d0fdefe6b754a5eeb946a7e2fdf1a65bcfc54292e1ce204f1237e1f62f90ea70

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
27/05/2024, 22:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

214aa9f10c34dbf61f299593f44aed90_NeikiAnalytics.exe
Size

184KB
MD5

214aa9f10c34dbf61f299593f44aed90
SHA1

f9d587a9063ce10cb3d12a0c792a431072366637
SHA256

d0fdefe6b754a5eeb946a7e2fdf1a65bcfc54292e1ce204f1237e1f62f90ea70
SHA512

63116e4f5e65d1793bf72b8562702c2688c6ca91d05284db3a2281fe3d9bf033bc7b0741e31d329ba6b58146290fa1fb4c0ab5bd80c351da566e451bf76e2b58
SSDEEP

3072:0Wiq1pMMZNaldRshedq0aX5F4qyW3hbX81pO5qGUuUilnVOFH:0WPMTDRsPrX5FpsXLilnVOF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
864	Unicorn-3116.exe
2396	Unicorn-9229.exe
1804	Unicorn-54901.exe
2776	Unicorn-46261.exe
2540	Unicorn-7366.exe
2580	Unicorn-18227.exe
1220	Unicorn-50106.exe
2184	Unicorn-4434.exe
2200	Unicorn-57527.exe
1000	Unicorn-53443.exe
1072	Unicorn-64304.exe
768	Unicorn-59712.exe
2424	Unicorn-20818.exe
1720	Unicorn-23510.exe
2276	Unicorn-35784.exe
2168	Unicorn-35784.exe
936	Unicorn-46645.exe
1516	Unicorn-11834.exe
1544	Unicorn-27123.exe
2472	Unicorn-37983.exe
3060	Unicorn-23039.exe
344	Unicorn-34475.exe
956	Unicorn-65202.exe
3036	Unicorn-42089.exe
236	Unicorn-64647.exe
1012	Unicorn-29837.exe
2876	Unicorn-40697.exe
2868	Unicorn-36613.exe
2392	Unicorn-56479.exe
1552	Unicorn-16599.exe
2668	Unicorn-43241.exe
2716	Unicorn-23375.exe
2916	Unicorn-2763.exe
2700	Unicorn-53355.exe
2708	Unicorn-18545.exe
2692	Unicorn-51964.exe
2592	Unicorn-2208.exe
1952	Unicorn-20491.exe
2504	Unicorn-27267.exe
2816	Unicorn-47133.exe
1928	Unicorn-12322.exe
2004	Unicorn-23183.exe
2044	Unicorn-23183.exe
2000	Unicorn-8238.exe
2008	Unicorn-57714.exe
2320	Unicorn-33764.exe
2316	Unicorn-14735.exe
1492	Unicorn-25596.exe
904	Unicorn-45462.exe
1984	Unicorn-28934.exe
1988	Unicorn-55576.exe
908	Unicorn-900.exe
3040	Unicorn-20766.exe
2884	Unicorn-62353.exe
860	Unicorn-8321.exe
884	Unicorn-19182.exe
1588	Unicorn-39048.exe
2228	Unicorn-49909.exe
2720	Unicorn-2099.exe
2732	Unicorn-2099.exe
2648	Unicorn-8876.exe
2552	Unicorn-28742.exe
2656	Unicorn-59468.exe
2420	Unicorn-4792.exe

Loads dropped DLL 64 IoCs

pid	Process
2104	214aa9f10c34dbf61f299593f44aed90_NeikiAnalytics.exe
2104	214aa9f10c34dbf61f299593f44aed90_NeikiAnalytics.exe
864	Unicorn-3116.exe
864	Unicorn-3116.exe
2104	214aa9f10c34dbf61f299593f44aed90_NeikiAnalytics.exe
2104	214aa9f10c34dbf61f299593f44aed90_NeikiAnalytics.exe
1804	Unicorn-54901.exe
1804	Unicorn-54901.exe
2396	Unicorn-9229.exe
2396	Unicorn-9229.exe
864	Unicorn-3116.exe
864	Unicorn-3116.exe
2908	WerFault.exe
2908	WerFault.exe
2908	WerFault.exe
2908	WerFault.exe
2908	WerFault.exe
1804	Unicorn-54901.exe
2776	Unicorn-46261.exe
2776	Unicorn-46261.exe
1804	Unicorn-54901.exe
2580	Unicorn-18227.exe
2580	Unicorn-18227.exe
2540	Unicorn-7366.exe
2540	Unicorn-7366.exe
2396	Unicorn-9229.exe
2396	Unicorn-9229.exe
1032	WerFault.exe
1032	WerFault.exe
1032	WerFault.exe
1032	WerFault.exe
1032	WerFault.exe
1852	WerFault.exe
1852	WerFault.exe
1852	WerFault.exe
1852	WerFault.exe
1852	WerFault.exe
1220	Unicorn-50106.exe
1220	Unicorn-50106.exe
2184	Unicorn-4434.exe
2184	Unicorn-4434.exe
2776	Unicorn-46261.exe
2776	Unicorn-46261.exe
2200	Unicorn-57527.exe
1000	Unicorn-53443.exe
2200	Unicorn-57527.exe
1000	Unicorn-53443.exe
2580	Unicorn-18227.exe
2580	Unicorn-18227.exe
2540	Unicorn-7366.exe
2540	Unicorn-7366.exe
1688	WerFault.exe
1688	WerFault.exe
1688	WerFault.exe
1688	WerFault.exe
1688	WerFault.exe
588	WerFault.exe
1684	WerFault.exe
588	WerFault.exe
1684	WerFault.exe
588	WerFault.exe
588	WerFault.exe
1684	WerFault.exe
1684	WerFault.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2624	2104	WerFault.exe	27
2908	864	WerFault.exe	28
1032	1804	WerFault.exe	30
1852	2396	WerFault.exe	29
1688	2776	WerFault.exe	32
588	2580	WerFault.exe	34
1684	2540	WerFault.exe	33
2116	1220	WerFault.exe	36
2264	2184	WerFault.exe	37
1592	1072	WerFault.exe	40
1316	2200	WerFault.exe	38
2260	1000	WerFault.exe	39
1908	344	WerFault.exe	56
536	2424	WerFault.exe	44
1152	768	WerFault.exe	43
1392	1720	WerFault.exe	45
268	2276	WerFault.exe	47
2284	936	WerFault.exe	48
2288	1516	WerFault.exe	49
2852	2168	WerFault.exe	46
792	1544	WerFault.exe	53
1252	2472	WerFault.exe	54
3052	3036	WerFault.exe	58
1044	3060	WerFault.exe	55
1976	956	WerFault.exe	57
2280	1012	WerFault.exe	60
3016	2868	WerFault.exe	62
1672	236	WerFault.exe	59
2060	2392	WerFault.exe	63
2600	2876	WerFault.exe	61
2360	1552	WerFault.exe	69
2900	2668	WerFault.exe	70
2544	2716	WerFault.exe	71
2952	2916	WerFault.exe	72
2864	2700	WerFault.exe	73
1584	2708	WerFault.exe	74
2804	2692	WerFault.exe	75
2256	2592	WerFault.exe	76
2452	2044	WerFault.exe	83
3084	2816	WerFault.exe	80
3108	2004	WerFault.exe	82
3100	1952	WerFault.exe	78
3188	2000	WerFault.exe	84
3196	2504	WerFault.exe	79
3236	1928	WerFault.exe	81
3568	3496	WerFault.exe	186
3564	2008	WerFault.exe	88
3076	2320	WerFault.exe	90
3480	904	WerFault.exe	96
3488	1492	WerFault.exe	95
3556	1984	WerFault.exe	97
3676	2884	WerFault.exe	101
3928	1988	WerFault.exe	98
4012	2228	WerFault.exe	105
4020	2316	WerFault.exe	92
3992	3040	WerFault.exe	100
3856	2656	WerFault.exe	110
3900	2420	WerFault.exe	111
3184	696	WerFault.exe	113
4052	1588	WerFault.exe	104
3404	860	WerFault.exe	102
4120	2112	WerFault.exe	129
4132	908	WerFault.exe	99
4200	1648	WerFault.exe	116

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2104	214aa9f10c34dbf61f299593f44aed90_NeikiAnalytics.exe
864	Unicorn-3116.exe
1804	Unicorn-54901.exe
2396	Unicorn-9229.exe
2776	Unicorn-46261.exe
2540	Unicorn-7366.exe
2580	Unicorn-18227.exe
1220	Unicorn-50106.exe
2184	Unicorn-4434.exe
2200	Unicorn-57527.exe
1072	Unicorn-64304.exe
1000	Unicorn-53443.exe
768	Unicorn-59712.exe
2424	Unicorn-20818.exe
1720	Unicorn-23510.exe
2276	Unicorn-35784.exe
2168	Unicorn-35784.exe
936	Unicorn-46645.exe
1516	Unicorn-11834.exe
1544	Unicorn-27123.exe
2472	Unicorn-37983.exe
3060	Unicorn-23039.exe
344	Unicorn-34475.exe
956	Unicorn-65202.exe
3036	Unicorn-42089.exe
236	Unicorn-64647.exe
1012	Unicorn-29837.exe
2868	Unicorn-36613.exe
2876	Unicorn-40697.exe
2392	Unicorn-56479.exe
1552	Unicorn-16599.exe
2668	Unicorn-43241.exe
2716	Unicorn-23375.exe
2916	Unicorn-2763.exe
2700	Unicorn-53355.exe
2708	Unicorn-18545.exe
2692	Unicorn-51964.exe
2592	Unicorn-2208.exe
1952	Unicorn-20491.exe
2504	Unicorn-27267.exe
1928	Unicorn-12322.exe
2816	Unicorn-47133.exe
2044	Unicorn-23183.exe
2004	Unicorn-23183.exe
2000	Unicorn-8238.exe
2008	Unicorn-57714.exe
2320	Unicorn-33764.exe
2316	Unicorn-14735.exe
1492	Unicorn-25596.exe
904	Unicorn-45462.exe
1984	Unicorn-28934.exe
908	Unicorn-900.exe
1988	Unicorn-55576.exe
3040	Unicorn-20766.exe
2884	Unicorn-62353.exe
860	Unicorn-8321.exe
1588	Unicorn-39048.exe
884	Unicorn-19182.exe
2228	Unicorn-49909.exe
2720	Unicorn-2099.exe
2648	Unicorn-8876.exe
2732	Unicorn-2099.exe
696	Unicorn-708.exe
2656	Unicorn-59468.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2104 wrote to memory of 864	2104	214aa9f10c34dbf61f299593f44aed90_NeikiAnalytics.exe	28
PID 2104 wrote to memory of 864	2104	214aa9f10c34dbf61f299593f44aed90_NeikiAnalytics.exe	28
PID 2104 wrote to memory of 864	2104	214aa9f10c34dbf61f299593f44aed90_NeikiAnalytics.exe	28
PID 2104 wrote to memory of 864	2104	214aa9f10c34dbf61f299593f44aed90_NeikiAnalytics.exe	28
PID 864 wrote to memory of 2396	864	Unicorn-3116.exe	29
PID 864 wrote to memory of 2396	864	Unicorn-3116.exe	29
PID 864 wrote to memory of 2396	864	Unicorn-3116.exe	29
PID 864 wrote to memory of 2396	864	Unicorn-3116.exe	29
PID 2104 wrote to memory of 1804	2104	214aa9f10c34dbf61f299593f44aed90_NeikiAnalytics.exe	30
PID 2104 wrote to memory of 1804	2104	214aa9f10c34dbf61f299593f44aed90_NeikiAnalytics.exe	30
PID 2104 wrote to memory of 1804	2104	214aa9f10c34dbf61f299593f44aed90_NeikiAnalytics.exe	30
PID 2104 wrote to memory of 1804	2104	214aa9f10c34dbf61f299593f44aed90_NeikiAnalytics.exe	30
PID 2104 wrote to memory of 2624	2104	214aa9f10c34dbf61f299593f44aed90_NeikiAnalytics.exe	31
PID 2104 wrote to memory of 2624	2104	214aa9f10c34dbf61f299593f44aed90_NeikiAnalytics.exe	31
PID 2104 wrote to memory of 2624	2104	214aa9f10c34dbf61f299593f44aed90_NeikiAnalytics.exe	31
PID 2104 wrote to memory of 2624	2104	214aa9f10c34dbf61f299593f44aed90_NeikiAnalytics.exe	31
PID 1804 wrote to memory of 2776	1804	Unicorn-54901.exe	32
PID 1804 wrote to memory of 2776	1804	Unicorn-54901.exe	32
PID 1804 wrote to memory of 2776	1804	Unicorn-54901.exe	32
PID 1804 wrote to memory of 2776	1804	Unicorn-54901.exe	32
PID 2396 wrote to memory of 2540	2396	Unicorn-9229.exe	33
PID 2396 wrote to memory of 2540	2396	Unicorn-9229.exe	33
PID 2396 wrote to memory of 2540	2396	Unicorn-9229.exe	33
PID 2396 wrote to memory of 2540	2396	Unicorn-9229.exe	33
PID 864 wrote to memory of 2580	864	Unicorn-3116.exe	34
PID 864 wrote to memory of 2580	864	Unicorn-3116.exe	34
PID 864 wrote to memory of 2580	864	Unicorn-3116.exe	34
PID 864 wrote to memory of 2580	864	Unicorn-3116.exe	34
PID 864 wrote to memory of 2908	864	Unicorn-3116.exe	35
PID 864 wrote to memory of 2908	864	Unicorn-3116.exe	35
PID 864 wrote to memory of 2908	864	Unicorn-3116.exe	35
PID 864 wrote to memory of 2908	864	Unicorn-3116.exe	35
PID 2776 wrote to memory of 2184	2776	Unicorn-46261.exe	37
PID 2776 wrote to memory of 2184	2776	Unicorn-46261.exe	37
PID 2776 wrote to memory of 2184	2776	Unicorn-46261.exe	37
PID 2776 wrote to memory of 2184	2776	Unicorn-46261.exe	37
PID 1804 wrote to memory of 1220	1804	Unicorn-54901.exe	36
PID 1804 wrote to memory of 1220	1804	Unicorn-54901.exe	36
PID 1804 wrote to memory of 1220	1804	Unicorn-54901.exe	36
PID 1804 wrote to memory of 1220	1804	Unicorn-54901.exe	36
PID 2580 wrote to memory of 2200	2580	Unicorn-18227.exe	38
PID 2580 wrote to memory of 2200	2580	Unicorn-18227.exe	38
PID 2580 wrote to memory of 2200	2580	Unicorn-18227.exe	38
PID 2580 wrote to memory of 2200	2580	Unicorn-18227.exe	38
PID 2540 wrote to memory of 1000	2540	Unicorn-7366.exe	39
PID 2540 wrote to memory of 1000	2540	Unicorn-7366.exe	39
PID 2540 wrote to memory of 1000	2540	Unicorn-7366.exe	39
PID 2540 wrote to memory of 1000	2540	Unicorn-7366.exe	39
PID 2396 wrote to memory of 1072	2396	Unicorn-9229.exe	40
PID 2396 wrote to memory of 1072	2396	Unicorn-9229.exe	40
PID 2396 wrote to memory of 1072	2396	Unicorn-9229.exe	40
PID 2396 wrote to memory of 1072	2396	Unicorn-9229.exe	40
PID 1804 wrote to memory of 1032	1804	Unicorn-54901.exe	41
PID 1804 wrote to memory of 1032	1804	Unicorn-54901.exe	41
PID 1804 wrote to memory of 1032	1804	Unicorn-54901.exe	41
PID 1804 wrote to memory of 1032	1804	Unicorn-54901.exe	41
PID 2396 wrote to memory of 1852	2396	Unicorn-9229.exe	42
PID 2396 wrote to memory of 1852	2396	Unicorn-9229.exe	42
PID 2396 wrote to memory of 1852	2396	Unicorn-9229.exe	42
PID 2396 wrote to memory of 1852	2396	Unicorn-9229.exe	42
PID 1220 wrote to memory of 768	1220	Unicorn-50106.exe	43
PID 1220 wrote to memory of 768	1220	Unicorn-50106.exe	43
PID 1220 wrote to memory of 768	1220	Unicorn-50106.exe	43
PID 1220 wrote to memory of 768	1220	Unicorn-50106.exe	43

C:\Users\Admin\AppData\Local\Temp\214aa9f10c34dbf61f299593f44aed90_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\214aa9f10c34dbf61f299593f44aed90_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2104
- C:\Users\Admin\AppData\Local\Temp\Unicorn-3116.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-3116.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:864
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9229.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9229.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7366.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7366.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53443.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35784.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64647.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47133.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2099.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41377.exe
        10⤵
        
        PID:3496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3496 -s 200
        11⤵
        Program crash
        
        PID:3568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2732 -s 216
        10⤵
        
        PID:4712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44346.exe
        9⤵
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36438.exe
        10⤵
        
        PID:4080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37865.exe
        11⤵
        
        PID:4872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11300.exe
        12⤵
        
        PID:6688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1596.exe
        13⤵
        
        PID:10992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16582.exe
        14⤵
        
        PID:6316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10992 -s 220
        14⤵
        
        PID:8704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6688 -s 216
        13⤵
        
        PID:11556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4872 -s 216
        12⤵
        
        PID:8288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4080 -s 236
        11⤵
        
        PID:5344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42503.exe
        10⤵
        
        PID:5024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64585.exe
        11⤵
        
        PID:6872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62219.exe
        12⤵
        
        PID:10588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58901.exe
        13⤵
        
        PID:12384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10588 -s 216
        13⤵
        
        PID:8008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6872 -s 216
        12⤵
        
        PID:10612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5024 -s 216
        11⤵
        
        PID:8312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2100 -s 240
        10⤵
        
        PID:5588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2816 -s 240
        9⤵
        Program crash
        
        PID:3084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8876.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51767.exe
        9⤵
        
        PID:1812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54336.exe
        10⤵
        
        PID:3132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5192.exe
        11⤵
        
        PID:4764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18291.exe
        12⤵
        
        PID:7668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24093.exe
        13⤵
        
        PID:10904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41086.exe
        14⤵
        
        PID:13200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10904 -s 216
        14⤵
        
        PID:9064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7668 -s 216
        13⤵
        
        PID:11360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4764 -s 236
        12⤵
        
        PID:9132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3132 -s 216
        11⤵
        
        PID:6416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1812 -s 236
        10⤵
        
        PID:4692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61113.exe
        9⤵
        
        PID:3264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48446.exe
        10⤵
        
        PID:5176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15213.exe
        11⤵
        
        PID:7412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38997.exe
        12⤵
        
        PID:11144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7412 -s 216
        12⤵
        
        PID:11268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5176 -s 216
        11⤵
        
        PID:8736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3264 -s 216
        10⤵
        
        PID:7036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2648 -s 240
        9⤵
        
        PID:5048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 236 -s 240
        8⤵
        Program crash
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23183.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2099.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4896.exe
        9⤵
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33916.exe
        10⤵
        
        PID:3372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42224.exe
        11⤵
        
        PID:5284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29988.exe
        12⤵
        
        PID:7568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57855.exe
        13⤵
        
        PID:11136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7568 -s 216
        13⤵
        
        PID:12052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5284 -s 216
        12⤵
        
        PID:9296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3372 -s 236
        11⤵
        
        PID:7124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1604 -s 216
        10⤵
        
        PID:4724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41268.exe
        9⤵
        
        PID:3428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50584.exe
        10⤵
        
        PID:5052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62468.exe
        11⤵
        
        PID:7544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8270.exe
        12⤵
        
        PID:11104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7544 -s 216
        12⤵
        
        PID:12268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5052 -s 216
        11⤵
        
        PID:8456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3428 -s 216
        10⤵
        
        PID:6940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2720 -s 240
        9⤵
        
        PID:4852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7589.exe
        8⤵
        
        PID:2328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50828.exe
        9⤵
        
        PID:3764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51487.exe
        10⤵
        
        PID:4252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57896.exe
        11⤵
        
        PID:6668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31135.exe
        12⤵
        
        PID:9904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16683.exe
        13⤵
        
        PID:12604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9904 -s 236
        13⤵
        
        PID:13112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6668 -s 216
        12⤵
        
        PID:11072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4252 -s 216
        11⤵
        
        PID:7780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3764 -s 236
        10⤵
        
        PID:5884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11009.exe
        9⤵
        
        PID:4324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64694.exe
        10⤵
        
        PID:6848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24228.exe
        11⤵
        
        PID:10188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39625.exe
        12⤵
        
        PID:12812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10188 -s 216
        12⤵
        
        PID:13292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6848 -s 216
        11⤵
        
        PID:10480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4324 -s 216
        10⤵
        
        PID:8084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2328 -s 240
        9⤵
        
        PID:5936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2044 -s 220
        8⤵
        Program crash
        
        PID:2452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2276 -s 240
        7⤵
        Program crash
        
        PID:268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40697.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8238.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55384.exe
        8⤵
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35623.exe
        9⤵
        
        PID:1196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11549.exe
        10⤵
        
        PID:3756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50584.exe
        11⤵
        
        PID:5124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43802.exe
        12⤵
        
        PID:7820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6900.exe
        13⤵
        
        PID:10332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7820 -s 236
        13⤵
        
        PID:11464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5124 -s 216
        12⤵
        
        PID:8960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3756 -s 216
        11⤵
        
        PID:6948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1196 -s 236
        10⤵
        
        PID:4896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49053.exe
        9⤵
        
        PID:3796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60698.exe
        10⤵
        
        PID:5140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33112.exe
        11⤵
        
        PID:7440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57663.exe
        12⤵
        
        PID:11036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14028.exe
        13⤵
        
        PID:8988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7440 -s 216
        12⤵
        
        PID:12096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5140 -s 216
        11⤵
        
        PID:8372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3796 -s 216
        10⤵
        
        PID:6988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2920 -s 220
        9⤵
        
        PID:4968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38123.exe
        8⤵
        
        PID:700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15441.exe
        9⤵
        
        PID:3308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55052.exe
        10⤵
        
        PID:5436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44378.exe
        11⤵
        
        PID:7996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64077.exe
        12⤵
        
        PID:10868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53115.exe
        13⤵
        
        PID:9264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7996 -s 216
        12⤵
        
        PID:11936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5436 -s 216
        11⤵
        
        PID:9224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3308 -s 216
        10⤵
        
        PID:6336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 700 -s 216
        9⤵
        
        PID:2756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2000 -s 240
        8⤵
        Program crash
        
        PID:3188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-708.exe
        7⤵
        Suspicious use of SetWindowsHookEx
        
        PID:696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2758.exe
        8⤵
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58996.exe
        9⤵
        
        PID:3684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4808.exe
        10⤵
        
        PID:4336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48825.exe
        11⤵
        
        PID:7272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19625.exe
        12⤵
        
        PID:10752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30889.exe
        13⤵
        
        PID:12876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10752 -s 220
        13⤵
        
        PID:7792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7272 -s 216
        12⤵
        
        PID:10828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4336 -s 216
        11⤵
        
        PID:8552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3684 -s 236
        10⤵
        
        PID:6196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2684 -s 236
        9⤵
        
        PID:4920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53521.exe
        8⤵
        
        PID:3880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26983.exe
        9⤵
        
        PID:4788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25883.exe
        10⤵
        
        PID:4248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39277.exe
        11⤵
        
        PID:10396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25653.exe
        12⤵
        
        PID:13280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10396 -s 216
        12⤵
        
        PID:8168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4248 -s 216
        11⤵
        
        PID:10888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4788 -s 216
        10⤵
        
        PID:8200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3880 -s 216
        9⤵
        
        PID:6080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 696 -s 240
        8⤵
        Program crash
        
        PID:3184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2876 -s 240
        7⤵
        Program crash
        
        PID:2600
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1000 -s 240
        6⤵
        Program crash
        
        PID:2260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11834.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2763.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28934.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29593.exe
        8⤵
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31778.exe
        9⤵
        
        PID:4032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47678.exe
        10⤵
        
        PID:4636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-200.exe
        11⤵
        
        PID:7804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31576.exe
        12⤵
        
        PID:11040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47308.exe
        13⤵
        
        PID:12524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11040 -s 220
        13⤵
        
        PID:8764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7804 -s 216
        12⤵
        
        PID:11532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4636 -s 216
        11⤵
        
        PID:8376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4032 -s 216
        10⤵
        
        PID:6516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1932 -s 216
        9⤵
        
        PID:5008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1984 -s 236
        8⤵
        Program crash
        
        PID:3556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1367.exe
        7⤵
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15634.exe
        8⤵
        
        PID:3728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59053.exe
        9⤵
        
        PID:5056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53485.exe
        10⤵
        
        PID:7888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62878.exe
        11⤵
        
        PID:11200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43608.exe
        12⤵
        
        PID:6960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11200 -s 220
        12⤵
        
        PID:12916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7888 -s 216
        11⤵
        
        PID:11632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5056 -s 216
        10⤵
        
        PID:8352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3728 -s 236
        9⤵
        
        PID:6484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2588 -s 236
        8⤵
        
        PID:4676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2916 -s 240
        7⤵
        Program crash
        
        PID:2952
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1516 -s 236
        6⤵
        Program crash
        
        PID:2288
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2540 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:1684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64304.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64304.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65202.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2208.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39048.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6842.exe
        8⤵
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33916.exe
        9⤵
        
        PID:3380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8508.exe
        10⤵
        
        PID:4704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29967.exe
        11⤵
        
        PID:6844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59697.exe
        12⤵
        
        PID:10352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4801.exe
        13⤵
        
        PID:12952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10352 -s 216
        13⤵
        
        PID:7200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6844 -s 216
        12⤵
        
        PID:10620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4704 -s 216
        11⤵
        
        PID:2096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3380 -s 216
        10⤵
        
        PID:5652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37184.exe
        8⤵
        
        PID:3448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17253.exe
        9⤵
        
        PID:4948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6339.exe
        10⤵
        
        PID:6276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43937.exe
        11⤵
        
        PID:10532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59552.exe
        12⤵
        
        PID:12920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10532 -s 216
        12⤵
        
        PID:12400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6276 -s 216
        11⤵
        
        PID:10256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4948 -s 216
        10⤵
        
        PID:8256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3448 -s 216
        9⤵
        
        PID:5984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1588 -s 220
        8⤵
        Program crash
        
        PID:4052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40261.exe
        7⤵
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36198.exe
        8⤵
        
        PID:3160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35639.exe
        9⤵
        
        PID:6280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62032.exe
        10⤵
        
        PID:9196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46449.exe
        11⤵
        
        PID:12316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9196 -s 216
        11⤵
        
        PID:6368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6280 -s 236
        10⤵
        
        PID:10004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3160 -s 216
        9⤵
        
        PID:7236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2448 -s 216
        8⤵
        
        PID:5416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2592 -s 240
        7⤵
        Program crash
        
        PID:2256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19182.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41653.exe
        7⤵
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52966.exe
        8⤵
        
        PID:3492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63739.exe
        9⤵
        
        PID:4176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17056.exe
        10⤵
        
        PID:6600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63231.exe
        11⤵
        
        PID:9844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27181.exe
        12⤵
        
        PID:12528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9844 -s 236
        12⤵
        
        PID:13056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6600 -s 236
        11⤵
        
        PID:11064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4176 -s 216
        10⤵
        
        PID:7604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3492 -s 216
        9⤵
        
        PID:5876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49904.exe
        8⤵
        
        PID:4288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58472.exe
        9⤵
        
        PID:6808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30450.exe
        10⤵
        
        PID:10228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14627.exe
        11⤵
        
        PID:12880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10228 -s 216
        11⤵
        
        PID:12308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6808 -s 216
        10⤵
        
        PID:10548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4288 -s 216
        9⤵
        
        PID:7924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2612 -s 220
        8⤵
        
        PID:5912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51575.exe
        7⤵
        
        PID:3628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38249.exe
        8⤵
        
        PID:4568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26651.exe
        9⤵
        
        PID:7584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16117.exe
        10⤵
        
        PID:10860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29327.exe
        11⤵
        
        PID:13012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10860 -s 216
        11⤵
        
        PID:8952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7584 -s 216
        10⤵
        
        PID:11300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4568 -s 236
        9⤵
        
        PID:9076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3628 -s 236
        8⤵
        
        PID:6268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 884 -s 220
        7⤵
        
        PID:4312
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 956 -s 240
        6⤵
        Program crash
        
        PID:1976
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1072 -s 236
        5⤵
        Program crash
        
        PID:1592
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2396 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1852
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18227.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18227.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57527.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57527.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35784.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56479.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12322.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12405.exe
        8⤵
        
        PID:2440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43599.exe
        9⤵
        
        PID:1144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60558.exe
        10⤵
        
        PID:3860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4699.exe
        11⤵
        
        PID:4752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8368.exe
        12⤵
        
        PID:7768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38374.exe
        13⤵
        
        PID:11116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29410.exe
        14⤵
        
        PID:12668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11116 -s 216
        14⤵
        
        PID:8864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7768 -s 216
        13⤵
        
        PID:11548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4752 -s 216
        12⤵
        
        PID:8460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3860 -s 216
        11⤵
        
        PID:6524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1144 -s 236
        10⤵
        
        PID:5092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63251.exe
        9⤵
        
        PID:3916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29780.exe
        10⤵
        
        PID:5072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1124.exe
        11⤵
        
        PID:7192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35790.exe
        12⤵
        
        PID:10700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64215.exe
        13⤵
        
        PID:8308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7192 -s 236
        12⤵
        
        PID:11884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5072 -s 216
        11⤵
        
        PID:8992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3916 -s 236
        10⤵
        
        PID:6640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2440 -s 240
        9⤵
        
        PID:4264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54460.exe
        8⤵
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5327.exe
        9⤵
        
        PID:3972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31918.exe
        10⤵
        
        PID:5212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58768.exe
        11⤵
        
        PID:7080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35297.exe
        12⤵
        
        PID:11100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7080 -s 216
        12⤵
        
        PID:12036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5212 -s 216
        11⤵
        
        PID:9256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3972 -s 216
        10⤵
        
        PID:7088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2788 -s 216
        9⤵
        
        PID:5116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1928 -s 240
        8⤵
        Program crash
        
        PID:3236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58077.exe
        7⤵
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8788.exe
        8⤵
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23802.exe
        9⤵
        
        PID:3664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58093.exe
        10⤵
        
        PID:4464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14014.exe
        11⤵
        
        PID:7300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46267.exe
        12⤵
        
        PID:10812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61615.exe
        13⤵
        
        PID:12896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10812 -s 216
        13⤵
        
        PID:7816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7300 -s 216
        12⤵
        
        PID:11276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4464 -s 216
        11⤵
        
        PID:8544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3664 -s 216
        10⤵
        
        PID:6236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2520 -s 236
        9⤵
        
        PID:4556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30578.exe
        8⤵
        
        PID:3696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31451.exe
        9⤵
        
        PID:4404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34435.exe
        10⤵
        
        PID:7184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15540.exe
        11⤵
        
        PID:10780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63177.exe
        12⤵
        
        PID:12712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10780 -s 216
        12⤵
        
        PID:12820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7184 -s 216
        11⤵
        
        PID:11188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4404 -s 216
        10⤵
        
        PID:8480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3696 -s 216
        9⤵
        
        PID:6220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1648 -s 240
        8⤵
        Program crash
        
        PID:4200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2392 -s 240
        7⤵
        Program crash
        
        PID:2060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23183.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59468.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35623.exe
        8⤵
        
        PID:2436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14071.exe
        9⤵
        
        PID:3520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33397.exe
        10⤵
        
        PID:4496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19770.exe
        11⤵
        
        PID:7144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23242.exe
        12⤵
        
        PID:9852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50398.exe
        13⤵
        
        PID:13180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9852 -s 236
        13⤵
        
        PID:7896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7144 -s 216
        12⤵
        
        PID:10912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4496 -s 216
        11⤵
        
        PID:7488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3520 -s 236
        10⤵
        
        PID:5184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56318.exe
        9⤵
        
        PID:4616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24238.exe
        10⤵
        
        PID:6620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9427.exe
        11⤵
        
        PID:9864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38338.exe
        12⤵
        
        PID:13152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41173.exe
        12⤵
        
        PID:12312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9864 -s 240
        12⤵
        
        PID:12376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6620 -s 216
        11⤵
        
        PID:10968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4616 -s 216
        10⤵
        
        PID:7900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2436 -s 240
        9⤵
        
        PID:5424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51575.exe
        8⤵
        
        PID:3604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4424.exe
        9⤵
        
        PID:4744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-309.exe
        10⤵
        
        PID:6972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6972 -s 220
        11⤵
        
        PID:10424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4744 -s 216
        10⤵
        
        PID:8216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3604 -s 216
        9⤵
        
        PID:5704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2656 -s 240
        8⤵
        Program crash
        
        PID:3856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2004 -s 236
        7⤵
        Program crash
        
        PID:3108
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2168 -s 220
        6⤵
        Program crash
        
        PID:2852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36613.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49909.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34086.exe
        7⤵
        
        PID:3544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14839.exe
        8⤵
        
        PID:3136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42463.exe
        9⤵
        
        PID:5268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5268 -s 220
        10⤵
        
        PID:8920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3136 -s 216
        9⤵
        
        PID:7432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3544 -s 236
        8⤵
        
        PID:5664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2228 -s 216
        7⤵
        Program crash
        
        PID:4012
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2868 -s 216
        6⤵
        Program crash
        
        PID:3016
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2200 -s 220
        5⤵
        Program crash
        
        PID:1316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46645.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46645.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29837.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20491.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28742.exe
        7⤵
        Executes dropped EXE
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6842.exe
        8⤵
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58804.exe
        9⤵
        
        PID:3204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17829.exe
        10⤵
        
        PID:4832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22759.exe
        11⤵
        
        PID:7860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50626.exe
        12⤵
        
        PID:11088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15211.exe
        13⤵
        
        PID:12600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11088 -s 216
        13⤵
        
        PID:7976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7860 -s 216
        12⤵
        
        PID:11540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4832 -s 216
        11⤵
        
        PID:8328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3204 -s 216
        10⤵
        
        PID:6548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2728 -s 236
        9⤵
        
        PID:4276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53329.exe
        8⤵
        
        PID:3400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1684.exe
        9⤵
        
        PID:4988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26843.exe
        10⤵
        
        PID:7832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60932.exe
        11⤵
        
        PID:11160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39716.exe
        12⤵
        
        PID:12748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11160 -s 216
        12⤵
        
        PID:8020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7832 -s 216
        11⤵
        
        PID:11572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4988 -s 216
        10⤵
        
        PID:8264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3400 -s 216
        9⤵
        
        PID:6476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2552 -s 220
        8⤵
        
        PID:4644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1952 -s 236
        7⤵
        Program crash
        
        PID:3100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4792.exe
        6⤵
        Executes dropped EXE
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6842.exe
        7⤵
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28270.exe
        8⤵
        
        PID:3692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4424.exe
        9⤵
        
        PID:4736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59624.exe
        10⤵
        
        PID:6796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27025.exe
        11⤵
        
        PID:10316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7178.exe
        12⤵
        
        PID:13240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10316 -s 216
        12⤵
        
        PID:8172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6796 -s 216
        11⤵
        
        PID:10492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4736 -s 216
        10⤵
        
        PID:2336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3692 -s 216
        9⤵
        
        PID:5784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17999.exe
        8⤵
        
        PID:4856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9354.exe
        9⤵
        
        PID:7116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46075.exe
        10⤵
        
        PID:10472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58325.exe
        11⤵
        
        PID:5824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10472 -s 216
        11⤵
        
        PID:12336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7116 -s 216
        10⤵
        
        PID:11216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4856 -s 216
        9⤵
        
        PID:8232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2848 -s 220
        8⤵
        
        PID:5380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26878.exe
        7⤵
        
        PID:3816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35151.exe
        8⤵
        
        PID:4756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4756 -s 372
        9⤵
        
        PID:7324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3816 -s 216
        8⤵
        
        PID:5852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2420 -s 220
        7⤵
        Program crash
        
        PID:3900
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1012 -s 240
        6⤵
        Program crash
        
        PID:2280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27267.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51300.exe
        6⤵
        
        PID:1820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43599.exe
        7⤵
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31778.exe
        8⤵
        
        PID:4040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27751.exe
        9⤵
        
        PID:4808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43371.exe
        10⤵
        
        PID:7716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8332.exe
        11⤵
        
        PID:10952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12113.exe
        12⤵
        
        PID:13236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10952 -s 216
        12⤵
        
        PID:9104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7716 -s 236
        11⤵
        
        PID:11468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4808 -s 236
        10⤵
        
        PID:9184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4040 -s 236
        9⤵
        
        PID:6436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2064 -s 236
        8⤵
        
        PID:4660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34470.exe
        7⤵
        
        PID:3116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36578.exe
        8⤵
        
        PID:5384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31934.exe
        9⤵
        
        PID:7776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45987.exe
        10⤵
        
        PID:10552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7776 -s 216
        10⤵
        
        PID:12180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5384 -s 216
        9⤵
        
        PID:9344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3116 -s 216
        8⤵
        
        PID:6492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1820 -s 220
        7⤵
        
        PID:4536
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2504 -s 236
        6⤵
        Program crash
        
        PID:3196
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 936 -s 240
        5⤵
        Program crash
        
        PID:2284
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2580 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:588
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 864 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2908
- C:\Users\Admin\AppData\Local\Temp\Unicorn-54901.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-54901.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1804
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46261.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46261.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4434.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4434.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20818.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27123.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16599.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57714.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50698.exe
        9⤵
        
        PID:2388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44523.exe
        10⤵
        
        PID:2156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18348.exe
        11⤵
        
        PID:3736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45670.exe
        12⤵
        
        PID:5888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44269.exe
        13⤵
        
        PID:8448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57227.exe
        14⤵
        
        PID:11948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8448 -s 216
        14⤵
        
        PID:12368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5888 -s 216
        13⤵
        
        PID:9544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3736 -s 216
        12⤵
        
        PID:6676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2156 -s 236
        11⤵
        
        PID:5308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55851.exe
        10⤵
        
        PID:3884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25058.exe
        11⤵
        
        PID:5948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59235.exe
        12⤵
        
        PID:8492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28639.exe
        13⤵
        
        PID:11976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8492 -s 236
        13⤵
        
        PID:12392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5948 -s 216
        12⤵
        
        PID:9616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3884 -s 216
        11⤵
        
        PID:7052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2388 -s 240
        10⤵
        
        PID:5408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55384.exe
        9⤵
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36822.exe
        10⤵
        
        PID:3948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12805.exe
        11⤵
        
        PID:6012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22287.exe
        12⤵
        
        PID:8600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59749.exe
        13⤵
        
        PID:12072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8600 -s 216
        13⤵
        
        PID:12436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6012 -s 216
        12⤵
        
        PID:9600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3948 -s 216
        11⤵
        
        PID:6868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2800 -s 236
        10⤵
        
        PID:5464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2008 -s 240
        9⤵
        Program crash
        
        PID:3564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26748.exe
        8⤵
        
        PID:996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40439.exe
        9⤵
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53158.exe
        10⤵
        
        PID:3716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53838.exe
        11⤵
        
        PID:5828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19765.exe
        12⤵
        
        PID:8364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30201.exe
        13⤵
        
        PID:11904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8364 -s 216
        13⤵
        
        PID:12352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 236
        12⤵
        
        PID:9520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3716 -s 216
        11⤵
        
        PID:6068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2556 -s 216
        10⤵
        
        PID:5200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25124.exe
        9⤵
        
        PID:3812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41586.exe
        10⤵
        
        PID:5916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65265.exe
        11⤵
        
        PID:8564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10740.exe
        12⤵
        
        PID:12016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8564 -s 216
        12⤵
        
        PID:12412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5916 -s 216
        11⤵
        
        PID:9644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3812 -s 216
        10⤵
        
        PID:6836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 996 -s 240
        9⤵
        
        PID:5328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1552 -s 240
        8⤵
        Program crash
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33764.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20657.exe
        8⤵
        
        PID:2112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1352.exe
        9⤵
        
        PID:3120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53158.exe
        10⤵
        
        PID:3712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14943.exe
        11⤵
        
        PID:5856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22287.exe
        12⤵
        
        PID:8608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6656.exe
        13⤵
        
        PID:12044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8608 -s 216
        13⤵
        
        PID:12420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5856 -s 216
        12⤵
        
        PID:9584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3712 -s 216
        11⤵
        
        PID:6596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3120 -s 216
        10⤵
        
        PID:5260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2112 -s 236
        9⤵
        Program crash
        
        PID:4120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12213.exe
        8⤵
        
        PID:3164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34684.exe
        9⤵
        
        PID:3744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2499.exe
        10⤵
        
        PID:5208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13926.exe
        11⤵
        
        PID:8912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6464.exe
        12⤵
        
        PID:12240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8912 -s 216
        12⤵
        
        PID:12576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5208 -s 216
        11⤵
        
        PID:9768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3744 -s 216
        10⤵
        
        PID:7248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3164 -s 236
        9⤵
        
        PID:5632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2320 -s 240
        8⤵
        Program crash
        
        PID:3076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1544 -s 240
        7⤵
        Program crash
        
        PID:792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23375.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45462.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45929.exe
        8⤵
        
        PID:3044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53267.exe
        9⤵
        
        PID:3312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51020.exe
        10⤵
        
        PID:3216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27196.exe
        11⤵
        
        PID:6088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34347.exe
        12⤵
        
        PID:8784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57611.exe
        13⤵
        
        PID:12196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8784 -s 216
        13⤵
        
        PID:12516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6088 -s 216
        12⤵
        
        PID:9700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3216 -s 216
        11⤵
        
        PID:7160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3312 -s 216
        10⤵
        
        PID:5540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18902.exe
        9⤵
        
        PID:3436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62006.exe
        10⤵
        
        PID:6060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36485.exe
        11⤵
        
        PID:8636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20855.exe
        12⤵
        
        PID:12120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8636 -s 216
        12⤵
        
        PID:12444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6060 -s 216
        11⤵
        
        PID:9592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3436 -s 216
        10⤵
        
        PID:7152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3044 -s 240
        9⤵
        
        PID:5528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29317.exe
        8⤵
        
        PID:3340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61902.exe
        9⤵
        
        PID:3836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18836.exe
        10⤵
        
        PID:6116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11980.exe
        11⤵
        
        PID:8744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57611.exe
        12⤵
        
        PID:12188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8744 -s 216
        12⤵
        
        PID:12508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6116 -s 216
        11⤵
        
        PID:9652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3836 -s 216
        10⤵
        
        PID:6864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3340 -s 236
        9⤵
        
        PID:5592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 904 -s 240
        8⤵
        Program crash
        
        PID:3480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17895.exe
        7⤵
        
        PID:2560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20403.exe
        8⤵
        
        PID:3456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23008.exe
        9⤵
        
        PID:3924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45478.exe
        10⤵
        
        PID:5156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24233.exe
        11⤵
        
        PID:8708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-434.exe
        12⤵
        
        PID:12156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8708 -s 216
        12⤵
        
        PID:12552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5156 -s 216
        11⤵
        
        PID:9636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3924 -s 216
        10⤵
        
        PID:7228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3456 -s 236
        9⤵
        
        PID:5616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33868.exe
        8⤵
        
        PID:3956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49562.exe
        9⤵
        
        PID:6136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22095.exe
        10⤵
        
        PID:8856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41275.exe
        11⤵
        
        PID:12212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8856 -s 216
        11⤵
        
        PID:12568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6136 -s 216
        10⤵
        
        PID:9744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3956 -s 216
        9⤵
        
        PID:6916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2560 -s 240
        8⤵
        
        PID:5580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2716 -s 240
        7⤵
        Program crash
        
        PID:2544
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2424 -s 240
        6⤵
        Program crash
        
        PID:536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37983.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43241.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14735.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34086.exe
        8⤵
        
        PID:3536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14839.exe
        9⤵
        
        PID:3092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40173.exe
        9⤵
        
        PID:4524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42328.exe
        10⤵
        
        PID:6152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54160.exe
        11⤵
        
        PID:9320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38338.exe
        12⤵
        
        PID:13160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9320 -s 216
        12⤵
        
        PID:6860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6152 -s 216
        11⤵
        
        PID:10836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4524 -s 216
        10⤵
        
        PID:7580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3536 -s 240
        9⤵
        
        PID:5232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2316 -s 216
        8⤵
        Program crash
        
        PID:4020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62628.exe
        7⤵
        
        PID:1160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29832.exe
        8⤵
        
        PID:3848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42333.exe
        9⤵
        
        PID:4520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32297.exe
        10⤵
        
        PID:7384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55073.exe
        11⤵
        
        PID:10052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45087.exe
        12⤵
        
        PID:12544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10052 -s 216
        12⤵
        
        PID:8028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7384 -s 216
        11⤵
        
        PID:11640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4520 -s 216
        10⤵
        
        PID:8696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3848 -s 216
        9⤵
        
        PID:6252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1160 -s 236
        8⤵
        
        PID:4588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2668 -s 240
        7⤵
        Program crash
        
        PID:2900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25596.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41845.exe
        7⤵
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32655.exe
        8⤵
        
        PID:3384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32546.exe
        9⤵
        
        PID:3968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5467.exe
        10⤵
        
        PID:5492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39391.exe
        11⤵
        
        PID:8416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8416 -s 220
        12⤵
        
        PID:12028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5492 -s 216
        11⤵
        
        PID:5428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3968 -s 216
        10⤵
        
        PID:7756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3384 -s 236
        9⤵
        
        PID:5316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4512.exe
        8⤵
        
        PID:4076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-553.exe
        9⤵
        
        PID:6028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26179.exe
        10⤵
        
        PID:8828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7066.exe
        11⤵
        
        PID:12276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8828 -s 216
        11⤵
        
        PID:13032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6028 -s 216
        10⤵
        
        PID:9708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4076 -s 216
        9⤵
        
        PID:6920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8705.exe
        7⤵
        
        PID:3412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51020.exe
        8⤵
        
        PID:3224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12805.exe
        9⤵
        
        PID:5988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63765.exe
        10⤵
        
        PID:8944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37814.exe
        11⤵
        
        PID:11776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8944 -s 216
        11⤵
        
        PID:13084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5988 -s 216
        10⤵
        
        PID:9868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3224 -s 216
        9⤵
        
        PID:6564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3412 -s 236
        8⤵
        
        PID:5448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1492 -s 240
        7⤵
        Program crash
        
        PID:3488
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2472 -s 240
        6⤵
        Program crash
        
        PID:1252
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2184 -s 240
        5⤵
        Program crash
        
        PID:2264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23510.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23510.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42089.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53355.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55576.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29401.exe
        8⤵
        
        PID:752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52966.exe
        9⤵
        
        PID:3516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38441.exe
        10⤵
        
        PID:4492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25473.exe
        11⤵
        
        PID:7952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64824.exe
        12⤵
        
        PID:11240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47500.exe
        13⤵
        
        PID:5844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11240 -s 216
        13⤵
        
        PID:6364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7952 -s 216
        12⤵
        
        PID:11656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4492 -s 216
        11⤵
        
        PID:8536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3516 -s 216
        10⤵
        
        PID:6500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 752 -s 236
        9⤵
        
        PID:4900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51575.exe
        8⤵
        
        PID:3612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61601.exe
        9⤵
        
        PID:4360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36106.exe
        10⤵
        
        PID:6776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6246.exe
        11⤵
        
        PID:10040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50123.exe
        12⤵
        
        PID:12688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10040 -s 216
        12⤵
        
        PID:13172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6776 -s 216
        11⤵
        
        PID:10308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4360 -s 216
        10⤵
        
        PID:7904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3612 -s 216
        9⤵
        
        PID:5956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1988 -s 240
        8⤵
        Program crash
        
        PID:3928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5259.exe
        7⤵
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29832.exe
        8⤵
        
        PID:3840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5659.exe
        9⤵
        
        PID:4784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45940.exe
        10⤵
        
        PID:7676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15068.exe
        11⤵
        
        PID:11252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7676 -s 216
        11⤵
        
        PID:11368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4784 -s 216
        10⤵
        
        PID:8752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3840 -s 216
        9⤵
        
        PID:6892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2036 -s 216
        8⤵
        
        PID:4844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2700 -s 240
        7⤵
        Program crash
        
        PID:2864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-900.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35623.exe
        7⤵
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26084.exe
        8⤵
        
        PID:4056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45753.exe
        9⤵
        
        PID:5976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4964.exe
        10⤵
        
        PID:8728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53766.exe
        11⤵
        
        PID:4304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8728 -s 216
        11⤵
        
        PID:13024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5976 -s 236
        10⤵
        
        PID:9676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4056 -s 216
        9⤵
        
        PID:7936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2224 -s 216
        8⤵
        
        PID:5348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51575.exe
        7⤵
        
        PID:3620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29505.exe
        8⤵
        
        PID:4232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52333.exe
        9⤵
        
        PID:7068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64165.exe
        10⤵
        
        PID:10624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23899.exe
        11⤵
        
        PID:12468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10624 -s 216
        11⤵
        
        PID:6360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7068 -s 216
        10⤵
        
        PID:11056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4232 -s 216
        9⤵
        
        PID:8344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3620 -s 236
        8⤵
        
        PID:6172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 908 -s 220
        7⤵
        Program crash
        
        PID:4132
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3036 -s 220
        6⤵
        Program crash
        
        PID:3052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51964.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8321.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64403.exe
        7⤵
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1435.exe
        8⤵
        
        PID:3596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51596.exe
        9⤵
        
        PID:3820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38763.exe
        10⤵
        
        PID:5476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63127.exe
        11⤵
        
        PID:8672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20855.exe
        12⤵
        
        PID:12112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8672 -s 216
        12⤵
        
        PID:12452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5476 -s 216
        11⤵
        
        PID:9608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3820 -s 216
        10⤵
        
        PID:7476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3596 -s 236
        9⤵
        
        PID:5748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58373.exe
        8⤵
        
        PID:3912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12312.exe
        9⤵
        
        PID:5372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51451.exe
        10⤵
        
        PID:8980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61695.exe
        11⤵
        
        PID:11528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8980 -s 220
        11⤵
        
        PID:12616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5372 -s 216
        10⤵
        
        PID:9832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3912 -s 216
        9⤵
        
        PID:7464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2536 -s 240
        8⤵
        
        PID:5736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8020.exe
        7⤵
        
        PID:3632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23475.exe
        8⤵
        
        PID:5064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44741.exe
        9⤵
        
        PID:6428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64741.exe
        10⤵
        
        PID:10716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44895.exe
        11⤵
        
        PID:12636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10716 -s 216
        11⤵
        
        PID:7416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6428 -s 216
        10⤵
        
        PID:11184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5064 -s 236
        9⤵
        
        PID:8392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3632 -s 236
        8⤵
        
        PID:5196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 860 -s 240
        7⤵
        Program crash
        
        PID:3404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1367.exe
        6⤵
        
        PID:1320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52390.exe
        7⤵
        
        PID:3888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17829.exe
        8⤵
        
        PID:4820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15166.exe
        9⤵
        
        PID:8064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44788.exe
        10⤵
        
        PID:10448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52819.exe
        11⤵
        
        PID:7460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8064 -s 216
        10⤵
        
        PID:11720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4820 -s 216
        9⤵
        
        PID:8668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3888 -s 216
        8⤵
        
        PID:6532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1320 -s 236
        7⤵
        
        PID:5108
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2692 -s 240
        6⤵
        Program crash
        
        PID:2804
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1720 -s 240
        5⤵
        Program crash
        
        PID:1392
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2776 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1688
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50106.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50106.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59712.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59712.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23039.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18545.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20766.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35623.exe
        8⤵
        
        PID:984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46505.exe
        9⤵
        
        PID:3780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37585.exe
        10⤵
        
        PID:5296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31223.exe
        11⤵
        
        PID:9160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49827.exe
        12⤵
        
        PID:11968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9160 -s 216
        12⤵
        
        PID:12844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5296 -s 216
        11⤵
        
        PID:10108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3780 -s 236
        10⤵
        
        PID:7748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 984 -s 236
        9⤵
        
        PID:5324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41268.exe
        8⤵
        
        PID:3420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47019.exe
        9⤵
        
        PID:4452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54772.exe
        10⤵
        
        PID:7056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45416.exe
        11⤵
        
        PID:10008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15011.exe
        12⤵
        
        PID:12992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10008 -s 216
        12⤵
        
        PID:8120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7056 -s 216
        11⤵
        
        PID:10792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4452 -s 236
        10⤵
        
        PID:8072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3420 -s 216
        9⤵
        
        PID:6128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3040 -s 220
        8⤵
        Program crash
        
        PID:3992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3313.exe
        7⤵
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15441.exe
        8⤵
        
        PID:3244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55052.exe
        9⤵
        
        PID:5428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46132.exe
        10⤵
        
        PID:7848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52017.exe
        11⤵
        
        PID:11124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7848 -s 216
        11⤵
        
        PID:11456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3244 -s 216
        9⤵
        
        PID:6168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1972 -s 236
        8⤵
        
        PID:4888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2708 -s 240
        7⤵
        Program crash
        
        PID:1584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62353.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41653.exe
        7⤵
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1243.exe
        8⤵
        
        PID:4004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44554.exe
        9⤵
        
        PID:4812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37772.exe
        10⤵
        
        PID:7724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61555.exe
        11⤵
        
        PID:11196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7724 -s 216
        11⤵
        
        PID:11328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4812 -s 216
        10⤵
        
        PID:8820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4004 -s 216
        9⤵
        
        PID:6880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2984 -s 236
        8⤵
        
        PID:4836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3744.exe
        7⤵
        
        PID:4064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24845.exe
        8⤵
        
        PID:4212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21716.exe
        9⤵
        
        PID:6732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25790.exe
        10⤵
        
        PID:9988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15312.exe
        11⤵
        
        PID:12720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9988 -s 216
        11⤵
        
        PID:13176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6732 -s 216
        10⤵
        
        PID:10244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4212 -s 216
        9⤵
        
        PID:7880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4064 -s 216
        8⤵
        
        PID:5872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2884 -s 220
        7⤵
        Program crash
        
        PID:3676
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3060 -s 240
        6⤵
        Program crash
        
        PID:1044
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 768 -s 236
        5⤵
        Program crash
        
        PID:1152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34475.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34475.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:344
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 344 -s 220
        5⤵
        Program crash
        
        PID:1908
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1220 -s 240
      4⤵
      Program crash
      PID:2116
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1804 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:1032
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2104 -s 240
  2⤵
  - Program crash
  PID:2624

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-28270.exe

Filesize
184KB

MD5
805d96d4acb36558e5f838d69eb12330

SHA1
f79236b368a79ab759d4bf12391fd3cd79b2cc9e

SHA256
d6a1528eeeb32e9cb377c3a9dc8dbea07c7b37ede685ddd39ca1e7cd78b26380

SHA512
620bacd160dd36879c2e84322008516bdcc4eb3aad838c7558cc2fd86a74c5e91d0b177ea58a52631e43f8c531a93fd71f8ab81a1ebe2dfce39696e7a6b59534

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40173.exe

Filesize
184KB

MD5
10efe788290d99cdf3b246775c1a8876

SHA1
2fc026e830a848333b9999d416b2dc4624478ad3

SHA256
0a603f5a65577ba52600b188ad99dd4028484bc9a503c9d6a6881f1305eb39d6

SHA512
bad9a2c2382a249069252e3352edb35506eb3bd45e8197212f7a022456c882f37706289e4f56ec14ec35527ff77c2896ec5f27f17faf87de53114c7899e77d88

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40261.exe

Filesize
184KB

MD5
8ba76c25dca5b3cbec229c7b9fd6f095

SHA1
6ada5f96da6b395a532621247f73ad60648c5009

SHA256
b5e673940713f23c3fde754640df3abfe8c8de39d37c4a2206e34496cd20ad01

SHA512
1387d3228bc8d8811723b6ad80f8c711731c68a5cee6c525f9ba5ec74ca3f7133d49425613c48aed185b0445b2134909bb6ec3565dee813b6c4b9b2caae440d2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40697.exe

Filesize
184KB

MD5
cff2444d829e3bda4f8d018671b7aaf8

SHA1
bac6e552b652586dff2b8d9a9b54da1e1200fa24

SHA256
6bedc3024617d758c4f162bee436aaff9d0db3860f179c95808d419f14b6d2ad

SHA512
e393ec3a70dc1b8052d3d4c56664b489bc6e99d400b5e6839f346e5be55684da2c787aa1d2b30b09e1133ab9d8eb9928da2ffeb3e4cb749d1ae33c857ca67b0d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41586.exe

Filesize
184KB

MD5
b38581a9fa9237564b610704b621e060

SHA1
041bf3248f067dd4749b20cbdc7e346658c587af

SHA256
5d3f0e4d38bda6ed81bbd4dda6f35e53e710b53d9648c7e37c1144e08218960e

SHA512
45de22e76b26abf40ff4ebdcbbb1b960c8a8687dcaf2e3a4d922207f71df42d6746bff4bd421e20232f65d4188873cbcc19289b2fdfb45ee7188709ba94d9d48

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6339.exe

Filesize
184KB

MD5
d6636b81b7f071877c27a8b5f758bcba

SHA1
66cc42f3d280543439b5e4498a481d072b55c9b2

SHA256
35038ba721683c221131333a16e92e3dcb15b02ab491fc4fa8e09d2910fe9702

SHA512
d30720eb9d57063b8e777311bd6623487650259093fc8d1110e10bbf8297db56061f46ba56bd2c8e9504ecda27301b3a2c9d4fa8cd3becdafbe39ceff7096b0d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64304.exe

Filesize
184KB

MD5
11288a4b98e706210afc55a7e20a21de

SHA1
1065566ac811b1079deb7378aab2ed3763f8253e

SHA256
d04aefa45530f724c79867e3bf63c787494196ca943d03fa714daeb7e184b2e7

SHA512
43ca6cb9ece8db3201ee04e151924bc1cc7ca543eac9f51c9cabf54ec2cee3bb414e8307db08d0be0096fa96513c0039ac2ffcc46dc8f0de12d8aa75d7cc21bc

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-18227.exe

Filesize
184KB

MD5
f2e57a76a2f7567345c118ae28127769

SHA1
35392e01f6c82798aa6458d362315cabc6e7d0a6

SHA256
681c9d9667f3ec4c07ef5146cc4f7d82b4623ea453d616b7819f34d8bd9c9fd5

SHA512
11fbbf3047b26f3cbf39597b665d4d61809a1055e88a3ebfbc7d11fb8d47d159cff937b461732c539220624c44f00e214e90eed926a99527a8a5a504937fd212

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-20818.exe

Filesize
184KB

MD5
1675354afe2780cd6269cd662a7303bd

SHA1
96d80d54cf821ff55edd980a6d674c9c721d92a4

SHA256
da7abad19c20981f01212425647a9b27c363f2dc04282ed0ba13b396c49a6be0

SHA512
7e3291d3fd1debbc39f6066a419465978054f48b103fd6bb52dbcda342d3381692b1e1a28e240a3cbbcd62db4b8eab269ca4bb150348f461568144dfb5710c1a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-23510.exe

Filesize
184KB

MD5
986e55dc85ef30ac011c64b2cd69824b

SHA1
5649f140b81d3c79d5a0f1ad25088e03136ac875

SHA256
486a22fc22e98ad9d2818d807fe6330cf03e1a8150918e4d521bf3c869676ca2

SHA512
9622dffb1706e242a1493f11e4290a9916c0d2117c3d3837f66127f9a9f2965feed970da2f47d5487ec8a9973fe64408b12bcfa24f1ff561fb8510a3d72746d8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3116.exe

Filesize
184KB

MD5
40b3d5f5869297be6c065d16259f42a8

SHA1
9c78eb25b5ac013667f5cebda1c38007bbfcfa47

SHA256
98a8f43f096e6eef29149b85410831473c047bedacc16e7736438105a17e88dd

SHA512
594bed32e0c26eb762f7a342a1aa6436b42978405f6f22b5beffafad08cd044b7efca9d688be15eef65d058e4b33437b1c93563fe8dff2d4d27ac63149c3f228

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-4434.exe

Filesize
184KB

MD5
c17692203d4a250c3b28cd3d12daae82

SHA1
01bee061f70b7945d20bddefe90f8ebd40318112

SHA256
6ed754dda86a2a62219892e92965525b03b9879efe1e2002fe8a52e580038424

SHA512
3d00f048536a48bccf30444988932f482a01a5de7c64fa573dcd7e4a3df11f2080b75983cc36087bf9979a59d52016673cebda26af145b6e952e06987d8c7ebe

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-46261.exe

Filesize
184KB

MD5
bf7fe0f149cca0089e8835b23eb83fc9

SHA1
dfaa964a907e0298698ca50ab41636f97ca4ad8d

SHA256
c43fccbad929496997899efeb9c981e72925c9035871d870a4ca9b42fa0877cb

SHA512
f71f21b8c529493c5e9130a162b9cda0caa64b8585d54ab0017ae0010b1bd4cb0678d65891fb8aed769586665215f5385f45fd51b5fb9b6973cc3cd6ab6dc620

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-50106.exe

Filesize
184KB

MD5
fcaa7cc2ca91aca943f2d707e7e2ddd4

SHA1
1fc101edd9db9c139d568685e4ad372ae2aa2c4b

SHA256
d65237617cc1c1e0c719df800ef4c69d64e4d7fed6a02b223863bfaa7126ad9b

SHA512
3d31e1cbfe1c287526932f7a1b7521e65bbfc80e7ef0fd3ea215afa92fafa6255c0d84502752f0b073d75ac5d66f731bc966e1f08bc6cb9c706cd60c434147fb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-53443.exe

Filesize
184KB

MD5
14d4ddeac41973befa119b344932849a

SHA1
7275146c35fd60a9194bccb1eb804c5326bdb729

SHA256
d3c6771b7a106770b42b2d8e96b9aa5aa6052a19d24eff9494f9b76ff7b48f57

SHA512
708c1efc515469aa1859a9dae4e402616c680721d2e0d3e663e7cf0d9dc7154c01b90f3c3f002785e5268dc6177838618ceedd1dd68f0f3366d29c4096e8d095

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-54901.exe

Filesize
184KB

MD5
6563911ab202a66590038d91a0388224

SHA1
9c95cc07d7734fac3c5bddd2659ed6d68e6157a1

SHA256
bcc8a7cc28aa54570adf28480a8c8bb8d0c684a168608ed87d4c960abe3aed4b

SHA512
2a651ace9c4720a256b7489ed1bbd484463354b6bfc2d91963b0e72c9b85196d6257f78a5d297beba50e48f6eb03f0c7a20b0f069425b71d361bf19e4fb70919

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-57527.exe

Filesize
184KB

MD5
f20e840d54ad4714b74f00eea57df86a

SHA1
f8e69e608ea3ce38ea9acba113280ef6722fa381

SHA256
40c860c0b3c1bec4340c045a4e21f0e4c6f55bcc1e3da6a21339a908513e09d2

SHA512
1cec5e6953ea33b778e2e7297ff11f43f460d18ad8a9120de73dd05ac84327fad5afe4f357da2d7789b3654698ae5920d078790ed0c7d05abf26af49337a66de

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-59712.exe

Filesize
184KB

MD5
1ba232c314cb152198844461ef8db2b8

SHA1
944839add001b363f5c84ddcb83f7a6d3570e984

SHA256
9a9ee6331d2637ec183bebe8fab48cd4b5a7085d7dbb98a949dfbc90995604d7

SHA512
f667ec3b4451ab2b21dadca6966f97b349f4bf2e88650b0288a95a2bc55571136389f35af5d744ddcc533be37cd143cc8f09debb99ffdabb9fae7c6da2ed3809

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-7366.exe

Filesize
184KB

MD5
c94e40710ab255b4e749392f79f96ffb

SHA1
b01a7f4375d763c369d6343ad792a5a0e4a954ea

SHA256
208e5be33ba303812033a860f5774c188904a43d1cc760dbda7a935f91060c63

SHA512
14b0cc684b85011d8df2ff92d1ff80e525c4728c8099e7ce96483b443980bd003df5a0b0bbe95fea22ceb0f7fd06f317c165151d96d7137f500448c0fdcd0826

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9229.exe

Filesize
184KB

MD5
6fdfc17413b735d888b6961a362d41d5

SHA1
3c3509840b97c0e351bdb9f33c362f1a156c368b

SHA256
ad4c87ddf0dc74050097b8d61fe8bd6e1c8e1a2a38605d8b9904d94c357f3c47

SHA512
c7d35dd632ad48b8ee5d759489758d6f3bd291c40b700a4f83fbc7f4e8fc3d5d4b741914f119a648fecb4fb2d3f0e5e617eebcc147ff8ef479c9d4bf78a384dc

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads