵
        
        PID:6372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2128 -s 236
        9⤵
        
        PID:3520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1332 -s 236
        8⤵
        Program crash
        
        PID:4016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46681.exe
        7⤵
        
        PID:2388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39502.exe
        8⤵
        
        PID:3312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57032.exe
        9⤵
        
        PID:5624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63735.exe
        10⤵
        
        PID:7768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-942.exe
        11⤵
        
        PID:10620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7768 -s 204
        11⤵
        
        PID:11660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5624 -s 216
        10⤵
        
        PID:8220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3312 -s 216
        9⤵
        
        PID:6448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2388 -s 216
        8⤵
        
        PID:4484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2612 -s 240
        7⤵
        Program crash
        
        PID:3424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31999.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24533.exe
        7⤵
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4107.exe
        8⤵
        
        PID:3276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13575.exe
        9⤵
        
        PID:3216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62818.exe
        10⤵
        
        PID:5468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20897.exe
        11⤵
        
        PID:8476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48493.exe
        12⤵
        
        PID:11260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8476 -s 204
        12⤵
        
        PID:12048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5468 -s 216
        11⤵
        
        PID:9544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3216 -s 216
        10⤵
        
        PID:7012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3276 -s 236
        9⤵
        
        PID:5320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43294.exe
        8⤵
        
        PID:4112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19181.exe
        9⤵
        
        PID:5820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8587.exe
        10⤵
        
        PID:8256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53578.exe
        11⤵
        
        PID:10688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8256 -s 216
        11⤵
        
        PID:10648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5820 -s 220
        10⤵
        
        PID:9316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4112 -s 236
        9⤵
        
        PID:6764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1740 -s 240
        8⤵
        
        PID:5056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33442.exe
        7⤵
        
        PID:3304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3304 -s 200
        8⤵
        Program crash
        
        PID:3888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 924 -s 220
        7⤵
        
        PID:4504
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 304 -s 240
        6⤵
        Program crash
        
        PID:1836
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2028 -s 240
        5⤵
        Program crash
        
        PID:1852
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2072 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:2960
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2222.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2222.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60375.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60375.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6701.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1460.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39063.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5077.exe
        8⤵
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2633.exe
        9⤵
        
        PID:1036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64582.exe
        10⤵
        
        PID:3112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24936.exe
        11⤵
        
        PID:5496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32215.exe
        12⤵
        
        PID:8196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9769.exe
        13⤵
        
        PID:10816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8196 -s 204
        13⤵
        
        PID:11780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5496 -s 220
        12⤵
        
        PID:9232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3112 -s 236
        11⤵
        
        PID:6260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1036 -s 236
        10⤵
        
        PID:5076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43756.exe
        9⤵
        
        PID:3220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-239.exe
        10⤵
        
        PID:5576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65058.exe
        11⤵
        
        PID:7200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28467.exe
        12⤵
        
        PID:11052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7200 -s 216
        12⤵
        
        PID:11304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5576 -s 216
        11⤵
        
        PID:8836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3220 -s 216
        10⤵
        
        PID:6352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2012 -s 240
        9⤵
        
        PID:4164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23608.exe
        8⤵
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44157.exe
        9⤵
        
        PID:4688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44069.exe
        10⤵
        
        PID:5916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7710.exe
        11⤵
        
        PID:8228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17471.exe
        12⤵
        
        PID:10588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8228 -s 204
        12⤵
        
        PID:11640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5916 -s 220
        11⤵
        
        PID:9300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4688 -s 236
        10⤵
        
        PID:6844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1604 -s 216
        9⤵
        
        PID:5152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2776 -s 220
        8⤵
        Program crash
        
        PID:3400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1524 -s 236
        7⤵
        Program crash
        
        PID:2684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12098.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5077.exe
        7⤵
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17154.exe
        8⤵
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22258.exe
        9⤵
        
        PID:5088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52237.exe
        10⤵
        
        PID:5756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63735.exe
        11⤵
        
        PID:7532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34793.exe
        12⤵
        
        PID:11188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7532 -s 216
        12⤵
        
        PID:11536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5756 -s 216
        11⤵
        
        PID:988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5088 -s 216
        10⤵
        
        PID:6704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2420 -s 236
        9⤵
        
        PID:4744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2904 -s 236
        8⤵
        
        PID:4408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38320.exe
        7⤵
        
        PID:2436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22341.exe
        8⤵
        
        PID:4940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5039.exe
        9⤵
        
        PID:6308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49226.exe
        10⤵
        
        PID:8224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64817.exe
        11⤵
        
        PID:11428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8224 -s 216
        11⤵
        
        PID:11548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4940 -s 216
        9⤵
        
        PID:7484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2436 -s 216
        8⤵
        
        PID:5808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2824 -s 240
        7⤵
        
        PID:4144
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 308 -s 240
        6⤵
        Program crash
        
        PID:1760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30603.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64828.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39011.exe
        7⤵
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25322.exe
        8⤵
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54961.exe
        9⤵
        
        PID:3964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49824.exe
        10⤵
        
        PID:5592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21914.exe
        11⤵
        
        PID:8128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4268.exe
        12⤵
        
        PID:10864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8128 -s 216
        12⤵
        
        PID:11208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5592 -s 216
        11⤵
        
        PID:9052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3964 -s 236
        10⤵
        
        PID:6400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2576 -s 236
        9⤵
        
        PID:4108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44032.exe
        8⤵
        
        PID:4036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24723.exe
        9⤵
        
        PID:4476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13252.exe
        10⤵
        
        PID:8188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36967.exe
        11⤵
        
        PID:10572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8188 -s 236
        11⤵
        
        PID:11072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4476 -s 216
        10⤵
        
        PID:7668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4036 -s 216
        9⤵
        
        PID:7024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 240
        8⤵
        
        PID:4612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47065.exe
        7⤵
        
        PID:1084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46269.exe
        8⤵
        
        PID:4912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35377.exe
        9⤵
        
        PID:6452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52791.exe
        10⤵
        
        PID:8704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14433.exe
        11⤵
        
        PID:6248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6452 -s 216
        10⤵
        
        PID:10204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4912 -s 216
        9⤵
        
        PID:7572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1084 -s 216
        8⤵
        
        PID:5876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2708 -s 240
        7⤵
        
        PID:3944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59986.exe
        6⤵
        
        PID:1996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28538.exe
        7⤵
        
        PID:3820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21936.exe
        8⤵
        
        PID:4008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57598.exe
        9⤵
        
        PID:6656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54135.exe
        10⤵
        
        PID:8464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25098.exe
        11⤵
        
        PID:7360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6656 -s 216
        10⤵
        
        PID:9688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4008 -s 216
        9⤵
        
        PID:7744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3820 -s 216
        8⤵
        
        PID:6136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1996 -s 236
        7⤵
        Program crash
        
        PID:3092
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2316 -s 240
        6⤵
        Program crash
        
        PID:2844
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 380 -s 240
        5⤵
        Program crash
        
        PID:1516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36036.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36036.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50661.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40324.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62446.exe
        7⤵
        
        PID:1324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41850.exe
        8⤵
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35091.exe
        9⤵
        
        PID:3720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54266.exe
        10⤵
        
        PID:5852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5982.exe
        11⤵
        
        PID:948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34793.exe
        12⤵
        
        PID:11196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 948 -s 216
        12⤵
        
        PID:11528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5852 -s 216
        11⤵
        
        PID:8920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3720 -s 216
        10⤵
        
        PID:6796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3048 -s 216
        9⤵
        
        PID:5960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1324 -s 216
        8⤵
        Program crash
        
        PID:3096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54657.exe
        7⤵
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-197.exe
        8⤵
        
        PID:3500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3500 -s 220
        9⤵
        
        PID:6124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2000 -s 216
        8⤵
        
        PID:4128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2508 -s 240
        7⤵
        Program crash
        
        PID:3552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26244.exe
        6⤵
        
        PID:1776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58186.exe
        7⤵
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43965.exe
        8⤵
        
        PID:4724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18413.exe
        9⤵
        
        PID:5124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64674.exe
        10⤵
        
        PID:7980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55581.exe
        11⤵
        
        PID:10964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7980 -s 216
        11⤵
        
        PID:4100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5124 -s 216
        10⤵
        
        PID:8316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4724 -s 236
        9⤵
        
        PID:6908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2808 -s 236
        8⤵
        
        PID:5188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1776 -s 236
        7⤵
        Program crash
        
        PID:3456
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 684 -s 240
        6⤵
        Program crash
        
        PID:2616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60422.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45918.exe
        6⤵
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33490.exe
        7⤵
        
        PID:1592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45480.exe
        8⤵
        
        PID:4244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36467.exe
        9⤵
        
        PID:6892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46076.exe
        10⤵
        
        PID:8700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-401.exe
        11⤵
        
        PID:7408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6892 -s 216
        10⤵
        
        PID:9844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4244 -s 216
        9⤵
        
        PID:7972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1592 -s 216
        8⤵
        
        PID:5972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2452 -s 236
        7⤵
        Program crash
        
        PID:3300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5456.exe
        6⤵
        
        PID:2160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63705.exe
        7⤵
        
        PID:672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33296.exe
        8⤵
        
        PID:5484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7689.exe
        9⤵
        
        PID:7288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7288 -s 220
        10⤵
        
        PID:11220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5484 -s 216
        9⤵
        
        PID:8576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 672 -s 216
        8⤵
        
        PID:6252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2160 -s 236
        7⤵
        
        PID:5036
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2696 -s 240
        6⤵
        Program crash
        
        PID:3416
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2220 -s 240
        5⤵
        Program crash
        
        PID:1688
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2484 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:688
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1636 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:1656
- C:\Users\Admin\AppData\Local\Temp\Unicorn-48413.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-48413.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2652
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6052.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6052.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-894.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-894.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55902.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25581.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8206.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19878.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43749.exe
        9⤵
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5259.exe
        10⤵
        
        PID:3624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24692.exe
        11⤵
        
        PID:4540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6103.exe
        12⤵
        
        PID:5344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23834.exe
        13⤵
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18986.exe
        14⤵
        
        PID:10628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1984 -s 216
        14⤵
        
        PID:4372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5344 -s 216
        13⤵
        
        PID:9184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4540 -s 236
        12⤵
        
        PID:7112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3150.exe
        11⤵
        
        PID:5380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55930.exe
        12⤵
        
        PID:7912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4237.exe
        13⤵
        
        PID:11112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7912 -s 204
        13⤵
        
        PID:11404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5380 -s 216
        12⤵
        
        PID:8664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3624 -s 220
        11⤵
        
        PID:7128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2100 -s 236
        10⤵
        
        PID:4224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42954.exe
        9⤵
        
        PID:3780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13456.exe
        10⤵
        
        PID:4984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65219.exe
        11⤵
        
        PID:7960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60703.exe
        12⤵
        
        PID:10600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7960 -s 236
        12⤵
        
        PID:11124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4984 -s 216
        11⤵
        
        PID:9112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3780 -s 216
        10⤵
        
        PID:6828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2408 -s 240
        9⤵
        
        PID:4336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56556.exe
        8⤵
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34550.exe
        9⤵
        
        PID:4316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50940.exe
        10⤵
        
        PID:6564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4986.exe
        11⤵
        
        PID:9784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55409.exe
        12⤵
        
        PID:8156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6564 -s 236
        11⤵
        
        PID:10496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4316 -s 216
        10⤵
        
        PID:8088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2900 -s 236
        9⤵
        
        PID:6028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2976 -s 240
        8⤵
        Program crash
        
        PID:3472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57381.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60962.exe
        8⤵
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28397.exe
        9⤵
        
        PID:4580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18081.exe
        10⤵
        
        PID:6496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27026.exe
        11⤵
        
        PID:8532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10878.exe
        12⤵
        
        PID:11764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8532 -s 216
        12⤵
        
        PID:6784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6496 -s 216
        11⤵
        
        PID:10232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4580 -s 216
        10⤵
        
        PID:7612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2464 -s 236
        9⤵
        
        PID:5604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2400 -s 236
        8⤵
        Program crash
        
        PID:3800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1372 -s 240
        7⤵
        Program crash
        
        PID:1600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21013.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30158.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27221.exe
        8⤵
        
        PID:2988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22590.exe
        9⤵
        
        PID:3256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57032.exe
        10⤵
        
        PID:5632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38655.exe
        11⤵
        
        PID:7796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12104.exe
        12⤵
        
        PID:11168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7796 -s 216
        12⤵
        
        PID:11520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5632 -s 216
        11⤵
        
        PID:9240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3256 -s 216
        10⤵
        
        PID:6440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2988 -s 236
        9⤵
        
        PID:4460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52309.exe
        8⤵
        
        PID:3368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11396.exe
        9⤵
        
        PID:5868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46034.exe
        10⤵
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4076.exe
        11⤵
        
        PID:10892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2312 -s 216
        11⤵
        
        PID:10568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5868 -s 216
        10⤵
        
        PID:8804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3368 -s 236
        9⤵
        
        PID:6840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2360 -s 240
        8⤵
        
        PID:4892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56665.exe
        7⤵
        
        PID:2204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22289.exe
        8⤵
        
        PID:3932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23016.exe
        9⤵
        
        PID:5404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13553.exe
        10⤵
        
        PID:7696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20138.exe
        11⤵
        
        PID:10744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7696 -s 220
        11⤵
        
        PID:10724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5404 -s 236
        10⤵
        
        PID:8796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3932 -s 236
        9⤵
        
        PID:7136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2204 -s 236
        8⤵
        
        PID:4948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2756 -s 240
        7⤵
        Program crash
        
        PID:3116
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 488 -s 240
        6⤵
        Program crash
        
        PID:2156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55492.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55015.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46686.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11377.exe
        8⤵
        
        PID:1988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13959.exe
        9⤵
        
        PID:3540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37899.exe
        10⤵
        
        PID:5296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7881.exe
        11⤵
        
        PID:8136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4377.exe
        12⤵
        
        PID:10660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8136 -s 216
        12⤵
        
        PID:10564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5296 -s 216
        11⤵
        
        PID:8792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3540 -s 236
        10⤵
        
        PID:7088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1988 -s 236
        9⤵
        
        PID:4896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1712 -s 236
        8⤵
        Program crash
        
        PID:3740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40520.exe
        7⤵
        
        PID:2080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31578.exe
        8⤵
        
        PID:4968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40878.exe
        9⤵
        
        PID:6688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4934.exe
        10⤵
        
        PID:8584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55274.exe
        11⤵
        
        PID:6396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6688 -s 216
        10⤵
        
        PID:5680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4968 -s 216
        9⤵
        
        PID:7760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2080 -s 216
        8⤵
        
        PID:5912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2848 -s 240
        7⤵
        
        PID:4208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50557.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41850.exe
        7⤵
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15049.exe
        8⤵
        
        PID:5028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39020.exe
        9⤵
        
        PID:6208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30539.exe
        10⤵
        
        PID:8964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18260.exe
        11⤵
        
        PID:11436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8964 -s 236
        11⤵
        
        PID:12220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6208 -s 216
        10⤵
        
        PID:9856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5028 -s 216
        9⤵
        
        PID:7440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1744 -s 216
        8⤵
        
        PID:5548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1976 -s 236
        7⤵
        
        PID:4384
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1336 -s 240
        6⤵
        Program crash
        
        PID:2664
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 240
        5⤵
        Program crash
        
        PID:2632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18740.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18740.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42493.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59685.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3017.exe
        7⤵
        
        PID:1316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62797.exe
        8⤵
        
        PID:4884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51661.exe
        9⤵
        
        PID:5412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20897.exe
        10⤵
        
        PID:8492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35483.exe
        11⤵
        
        PID:11080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8492 -s 216
        11⤵
        
        PID:11336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5412 -s 216
        10⤵
        
        PID:9536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4884 -s 216
        9⤵
        
        PID:6964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1316 -s 216
        8⤵
        
        PID:5256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1520 -s 236
        7⤵
        
        PID:4196
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2368 -s 236
        6⤵
        Program crash
        
        PID:2956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19197.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5077.exe
        6⤵
        
        PID:2192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27714.exe
        7⤵
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56990.exe
        8⤵
        
        PID:3724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5257.exe
        9⤵
        
        PID:5828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36102.exe
        10⤵
        
        PID:8728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56521.exe
        11⤵
        
        PID:5704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8728 -s 216
        11⤵
        
        PID:12192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 220
        10⤵
        
        PID:9756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3724 -s 216
        9⤵
        
        PID:6752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2476 -s 236
        8⤵
        
        PID:5180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2192 -s 236
        7⤵
        Program crash
        
        PID:3836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57049.exe
        6⤵
        
        PID:1804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53285.exe
        7⤵
        
        PID:4604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30530.exe
        8⤵
        
        PID:5640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48530.exe
        9⤵
        
        PID:7596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45218.exe
        10⤵
        
        PID:10704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7596 -s 216
        10⤵
        
        PID:10644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5640 -s 216
        9⤵
        
        PID:9124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4604 -s 236
        8⤵
        
        PID:7164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1804 -s 216
        7⤵
        
        PID:5444
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2796 -s 220
        6⤵
        Program crash
        
        PID:4048
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1640 -s 240
        5⤵
        Program crash
        
        PID:832
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2744 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1692
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40509.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40509.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45871.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45871.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57023.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60910.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1009.exe
        7⤵
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46653.exe
        8⤵
        
        PID:5060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51521.exe
        9⤵
        
        PID:6384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10689.exe
        10⤵
        
        PID:8472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18279.exe
        11⤵
        
        PID:6736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8472 -s 216
        11⤵
        
        PID:12092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6384 -s 216
        10⤵
        
        PID:9224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5060 -s 216
        9⤵
        
        PID:7516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2288 -s 216
        8⤵
        
        PID:5664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2284 -s 236
        7⤵
        
        PID:4400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30152.exe
        6⤵
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28013.exe
        7⤵
        
        PID:4820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61111.exe
        8⤵
        
        PID:5520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23859.exe
        9⤵
        
        PID:9152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40512.exe
        10⤵
        
        PID:11964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9152 -s 216
        10⤵
        
        PID:12280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5520 -s 220
        9⤵
        
        PID:9972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4820 -s 220
        8⤵
        
        PID:7176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 236
        7⤵
        
        PID:5768
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2456 -s 240
        6⤵
        Program crash
        
        PID:3760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32876.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16365.exe
        6⤵
        
        PID:324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53308.exe
        7⤵
        
        PID:3332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53093.exe
        8⤵
        
        PID:4452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26846.exe
        9⤵
        
        PID:6800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10990.exe
        10⤵
        
        PID:8744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18279.exe
        11⤵
        
        PID:6716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8744 -s 216
        11⤵
        
        PID:12072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6800 -s 216
        10⤵
        
        PID:10212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4452 -s 216
        9⤵
        
        PID:7876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3332 -s 216
        8⤵
        
        PID:5212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 324 -s 236
        7⤵
        
        PID:4340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65046.exe
        6⤵
        
        PID:3372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13191.exe
        7⤵
        
        PID:4356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27339.exe
        8⤵
        
        PID:6912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20503.exe
        9⤵
        
        PID:8248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55658.exe
        10⤵
        
        PID:6520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6912 -s 216
        9⤵
        
        PID:6312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4356 -s 216
        8⤵
        
        PID:8000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3372 -s 236
        7⤵
        
        PID:6068
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 660 -s 240
        6⤵
        Program crash
        
        PID:3452
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1556 -s 240
        5⤵
        Program crash
        
        PID:2280
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2800 -s 236
      4⤵
      Program crash
      PID:2588
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2652 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2832
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1628 -s 240
  2⤵
  - Program crash
  PID:2444

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-13959.exe

Filesize
184KB

MD5
355b74bbfab6a3ad7f85ec21adcb0ede

SHA1
801652c6854db0ad2b22f79ea0ac6dc85fc94dd9

SHA256
f90188b879bd5febbc1a935bf0a7add8b0ac453183b27a77c0c505a38228585b

SHA512
1c306113ecb20d31f324a5576eac800936ea5c55ce1f2d9f635266b43fa9e77b5178c144199504bb7783ca1f5a6f9ed82aaffad6cdd9dce9b1b9d629d2fc85da

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15049.exe

Filesize
184KB

MD5
fe7e89a9491df33f8d2ca80393867444

SHA1
bc80ba6c0fcc0c3a2c80129147b41579ea67e2b4

SHA256
d0743053c2d70c8805ceccb187bc8d4ad8e2cbdf096548b1c79412ac62a2878d

SHA512
9d11ac33fbe91d83cb1ceb4125042bc3d89a337649b3b0a2a4a805baa10220793cff5aae4ae084e571ae5631377ce6b74e1ec2ab082b60a65ce03de774e8d851

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15061.exe

Filesize
184KB

MD5
73249110cbd8fcfdcd3a3473a17e7927

SHA1
7206be42fdc816502f7578872724fc8441c17afa

SHA256
5053486c97c1a6e32461e189a3dab588e6ebf9e96dfbee656aa29285d7305d55

SHA512
4e35f77d3366e5e9b5eff3743c6e1d32a15865ee55df365539114b93c3b2d5e82a3e8ef07be8bd0d61f051ae6cf2e776e0c9c8492e5d3842e57f1ce983c49d45

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30359.exe

Filesize
184KB

MD5
bdace8128b3c1915cb7971517fff6fc9

SHA1
ca129614f49d0bfda8fb5d962f0bdd2d5c54bc7e

SHA256
b08b6e69e1573ccfac997a6353b95b9e4e49114a9d5ba3b840d81dfcf5152966

SHA512
df98d3c0995c152265c89d43ccc1a13e06f70625192c1582e3065ae12f0396a9501105ce6283590bd02397f741b102efb6fb4582bdcc11b7d5de77ed875508f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30530.exe

Filesize
184KB

MD5
48f36902261a96d71f256966e8f69089

SHA1
7c7fc88a18d79cdb7d7d149ce908df3df4a9bceb

SHA256
8c0a491194f083c16ccc7c4390d885837d2b48d357e585ba65d1e609ebe528b2

SHA512
3f30e6183967701ca891cde37dd4edd10aa3391fb6dd00912f633b074a013125c5f37a33dab8f9d60d38b0061ab2f6c8eb131d284fa2b91c30bddba8c0416bb1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40520.exe

Filesize
184KB

MD5
b9db64fb6551b2c4f3bca5a6732854d2

SHA1
927940146454b9223b851bf73b2f98f0833e41c1

SHA256
6f9ef29d20dfe6c4888f7ad4f80da43a78b33aa6b43cba919255154e147f951e

SHA512
e974968a0576d14a7e18b649a498e97f51e32facc631e143b00e07525d0debbd191c77e4378dd05f7216d0260017303bc3f910d35b02db3a8de7f99177e1a3e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40572.exe

Filesize
184KB

MD5
ad2b0357c7b631beb342b02f908c70ed

SHA1
b9376a8d890a4deccea079f91ba3f2f3cdf49f38

SHA256
3f664a630ce33d9b432e22a6e3c5f4e91defcd2fc0f05195840c473a43edddeb

SHA512
a063ddbcc0a04ef8141a6c4bcff01d119368b67892e48470adb4f2a82316be74223aa18d401132c8018b3bcf14932193ebeb366d3d2620a900b6269714b7b7f2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5982.exe

Filesize
184KB

MD5
165fdae9c79fb5ad0bdb1f7314564b56

SHA1
a5a6706c6cca38ff46c568e0650c887ffe3f725a

SHA256
4d36c6b33494b236bd7a8a3d1c32753a7a60d7105d9d77a3d8d71d322ae6a653

SHA512
542e8b377b2f65599750e4c646b401c509f00712c57e0dc029bb156cad95c422b96c4345872fabeb093050352d42de31c51825d207d11365ab16d276f0792eef

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6037.exe

Filesize
184KB

MD5
6eb6365e2707ac5f037c58d3ff484b93

SHA1
57840652bf30e202d2dd2a92bb15edab732f9bd5

SHA256
d34754284c6120c39d1f3093ad40e5e86521a6f13b3c755fd4f9705b088aebac

SHA512
39ed4eef716946b2bc41dfcd1ab4c6717dfb9ec60a43c23eea827308202703ac6a31513800c25db38aea0b14ef09ea66a40f12c7184f5accf716098b6e9acd30

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60375.exe

Filesize
184KB

MD5
8cd2e4a090c53a687267abecc55a4b15

SHA1
e9327a2d9186f8e7ac98d3cb4f0cc414a8251be6

SHA256
a74f0061f2eea4cbcca3135ce4c0f480c9511e74af64a9b67e25e90b84fe15be

SHA512
bebebdd75636818102931477b17433086a9d21f522b521086055b757470361868ebe54d292f230174676cce5d68ff0383b0ca7e95316977aff052f831a623279

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6052.exe

Filesize
184KB

MD5
ac7085f3926403e580cc0e09a5a633c1

SHA1
21e9eedcda0efb12e21e13ac0be51d99b1b358f9

SHA256
88ce90acdcd6d43f33b8271fdacf23b2e1d28612247081d1d5b5797cc317ecc6

SHA512
24907b54c34fe88dbddafe1b8cb28d2566f2f992e6fdfd05433fc8fb18778f4582eb0b12e1ff58f8066ab961878360d2f26ecdd5df996cf3e917e6ed1ee2108a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62797.exe

Filesize
184KB

MD5
d29e3e9e079d2423419c03ed00b6d181

SHA1
7c2f6157e3e9a98fe9ab30c21830f21a77c83df9

SHA256
71befa54e556591e4a1f16b5d026fd89a553f073766f6799260043c026be11bb

SHA512
dd42576abd75b81e8159ab738289c9be7bb0e638285bcc87742f96f104f24422d3277d784a2fed6077876bdd69fde83d25f55b93cf014f5959cad1df2f67959e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-10909.exe

Filesize
184KB

MD5
fe7828bfc5e3b4cd153b15421ed6e096

SHA1
7277b22bb571fc37b25b8000e0df2c519facc854

SHA256
fd7b430854f27afb093364bae974e10154607643988a73bd4939bec7c80d2ca5

SHA512
1238359f3f15d22df7443f93a384a2a21db699b62adaa105dde5f6ee958318913396716810efd3c4c4ba08d659f6f1bd96663d1119a1aed8e7e9e242b8735952

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-17231.exe

Filesize
184KB

MD5
63fe8563a2aa702c50eac682c1ea0b2c

SHA1
ab001c6121bc9b9d0b6039d6f9c94350f49ca655

SHA256
d01893d77ecc821f008ab212d843a1eb436288dbfdb7eb3a5dd98b163b099d8d

SHA512
81a92c439d3898767e7fd210ad8358a972f8745391e8a2ccad4b532faed03a202678919af00d2d78cc239e422d806b60e22d53ca8c186f19bb7de269d0e96577

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-2222.exe

Filesize
184KB

MD5
9162407597a6ec3f3247fbb36f3fb9e1

SHA1
f53a4edf90b5cb031834e3e0e25795a6e0a466ef

SHA256
d604d7f5d206cad87ccfdba67eb6497b00ea68aa2a367a4ad144a95ec6c26161

SHA512
a81ebf6f48fba7368c81dfe09f01270dbe07636a55370a11388d7c6897966709272218500888e59dea0ae319ce993261fbbe2a7311f39fb901f01b38436254b1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3286.exe

Filesize
184KB

MD5
551c227efa574d12cb44f2cfe40c7433

SHA1
900cca96fefc69e7f07a64b254bff53de413fae5

SHA256
7126b39c840f5da8a0c5b79dd8469c3f90211486f20d31008e29c263d8988062

SHA512
e3b07bd3890db92183214a7d4fbfbbb0336b194cbc5d37392bdbb1f31788a3fc7818050e40381c1136a007276f5a0b40570aa0925bf4535e298a385b76cc9047

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-37848.exe

Filesize
184KB

MD5
31179fa2f14c7904198ea83b8105c7f2

SHA1
6bebb4d893590fdba07e6af44d6f5a48718ad7be

SHA256
a4168104b25c6c9bdb99e671d6cbde0f46324a95881da8f1eaab22c092037c6c

SHA512
d0b9b9dc741b1e6c0827a6552d248392bce7731308909478aa35f07c1eba35f4ced6c68e4802d1ec6993f043d1433db218f3ce352955fe12b83de9ae9892443b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-40509.exe

Filesize
184KB

MD5
a902d8607500054c024aacc8af9b165f

SHA1
a2107cd586537f285c8f82f4aedecbd559af6aec

SHA256
dbb16ba5d20ae72d35c8f7d33b46cc5b7d320206f7ba7e7d7bccaaebd5fe4819

SHA512
82dcae95a8599c5e271cafa32189d94a393bc3908b5572adce6ea69ae287c3b2e0cd87a0fdfff553ba520fc2021b1ee9b9b2d48a1e1e0ca0fe4ec69385df5460

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-46566.exe

Filesize
184KB

MD5
7788dcaed092b8bb5e03ea74cc58a5f9

SHA1
05c8323144835a03303e0ff6c320d12a93199ad4

SHA256
dc56959f04ea42d3c7d01f126d217dd546225315cb480a2721e3793851d131b0

SHA512
2a4265f3f97ae3a1cf3b0994d13767ea432cd01172eb6ef5fe9acb1cd42adc99d83523651d3f22f388d22c3ca5afc1599ce4a8f5e03c332e3f78993d56fda15f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48413.exe

Filesize
184KB

MD5
c35a2bcbed85f3a5496f51141187f599

SHA1
12c6d86c6e086f8537df99b3a809f822ad4f9057

SHA256
6b9d560133208968dc93583fa82e817c18cdb6c221b6b4df8142957a6155cd6d

SHA512
1b871f78c49149058df839b20d700cc0f3348b73a41f13385c9d786b9460abedb550f894e5281b39f261038240c905ddb5f3ac80d43aa0f921468bc72e5597fb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-64262.exe

Filesize
184KB

MD5
fe9ed514f8fc986a5862956a9edf39b2

SHA1
7976ab4efe438615ae1a5f609e31a2ab6dcba10e

SHA256
b2fd2cc7ec725dd07aa3198ad4c1475b89f8c41a03a64ca6187cef0bd9c954ee

SHA512
e72f73f516128fd1503133108dbff03148bf03de3448e33446811886857e287ed0a53a6afff94db78f25cd738c673d04262ca9566edd056fa986b3b70feed9f2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-6701.exe

Filesize
184KB

MD5
e705e29d6f77f667fbc481ceb1c7c51d

SHA1
12ff6d521a859a8f08ba8a1bfca0b9e4c5a70691

SHA256
09496d54db7a76bcfdc6a0a505b3eb41b4a7fc659a31e746fb41b08016daaf9f

SHA512
d11871babc8e816102470984c4a79cb2b8cab2f681e1d4692daa1113de1a3cfdce4301c0be669320e1fb5eca6ada83353235e4774b8ff96d92376b750d043067

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-894.exe

Filesize
184KB

MD5
d697b40fe5cabd140e477ad9912e514c

SHA1
341e371be5763bbd3b52eff648e8af5173cd7a81

SHA256
5d2bee9f682630d6939795f986f5c28628e2d5108a3e14aa3bad65d1cc42f395

SHA512
f219760c63a22253a39db5b8f1ed30155318927a5c8b7bbe33e372304a65752d5c755e05ebc749516e9dd7f9fc2294ba3e5460ab5ae278e6207696dd75e25488

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads