a9c96517a71a19ec79216da19d204ce1602d7d8c369380be3b724fa0f7588bb9

Analysis

max time kernel
149s
max time network
121s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
27/05/2024, 04:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1ff66a88f07181bdd69d2499607a6010_NeikiAnalytics.exe
Size

184KB
MD5

1ff66a88f07181bdd69d2499607a6010
SHA1

03d3bf645d625bf32a02343eed348ea5b75a4cb5
SHA256

a9c96517a71a19ec79216da19d204ce1602d7d8c369380be3b724fa0f7588bb9
SHA512

1040f946fab0a78fefb209290a7793c7a9b821072967d4b399ff18051f1e4a88f39e9f7fc48f40777e19d97ddc6132397d007bb1d3658dfa938b6988b5264271
SSDEEP

3072:zKl338o4j4FrdFbWeBIIbnVrhlnViFFn3:zK6o/RFbUILVrhlnViFF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2860	Unicorn-51968.exe
2972	Unicorn-5201.exe
2520	Unicorn-50873.exe
2676	Unicorn-18087.exe
2436	Unicorn-18087.exe
2648	Unicorn-63758.exe
2840	Unicorn-45025.exe
1804	Unicorn-61361.exe
1436	Unicorn-48040.exe
2400	Unicorn-28174.exe
2712	Unicorn-26546.exe
628	Unicorn-18378.exe
1976	Unicorn-64049.exe
2024	Unicorn-23016.exe
2076	Unicorn-34714.exe
2012	Unicorn-39352.exe
1060	Unicorn-51050.exe
1788	Unicorn-13686.exe
1164	Unicorn-46359.exe
1700	Unicorn-62695.exe
2312	Unicorn-34661.exe
1604	Unicorn-54527.exe
1104	Unicorn-13494.exe
2496	Unicorn-50998.exe
312	Unicorn-5326.exe
704	Unicorn-10733.exe
2224	Unicorn-2565.exe
2208	Unicorn-22431.exe
2072	Unicorn-48985.exe
2728	Unicorn-53624.exe
2272	Unicorn-32457.exe
2660	Unicorn-64807.exe
2636	Unicorn-19136.exe
2596	Unicorn-57215.exe
2628	Unicorn-19520.exe
2704	Unicorn-19520.exe
2144	Unicorn-19520.exe
2632	Unicorn-44880.exe
1264	Unicorn-44880.exe
2836	Unicorn-51424.exe
2020	Unicorn-40049.exe
1536	Unicorn-6862.exe
1532	Unicorn-40049.exe
1300	Unicorn-42218.exe
2928	Unicorn-46857.exe
2880	Unicorn-1185.exe
672	Unicorn-42794.exe
3056	Unicorn-1761.exe
1868	Unicorn-63769.exe
2156	Unicorn-18098.exe
2876	Unicorn-55601.exe
352	Unicorn-34434.exe
1364	Unicorn-62809.exe
2080	Unicorn-9353.exe
1624	Unicorn-33858.exe
2252	Unicorn-5824.exe
1708	Unicorn-993.exe
2256	Unicorn-58362.exe
1668	Unicorn-9161.exe
2140	Unicorn-54833.exe
2556	Unicorn-61932.exe
2680	Unicorn-25498.exe
2408	Unicorn-50002.exe
2564	Unicorn-41834.exe

Loads dropped DLL 64 IoCs

pid	Process
2268	1ff66a88f07181bdd69d2499607a6010_NeikiAnalytics.exe
2268	1ff66a88f07181bdd69d2499607a6010_NeikiAnalytics.exe
2860	Unicorn-51968.exe
2860	Unicorn-51968.exe
2268	1ff66a88f07181bdd69d2499607a6010_NeikiAnalytics.exe
2268	1ff66a88f07181bdd69d2499607a6010_NeikiAnalytics.exe
2860	Unicorn-51968.exe
2520	Unicorn-50873.exe
2972	Unicorn-5201.exe
2860	Unicorn-51968.exe
2520	Unicorn-50873.exe
2972	Unicorn-5201.exe
1740	WerFault.exe
1740	WerFault.exe
1740	WerFault.exe
1740	WerFault.exe
1740	WerFault.exe
2648	Unicorn-63758.exe
2648	Unicorn-63758.exe
2676	Unicorn-18087.exe
2676	Unicorn-18087.exe
2436	Unicorn-18087.exe
2436	Unicorn-18087.exe
2520	Unicorn-50873.exe
2520	Unicorn-50873.exe
1816	WerFault.exe
1816	WerFault.exe
1816	WerFault.exe
1816	WerFault.exe
2128	WerFault.exe
2128	WerFault.exe
2128	WerFault.exe
2128	WerFault.exe
1816	WerFault.exe
2128	WerFault.exe
1804	Unicorn-61361.exe
2676	Unicorn-18087.exe
1804	Unicorn-61361.exe
2676	Unicorn-18087.exe
2840	Unicorn-45025.exe
2840	Unicorn-45025.exe
2648	Unicorn-63758.exe
2648	Unicorn-63758.exe
1436	Unicorn-48040.exe
1436	Unicorn-48040.exe
2436	Unicorn-18087.exe
2436	Unicorn-18087.exe
2400	Unicorn-28174.exe
2400	Unicorn-28174.exe
1172	WerFault.exe
1172	WerFault.exe
1172	WerFault.exe
1172	WerFault.exe
1172	WerFault.exe
636	WerFault.exe
636	WerFault.exe
636	WerFault.exe
636	WerFault.exe
636	WerFault.exe
1496	WerFault.exe
1496	WerFault.exe
1496	WerFault.exe
1496	WerFault.exe
1496	WerFault.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2540	2268	WerFault.exe	27
1740	2860	WerFault.exe	28
2128	2972	WerFault.exe	29
1816	2520	WerFault.exe	30
1172	2648	WerFault.exe	32
636	2676	WerFault.exe	33
1496	2436	WerFault.exe	34
2044	1804	WerFault.exe	37
2372	2840	WerFault.exe	36
2116	1436	WerFault.exe	38
1716	2400	WerFault.exe	39
2816	2312	WerFault.exe	55
2092	1976	WerFault.exe	43
376	2024	WerFault.exe	45
1284	628	WerFault.exe	44
1984	2012	WerFault.exe	47
1340	2712	WerFault.exe	42
1404	2076	WerFault.exe	46
2348	1060	WerFault.exe	48
2304	1788	WerFault.exe	52
1588	1164	WerFault.exe	53
2696	1700	WerFault.exe	54
2904	312	WerFault.exe	59
2708	1604	WerFault.exe	56
2668	704	WerFault.exe	60
3068	2224	WerFault.exe	62
300	2208	WerFault.exe	61
1492	2496	WerFault.exe	58
3060	2072	WerFault.exe	67
2552	2728	WerFault.exe	68
2820	2660	WerFault.exe	70
1992	2272	WerFault.exe	69
1548	2636	WerFault.exe	71
2900	2596	WerFault.exe	72
2724	2144	WerFault.exe	75
1692	2632	WerFault.exe	76
2428	1536	WerFault.exe	82
1648	2836	WerFault.exe	79
2672	2628	WerFault.exe	74
1516	2020	WerFault.exe	80
2008	1264	WerFault.exe	77
1384	1532	WerFault.exe	81
3116	2704	WerFault.exe	73
3976	1868	WerFault.exe	95
3932	3056	WerFault.exe	94
3996	1364	WerFault.exe	99
3220	1624	WerFault.exe	101
3212	2252	WerFault.exe	102
3256	1708	WerFault.exe	103
3316	2256	WerFault.exe	104
3480	2564	WerFault.exe	109
4040	2928	WerFault.exe	90
3368	2680	WerFault.exe	108
3484	1300	WerFault.exe	88
3652	2080	WerFault.exe	100
3700	1704	WerFault.exe	111
3708	2444	WerFault.exe	112
3748	2408	WerFault.exe	110
3800	1668	WerFault.exe	105
3844	2796	WerFault.exe	116
3928	2556	WerFault.exe	107
4684	2156	WerFault.exe	96
4700	672	WerFault.exe	93
4800	2876	WerFault.exe	97

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2268	1ff66a88f07181bdd69d2499607a6010_NeikiAnalytics.exe
2860	Unicorn-51968.exe
2972	Unicorn-5201.exe
2520	Unicorn-50873.exe
2436	Unicorn-18087.exe
2676	Unicorn-18087.exe
2648	Unicorn-63758.exe
2840	Unicorn-45025.exe
1804	Unicorn-61361.exe
1436	Unicorn-48040.exe
2400	Unicorn-28174.exe
2712	Unicorn-26546.exe
1976	Unicorn-64049.exe
2024	Unicorn-23016.exe
628	Unicorn-18378.exe
2076	Unicorn-34714.exe
2012	Unicorn-39352.exe
1060	Unicorn-51050.exe
1788	Unicorn-13686.exe
1164	Unicorn-46359.exe
1700	Unicorn-62695.exe
1104	Unicorn-13494.exe
2312	Unicorn-34661.exe
1604	Unicorn-54527.exe
312	Unicorn-5326.exe
2496	Unicorn-50998.exe
704	Unicorn-10733.exe
2224	Unicorn-2565.exe
2208	Unicorn-22431.exe
2072	Unicorn-48985.exe
2728	Unicorn-53624.exe
2636	Unicorn-19136.exe
2272	Unicorn-32457.exe
2660	Unicorn-64807.exe
2596	Unicorn-57215.exe
2144	Unicorn-19520.exe
2704	Unicorn-19520.exe
2628	Unicorn-19520.exe
2632	Unicorn-44880.exe
1264	Unicorn-44880.exe
2836	Unicorn-51424.exe
1536	Unicorn-6862.exe
2020	Unicorn-40049.exe
1532	Unicorn-40049.exe
1300	Unicorn-42218.exe
2928	Unicorn-46857.exe
672	Unicorn-42794.exe
1868	Unicorn-63769.exe
3056	Unicorn-1761.exe
2156	Unicorn-18098.exe
2876	Unicorn-55601.exe
352	Unicorn-34434.exe
1364	Unicorn-62809.exe
2080	Unicorn-9353.exe
1624	Unicorn-33858.exe
2252	Unicorn-5824.exe
1708	Unicorn-993.exe
2256	Unicorn-58362.exe
2140	Unicorn-54833.exe
2556	Unicorn-61932.exe
1668	Unicorn-9161.exe
2564	Unicorn-41834.exe
2680	Unicorn-25498.exe
2408	Unicorn-50002.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2268 wrote to memory of 2860	2268	1ff66a88f07181bdd69d2499607a6010_NeikiAnalytics.exe	28
PID 2268 wrote to memory of 2860	2268	1ff66a88f07181bdd69d2499607a6010_NeikiAnalytics.exe	28
PID 2268 wrote to memory of 2860	2268	1ff66a88f07181bdd69d2499607a6010_NeikiAnalytics.exe	28
PID 2268 wrote to memory of 2860	2268	1ff66a88f07181bdd69d2499607a6010_NeikiAnalytics.exe	28
PID 2860 wrote to memory of 2972	2860	Unicorn-51968.exe	29
PID 2860 wrote to memory of 2972	2860	Unicorn-51968.exe	29
PID 2860 wrote to memory of 2972	2860	Unicorn-51968.exe	29
PID 2860 wrote to memory of 2972	2860	Unicorn-51968.exe	29
PID 2268 wrote to memory of 2520	2268	1ff66a88f07181bdd69d2499607a6010_NeikiAnalytics.exe	30
PID 2268 wrote to memory of 2520	2268	1ff66a88f07181bdd69d2499607a6010_NeikiAnalytics.exe	30
PID 2268 wrote to memory of 2520	2268	1ff66a88f07181bdd69d2499607a6010_NeikiAnalytics.exe	30
PID 2268 wrote to memory of 2520	2268	1ff66a88f07181bdd69d2499607a6010_NeikiAnalytics.exe	30
PID 2268 wrote to memory of 2540	2268	1ff66a88f07181bdd69d2499607a6010_NeikiAnalytics.exe	31
PID 2268 wrote to memory of 2540	2268	1ff66a88f07181bdd69d2499607a6010_NeikiAnalytics.exe	31
PID 2268 wrote to memory of 2540	2268	1ff66a88f07181bdd69d2499607a6010_NeikiAnalytics.exe	31
PID 2268 wrote to memory of 2540	2268	1ff66a88f07181bdd69d2499607a6010_NeikiAnalytics.exe	31
PID 2860 wrote to memory of 2648	2860	Unicorn-51968.exe	32
PID 2860 wrote to memory of 2648	2860	Unicorn-51968.exe	32
PID 2860 wrote to memory of 2648	2860	Unicorn-51968.exe	32
PID 2860 wrote to memory of 2648	2860	Unicorn-51968.exe	32
PID 2520 wrote to memory of 2676	2520	Unicorn-50873.exe	33
PID 2520 wrote to memory of 2676	2520	Unicorn-50873.exe	33
PID 2520 wrote to memory of 2676	2520	Unicorn-50873.exe	33
PID 2520 wrote to memory of 2676	2520	Unicorn-50873.exe	33
PID 2972 wrote to memory of 2436	2972	Unicorn-5201.exe	34
PID 2972 wrote to memory of 2436	2972	Unicorn-5201.exe	34
PID 2972 wrote to memory of 2436	2972	Unicorn-5201.exe	34
PID 2972 wrote to memory of 2436	2972	Unicorn-5201.exe	34
PID 2860 wrote to memory of 1740	2860	Unicorn-51968.exe	35
PID 2860 wrote to memory of 1740	2860	Unicorn-51968.exe	35
PID 2860 wrote to memory of 1740	2860	Unicorn-51968.exe	35
PID 2860 wrote to memory of 1740	2860	Unicorn-51968.exe	35
PID 2648 wrote to memory of 2840	2648	Unicorn-63758.exe	36
PID 2648 wrote to memory of 2840	2648	Unicorn-63758.exe	36
PID 2648 wrote to memory of 2840	2648	Unicorn-63758.exe	36
PID 2648 wrote to memory of 2840	2648	Unicorn-63758.exe	36
PID 2676 wrote to memory of 1804	2676	Unicorn-18087.exe	37
PID 2676 wrote to memory of 1804	2676	Unicorn-18087.exe	37
PID 2676 wrote to memory of 1804	2676	Unicorn-18087.exe	37
PID 2676 wrote to memory of 1804	2676	Unicorn-18087.exe	37
PID 2436 wrote to memory of 1436	2436	Unicorn-18087.exe	38
PID 2436 wrote to memory of 1436	2436	Unicorn-18087.exe	38
PID 2436 wrote to memory of 1436	2436	Unicorn-18087.exe	38
PID 2436 wrote to memory of 1436	2436	Unicorn-18087.exe	38
PID 2520 wrote to memory of 2400	2520	Unicorn-50873.exe	39
PID 2520 wrote to memory of 2400	2520	Unicorn-50873.exe	39
PID 2520 wrote to memory of 2400	2520	Unicorn-50873.exe	39
PID 2520 wrote to memory of 2400	2520	Unicorn-50873.exe	39
PID 2972 wrote to memory of 2128	2972	Unicorn-5201.exe	41
PID 2972 wrote to memory of 2128	2972	Unicorn-5201.exe	41
PID 2972 wrote to memory of 2128	2972	Unicorn-5201.exe	41
PID 2972 wrote to memory of 2128	2972	Unicorn-5201.exe	41
PID 2520 wrote to memory of 1816	2520	Unicorn-50873.exe	40
PID 2520 wrote to memory of 1816	2520	Unicorn-50873.exe	40
PID 2520 wrote to memory of 1816	2520	Unicorn-50873.exe	40
PID 2520 wrote to memory of 1816	2520	Unicorn-50873.exe	40
PID 1804 wrote to memory of 2712	1804	Unicorn-61361.exe	42
PID 1804 wrote to memory of 2712	1804	Unicorn-61361.exe	42
PID 1804 wrote to memory of 2712	1804	Unicorn-61361.exe	42
PID 1804 wrote to memory of 2712	1804	Unicorn-61361.exe	42
PID 2676 wrote to memory of 1976	2676	Unicorn-18087.exe	43
PID 2676 wrote to memory of 1976	2676	Unicorn-18087.exe	43
PID 2676 wrote to memory of 1976	2676	Unicorn-18087.exe	43
PID 2676 wrote to memory of 1976	2676	Unicorn-18087.exe	43

C:\Users\Admin\AppData\Local\Temp\1ff66a88f07181bdd69d2499607a6010_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\1ff66a88f07181bdd69d2499607a6010_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2268
- C:\Users\Admin\AppData\Local\Temp\Unicorn-51968.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-51968.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2860
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5201.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5201.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18087.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18087.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48040.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34714.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5326.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19520.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9353.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43391.exe
        10⤵
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1367.exe
        11⤵
        
        PID:3348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33232.exe
        11⤵
        
        PID:3664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3425.exe
        12⤵
        
        PID:5348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17306.exe
        13⤵
        
        PID:9364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50782.exe
        14⤵
        
        PID:6748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9364 -s 220
        14⤵
        
        PID:13676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5348 -s 236
        13⤵
        
        PID:10284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3664 -s 216
        12⤵
        
        PID:7324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2432 -s 220
        11⤵
        
        PID:4916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8310.exe
        10⤵
        
        PID:3428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59014.exe
        11⤵
        
        PID:4528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3991.exe
        12⤵
        
        PID:6864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6455.exe
        13⤵
        
        PID:11240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10766.exe
        14⤵
        
        PID:12500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11240 -s 236
        14⤵
        
        PID:8836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6864 -s 216
        13⤵
        
        PID:11320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4528 -s 216
        12⤵
        
        PID:8512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3428 -s 236
        11⤵
        
        PID:6960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2080 -s 240
        10⤵
        Program crash
        
        PID:3652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1133.exe
        9⤵
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44512.exe
        10⤵
        
        PID:3548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4333.exe
        11⤵
        
        PID:4352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7468.exe
        12⤵
        
        PID:7440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35016.exe
        13⤵
        
        PID:11388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30049.exe
        14⤵
        
        PID:14224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7440 -s 236
        13⤵
        
        PID:11276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4352 -s 216
        12⤵
        
        PID:9052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3548 -s 236
        11⤵
        
        PID:6432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2644 -s 236
        10⤵
        
        PID:5016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2144 -s 220
        9⤵
        Program crash
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5824.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37719.exe
        9⤵
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60080.exe
        10⤵
        
        PID:4088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58308.exe
        11⤵
        
        PID:4360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24582.exe
        12⤵
        
        PID:6732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32003.exe
        13⤵
        
        PID:11120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23354.exe
        14⤵
        
        PID:8852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11120 -s 220
        14⤵
        
        PID:14148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6732 -s 216
        13⤵
        
        PID:11352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4360 -s 220
        12⤵
        
        PID:8576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4088 -s 236
        11⤵
        
        PID:5356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13746.exe
        10⤵
        
        PID:4440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25486.exe
        11⤵
        
        PID:6684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29325.exe
        12⤵
        
        PID:9404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43828.exe
        13⤵
        
        PID:13124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9404 -s 216
        13⤵
        
        PID:12832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6684 -s 216
        12⤵
        
        PID:11820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4440 -s 216
        11⤵
        
        PID:7504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2036 -s 240
        10⤵
        
        PID:5172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63650.exe
        9⤵
        
        PID:3248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50908.exe
        10⤵
        
        PID:3188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21236.exe
        11⤵
        
        PID:6040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38789.exe
        12⤵
        
        PID:10136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53932.exe
        13⤵
        
        PID:13024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10136 -s 216
        13⤵
        
        PID:8492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6040 -s 216
        12⤵
        
        PID:10968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3188 -s 216
        11⤵
        
        PID:7636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3248 -s 216
        10⤵
        
        PID:5248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2252 -s 240
        9⤵
        Program crash
        
        PID:3212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 312 -s 220
        8⤵
        Program crash
        
        PID:2904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2076 -s 236
        7⤵
        Program crash
        
        PID:1404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10733.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19520.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58362.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62223.exe
        9⤵
        
        PID:1840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26147.exe
        10⤵
        
        PID:3348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26212.exe
        11⤵
        
        PID:3468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21236.exe
        12⤵
        
        PID:6032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38349.exe
        13⤵
        
        PID:9536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53859.exe
        14⤵
        
        PID:12764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9536 -s 216
        14⤵
        
        PID:7736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3468 -s 216
        12⤵
        
        PID:7620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3348 -s 236
        11⤵
        
        PID:5196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5386.exe
        10⤵
        
        PID:3848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49990.exe
        11⤵
        
        PID:6764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63642.exe
        12⤵
        
        PID:10148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57990.exe
        13⤵
        
        PID:12532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10148 -s 220
        13⤵
        
        PID:13740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6764 -s 216
        12⤵
        
        PID:11744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3848 -s 216
        11⤵
        
        PID:7692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30785.exe
        9⤵
        
        PID:3416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33612.exe
        10⤵
        
        PID:4452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63742.exe
        11⤵
        
        PID:7012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40119.exe
        12⤵
        
        PID:10504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46459.exe
        13⤵
        
        PID:12588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10504 -s 216
        13⤵
        
        PID:7284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7012 -s 216
        12⤵
        
        PID:12120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4452 -s 216
        11⤵
        
        PID:8128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3416 -s 236
        10⤵
        
        PID:5640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2256 -s 240
        9⤵
        Program crash
        
        PID:3316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58694.exe
        8⤵
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51995.exe
        9⤵
        
        PID:3804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20286.exe
        10⤵
        
        PID:5052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53275.exe
        11⤵
        
        PID:7156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56829.exe
        12⤵
        
        PID:11444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16691.exe
        13⤵
        
        PID:12748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11444 -s 216
        13⤵
        
        PID:13840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7156 -s 216
        12⤵
        
        PID:12036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5052 -s 216
        11⤵
        
        PID:8684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3804 -s 216
        10⤵
        
        PID:6260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2032 -s 216
        9⤵
        
        PID:4292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2628 -s 240
        8⤵
        Program crash
        
        PID:2672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 704 -s 216
        7⤵
        Program crash
        
        PID:2668
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1436 -s 240
        6⤵
        Program crash
        
        PID:2116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39352.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54527.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62809.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35415.exe
        8⤵
        
        PID:1884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9727.exe
        9⤵
        
        PID:3276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25060.exe
        10⤵
        
        PID:4136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16934.exe
        11⤵
        
        PID:6576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36258.exe
        12⤵
        
        PID:9384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64321.exe
        13⤵
        
        PID:13132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9384 -s 220
        13⤵
        
        PID:13424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6576 -s 216
        12⤵
        
        PID:11680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4136 -s 216
        11⤵
        
        PID:7492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3276 -s 236
        10⤵
        
        PID:5700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38634.exe
        9⤵
        
        PID:4192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57966.exe
        10⤵
        
        PID:6492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36258.exe
        11⤵
        
        PID:9388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34480.exe
        12⤵
        
        PID:12956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9388 -s 216
        12⤵
        
        PID:13996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6492 -s 216
        11⤵
        
        PID:11596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4192 -s 216
        10⤵
        
        PID:7416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1884 -s 240
        9⤵
        
        PID:5676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6198.exe
        8⤵
        
        PID:3308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46357.exe
        9⤵
        
        PID:3216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48397.exe
        10⤵
        
        PID:5860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38349.exe
        11⤵
        
        PID:9528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13039.exe
        12⤵
        
        PID:13108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9528 -s 216
        12⤵
        
        PID:12788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5860 -s 216
        11⤵
        
        PID:10404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3216 -s 216
        10⤵
        
        PID:7532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3308 -s 236
        9⤵
        
        PID:5164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1364 -s 240
        8⤵
        Program crash
        
        PID:3996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1604 -s 216
        7⤵
        Program crash
        
        PID:2708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44880.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33858.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4278.exe
        8⤵
        
        PID:2484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44896.exe
        9⤵
        
        PID:3764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24479.exe
        10⤵
        
        PID:4188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21044.exe
        11⤵
        
        PID:6096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24125.exe
        12⤵
        
        PID:9688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35686.exe
        13⤵
        
        PID:12432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9688 -s 236
        13⤵
        
        PID:12724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6096 -s 216
        12⤵
        
        PID:10600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4188 -s 236
        11⤵
        
        PID:7644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3764 -s 216
        10⤵
        
        PID:5392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2484 -s 216
        9⤵
        
        PID:4216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33006.exe
        8⤵
        
        PID:3868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34380.exe
        9⤵
        
        PID:3576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17318.exe
        10⤵
        
        PID:6720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6548.exe
        11⤵
        
        PID:10048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43330.exe
        12⤵
        
        PID:12460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10048 -s 216
        12⤵
        
        PID:13264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6720 -s 216
        11⤵
        
        PID:11860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3576 -s 216
        10⤵
        
        PID:7488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3868 -s 236
        9⤵
        
        PID:5704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1624 -s 240
        8⤵
        Program crash
        
        PID:3220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41781.exe
        7⤵
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9810.exe
        8⤵
        
        PID:3300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58500.exe
        9⤵
        
        PID:4208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6902.exe
        10⤵
        
        PID:6372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38349.exe
        11⤵
        
        PID:9544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48094.exe
        12⤵
        
        PID:13204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9544 -s 216
        12⤵
        
        PID:13556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6372 -s 216
        11⤵
        
        PID:10412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4208 -s 216
        10⤵
        
        PID:7180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3300 -s 236
        9⤵
        
        PID:6120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63139.exe
        8⤵
        
        PID:4260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4790.exe
        9⤵
        
        PID:5760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14067.exe
        10⤵
        
        PID:9900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48094.exe
        11⤵
        
        PID:13232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9900 -s 216
        11⤵
        
        PID:13548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5760 -s 216
        10⤵
        
        PID:10868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4260 -s 216
        9⤵
        
        PID:7852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1660 -s 240
        8⤵
        
        PID:5612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2632 -s 240
        7⤵
        Program crash
        
        PID:1692
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2012 -s 240
        6⤵
        Program crash
        
        PID:1984
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2436 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:1496
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2972 -s 236
      4⤵
      Loads dropped DLL
      Program crash
      PID:2128
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63758.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63758.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45025.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45025.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18378.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62695.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19136.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18098.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36484.exe
        9⤵
        
        PID:2068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19624.exe
        10⤵
        
        PID:3668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18697.exe
        11⤵
        
        PID:5024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42526.exe
        12⤵
        
        PID:9172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34513.exe
        13⤵
        
        PID:11620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9172 -s 236
        13⤵
        
        PID:13192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5024 -s 216
        12⤵
        
        PID:9716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3668 -s 216
        11⤵
        
        PID:6584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2068 -s 236
        10⤵
        
        PID:5080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16862.exe
        9⤵
        
        PID:3720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37006.exe
        10⤵
        
        PID:4416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42782.exe
        11⤵
        
        PID:6360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63206.exe
        12⤵
        
        PID:9380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28779.exe
        13⤵
        
        PID:12696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9380 -s 216
        13⤵
        
        PID:13164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6360 -s 216
        12⤵
        
        PID:11236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4416 -s 216
        11⤵
        
        PID:8188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3720 -s 216
        10⤵
        
        PID:6084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2156 -s 240
        9⤵
        Program crash
        
        PID:4684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56582.exe
        8⤵
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50760.exe
        9⤵
        
        PID:3204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28594.exe
        10⤵
        
        PID:3572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17925.exe
        11⤵
        
        PID:5624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15297.exe
        12⤵
        
        PID:9392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11098.exe
        13⤵
        
        PID:12548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9392 -s 236
        13⤵
        
        PID:2524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5624 -s 236
        12⤵
        
        PID:10304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3572 -s 236
        11⤵
        
        PID:7428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3204 -s 236
        10⤵
        
        PID:4772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7659.exe
        9⤵
        
        PID:3620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11785.exe
        10⤵
        
        PID:5312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14674.exe
        11⤵
        
        PID:9304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5172.exe
        12⤵
        
        PID:13184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9304 -s 216
        12⤵
        
        PID:8032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5312 -s 216
        11⤵
        
        PID:2784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3620 -s 236
        10⤵
        
        PID:7312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2284 -s 240
        9⤵
        
        PID:4812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2636 -s 240
        8⤵
        Program crash
        
        PID:1548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55601.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43007.exe
        8⤵
        
        PID:2040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44512.exe
        9⤵
        
        PID:3520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5838.exe
        10⤵
        
        PID:4632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40665.exe
        11⤵
        
        PID:6524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55505.exe
        12⤵
        
        PID:9468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1581.exe
        13⤵
        
        PID:12444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9468 -s 220
        13⤵
        
        PID:13692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6524 -s 204
        12⤵
        
        PID:10608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4632 -s 220
        11⤵
        
        PID:8404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3520 -s 236
        10⤵
        
        PID:5136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36818.exe
        9⤵
        
        PID:4660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62673.exe
        10⤵
        
        PID:7056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48287.exe
        11⤵
        
        PID:10620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35108.exe
        12⤵
        
        PID:9012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10620 -s 220
        12⤵
        
        PID:14256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7056 -s 216
        11⤵
        
        PID:12152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4660 -s 220
        10⤵
        
        PID:7192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2040 -s 220
        9⤵
        
        PID:6200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57319.exe
        8⤵
        
        PID:3612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19710.exe
        9⤵
        
        PID:4576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61391.exe
        10⤵
        
        PID:5448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9516.exe
        11⤵
        
        PID:9780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29931.exe
        12⤵
        
        PID:12624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9780 -s 236
        12⤵
        
        PID:13100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5448 -s 216
        11⤵
        
        PID:10764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4576 -s 216
        10⤵
        
        PID:8000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3612 -s 236
        9⤵
        
        PID:5832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2876 -s 220
        8⤵
        Program crash
        
        PID:4800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1700 -s 240
        7⤵
        Program crash
        
        PID:2696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57215.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34434.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36484.exe
        8⤵
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28176.exe
        9⤵
        
        PID:3420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37473.exe
        10⤵
        
        PID:4176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23478.exe
        11⤵
        
        PID:6840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54322.exe
        12⤵
        
        PID:9400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25126.exe
        13⤵
        
        PID:7608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9400 -s 216
        13⤵
        
        PID:13768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6840 -s 216
        12⤵
        
        PID:11844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4176 -s 216
        11⤵
        
        PID:7816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3420 -s 236
        10⤵
        
        PID:6192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2984 -s 216
        9⤵
        
        PID:4732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65487.exe
        8⤵
        
        PID:3584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13591.exe
        9⤵
        
        PID:4960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19934.exe
        10⤵
        
        PID:8064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62862.exe
        11⤵
        
        PID:11464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8064 -s 216
        11⤵
        
        PID:12572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4960 -s 216
        10⤵
        
        PID:8948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3584 -s 236
        9⤵
        
        PID:6476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 352 -s 240
        8⤵
        
        PID:4508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56582.exe
        7⤵
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44320.exe
        8⤵
        
        PID:3640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30151.exe
        9⤵
        
        PID:4944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35735.exe
        10⤵
        
        PID:5428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15572.exe
        11⤵
        
        PID:9588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1005.exe
        12⤵
        
        PID:12644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9588 -s 216
        12⤵
        
        PID:13784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5428 -s 236
        11⤵
        
        PID:10440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4944 -s 236
        10⤵
        
        PID:7756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3640 -s 216
        9⤵
        
        PID:5384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61406.exe
        8⤵
        
        PID:5028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29617.exe
        9⤵
        
        PID:7112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48287.exe
        10⤵
        
        PID:10612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50292.exe
        11⤵
        
        PID:12812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10612 -s 216
        11⤵
        
        PID:14304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7112 -s 216
        10⤵
        
        PID:12176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5028 -s 216
        9⤵
        
        PID:8196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1616 -s 240
        8⤵
        
        PID:6608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2596 -s 240
        7⤵
        Program crash
        
        PID:2900
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 628 -s 240
        6⤵
        Program crash
        
        PID:1284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34661.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2312
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2312 -s 240
        6⤵
        Program crash
        
        PID:2816
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2840 -s 240
        5⤵
        Program crash
        
        PID:2372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23016.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23016.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46359.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32457.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1761.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9239.exe
        8⤵
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10721.exe
        9⤵
        
        PID:4072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58822.exe
        10⤵
        
        PID:4616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28304.exe
        11⤵
        
        PID:7120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23835.exe
        12⤵
        
        PID:11016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64386.exe
        13⤵
        
        PID:7268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11016 -s 220
        13⤵
        
        PID:14140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7120 -s 216
        12⤵
        
        PID:11520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4616 -s 216
        11⤵
        
        PID:8536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4072 -s 216
        10⤵
        
        PID:7036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64037.exe
        9⤵
        
        PID:4680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20468.exe
        10⤵
        
        PID:5324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62469.exe
        11⤵
        
        PID:9480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39360.exe
        12⤵
        
        PID:13000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9480 -s 216
        12⤵
        
        PID:12492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5324 -s 216
        11⤵
        
        PID:10356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4680 -s 216
        10⤵
        
        PID:7728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1764 -s 220
        9⤵
        
        PID:5336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3056 -s 216
        8⤵
        Program crash
        
        PID:3932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2272 -s 236
        7⤵
        Program crash
        
        PID:1992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63769.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9239.exe
        7⤵
        
        PID:2220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38442.exe
        8⤵
        
        PID:4344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47738.exe
        9⤵
        
        PID:6660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40301.exe
        10⤵
        
        PID:11532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20611.exe
        11⤵
        
        PID:12716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11532 -s 216
        11⤵
        
        PID:12440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6660 -s 216
        10⤵
        
        PID:11892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4344 -s 216
        9⤵
        
        PID:8732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2220 -s 236
        8⤵
        
        PID:5744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1868 -s 236
        7⤵
        Program crash
        
        PID:3976
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1164 -s 240
        6⤵
        Program crash
        
        PID:1588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64807.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42794.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43007.exe
        7⤵
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58736.exe
        8⤵
        
        PID:3392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17468.exe
        9⤵
        
        PID:4276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33846.exe
        10⤵
        
        PID:6644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29325.exe
        11⤵
        
        PID:9252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32119.exe
        12⤵
        
        PID:8840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9252 -s 216
        12⤵
        
        PID:14204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6644 -s 216
        11⤵
        
        PID:11840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4276 -s 220
        10⤵
        
        PID:7572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3392 -s 236
        9⤵
        
        PID:5228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2172 -s 216
        8⤵
        
        PID:4996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32814.exe
        7⤵
        
        PID:3500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4141.exe
        8⤵
        
        PID:4536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4697.exe
        9⤵
        
        PID:6620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21967.exe
        10⤵
        
        PID:12028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5170.exe
        11⤵
        
        PID:13576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6620 -s 236
        10⤵
        
        PID:4320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4536 -s 216
        9⤵
        
        PID:8900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3500 -s 216
        8⤵
        
        PID:6500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 672 -s 220
        7⤵
        Program crash
        
        PID:4700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39477.exe
        6⤵
        
        PID:540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42592.exe
        7⤵
        
        PID:3236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53098.exe
        8⤵
        
        PID:3680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61178.exe
        9⤵
        
        PID:5452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22651.exe
        10⤵
        
        PID:9336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21561.exe
        11⤵
        
        PID:13072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9336 -s 220
        11⤵
        
        PID:13376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5452 -s 216
        10⤵
        
        PID:10152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3680 -s 216
        9⤵
        
        PID:7384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3236 -s 236
        8⤵
        
        PID:4484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32163.exe
        7⤵
        
        PID:3772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11977.exe
        8⤵
        
        PID:5496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22651.exe
        9⤵
        
        PID:9344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30061.exe
        10⤵
        
        PID:13280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9344 -s 236
        10⤵
        
        PID:7744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5496 -s 236
        9⤵
        
        PID:992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3772 -s 216
        8⤵
        
        PID:7392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 540 -s 240
        7⤵
        
        PID:4512
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2660 -s 240
        6⤵
        Program crash
        
        PID:2820
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2024 -s 240
        5⤵
        Program crash
        
        PID:376
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2648 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1172
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2860 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:1740
- C:\Users\Admin\AppData\Local\Temp\Unicorn-50873.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-50873.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2520
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18087.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18087.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61361.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61361.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26546.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13494.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19520.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41834.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4662.exe
        9⤵
        
        PID:1644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50651.exe
        10⤵
        
        PID:3440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50908.exe
        11⤵
        
        PID:3104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16606.exe
        12⤵
        
        PID:7064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7064 -s 188
        13⤵
        
        PID:6588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3104 -s 216
        12⤵
        
        PID:8528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3440 -s 216
        11⤵
        
        PID:5400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30082.exe
        10⤵
        
        PID:3760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1749.exe
        11⤵
        
        PID:6420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61047.exe
        12⤵
        
        PID:9984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63693.exe
        13⤵
        
        PID:13152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9984 -s 216
        13⤵
        
        PID:7232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6420 -s 216
        12⤵
        
        PID:10884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3760 -s 216
        11⤵
        
        PID:6212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1644 -s 240
        10⤵
        
        PID:5144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6857.exe
        9⤵
        
        PID:3472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16892.exe
        10⤵
        
        PID:4144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56342.exe
        11⤵
        
        PID:6788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6788 -s 220
        12⤵
        
        PID:10524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4144 -s 216
        11⤵
        
        PID:7684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3472 -s 216
        10⤵
        
        PID:5372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2564 -s 240
        9⤵
        Program crash
        
        PID:3480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42165.exe
        8⤵
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50843.exe
        9⤵
        
        PID:4048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21599.exe
        10⤵
        
        PID:4860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64785.exe
        11⤵
        
        PID:6340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59657.exe
        12⤵
        
        PID:11032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18518.exe
        13⤵
        
        PID:13324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11032 -s 216
        13⤵
        
        PID:9048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6340 -s 216
        12⤵
        
        PID:11300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4860 -s 220
        11⤵
        
        PID:8392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4048 -s 236
        10⤵
        
        PID:6600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34981.exe
        9⤵
        
        PID:4900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53908.exe
        10⤵
        
        PID:6052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49013.exe
        11⤵
        
        PID:9624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15806.exe
        12⤵
        
        PID:13256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9624 -s 216
        12⤵
        
        PID:13612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6052 -s 216
        11⤵
        
        PID:10472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4900 -s 236
        10⤵
        
        PID:7628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2832 -s 240
        9⤵
        
        PID:5240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 240
        8⤵
        Program crash
        
        PID:3116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21968.exe
        7⤵
        
        PID:2444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45695.exe
        8⤵
        
        PID:1712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20200.exe
        9⤵
        
        PID:3836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24287.exe
        10⤵
        
        PID:4332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53524.exe
        11⤵
        
        PID:5992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49013.exe
        12⤵
        
        PID:9632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7263.exe
        13⤵
        
        PID:13036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9632 -s 216
        13⤵
        
        PID:7596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5992 -s 216
        12⤵
        
        PID:10464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4332 -s 216
        11⤵
        
        PID:7584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3836 -s 236
        10⤵
        
        PID:5436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1712 -s 236
        9⤵
        
        PID:4284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33006.exe
        8⤵
        
        PID:3888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59206.exe
        9⤵
        
        PID:4836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13202.exe
        10⤵
        
        PID:6704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14529.exe
        11⤵
        
        PID:9496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64331.exe
        12⤵
        
        PID:12896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9496 -s 216
        12⤵
        
        PID:12312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6704 -s 216
        11⤵
        
        PID:10372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4836 -s 216
        10⤵
        
        PID:8600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3888 -s 216
        9⤵
        
        PID:6184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2444 -s 240
        8⤵
        Program crash
        
        PID:3708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44880.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25498.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13022.exe
        8⤵
        
        PID:1580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51995.exe
        9⤵
        
        PID:3812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34702.exe
        10⤵
        
        PID:4756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21610.exe
        11⤵
        
        PID:6208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63108.exe
        12⤵
        
        PID:11880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17288.exe
        13⤵
        
        PID:13884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6208 -s 216
        12⤵
        
        PID:12188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4756 -s 216
        11⤵
        
        PID:8828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3812 -s 216
        10⤵
        
        PID:7124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1580 -s 216
        9⤵
        
        PID:4236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33006.exe
        8⤵
        
        PID:3880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24479.exe
        9⤵
        
        PID:4180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42782.exe
        10⤵
        
        PID:6352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58712.exe
        11⤵
        
        PID:9808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39773.exe
        12⤵
        
        PID:7712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9808 -s 216
        12⤵
        
        PID:14108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6352 -s 204
        11⤵
        
        PID:10720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4180 -s 216
        10⤵
        
        PID:7176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3880 -s 216
        9⤵
        
        PID:6064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2680 -s 220
        8⤵
        Program crash
        
        PID:3368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17661.exe
        7⤵
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59971.exe
        8⤵
        
        PID:3956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13814.exe
        9⤵
        
        PID:4928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38724.exe
        10⤵
        
        PID:5632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28375.exe
        11⤵
        
        PID:9960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6962.exe
        12⤵
        
        PID:12932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9960 -s 216
        12⤵
        
        PID:13176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5632 -s 216
        11⤵
        
        PID:10892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4928 -s 216
        10⤵
        
        PID:7780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3956 -s 216
        9⤵
        
        PID:5572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42957.exe
        8⤵
        
        PID:4984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39465.exe
        9⤵
        
        PID:7000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56699.exe
        10⤵
        
        PID:10908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50740.exe
        11⤵
        
        PID:5584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10908 -s 216
        11⤵
        
        PID:13136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7000 -s 216
        10⤵
        
        PID:11612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4984 -s 216
        9⤵
        
        PID:8520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2776 -s 220
        8⤵
        
        PID:5932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1264 -s 240
        7⤵
        Program crash
        
        PID:2008
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2712 -s 240
        6⤵
        Program crash
        
        PID:1340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50998.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40049.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9161.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53863.exe
        8⤵
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35576.exe
        9⤵
        
        PID:3968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59865.exe
        10⤵
        
        PID:4980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45631.exe
        11⤵
        
        PID:5268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9698.exe
        12⤵
        
        PID:9260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56651.exe
        13⤵
        
        PID:12752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9260 -s 216
        13⤵
        
        PID:8376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5268 -s 204
        12⤵
        
        PID:11408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4980 -s 216
        11⤵
        
        PID:8044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3968 -s 216
        10⤵
        
        PID:5896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2544 -s 236
        9⤵
        
        PID:4428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30977.exe
        8⤵
        
        PID:4032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61318.exe
        9⤵
        
        PID:5008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21501.exe
        10⤵
        
        PID:7352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38645.exe
        11⤵
        
        PID:10244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5556.exe
        12⤵
        
        PID:13248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10244 -s 216
        12⤵
        
        PID:13168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7352 -s 204
        11⤵
        
        PID:11984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5008 -s 216
        10⤵
        
        PID:9024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4032 -s 216
        9⤵
        
        PID:6284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1668 -s 240
        8⤵
        Program crash
        
        PID:3800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25829.exe
        7⤵
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50651.exe
        8⤵
        
        PID:3448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26212.exe
        9⤵
        
        PID:3364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38231.exe
        10⤵
        
        PID:5856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28183.exe
        11⤵
        
        PID:10004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64513.exe
        12⤵
        
        PID:13088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10004 -s 216
        12⤵
        
        PID:13396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5856 -s 216
        11⤵
        
        PID:11080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3364 -s 236
        10⤵
        
        PID:7932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3448 -s 216
        9⤵
        
        PID:5692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46419.exe
        8⤵
        
        PID:3712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15262.exe
        9⤵
        
        PID:6324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17867.exe
        10⤵
        
        PID:10228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50624.exe
        11⤵
        
        PID:6008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10228 -s 216
        11⤵
        
        PID:14012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6324 -s 220
        10⤵
        
        PID:11400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3712 -s 216
        9⤵
        
        PID:8172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2416 -s 220
        8⤵
        
        PID:5964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2020 -s 240
        7⤵
        Program crash
        
        PID:1516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61932.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13022.exe
        7⤵
        
        PID:1032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42827.exe
        8⤵
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40805.exe
        9⤵
        
        PID:5776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62469.exe
        10⤵
        
        PID:9488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12634.exe
        11⤵
        
        PID:12820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9488 -s 216
        11⤵
        
        PID:8352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5776 -s 236
        10⤵
        
        PID:10364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2508 -s 216
        9⤵
        
        PID:7524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1032 -s 216
        8⤵
        
        PID:4464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33006.exe
        7⤵
        
        PID:3896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3757.exe
        8⤵
        
        PID:4120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3882.exe
        9⤵
        
        PID:6572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57021.exe
        10⤵
        
        PID:11376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36390.exe
        11⤵
        
        PID:13524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6572 -s 220
        10⤵
        
        PID:11784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4120 -s 220
        9⤵
        
        PID:8716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3896 -s 236
        8⤵
        
        PID:6468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2556 -s 240
        7⤵
        Program crash
        
        PID:3928
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2496 -s 240
        6⤵
        Program crash
        
        PID:1492
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1804 -s 240
        5⤵
        Program crash
        
        PID:2044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64049.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64049.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13686.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48985.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42218.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35908.exe
        8⤵
        
        PID:1796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58736.exe
        9⤵
        
        PID:3384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25636.exe
        10⤵
        
        PID:4268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53223.exe
        11⤵
        
        PID:5912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61047.exe
        12⤵
        
        PID:9968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45499.exe
        13⤵
        
        PID:12804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9968 -s 216
        13⤵
        
        PID:12472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5912 -s 216
        12⤵
        
        PID:10900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4268 -s 216
        11⤵
        
        PID:7968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3384 -s 216
        10⤵
        
        PID:5804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21914.exe
        9⤵
        
        PID:4408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47738.exe
        10⤵
        
        PID:6696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8546.exe
        11⤵
        
        PID:10032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27124.exe
        12⤵
        
        PID:12940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10032 -s 216
        12⤵
        
        PID:9100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6696 -s 216
        11⤵
        
        PID:11364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4408 -s 216
        10⤵
        
        PID:8748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1796 -s 220
        9⤵
        
        PID:5540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32814.exe
        8⤵
        
        PID:3508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48983.exe
        9⤵
        
        PID:4224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4224 -s 212
        10⤵
        
        PID:6800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3508 -s 236
        9⤵
        
        PID:6884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1300 -s 240
        8⤵
        Program crash
        
        PID:3484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56006.exe
        7⤵
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56681.exe
        8⤵
        
        PID:3164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13025.exe
        9⤵
        
        PID:3352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40099.exe
        10⤵
        
        PID:5208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45619.exe
        11⤵
        
        PID:9244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18390.exe
        12⤵
        
        PID:12476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9244 -s 216
        12⤵
        
        PID:12928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5208 -s 236
        11⤵
        
        PID:9820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3352 -s 216
        10⤵
        
        PID:7240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3164 -s 236
        9⤵
        
        PID:4300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50529.exe
        8⤵
        
        PID:3340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23384.exe
        9⤵
        
        PID:4520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11957.exe
        10⤵
        
        PID:8016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29121.exe
        11⤵
        
        PID:11308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8016 -s 216
        11⤵
        
        PID:12524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4520 -s 216
        10⤵
        
        PID:8664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3340 -s 216
        9⤵
        
        PID:6440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1564 -s 240
        8⤵
        
        PID:4972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2072 -s 240
        7⤵
        Program crash
        
        PID:3060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46857.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19572.exe
        7⤵
        
        PID:1524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40331.exe
        8⤵
        
        PID:3736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43498.exe
        9⤵
        
        PID:5656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64882.exe
        10⤵
        
        PID:9420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54072.exe
        11⤵
        
        PID:13076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9420 -s 216
        11⤵
        
        PID:12772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5656 -s 236
        10⤵
        
        PID:10312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3736 -s 236
        9⤵
        
        PID:7472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1524 -s 236
        8⤵
        
        PID:4852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24646.exe
        7⤵
        
        PID:3540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56575.exe
        8⤵
        
        PID:5108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54889.exe
        9⤵
        
        PID:7160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54898.exe
        10⤵
        
        PID:10020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9541.exe
        11⤵
        
        PID:12608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10020 -s 216
        11⤵
        
        PID:9152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7160 -s 216
        10⤵
        
        PID:11812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5108 -s 216
        9⤵
        
        PID:8212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3540 -s 236
        8⤵
        
        PID:6920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2928 -s 240
        7⤵
        Program crash
        
        PID:4040
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1788 -s 240
        6⤵
        Program crash
        
        PID:2304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53624.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1185.exe
        6⤵
        Executes dropped EXE
        
        PID:2880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33722.exe
        6⤵
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22281.exe
        7⤵
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32019.exe
        8⤵
        
        PID:3820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14390.exe
        9⤵
        
        PID:4724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42912.exe
        10⤵
        
        PID:6824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30768.exe
        11⤵
        
        PID:10496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10603.exe
        12⤵
        
        PID:8324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10496 -s 220
        12⤵
        
        PID:14264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6824 -s 204
        11⤵
        
        PID:11472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4724 -s 216
        10⤵
        
        PID:8444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3820 -s 236
        9⤵
        
        PID:6264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18261.exe
        8⤵
        
        PID:4788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20743.exe
        9⤵
        
        PID:5460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47638.exe
        10⤵
        
        PID:10236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18336.exe
        11⤵
        
        PID:13196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10236 -s 216
        11⤵
        
        PID:14036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5460 -s 216
        10⤵
        
        PID:11160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4788 -s 236
        9⤵
        
        PID:7944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2392 -s 240
        8⤵
        
        PID:5732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36657.exe
        7⤵
        
        PID:3852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15075.exe
        8⤵
        
        PID:4592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6326.exe
        9⤵
        
        PID:6276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34203.exe
        10⤵
        
        PID:9412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45499.exe
        11⤵
        
        PID:12796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9412 -s 216
        11⤵
        
        PID:7604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6276 -s 204
        10⤵
        
        PID:11632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4592 -s 216
        9⤵
        
        PID:8152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3852 -s 236
        8⤵
        
        PID:5956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2796 -s 240
        7⤵
        Program crash
        
        PID:3844
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2728 -s 240
        6⤵
        Program crash
        
        PID:2552
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1976 -s 240
        5⤵
        Program crash
        
        PID:2092
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2676 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:636
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28174.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28174.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51050.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51050.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22431.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40049.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50002.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12062.exe
        8⤵
        
        PID:1104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2602.exe
        9⤵
        
        PID:3908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32647.exe
        10⤵
        
        PID:4132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8765.exe
        11⤵
        
        PID:6536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37410.exe
        12⤵
        
        PID:10012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11127.exe
        13⤵
        
        PID:7264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10012 -s 220
        13⤵
        
        PID:13944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6536 -s 204
        12⤵
        
        PID:11492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4132 -s 216
        11⤵
        
        PID:7448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3908 -s 216
        10⤵
        
        PID:5680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20757.exe
        9⤵
        
        PID:4356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13202.exe
        10⤵
        
        PID:6784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27234.exe
        11⤵
        
        PID:11284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62046.exe
        12⤵
        
        PID:13464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6784 -s 220
        11⤵
        
        PID:11732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4356 -s 216
        10⤵
        
        PID:8620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1104 -s 240
        9⤵
        
        PID:6908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30977.exe
        8⤵
        
        PID:4016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36814.exe
        9⤵
        
        PID:4924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3498.exe
        10⤵
        
        PID:7084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15797.exe
        11⤵
        
        PID:11480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38258.exe
        12⤵
        
        PID:12396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11480 -s 216
        12⤵
        
        PID:14184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7084 -s 216
        11⤵
        
        PID:11868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4924 -s 216
        10⤵
        
        PID:8668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4016 -s 236
        9⤵
        
        PID:6220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2408 -s 240
        8⤵
        Program crash
        
        PID:3748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8533.exe
        7⤵
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17979.exe
        8⤵
        
        PID:3260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26212.exe
        9⤵
        
        PID:3284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61775.exe
        10⤵
        
        PID:6160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15572.exe
        11⤵
        
        PID:9580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21561.exe
        12⤵
        
        PID:13068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9580 -s 220
        12⤵
        
        PID:13368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6160 -s 216
        11⤵
        
        PID:10432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3284 -s 216
        10⤵
        
        PID:8076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3260 -s 216
        9⤵
        
        PID:5888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54587.exe
        8⤵
        
        PID:3404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22855.exe
        9⤵
        
        PID:6224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44810.exe
        10⤵
        
        PID:9976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28725.exe
        11⤵
        
        PID:8380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9976 -s 216
        11⤵
        
        PID:14080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6224 -s 204
        10⤵
        
        PID:11604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3404 -s 216
        9⤵
        
        PID:8132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2720 -s 240
        8⤵
        
        PID:5916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1532 -s 240
        7⤵
        Program crash
        
        PID:1384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21968.exe
        6⤵
        
        PID:1704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12062.exe
        7⤵
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59971.exe
        8⤵
        
        PID:3940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3394.exe
        9⤵
        
        PID:5036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18349.exe
        10⤵
        
        PID:8956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39775.exe
        11⤵
        
        PID:5580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8956 -s 216
        11⤵
        
        PID:12976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5036 -s 216
        10⤵
        
        PID:10076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3940 -s 236
        9⤵
        
        PID:7032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2880 -s 216
        8⤵
        
        PID:4856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30977.exe
        7⤵
        
        PID:4024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59206.exe
        8⤵
        
        PID:4844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47738.exe
        9⤵
        
        PID:6856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26077.exe
        10⤵
        
        PID:11584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53932.exe
        11⤵
        
        PID:13048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11584 -s 216
        11⤵
        
        PID:9180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6856 -s 216
        10⤵
        
        PID:12044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4844 -s 216
        9⤵
        
        PID:8740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4024 -s 216
        8⤵
        
        PID:6892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1704 -s 240
        7⤵
        Program crash
        
        PID:3700
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2208 -s 240
        6⤵
        Program crash
        
        PID:300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6862.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40053.exe
        6⤵
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52680.exe
        7⤵
        
        PID:3492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21376.exe
        8⤵
        
        PID:4644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64967.exe
        9⤵
        
        PID:7808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-667.exe
        10⤵
        
        PID:11976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11127.exe
        11⤵
        
        PID:7248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11976 -s 220
        11⤵
        
        PID:13936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7808 -s 216
        10⤵
        
        PID:1656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4644 -s 216
        9⤵
        
        PID:8652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3492 -s 236
        8⤵
        
        PID:6380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2612 -s 236
        7⤵
        
        PID:4108
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1536 -s 216
        6⤵
        Program crash
        
        PID:2428
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1060 -s 240
        5⤵
        Program crash
        
        PID:2348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2565.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2565.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51424.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-993.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29551.exe
        7⤵
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1642.exe
        8⤵
        
        PID:3160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49756.exe
        9⤵
        
        PID:3232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22388.exe
        10⤵
        
        PID:5508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49973.exe
        11⤵
        
        PID:9740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13340.exe
        12⤵
        
        PID:13208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9740 -s 216
        12⤵
        
        PID:8344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5508 -s 216
        11⤵
        
        PID:10628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3232 -s 216
        10⤵
        
        PID:7772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3160 -s 236
        9⤵
        
        PID:5564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54395.exe
        8⤵
        
        PID:3936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22279.exe
        9⤵
        
        PID:6448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-762.exe
        10⤵
        
        PID:10060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19350.exe
        11⤵
        
        PID:12400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10060 -s 236
        11⤵
        
        PID:7752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6448 -s 216
        10⤵
        
        PID:11688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3936 -s 216
        9⤵
        
        PID:7360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2384 -s 240
        8⤵
        
        PID:5344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1708 -s 236
        7⤵
        Program crash
        
        PID:3256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50526.exe
        6⤵
        
        PID:912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34659.exe
        7⤵
        
        PID:3400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3400 -s 220
        8⤵
        
        PID:5412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 912 -s 216
        7⤵
        
        PID:4252
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2836 -s 240
        6⤵
        Program crash
        
        PID:1648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54833.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45887.exe
        6⤵
        
        PID:880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59971.exe
        7⤵
        
        PID:3948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58822.exe
        8⤵
        
        PID:4608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3498.exe
        9⤵
        
        PID:7076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11379.exe
        10⤵
        
        PID:9824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34726.exe
        11⤵
        
        PID:12504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9824 -s 216
        11⤵
        
        PID:12968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7076 -s 216
        10⤵
        
        PID:10788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4608 -s 216
        9⤵
        
        PID:8676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3948 -s 236
        8⤵
        
        PID:7044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 880 -s 216
        7⤵
        
        PID:4404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30977.exe
        6⤵
        
        PID:4008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61401.exe
        7⤵
        
        PID:4388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9710.exe
        8⤵
        
        PID:7896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51139.exe
        9⤵
        
        PID:12280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39187.exe
        10⤵
        
        PID:13712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7896 -s 236
        9⤵
        
        PID:11452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4388 -s 216
        8⤵
        
        PID:8760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4008 -s 216
        7⤵
        
        PID:6336
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2140 -s 240
        6⤵
        
        PID:4892
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2224 -s 240
        5⤵
        Program crash
        
        PID:3068
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2400 -s 240
      4⤵
      Program crash
      PID:1716
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2520 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:1816
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2268 -s 240
  2⤵
  - Program crash
  PID:2540

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-13340.exe

Filesize
184KB

MD5
57bae1fefc9b04db53e108d2e0ce016c

SHA1
8e303f72419759644bd300b5e0c59a7d01577420

SHA256
85eb6d98b68a8a2093afde951748a81fc038da799261d16d6dd7bf7090c9fbed

SHA512
e85e7083daa96ad771899269559d6b5df015e1e402ef0f590fe4b8aa9a01210bdbfa3121ca8fc3aaf108494e1ccf317f56b379ce530aa1dbcbbdca0c47509472

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24582.exe

Filesize
184KB

MD5
831d91dfb7af740f6a459a7beb8f302d

SHA1
47365fab252a7eed22d8460509d6011f6130e923

SHA256
2d6619e852bb0a7b06613216d9e18b3f2c2392fe9c56ec397d66017af07966d8

SHA512
5cba1fc1d5895edc553b0fcccd85e05839303b5d63479df6e2e5583934d982fbbf79daf97f286c80467ed1a9afffc7b25f0016a36c845764f26ec705a00ac8cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28174.exe

Filesize
184KB

MD5
743569ffcb577308812273780c61d3e6

SHA1
383ee0644c8c7837cca609a0223ea2c63a153278

SHA256
61c18163df4c181671ee07d6935609ddff3e6dd5e5646bd647424f9c22b75be4

SHA512
010b392a0f70dee26c2f0f30113120d38f97096eb11f2a44afb582bce4fc33e486b382e6038c8903b6dcf217f84280f08ae1fb4e3427835bef5d54a5c0441f57

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32003.exe

Filesize
184KB

MD5
c2224ce923825f5e3d28e666c167e6d9

SHA1
8ccdedae6d5ded8ccbd31def21ddb730f8cf3f38

SHA256
41157af7cb47b75c91280cae91475ac5c83629d366b1ae32a466bba48d6a7450

SHA512
127324054cc63cfdc70575ecdb00006590791b0c5b44ea20b1f82a562a3dc21e4aaa4e778fe116b20f854b0946233250457a6779beebbc20a5c31b88d9cbd0f3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36814.exe

Filesize
184KB

MD5
9117fd1cf36a87d616aed60ddd9a0143

SHA1
3b68cfc58611b50a02d1fd4eb5f11e69c75f03b8

SHA256
99e00840cd232aa537551bc3efa92662f36e10922ea86734fbc2e13ea567bbf4

SHA512
5ca9a9d5fe3f051ab818f34a986e99c4b6f61ca374544d50a4e48eb29432bc5043f4fdb697033af8fcc2757a3cd1d9a82b8c72789e4a4ca95f7f592fbb91bc9f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38645.exe

Filesize
184KB

MD5
1d3e4c53eff6f5c69f592c32c1e0bd90

SHA1
32420d3af2e5431ce7a617c8176583878439eccf

SHA256
0a52a0ed5974145597fe2899849ffe4dfa5a3e03de757dc1f4a32aab62323e85

SHA512
2886ae4a594afa3fb64c36fa90a527b7c630065aaf16ddd1c9f819c87892f16d54e2d260aa5a20021d71575b8ba2b123e5868b0f816781690bbb06ec2d89fc8f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40053.exe

Filesize
184KB

MD5
c35c80521b4478583248ebead1967981

SHA1
d3ef9987e4a724ffc43acb2471e04844d8ecdaec

SHA256
38813a3795a2b3520c1d5baa3afd49f00481da416d1e560597659e24e3e1a683

SHA512
51f3e6003626489f4866728f8f67b2dd96e345d05b97b5f4c2f9424167c748e5c1d767edb5f86cb5ed246551b1211d4a310c46373159685b9b5cf5e01677d4b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40331.exe

Filesize
184KB

MD5
6f4769b58fb076dd68a35e19d973983a

SHA1
0280f58b9e12fb1292f5e20c7e9ae1438ac769b2

SHA256
cba11c49281eccaa7505266721be8bb9a3982d68884220652d85aa9627414f66

SHA512
d9384a441cd31382516cb46dee931355176b9ac6a33a5a192291bc7674200ab925e123b8fe5cb6c6f1ca3cb93c7796b48f5486884cb1d453f909f4eccd84c591

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42526.exe

Filesize
184KB

MD5
1b090c8694276ec6b0b940b2ae7fc658

SHA1
5e1084ace7643807f4c911a271ba66591d30e387

SHA256
e779200b81c5a99bcc6a2d04ee1a0a3fea497c262445051b4fb05e282aae8c5a

SHA512
8bbdb94adc263077ed69d7582f9fdf13e8d8c5a62b7cc43f0d5be81c90f6f4063e373b2fae76b919994a195b0a841450bf9f9d13046ef84e165d94ec73bf26ae

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43828.exe

Filesize
184KB

MD5
ab8385152aa25ef1fd3b3ce4994049d9

SHA1
0f2af9336ef089b9d849e96e1650865d32fc87cd

SHA256
703f161b211f9c206a800c8ebb505aaa2fb4298f172d661bb42fb4644599bdcd

SHA512
b809d8f1749769cad0a632aa101a3e6dcce8dc44d4e4e0618f93cb970774f3e9956d115c4fdd247526d128281b905419cce2549196a14724e341e231fe23c7ad

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47638.exe

Filesize
184KB

MD5
ed3e11d123b4456c477cfc597b9b8624

SHA1
2b976f880d855db85a9678942065ca087e6e8a86

SHA256
7048b52d5b5b9c6ae16d4f60bedc0ce66d0efd809484c2dc598988b9ba7c784a

SHA512
3f7bee7d4a7853660adba01572657e4fc85b92ca505256e1e70faa71710100bf46ea22dfb98360bf19d908760eabaae6b6bbc23bf14290705b350f5db381ffa3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62862.exe

Filesize
184KB

MD5
e37e2a645bce0643ab7bf67d064d413f

SHA1
85346462c9cc22f7507b764bab08f147ddb0f2a3

SHA256
3126860a6c5d8631efa1137fa58a088fd63e8b987025fd68e6d023be7481375b

SHA512
70e7cc5355c71e166c1b43f9b0ff642200205fdcad76136157e0384dee5a4041d71e7c02756867ebc323f47d0772c132d22db6ae7372fbb40e4f8d2b920a8df8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63758.exe

Filesize
184KB

MD5
7d424fa220eb210533403fa0b3062198

SHA1
81986ae8859110627477217e76abe275bfecf435

SHA256
65a36f5adebe1012504efe1d8a338bf8db9ce49b303f3e19752ba2dd09d4f77f

SHA512
280c125dd4a8ddccfc96eb7758591ce09bb79de8e7fc9c4894f2c465d0e5ba546796a450a6a12e9c7187caf1ecd3525d2b8ebb00082a7a75a9415618cab1161c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-18087.exe

Filesize
184KB

MD5
168ec67f2b6660e8b58c351bf62f1fa9

SHA1
ab2728ddce17cf9be7b3bc2d96185325d34c3831

SHA256
8a324daab2c6027c5ae85f7fdcf0b16dc61b7463c11a54485868419de9b09e76

SHA512
fd9e9524ca47dfd91acf796fafbfa2cb1307c633f926930ac70134b37159698c175143fa57047ad14bf004af9966deebed44a337db5007fa1b308420a90fb9c7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-18378.exe

Filesize
184KB

MD5
e1dab8a44ab2c0c55b6d66d892322f02

SHA1
d4478d37242fa41e8fc86be1eb43bc62567221d9

SHA256
8d25976e856b86533cc8793f7bba6016e0417c27f81ec219dfced4edf73dd298

SHA512
71c5e97818fb33ea3d10a424acd850cb0ca996ff907d258f9ae8cd346de4e992787b08b3192e58f1e19942634b837c08f9f2ee24214f0948e6f73b54766a3ea4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-23016.exe

Filesize
184KB

MD5
99f84625a5ce89bb097c03983e0e90f7

SHA1
8489c6f19088d63805765075e2cc2e5ef16fe132

SHA256
158fe8eb3ff4c2aecc6d3feee48f2345409985b08188b45fd04a336b7b287f1e

SHA512
ed2fdb650090f507a7649a6112d9d0a843c2fc3d7b8686bfc2ef104e01a39675f5c89b2df554854fba86ab2d0f5b22b503206590d93806d8ef0efb9f63f42e03

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26546.exe

Filesize
184KB

MD5
27e415e66d38562afbe9dd32a967da6a

SHA1
f10c0967dfafe940b1ade45b44c8b0822fa0dd10

SHA256
12571f2cff206a23742b88ddb394caa6a6dfbf74a20c8c647c36b648e4379219

SHA512
f55018a235628f16c9ec2b4602a88897b9823af7ca59d77e20a6b222b872caa77f7d8556f170e88b86f898502edc07056789a7eea71f55e4669ff4539effbfcd

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-45025.exe

Filesize
184KB

MD5
f07315bb1ff4afb3102e25505261d4ba

SHA1
c5645c0ba45631774967ace3d21655780149a7d0

SHA256
1812707a3502c8b97efad1cf9a97f12529b883132e8c98b84a390b48b7f66208

SHA512
cfb1aa79d94fbe71b6b1731348724041644a4660ecc5938081e4da929f74bdc0fa1e505ad8e021a05014bf369cdb7b41af03eeaf040baf294cb6624ca8795fcd

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48040.exe

Filesize
184KB

MD5
843ff611bdb91b6122a9381067883fd0

SHA1
4303aa5a5d50942773e1cc39b8e2aa8426ca25e3

SHA256
09dea6128a8e0f80c309b854e5b3f8e545286a775b679116ab5bd6ffaf99c1bf

SHA512
91124f8d7f5b871f268822765aa27ba754a5ca0c905f35ea6fa53305592bc4f319359752a03b508d93b1d8893ca5eb0dc9c9f4f840d709fc9cb6096830debdb5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-50873.exe

Filesize
184KB

MD5
d4d6e7b23faa80cdcfde95ffbf8c5a44

SHA1
5317f8c523b97e99d49130c481d8d303631dd240

SHA256
43bde7aeecb051db499ae473361561b0a97e539a5b4558fc36e35621fa2cb920

SHA512
bc0441bfc089bd7ab8b24513bf2591cbcd3788468a61bd6128e40999ad4c03cb7f36b78f35ed0cc3e9d9f569683fd810538a9727bc1f929aac82184bd1c35ee4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-51968.exe

Filesize
184KB

MD5
9abc4055948d3bbe8993deb0ccaa0b06

SHA1
5042c6f96e58d577154c0a119ee96139df7d3880

SHA256
992c0d3b58e339154aaff29fd0caa776604534e968f5b058e282a15bbec31801

SHA512
9f196d9c3f7f034aa0ed4722b20314b54a9412c67a253620bdf86b86446af025edc321f7b9a0ecd12b2d9fbeeb8a1317a860078650643a38a98b604711c32e9c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-5201.exe

Filesize
184KB

MD5
40101a96bc27a1934fb73c40fc41d32f

SHA1
849ecba219185f1bd2da9c20bd92aaf48d28545b

SHA256
16547525ce3317ce9d2a0dded1f251b0fafb530210bdab1729f5dc9a5cc261af

SHA512
abb4f1eb7aac3e581bbe0b0b2e18a2ac09c70ce9b1448a5a8cd61240b65383e883eec89baf0929783ffa285c26d829eee80aee087efc79eb7183c5eb0991175a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-61361.exe

Filesize
184KB

MD5
eb8cf302b9bc76f62b253ee2f4ddeba4

SHA1
a60639eb4869fbcea5d425fee5601fb4875b2813

SHA256
b2e0605a9612f0fb46c33985b20b8a3793320797447211fb5076053e9908e0ae

SHA512
124485c1b15d0352b181f5d1b9c35584ae87ff1ca7bc65bc1e25ad0852321d9646d6637e020d42f7558d515788b580ef5963b64617d7e3aed0e5814f169a6774

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-64049.exe

Filesize
184KB

MD5
2dac591f948b5cff14c8f5ef1653cbcc

SHA1
4975c364e3ecc562d7a209771ec47ad0fa1b9721

SHA256
5eabbdd46d8b84a9b88fb3f3af61d9de929039469d8fa5c7cc205d9df173f7a0

SHA512
eb5406499238817732331b97ede9ffd7bcde4f765aa72d46c7e93a3c149e6cf1dd04803e89f2494285867f0aeed0aea192bef0d682cb6b2161285932e025b952

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads