38343522b4ba32d13375df9541cde037a4ef57246feaa49efda401182c8c9eea

Analysis

max time kernel
150s
max time network
119s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
29/05/2024, 09:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4eaa8da9f1188d9815307e3260052870_NeikiAnalytics.exe
Size

184KB
MD5

4eaa8da9f1188d9815307e3260052870
SHA1

2b8d6bb0ba8e6d0f9337d980fe47a579b8cc8be5
SHA256

38343522b4ba32d13375df9541cde037a4ef57246feaa49efda401182c8c9eea
SHA512

f6feb48e1eb42a4db4fe0d2b564b17b31db208f03e2c1b39e558342ea00c2d99c46a96e246ad3777849fb9a0e0db5c2b343fb3d8b4cc02ff9c727c908c68f21d
SSDEEP

3072:XLe3Y8ofuqbFYBqmeBwEcnT8hlnViFKnJ:XL+onCBq8EuT8hlnViFK

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2368	Unicorn-62061.exe
2568	Unicorn-53050.exe
2680	Unicorn-50590.exe
2064	Unicorn-29266.exe
2788	Unicorn-49132.exe
2632	Unicorn-53216.exe
2448	Unicorn-23689.exe
2764	Unicorn-7907.exe
1528	Unicorn-31857.exe
2000	Unicorn-16075.exe
2220	Unicorn-27616.exe
1644	Unicorn-6449.exe
2076	Unicorn-56205.exe
2444	Unicorn-36107.exe
2828	Unicorn-39122.exe
268	Unicorn-36661.exe
1160	Unicorn-56527.exe
696	Unicorn-39480.exe
2248	Unicorn-14783.exe
1376	Unicorn-14783.exe
692	Unicorn-64539.exe
1352	Unicorn-53076.exe
1664	Unicorn-37294.exe
1872	Unicorn-61244.exe
2092	Unicorn-61244.exe
848	Unicorn-65328.exe
1724	Unicorn-49547.exe
1252	Unicorn-49547.exe
1520	Unicorn-63237.exe
2856	Unicorn-47456.exe
2648	Unicorn-48245.exe
1240	Unicorn-32463.exe
2604	Unicorn-36547.exe
2988	Unicorn-56413.exe
2564	Unicorn-60497.exe
2480	Unicorn-19465.exe
2548	Unicorn-56221.exe
2920	Unicorn-48608.exe
2888	Unicorn-23357.exe
2256	Unicorn-27441.exe
2872	Unicorn-11659.exe
2760	Unicorn-35609.exe
2500	Unicorn-19827.exe
1760	Unicorn-41914.exe
2288	Unicorn-45998.exe
1560	Unicorn-26132.exe
2120	Unicorn-26922.exe
1504	Unicorn-39174.exe
924	Unicorn-27476.exe
2264	Unicorn-6309.exe
2280	Unicorn-6309.exe
1360	Unicorn-56065.exe
1564	Unicorn-60149.exe
1332	Unicorn-14477.exe
564	Unicorn-30814.exe
684	Unicorn-10948.exe
2088	Unicorn-23200.exe
1752	Unicorn-47150.exe
1104	Unicorn-38982.exe
1584	Unicorn-39536.exe
1864	Unicorn-2033.exe
2676	Unicorn-6672.exe
2980	Unicorn-34706.exe
2524	Unicorn-23008.exe

Loads dropped DLL 64 IoCs

pid	Process
2868	4eaa8da9f1188d9815307e3260052870_NeikiAnalytics.exe
2868	4eaa8da9f1188d9815307e3260052870_NeikiAnalytics.exe
2368	Unicorn-62061.exe
2368	Unicorn-62061.exe
2868	4eaa8da9f1188d9815307e3260052870_NeikiAnalytics.exe
2868	4eaa8da9f1188d9815307e3260052870_NeikiAnalytics.exe
2368	Unicorn-62061.exe
2568	Unicorn-53050.exe
2368	Unicorn-62061.exe
2568	Unicorn-53050.exe
2680	Unicorn-50590.exe
2680	Unicorn-50590.exe
2172	WerFault.exe
2172	WerFault.exe
2172	WerFault.exe
2172	WerFault.exe
2172	WerFault.exe
2632	Unicorn-53216.exe
2680	Unicorn-50590.exe
2632	Unicorn-53216.exe
2680	Unicorn-50590.exe
2788	Unicorn-49132.exe
2788	Unicorn-49132.exe
2568	Unicorn-53050.exe
2568	Unicorn-53050.exe
2372	WerFault.exe
2372	WerFault.exe
2372	WerFault.exe
2372	WerFault.exe
1916	WerFault.exe
1916	WerFault.exe
1916	WerFault.exe
1916	WerFault.exe
2372	WerFault.exe
1916	WerFault.exe
2064	Unicorn-29266.exe
2064	Unicorn-29266.exe
2448	Unicorn-23689.exe
2448	Unicorn-23689.exe
2632	Unicorn-53216.exe
2632	Unicorn-53216.exe
2764	Unicorn-7907.exe
2764	Unicorn-7907.exe
1528	Unicorn-31857.exe
1528	Unicorn-31857.exe
2788	Unicorn-49132.exe
2788	Unicorn-49132.exe
2000	Unicorn-16075.exe
2000	Unicorn-16075.exe
3068	WerFault.exe
3068	WerFault.exe
3068	WerFault.exe
3068	WerFault.exe
1488	WerFault.exe
1488	WerFault.exe
1488	WerFault.exe
1488	WerFault.exe
3068	WerFault.exe
1488	WerFault.exe
556	WerFault.exe
556	WerFault.exe
556	WerFault.exe
556	WerFault.exe
556	WerFault.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2732	2868	WerFault.exe	27
2172	2368	WerFault.exe	28
2372	2568	WerFault.exe	29
1916	2680	WerFault.exe	30
1488	2064	WerFault.exe	32
3068	2632	WerFault.exe	34
556	2788	WerFault.exe	33
2132	2448	WerFault.exe	36
1708	2764	WerFault.exe	37
2932	1528	WerFault.exe	38
1624	2000	WerFault.exe	39
2376	848	WerFault.exe	60
1628	2220	WerFault.exe	42
2556	1644	WerFault.exe	43
1832	2076	WerFault.exe	44
2388	2444	WerFault.exe	45
2832	1160	WerFault.exe	48
2296	268	WerFault.exe	47
380	696	WerFault.exe	52
1640	2248	WerFault.exe	54
2300	1376	WerFault.exe	53
2060	692	WerFault.exe	55
2272	1664	WerFault.exe	57
1960	1352	WerFault.exe	56
336	2092	WerFault.exe	59
980	1872	WerFault.exe	58
1080	1252	WerFault.exe	62
752	2904	WerFault.exe	111
2896	1520	WerFault.exe	65
2728	2856	WerFault.exe	66
2780	2604	WerFault.exe	71
3000	1240	WerFault.exe	70
1144	2548	WerFault.exe	75
1296	2920	WerFault.exe	76
1552	2480	WerFault.exe	74
876	2564	WerFault.exe	73
992	2256	WerFault.exe	79
2544	2988	WerFault.exe	72
2624	2888	WerFault.exe	77
1340	2648	WerFault.exe	69
2396	2760	WerFault.exe	81
3076	2500	WerFault.exe	82
3108	2872	WerFault.exe	80
3344	1560	WerFault.exe	87
3412	1760	WerFault.exe	86
3448	2288	WerFault.exe	88
3640	2676	WerFault.exe	107
3668	2120	WerFault.exe	92
3672	2280	WerFault.exe	96
3856	684	WerFault.exe	101
3928	1752	WerFault.exe	104
4028	2524	WerFault.exe	109
3464	564	WerFault.exe	100
3584	2464	WerFault.exe	110
3644	2980	WerFault.exe	108
3900	924	WerFault.exe	94
3372	2756	WerFault.exe	112
3468	1360	WerFault.exe	97
3208	1404	WerFault.exe	144
3196	2660	WerFault.exe	149
3268	1584	WerFault.exe	105
3600	1084	WerFault.exe	145
4108	888	WerFault.exe	123
4132	1912	WerFault.exe	124

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2868	4eaa8da9f1188d9815307e3260052870_NeikiAnalytics.exe
2368	Unicorn-62061.exe
2568	Unicorn-53050.exe
2680	Unicorn-50590.exe
2788	Unicorn-49132.exe
2064	Unicorn-29266.exe
2632	Unicorn-53216.exe
2448	Unicorn-23689.exe
2764	Unicorn-7907.exe
2000	Unicorn-16075.exe
1528	Unicorn-31857.exe
2220	Unicorn-27616.exe
1644	Unicorn-6449.exe
2076	Unicorn-56205.exe
2444	Unicorn-36107.exe
268	Unicorn-36661.exe
2828	Unicorn-39122.exe
1160	Unicorn-56527.exe
696	Unicorn-39480.exe
2248	Unicorn-14783.exe
1376	Unicorn-14783.exe
692	Unicorn-64539.exe
1352	Unicorn-53076.exe
1664	Unicorn-37294.exe
848	Unicorn-65328.exe
1872	Unicorn-61244.exe
2092	Unicorn-61244.exe
1252	Unicorn-49547.exe
1724	Unicorn-49547.exe
1520	Unicorn-63237.exe
2856	Unicorn-47456.exe
2648	Unicorn-48245.exe
1240	Unicorn-32463.exe
2564	Unicorn-60497.exe
2988	Unicorn-56413.exe
2604	Unicorn-36547.exe
2480	Unicorn-19465.exe
2548	Unicorn-56221.exe
2920	Unicorn-48608.exe
2888	Unicorn-23357.exe
2256	Unicorn-27441.exe
2872	Unicorn-11659.exe
2500	Unicorn-19827.exe
2760	Unicorn-35609.exe
1760	Unicorn-41914.exe
2288	Unicorn-45998.exe
1560	Unicorn-26132.exe
2120	Unicorn-26922.exe
1504	Unicorn-39174.exe
924	Unicorn-27476.exe
2264	Unicorn-6309.exe
2280	Unicorn-6309.exe
1564	Unicorn-60149.exe
1360	Unicorn-56065.exe
1332	Unicorn-14477.exe
564	Unicorn-30814.exe
684	Unicorn-10948.exe
1752	Unicorn-47150.exe
2088	Unicorn-23200.exe
1104	Unicorn-38982.exe
1584	Unicorn-39536.exe
1864	Unicorn-2033.exe
2676	Unicorn-6672.exe
2980	Unicorn-34706.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2868 wrote to memory of 2368	2868	4eaa8da9f1188d9815307e3260052870_NeikiAnalytics.exe	28
PID 2868 wrote to memory of 2368	2868	4eaa8da9f1188d9815307e3260052870_NeikiAnalytics.exe	28
PID 2868 wrote to memory of 2368	2868	4eaa8da9f1188d9815307e3260052870_NeikiAnalytics.exe	28
PID 2868 wrote to memory of 2368	2868	4eaa8da9f1188d9815307e3260052870_NeikiAnalytics.exe	28
PID 2368 wrote to memory of 2568	2368	Unicorn-62061.exe	29
PID 2368 wrote to memory of 2568	2368	Unicorn-62061.exe	29
PID 2368 wrote to memory of 2568	2368	Unicorn-62061.exe	29
PID 2368 wrote to memory of 2568	2368	Unicorn-62061.exe	29
PID 2868 wrote to memory of 2680	2868	4eaa8da9f1188d9815307e3260052870_NeikiAnalytics.exe	30
PID 2868 wrote to memory of 2680	2868	4eaa8da9f1188d9815307e3260052870_NeikiAnalytics.exe	30
PID 2868 wrote to memory of 2680	2868	4eaa8da9f1188d9815307e3260052870_NeikiAnalytics.exe	30
PID 2868 wrote to memory of 2680	2868	4eaa8da9f1188d9815307e3260052870_NeikiAnalytics.exe	30
PID 2868 wrote to memory of 2732	2868	4eaa8da9f1188d9815307e3260052870_NeikiAnalytics.exe	31
PID 2868 wrote to memory of 2732	2868	4eaa8da9f1188d9815307e3260052870_NeikiAnalytics.exe	31
PID 2868 wrote to memory of 2732	2868	4eaa8da9f1188d9815307e3260052870_NeikiAnalytics.exe	31
PID 2868 wrote to memory of 2732	2868	4eaa8da9f1188d9815307e3260052870_NeikiAnalytics.exe	31
PID 2368 wrote to memory of 2064	2368	Unicorn-62061.exe	32
PID 2368 wrote to memory of 2064	2368	Unicorn-62061.exe	32
PID 2368 wrote to memory of 2064	2368	Unicorn-62061.exe	32
PID 2368 wrote to memory of 2064	2368	Unicorn-62061.exe	32
PID 2568 wrote to memory of 2788	2568	Unicorn-53050.exe	33
PID 2568 wrote to memory of 2788	2568	Unicorn-53050.exe	33
PID 2568 wrote to memory of 2788	2568	Unicorn-53050.exe	33
PID 2568 wrote to memory of 2788	2568	Unicorn-53050.exe	33
PID 2680 wrote to memory of 2632	2680	Unicorn-50590.exe	34
PID 2680 wrote to memory of 2632	2680	Unicorn-50590.exe	34
PID 2680 wrote to memory of 2632	2680	Unicorn-50590.exe	34
PID 2680 wrote to memory of 2632	2680	Unicorn-50590.exe	34
PID 2368 wrote to memory of 2172	2368	Unicorn-62061.exe	35
PID 2368 wrote to memory of 2172	2368	Unicorn-62061.exe	35
PID 2368 wrote to memory of 2172	2368	Unicorn-62061.exe	35
PID 2368 wrote to memory of 2172	2368	Unicorn-62061.exe	35
PID 2632 wrote to memory of 2448	2632	Unicorn-53216.exe	36
PID 2632 wrote to memory of 2448	2632	Unicorn-53216.exe	36
PID 2632 wrote to memory of 2448	2632	Unicorn-53216.exe	36
PID 2632 wrote to memory of 2448	2632	Unicorn-53216.exe	36
PID 2680 wrote to memory of 2764	2680	Unicorn-50590.exe	37
PID 2680 wrote to memory of 2764	2680	Unicorn-50590.exe	37
PID 2680 wrote to memory of 2764	2680	Unicorn-50590.exe	37
PID 2680 wrote to memory of 2764	2680	Unicorn-50590.exe	37
PID 2788 wrote to memory of 1528	2788	Unicorn-49132.exe	38
PID 2788 wrote to memory of 1528	2788	Unicorn-49132.exe	38
PID 2788 wrote to memory of 1528	2788	Unicorn-49132.exe	38
PID 2788 wrote to memory of 1528	2788	Unicorn-49132.exe	38
PID 2568 wrote to memory of 2000	2568	Unicorn-53050.exe	39
PID 2568 wrote to memory of 2000	2568	Unicorn-53050.exe	39
PID 2568 wrote to memory of 2000	2568	Unicorn-53050.exe	39
PID 2568 wrote to memory of 2000	2568	Unicorn-53050.exe	39
PID 2568 wrote to memory of 2372	2568	Unicorn-53050.exe	40
PID 2568 wrote to memory of 2372	2568	Unicorn-53050.exe	40
PID 2568 wrote to memory of 2372	2568	Unicorn-53050.exe	40
PID 2568 wrote to memory of 2372	2568	Unicorn-53050.exe	40
PID 2680 wrote to memory of 1916	2680	Unicorn-50590.exe	41
PID 2680 wrote to memory of 1916	2680	Unicorn-50590.exe	41
PID 2680 wrote to memory of 1916	2680	Unicorn-50590.exe	41
PID 2680 wrote to memory of 1916	2680	Unicorn-50590.exe	41
PID 2064 wrote to memory of 2220	2064	Unicorn-29266.exe	42
PID 2064 wrote to memory of 2220	2064	Unicorn-29266.exe	42
PID 2064 wrote to memory of 2220	2064	Unicorn-29266.exe	42
PID 2064 wrote to memory of 2220	2064	Unicorn-29266.exe	42
PID 2448 wrote to memory of 1644	2448	Unicorn-23689.exe	43
PID 2448 wrote to memory of 1644	2448	Unicorn-23689.exe	43
PID 2448 wrote to memory of 1644	2448	Unicorn-23689.exe	43
PID 2448 wrote to memory of 1644	2448	Unicorn-23689.exe	43

C:\Users\Admin\AppData\Local\Temp\4eaa8da9f1188d9815307e3260052870_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\4eaa8da9f1188d9815307e3260052870_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2868
- C:\Users\Admin\AppData\Local\Temp\Unicorn-62061.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-62061.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2368
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53050.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53050.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49132.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49132.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31857.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39122.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65328.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 848 -s 220
        8⤵
        Program crash
        
        PID:2376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11659.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1841.exe
        8⤵
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56024.exe
        9⤵
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53066.exe
        10⤵
        
        PID:3864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22501.exe
        11⤵
        
        PID:4148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61302.exe
        12⤵
        
        PID:7084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7084 -s 220
        13⤵
        
        PID:9772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4148 -s 236
        12⤵
        
        PID:7496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3864 -s 216
        11⤵
        
        PID:4680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 236
        10⤵
        
        PID:4156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49537.exe
        9⤵
        
        PID:3948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59065.exe
        10⤵
        
        PID:4528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32138.exe
        11⤵
        
        PID:6524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48290.exe
        12⤵
        
        PID:9556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48156.exe
        13⤵
        
        PID:11656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9556 -s 216
        13⤵
        
        PID:12468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6524 -s 216
        12⤵
        
        PID:10472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4528 -s 236
        11⤵
        
        PID:8072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3948 -s 216
        10⤵
        
        PID:5920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2508 -s 240
        9⤵
        
        PID:4308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36158.exe
        8⤵
        
        PID:296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62386.exe
        9⤵
        
        PID:4064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61094.exe
        10⤵
        
        PID:5300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65189.exe
        11⤵
        
        PID:7828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46116.exe
        12⤵
        
        PID:10308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32915.exe
        13⤵
        
        PID:12848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10308 -s 216
        13⤵
        
        PID:13956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7828 -s 216
        12⤵
        
        PID:12000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5300 -s 216
        11⤵
        
        PID:9036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4064 -s 236
        10⤵
        
        PID:6432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 296 -s 216
        9⤵
        
        PID:4724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2872 -s 240
        8⤵
        Program crash
        
        PID:3108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49547.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23357.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34706.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31520.exe
        9⤵
        
        PID:1244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65318.exe
        10⤵
        
        PID:3804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37322.exe
        11⤵
        
        PID:5556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40493.exe
        12⤵
        
        PID:8120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27969.exe
        13⤵
        
        PID:10668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24586.exe
        14⤵
        
        PID:12368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10668 -s 236
        14⤵
        
        PID:12716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8120 -s 220
        13⤵
        
        PID:11648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5556 -s 220
        12⤵
        
        PID:8920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3804 -s 216
        11⤵
        
        PID:6908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1244 -s 236
        10⤵
        
        PID:4348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12780.exe
        9⤵
        
        PID:3776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30093.exe
        10⤵
        
        PID:4876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22491.exe
        11⤵
        
        PID:6792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1030.exe
        12⤵
        
        PID:9604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20995.exe
        13⤵
        
        PID:12280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9604 -s 216
        13⤵
        
        PID:13284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6792 -s 216
        12⤵
        
        PID:10716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4876 -s 216
        11⤵
        
        PID:3060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3776 -s 236
        10⤵
        
        PID:5888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2980 -s 240
        9⤵
        Program crash
        
        PID:3644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19822.exe
        8⤵
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20394.exe
        9⤵
        
        PID:3728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25817.exe
        10⤵
        
        PID:4980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-975.exe
        11⤵
        
        PID:7472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43262.exe
        12⤵
        
        PID:9848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17762.exe
        13⤵
        
        PID:12644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9848 -s 216
        13⤵
        
        PID:7524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7472 -s 216
        12⤵
        
        PID:10572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4980 -s 216
        11⤵
        
        PID:8520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3728 -s 236
        10⤵
        
        PID:5372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2660 -s 216
        9⤵
        Program crash
        
        PID:3196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2888 -s 240
        8⤵
        Program crash
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23008.exe
        7⤵
        Executes dropped EXE
        
        PID:2524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43964.exe
        8⤵
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13185.exe
        9⤵
        
        PID:3768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61805.exe
        10⤵
        
        PID:4540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28822.exe
        11⤵
        
        PID:6996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20626.exe
        12⤵
        
        PID:9652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32313.exe
        13⤵
        
        PID:11732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9652 -s 216
        13⤵
        
        PID:13264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6996 -s 236
        12⤵
        
        PID:10624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4540 -s 236
        11⤵
        
        PID:7356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3768 -s 216
        10⤵
        
        PID:5216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2748 -s 216
        9⤵
        
        PID:4484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9656.exe
        8⤵
        
        PID:3792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59584.exe
        9⤵
        
        PID:4268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31235.exe
        10⤵
        
        PID:6752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63085.exe
        11⤵
        
        PID:10076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5981.exe
        12⤵
        
        PID:12296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53520.exe
        13⤵
        
        PID:7680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10076 -s 216
        12⤵
        
        PID:12624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6752 -s 216
        11⤵
        
        PID:10276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4268 -s 216
        10⤵
        
        PID:7948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3792 -s 216
        9⤵
        
        PID:5976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2524 -s 220
        8⤵
        Program crash
        
        PID:4028
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1528 -s 240
        6⤵
        Program crash
        
        PID:2932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36661.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61244.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39536.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39688.exe
        8⤵
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3865.exe
        9⤵
        
        PID:3956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45853.exe
        10⤵
        
        PID:4576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15474.exe
        11⤵
        
        PID:7172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58233.exe
        12⤵
        
        PID:9872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53859.exe
        13⤵
        
        PID:4704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9872 -s 216
        13⤵
        
        PID:13252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7172 -s 220
        12⤵
        
        PID:11108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4576 -s 216
        11⤵
        
        PID:8236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3956 -s 216
        10⤵
        
        PID:6384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2512 -s 236
        9⤵
        
        PID:4180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61789.exe
        8⤵
        
        PID:4036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10056.exe
        9⤵
        
        PID:4756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57960.exe
        10⤵
        
        PID:7632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64258.exe
        11⤵
        
        PID:9880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46672.exe
        12⤵
        
        PID:13052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9880 -s 216
        12⤵
        
        PID:13584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7632 -s 216
        11⤵
        
        PID:10600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4756 -s 220
        10⤵
        
        PID:8496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4036 -s 216
        9⤵
        
        PID:6592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1584 -s 240
        8⤵
        Program crash
        
        PID:3268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1872 -s 236
        7⤵
        Program crash
        
        PID:980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19827.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6994.exe
        7⤵
        
        PID:2904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2904 -s 244
        8⤵
        Program crash
        
        PID:752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44327.exe
        7⤵
        
        PID:1048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16118.exe
        8⤵
        
        PID:4056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3917.exe
        9⤵
        
        PID:4888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24157.exe
        10⤵
        
        PID:8060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56557.exe
        11⤵
        
        PID:10736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55307.exe
        12⤵
        
        PID:12536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10736 -s 216
        12⤵
        
        PID:13808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8060 -s 216
        11⤵
        
        PID:11668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4888 -s 220
        10⤵
        
        PID:9000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4056 -s 216
        9⤵
        
        PID:6856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1048 -s 216
        8⤵
        
        PID:5104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2500 -s 240
        7⤵
        Program crash
        
        PID:3076
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 268 -s 240
        6⤵
        Program crash
        
        PID:2296
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2788 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16075.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16075.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56527.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61244.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27441.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2033.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51940.exe
        9⤵
        
        PID:1776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16118.exe
        10⤵
        
        PID:4048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35821.exe
        11⤵
        
        PID:5952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20457.exe
        12⤵
        
        PID:7660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28436.exe
        13⤵
        
        PID:11192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41851.exe
        14⤵
        
        PID:6348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11192 -s 220
        14⤵
        
        PID:14056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7660 -s 216
        13⤵
        
        PID:11976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5952 -s 220
        12⤵
        
        PID:8440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4048 -s 236
        11⤵
        
        PID:7116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1776 -s 216
        10⤵
        
        PID:4224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16672.exe
        9⤵
        
        PID:3204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12817.exe
        10⤵
        
        PID:5524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1935.exe
        11⤵
        
        PID:7760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32738.exe
        12⤵
        
        PID:10252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47824.exe
        13⤵
        
        PID:13140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10252 -s 216
        13⤵
        
        PID:13600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7760 -s 220
        12⤵
        
        PID:11288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5524 -s 216
        11⤵
        
        PID:8616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3204 -s 216
        10⤵
        
        PID:6584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1864 -s 240
        9⤵
        
        PID:5184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2256 -s 236
        8⤵
        Program crash
        
        PID:992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6672.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64576.exe
        8⤵
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8333.exe
        9⤵
        
        PID:3624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32091.exe
        10⤵
        
        PID:3304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22994.exe
        11⤵
        
        PID:4552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38635.exe
        12⤵
        
        PID:6760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17201.exe
        13⤵
        
        PID:9900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20144.exe
        14⤵
        
        PID:11572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9900 -s 216
        14⤵
        
        PID:12720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6760 -s 216
        13⤵
        
        PID:11128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4552 -s 216
        12⤵
        
        PID:7952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3304 -s 216
        11⤵
        
        PID:6500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3624 -s 236
        10⤵
        
        PID:4684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24477.exe
        9⤵
        
        PID:3352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34691.exe
        10⤵
        
        PID:5176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58173.exe
        11⤵
        
        PID:7908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64424.exe
        12⤵
        
        PID:11012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60159.exe
        13⤵
        
        PID:12768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11012 -s 216
        13⤵
        
        PID:13936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7908 -s 220
        12⤵
        
        PID:11876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5176 -s 216
        11⤵
        
        PID:9260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3352 -s 216
        10⤵
        
        PID:6956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2936 -s 240
        9⤵
        
        PID:5752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-720.exe
        8⤵
        
        PID:3660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48427.exe
        9⤵
        
        PID:3572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24359.exe
        10⤵
        
        PID:5472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62231.exe
        11⤵
        
        PID:8000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4092.exe
        12⤵
        
        PID:11576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57972.exe
        13⤵
        
        PID:14180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11576 -s 236
        13⤵
        
        PID:8480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8000 -s 236
        12⤵
        
        PID:12284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5472 -s 216
        11⤵
        
        PID:9680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3572 -s 216
        10⤵
        
        PID:7428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3660 -s 236
        9⤵
        
        PID:6060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2676 -s 240
        8⤵
        Program crash
        
        PID:3640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2092 -s 240
        7⤵
        Program crash
        
        PID:336
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1160 -s 216
        6⤵
        Program crash
        
        PID:2832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49547.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35609.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55126.exe
        7⤵
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7015.exe
        8⤵
        
        PID:1404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12225.exe
        9⤵
        
        PID:3700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49169.exe
        10⤵
        
        PID:4780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46637.exe
        11⤵
        
        PID:6252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61419.exe
        12⤵
        
        PID:9372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51041.exe
        13⤵
        
        PID:12240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52596.exe
        14⤵
        
        PID:7756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9372 -s 216
        13⤵
        
        PID:12872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6252 -s 216
        12⤵
        
        PID:9708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4780 -s 236
        11⤵
        
        PID:7992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3700 -s 236
        10⤵
        
        PID:5796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1404 -s 216
        9⤵
        Program crash
        
        PID:3208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4612.exe
        8⤵
        
        PID:3744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41001.exe
        9⤵
        
        PID:4748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20436.exe
        10⤵
        
        PID:7272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13858.exe
        11⤵
        
        PID:9976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25593.exe
        12⤵
        
        PID:12752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9976 -s 216
        12⤵
        
        PID:13352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7272 -s 216
        11⤵
        
        PID:10956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4748 -s 216
        10⤵
        
        PID:8300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3744 -s 216
        9⤵
        
        PID:5348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2464 -s 240
        8⤵
        Program crash
        
        PID:3584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60855.exe
        7⤵
        
        PID:1084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20394.exe
        8⤵
        
        PID:3720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20088.exe
        9⤵
        
        PID:4320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39739.exe
        10⤵
        
        PID:8004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28353.exe
        11⤵
        
        PID:10524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44316.exe
        12⤵
        
        PID:12480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10524 -s 220
        12⤵
        
        PID:13740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8004 -s 216
        11⤵
        
        PID:11548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4320 -s 216
        10⤵
        
        PID:8948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3720 -s 236
        9⤵
        
        PID:6024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1084 -s 236
        8⤵
        Program crash
        
        PID:3600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2760 -s 240
        7⤵
        Program crash
        
        PID:2396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52666.exe
        6⤵
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3123.exe
        7⤵
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58302.exe
        8⤵
        
        PID:3616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54021.exe
        9⤵
        
        PID:4660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18272.exe
        10⤵
        
        PID:7792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27393.exe
        11⤵
        
        PID:10384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13402.exe
        12⤵
        
        PID:12324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10384 -s 216
        12⤵
        
        PID:12708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7792 -s 216
        11⤵
        
        PID:11360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4660 -s 216
        10⤵
        
        PID:8664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3616 -s 216
        9⤵
        
        PID:6400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2336 -s 236
        8⤵
        
        PID:4424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46605.exe
        7⤵
        
        PID:3684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4820.exe
        8⤵
        
        PID:4712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65002.exe
        9⤵
        
        PID:4012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41897.exe
        10⤵
        
        PID:9860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53667.exe
        11⤵
        
        PID:11892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45160.exe
        12⤵
        
        PID:7808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9860 -s 216
        11⤵
        
        PID:13296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4012 -s 216
        10⤵
        
        PID:11096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4712 -s 236
        9⤵
        
        PID:7880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3684 -s 216
        8⤵
        
        PID:6392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2756 -s 220
        7⤵
        Program crash
        
        PID:3372
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1252 -s 240
        6⤵
        Program crash
        
        PID:1080
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2000 -s 240
        5⤵
        Program crash
        
        PID:1624
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2568 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:2372
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29266.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29266.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27616.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27616.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39480.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63237.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45998.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15567.exe
        8⤵
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2412.exe
        9⤵
        
        PID:3328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52895.exe
        10⤵
        
        PID:3392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36590.exe
        11⤵
        
        PID:5148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18272.exe
        12⤵
        
        PID:7800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36822.exe
        13⤵
        
        PID:10280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59801.exe
        14⤵
        
        PID:12808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10280 -s 216
        14⤵
        
        PID:13376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7800 -s 220
        13⤵
        
        PID:11296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5148 -s 216
        12⤵
        
        PID:8656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3392 -s 216
        11⤵
        
        PID:6936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3328 -s 236
        10⤵
        
        PID:4800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37113.exe
        9⤵
        
        PID:3516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28578.exe
        10⤵
        
        PID:5924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36772.exe
        11⤵
        
        PID:7300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53931.exe
        12⤵
        
        PID:9720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58218.exe
        13⤵
        
        PID:12452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9720 -s 216
        13⤵
        
        PID:12968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7300 -s 216
        12⤵
        
        PID:10792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5924 -s 216
        11⤵
        
        PID:8308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3516 -s 216
        10⤵
        
        PID:7080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1568 -s 240
        9⤵
        
        PID:5508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52168.exe
        8⤵
        
        PID:3360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18723.exe
        9⤵
        
        PID:4016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36590.exe
        10⤵
        
        PID:5140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43461.exe
        11⤵
        
        PID:7892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10926.exe
        12⤵
        
        PID:10124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2432.exe
        13⤵
        
        PID:12836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10124 -s 216
        13⤵
        
        PID:13392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7892 -s 216
        12⤵
        
        PID:11032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5140 -s 220
        11⤵
        
        PID:8812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4016 -s 216
        10⤵
        
        PID:6944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3360 -s 236
        9⤵
        
        PID:4452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2288 -s 240
        8⤵
        Program crash
        
        PID:3448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7954.exe
        7⤵
        
        PID:1848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10580.exe
        8⤵
        
        PID:3396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10554.exe
        9⤵
        
        PID:3976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37130.exe
        10⤵
        
        PID:5716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48661.exe
        11⤵
        
        PID:8148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8148 -s 384
        12⤵
        
        PID:10404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5716 -s 220
        11⤵
        
        PID:8928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3976 -s 216
        10⤵
        
        PID:6884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3396 -s 216
        9⤵
        
        PID:5288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1520 -s 240
        7⤵
        Program crash
        
        PID:2896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26132.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40264.exe
        7⤵
        
        PID:888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6688.exe
        8⤵
        
        PID:3152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6854.exe
        9⤵
        
        PID:3488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50897.exe
        10⤵
        
        PID:4316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22818.exe
        11⤵
        
        PID:6360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28446.exe
        12⤵
        
        PID:9488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7616.exe
        13⤵
        
        PID:11628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37376.exe
        14⤵
        
        PID:13708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9488 -s 216
        13⤵
        
        PID:13172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6360 -s 216
        12⤵
        
        PID:9960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4316 -s 236
        11⤵
        
        PID:8020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3488 -s 216
        10⤵
        
        PID:5860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3152 -s 236
        9⤵
        
        PID:5004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47373.exe
        8⤵
        
        PID:3544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27269.exe
        9⤵
        
        PID:6076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32522.exe
        10⤵
        
        PID:7144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61165.exe
        11⤵
        
        PID:9784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20995.exe
        12⤵
        
        PID:4700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9784 -s 216
        12⤵
        
        PID:13044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7144 -s 216
        11⤵
        
        PID:10936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6076 -s 236
        10⤵
        
        PID:7684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3544 -s 216
        9⤵
        
        PID:5916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 888 -s 240
        8⤵
        Program crash
        
        PID:4108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56444.exe
        7⤵
        
        PID:3180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1701.exe
        8⤵
        
        PID:3548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29517.exe
        9⤵
        
        PID:4456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2070.exe
        10⤵
        
        PID:7112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42857.exe
        11⤵
        
        PID:10028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51041.exe
        12⤵
        
        PID:12248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32477.exe
        13⤵
        
        PID:7528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10028 -s 216
        12⤵
        
        PID:12884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7112 -s 216
        11⤵
        
        PID:11256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4456 -s 216
        10⤵
        
        PID:1796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3548 -s 216
        9⤵
        
        PID:6340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3180 -s 236
        8⤵
        
        PID:5016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1560 -s 240
        7⤵
        Program crash
        
        PID:3344
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 696 -s 240
        6⤵
        Program crash
        
        PID:380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47456.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41914.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64768.exe
        7⤵
        
        PID:1912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39361.exe
        8⤵
        
        PID:3224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30975.exe
        9⤵
        
        PID:4084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65370.exe
        10⤵
        
        PID:4344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32325.exe
        11⤵
        
        PID:8092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65301.exe
        12⤵
        
        PID:10492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22500.exe
        13⤵
        
        PID:12236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25461.exe
        14⤵
        
        PID:7628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10492 -s 216
        13⤵
        
        PID:12160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8092 -s 216
        12⤵
        
        PID:11524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4084 -s 216
        10⤵
        
        PID:6848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3224 -s 236
        9⤵
        
        PID:4640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23361.exe
        8⤵
        
        PID:3248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18225.exe
        9⤵
        
        PID:4792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64426.exe
        10⤵
        
        PID:6740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33070.exe
        11⤵
        
        PID:9624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11892.exe
        12⤵
        
        PID:11584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32477.exe
        13⤵
        
        PID:7552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9624 -s 216
        12⤵
        
        PID:13104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6740 -s 216
        11⤵
        
        PID:10584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4792 -s 236
        10⤵
        
        PID:7256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3248 -s 236
        9⤵
        
        PID:6088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1912 -s 240
        8⤵
        Program crash
        
        PID:4132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23579.exe
        7⤵
        
        PID:3252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43419.exe
        8⤵
        
        PID:3880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44566.exe
        9⤵
        
        PID:5388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26954.exe
        10⤵
        
        PID:8104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14149.exe
        11⤵
        
        PID:11084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28175.exe
        12⤵
        
        PID:13828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11084 -s 216
        12⤵
        
        PID:14232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8104 -s 236
        11⤵
        
        PID:12200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5388 -s 216
        10⤵
        
        PID:9404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3880 -s 216
        9⤵
        
        PID:7184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3252 -s 236
        8⤵
        
        PID:4368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1760 -s 240
        7⤵
        Program crash
        
        PID:3412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53071.exe
        6⤵
        
        PID:2108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59781.exe
        7⤵
        
        PID:3292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10554.exe
        8⤵
        
        PID:3972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10362.exe
        8⤵
        
        PID:3192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7057.exe
        9⤵
        
        PID:6776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42390.exe
        10⤵
        
        PID:9712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4959.exe
        11⤵
        
        PID:12180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9712 -s 216
        11⤵
        
        PID:12908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6776 -s 216
        10⤵
        
        PID:10728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3192 -s 236
        9⤵
        
        PID:7260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3292 -s 240
        8⤵
        
        PID:5820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7025.exe
        7⤵
        
        PID:3092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24146.exe
        8⤵
        
        PID:5240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34608.exe
        9⤵
        
        PID:7812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40714.exe
        10⤵
        
        PID:10364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6599.exe
        11⤵
        
        PID:13232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10364 -s 216
        11⤵
        
        PID:13628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7812 -s 216
        10⤵
        
        PID:11348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5240 -s 216
        9⤵
        
        PID:8680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3092 -s 216
        8⤵
        
        PID:7040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2108 -s 240
        7⤵
        
        PID:4580
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2856 -s 240
        6⤵
        Program crash
        
        PID:2728
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2220 -s 240
        5⤵
        Program crash
        
        PID:1628
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2064 -s 236
      4⤵
      Loads dropped DLL
      Program crash
      PID:1488
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2368 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2172
- C:\Users\Admin\AppData\Local\Temp\Unicorn-50590.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-50590.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2680
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53216.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53216.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23689.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23689.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6449.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14783.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56413.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6309.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7207.exe
        9⤵
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25630.exe
        10⤵
        
        PID:3492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38645.exe
        11⤵
        
        PID:5056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43269.exe
        12⤵
        
        PID:7976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19801.exe
        13⤵
        
        PID:10640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36039.exe
        14⤵
        
        PID:12636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10640 -s 220
        14⤵
        
        PID:13876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7976 -s 220
        13⤵
        
        PID:11640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5056 -s 216
        12⤵
        
        PID:8892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3492 -s 216
        11⤵
        
        PID:6620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3048 -s 236
        10⤵
        
        PID:4380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18016.exe
        9⤵
        
        PID:3536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14270.exe
        10⤵
        
        PID:5124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18594.exe
        11⤵
        
        PID:8164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22126.exe
        12⤵
        
        PID:11236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3094.exe
        13⤵
        
        PID:13912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11236 -s 216
        13⤵
        
        PID:14252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8164 -s 216
        12⤵
        
        PID:12208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5124 -s 216
        11⤵
        
        PID:9444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3536 -s 216
        10⤵
        
        PID:6900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2264 -s 240
        9⤵
        
        PID:5708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3678.exe
        8⤵
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49942.exe
        9⤵
        
        PID:3888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11727.exe
        10⤵
        
        PID:4444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47898.exe
        11⤵
        
        PID:6876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32686.exe
        12⤵
        
        PID:9752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32313.exe
        13⤵
        
        PID:11688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21978.exe
        14⤵
        
        PID:8248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9752 -s 216
        13⤵
        
        PID:13132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6876 -s 216
        12⤵
        
        PID:10888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4444 -s 236
        11⤵
        
        PID:7296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3888 -s 236
        10⤵
        
        PID:6108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24534.exe
        9⤵
        
        PID:4504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18599.exe
        10⤵
        
        PID:7160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35156.exe
        11⤵
        
        PID:10228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4933.exe
        12⤵
        
        PID:12488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10228 -s 216
        12⤵
        
        PID:12996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7160 -s 216
        11⤵
        
        PID:10652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4504 -s 216
        10⤵
        
        PID:7836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2724 -s 240
        9⤵
        
        PID:5136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2988 -s 240
        8⤵
        Program crash
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56065.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39688.exe
        8⤵
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57150.exe
        9⤵
        
        PID:3904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19102.exe
        10⤵
        
        PID:4796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62044.exe
        11⤵
        
        PID:7664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64258.exe
        12⤵
        
        PID:9884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42313.exe
        13⤵
        
        PID:12700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9884 -s 220
        13⤵
        
        PID:7604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7664 -s 216
        12⤵
        
        PID:10692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4796 -s 220
        11⤵
        
        PID:8488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3904 -s 216
        10⤵
        
        PID:6680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2700 -s 236
        9⤵
        
        PID:4360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57705.exe
        8⤵
        
        PID:3980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59449.exe
        9⤵
        
        PID:4992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50752.exe
        10⤵
        
        PID:7848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3765.exe
        11⤵
        
        PID:10428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15920.exe
        12⤵
        
        PID:12384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10428 -s 220
        12⤵
        
        PID:13716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7848 -s 216
        11⤵
        
        PID:11428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4992 -s 220
        10⤵
        
        PID:8764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3980 -s 236
        9⤵
        
        PID:6464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1360 -s 220
        8⤵
        Program crash
        
        PID:3468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1376 -s 240
        7⤵
        Program crash
        
        PID:2300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36547.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14477.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43808.exe
        8⤵
        
        PID:3480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3694.exe
        9⤵
        
        PID:3604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13756.exe
        10⤵
        
        PID:4408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41432.exe
        11⤵
        
        PID:7728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40714.exe
        12⤵
        
        PID:10372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39272.exe
        13⤵
        
        PID:13276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10372 -s 216
        13⤵
        
        PID:13648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7728 -s 216
        12⤵
        
        PID:11412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4408 -s 216
        11⤵
        
        PID:8568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3604 -s 216
        10⤵
        
        PID:6764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3480 -s 236
        9⤵
        
        PID:4860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44519.exe
        7⤵
        
        PID:764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41966.exe
        8⤵
        
        PID:3576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54405.exe
        9⤵
        
        PID:5072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50176.exe
        10⤵
        
        PID:7436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30626.exe
        11⤵
        
        PID:10008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21763.exe
        12⤵
        
        PID:12132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32477.exe
        13⤵
        
        PID:7540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10008 -s 220
        12⤵
        
        PID:12604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7436 -s 216
        11⤵
        
        PID:11044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5072 -s 216
        10⤵
        
        PID:8396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3576 -s 236
        9⤵
        
        PID:6200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 764 -s 236
        8⤵
        
        PID:4392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2604 -s 240
        7⤵
        Program crash
        
        PID:2780
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1644 -s 240
        6⤵
        Program crash
        
        PID:2556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64539.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60497.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6309.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2967.exe
        8⤵
        
        PID:3432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47311.exe
        9⤵
        
        PID:3308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49190.exe
        10⤵
        
        PID:5828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34546.exe
        11⤵
        
        PID:7940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53708.exe
        12⤵
        
        PID:10536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38006.exe
        13⤵
        
        PID:5812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10536 -s 236
        13⤵
        
        PID:14128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7940 -s 216
        12⤵
        
        PID:12092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 216
        11⤵
        
        PID:9252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3308 -s 216
        10⤵
        
        PID:7052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3432 -s 236
        9⤵
        
        PID:5432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2280 -s 216
        8⤵
        Program crash
        
        PID:3672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3678.exe
        7⤵
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37497.exe
        8⤵
        
        PID:3324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57773.exe
        9⤵
        
        PID:5836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55223.exe
        10⤵
        
        PID:8796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28290.exe
        11⤵
        
        PID:11324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8796 -s 216
        11⤵
        
        PID:12460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5836 -s 236
        10⤵
        
        PID:9740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3324 -s 236
        9⤵
        
        PID:7868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2516 -s 236
        8⤵
        
        PID:5668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2564 -s 240
        7⤵
        Program crash
        
        PID:876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60149.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2931.exe
        7⤵
        
        PID:1232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44898.exe
        8⤵
        
        PID:3820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15786.exe
        9⤵
        
        PID:5352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44193.exe
        10⤵
        
        PID:7224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4616.exe
        11⤵
        
        PID:10812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48099.exe
        12⤵
        
        PID:12692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10812 -s 216
        12⤵
        
        PID:13944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7224 -s 220
        11⤵
        
        PID:11724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5352 -s 216
        10⤵
        
        PID:9084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3820 -s 216
        9⤵
        
        PID:7072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1232 -s 236
        8⤵
        
        PID:4592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33200.exe
        7⤵
        
        PID:3848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1564 -s 220
        7⤵
        
        PID:5012
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 692 -s 240
        6⤵
        Program crash
        
        PID:2060
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2448 -s 240
        5⤵
        Program crash
        
        PID:2132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56205.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56205.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14783.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48245.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39174.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31712.exe
        8⤵
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58302.exe
        9⤵
        
        PID:3632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51774.exe
        10⤵
        
        PID:5068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31562.exe
        11⤵
        
        PID:6816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32686.exe
        12⤵
        
        PID:9696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52515.exe
        13⤵
        
        PID:12260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 12260 -s 200
        14⤵
        
        PID:13636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9696 -s 216
        13⤵
        
        PID:13128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6816 -s 216
        12⤵
        
        PID:10924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3632 -s 236
        10⤵
        
        PID:5164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2572 -s 236
        9⤵
        
        PID:4432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42520.exe
        8⤵
        
        PID:3648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24338.exe
        9⤵
        
        PID:4772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46803.exe
        10⤵
        
        PID:6824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62125.exe
        11⤵
        
        PID:9952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36947.exe
        12⤵
        
        PID:6120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9952 -s 220
        12⤵
        
        PID:12448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6824 -s 216
        11⤵
        
        PID:11152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4772 -s 216
        10⤵
        
        PID:5604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3648 -s 216
        9⤵
        
        PID:6572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1504 -s 240
        8⤵
        
        PID:5112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32266.exe
        7⤵
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29330.exe
        8⤵
        
        PID:4012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37685.exe
        9⤵
        
        PID:4516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22299.exe
        10⤵
        
        PID:6700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58041.exe
        11⤵
        
        PID:9936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52515.exe
        12⤵
        
        PID:11272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9936 -s 216
        12⤵
        
        PID:13148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6700 -s 216
        11⤵
        
        PID:11144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4516 -s 216
        10⤵
        
        PID:7920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1656 -s 236
        8⤵
        
        PID:4616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2648 -s 240
        7⤵
        Program crash
        
        PID:1340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27476.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39688.exe
        7⤵
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20202.exe
        8⤵
        
        PID:4088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26585.exe
        9⤵
        
        PID:4264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21396.exe
        10⤵
        
        PID:7544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39131.exe
        11⤵
        
        PID:9508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33761.exe
        12⤵
        
        PID:12780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9508 -s 216
        12⤵
        
        PID:13368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7544 -s 216
        11⤵
        
        PID:10316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4264 -s 216
        10⤵
        
        PID:8424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4088 -s 236
        9⤵
        
        PID:6488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24840.exe
        7⤵
        
        PID:3276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46237.exe
        8⤵
        
        PID:5040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56315.exe
        9⤵
        
        PID:7244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26687.exe
        10⤵
        
        PID:9804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8633.exe
        11⤵
        
        PID:12564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9804 -s 216
        11⤵
        
        PID:12712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7244 -s 216
        10⤵
        
        PID:10840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5040 -s 216
        9⤵
        
        PID:8284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3276 -s 216
        8⤵
        
        PID:6192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 924 -s 240
        7⤵
        Program crash
        
        PID:3900
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2248 -s 240
        6⤵
        Program crash
        
        PID:1640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32463.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26922.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64576.exe
        7⤵
        
        PID:1992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6304.exe
        8⤵
        
        PID:3508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15947.exe
        9⤵
        
        PID:3736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65370.exe
        10⤵
        
        PID:4248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44748.exe
        11⤵
        
        PID:7348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47107.exe
        12⤵
        
        PID:9856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8275.exe
        13⤵
        
        PID:12220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9856 -s 216
        13⤵
        
        PID:12652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7348 -s 216
        12⤵
        
        PID:10860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4248 -s 216
        11⤵
        
        PID:8372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3736 -s 216
        10⤵
        
        PID:6840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3508 -s 236
        9⤵
        
        PID:4872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61618.exe
        8⤵
        
        PID:3876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37130.exe
        9⤵
        
        PID:5724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27665.exe
        10⤵
        
        PID:7308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16293.exe
        11⤵
        
        PID:10996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3942.exe
        12⤵
        
        PID:13016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10996 -s 216
        12⤵
        
        PID:13992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7308 -s 220
        11⤵
        
        PID:11884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5724 -s 216
        10⤵
        
        PID:9136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3876 -s 216
        9⤵
        
        PID:6864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1992 -s 240
        8⤵
        
        PID:5252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44960.exe
        7⤵
        
        PID:3588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44535.exe
        8⤵
        
        PID:4076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31930.exe
        9⤵
        
        PID:5444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36030.exe
        10⤵
        
        PID:6644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-397.exe
        11⤵
        
        PID:9584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62909.exe
        12⤵
        
        PID:12272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16380.exe
        13⤵
        
        PID:7864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9584 -s 216
        12⤵
        
        PID:13032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6644 -s 216
        11⤵
        
        PID:10556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5444 -s 236
        10⤵
        
        PID:8140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4076 -s 216
        9⤵
        
        PID:5948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3588 -s 236
        8⤵
        
        PID:4624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2120 -s 220
        7⤵
        Program crash
        
        PID:3668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3678.exe
        6⤵
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13185.exe
        7⤵
        
        PID:3716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21541.exe
        8⤵
        
        PID:4116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5059.exe
        9⤵
        
        PID:7508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7766.exe
        10⤵
        
        PID:9692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64653.exe
        11⤵
        
        PID:12952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41138.exe
        12⤵
        
        PID:14324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9692 -s 216
        11⤵
        
        PID:13516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7508 -s 216
        10⤵
        
        PID:10420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4116 -s 216
        9⤵
        
        PID:8408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3716 -s 236
        8⤵
        
        PID:6292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2476 -s 236
        7⤵
        
        PID:4468
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1240 -s 240
        6⤵
        Program crash
        
        PID:3000
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2076 -s 220
        5⤵
        Program crash
        
        PID:1832
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2632 -s 220
      4⤵
      Loads dropped DLL
      Program crash
      PID:3068
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7907.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7907.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36107.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36107.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53076.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56221.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38982.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60108.exe
        8⤵
        
        PID:240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62578.exe
        9⤵
        
        PID:3380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12988.exe
        10⤵
        
        PID:4768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29180.exe
        11⤵
        
        PID:7704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36822.exe
        12⤵
        
        PID:10292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23128.exe
        13⤵
        
        PID:13188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10292 -s 216
        13⤵
        
        PID:13612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7704 -s 220
        12⤵
        
        PID:11304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4768 -s 216
        11⤵
        
        PID:8536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3380 -s 216
        10⤵
        
        PID:6416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 240 -s 216
        9⤵
        
        PID:4292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54965.exe
        8⤵
        
        PID:3428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54426.exe
        9⤵
        
        PID:6028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29180.exe
        10⤵
        
        PID:7712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64258.exe
        11⤵
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64461.exe
        12⤵
        
        PID:13000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2944 -s 216
        12⤵
        
        PID:13544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6028 -s 216
        10⤵
        
        PID:8528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3428 -s 216
        9⤵
        
        PID:6556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1104 -s 240
        8⤵
        
        PID:5692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44327.exe
        7⤵
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28370.exe
        8⤵
        
        PID:3160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8349.exe
        9⤵
        
        PID:5772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48469.exe
        10⤵
        
        PID:8180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45649.exe
        11⤵
        
        PID:10764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10190.exe
        12⤵
        
        PID:12584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10764 -s 216
        12⤵
        
        PID:13816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8180 -s 216
        11⤵
        
        PID:11708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5772 -s 220
        10⤵
        
        PID:9028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3160 -s 216
        9⤵
        
        PID:7104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2260 -s 236
        8⤵
        
        PID:5424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2548 -s 240
        7⤵
        Program crash
        
        PID:1144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23200.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48048.exe
        7⤵
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36538.exe
        8⤵
        
        PID:3212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65526.exe
        9⤵
        
        PID:5872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9527.exe
        10⤵
        
        PID:7932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36630.exe
        11⤵
        
        PID:10336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6599.exe
        12⤵
        
        PID:13224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10336 -s 216
        12⤵
        
        PID:13620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7932 -s 216
        11⤵
        
        PID:11380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5872 -s 216
        10⤵
        
        PID:8904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3212 -s 216
        9⤵
        
        PID:7012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2224 -s 236
        8⤵
        
        PID:5588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34544.exe
        7⤵
        
        PID:3312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3312 -s 220
        8⤵
        
        PID:6012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2088 -s 240
        7⤵
        
        PID:5684
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1352 -s 240
        6⤵
        Program crash
        
        PID:1960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48608.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47150.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43615.exe
        7⤵
        
        PID:3552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20031.exe
        8⤵
        
        PID:3936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12817.exe
        9⤵
        
        PID:5532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16757.exe
        10⤵
        
        PID:7452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12784.exe
        11⤵
        
        PID:10844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36039.exe
        12⤵
        
        PID:5780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10844 -s 220
        12⤵
        
        PID:13860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7452 -s 216
        11⤵
        
        PID:11740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5532 -s 216
        10⤵
        
        PID:9184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3936 -s 216
        9⤵
        
        PID:6660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3552 -s 236
        8⤵
        
        PID:5036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1752 -s 236
        7⤵
        Program crash
        
        PID:3928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19822.exe
        6⤵
        
        PID:2588
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2920 -s 240
        6⤵
        Program crash
        
        PID:1296
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2444 -s 240
        5⤵
        Program crash
        
        PID:2388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37294.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37294.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19465.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30814.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35796.exe
        7⤵
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25246.exe
        8⤵
        
        PID:3932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4052.exe
        9⤵
        
        PID:4824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10949.exe
        10⤵
        
        PID:6960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20517.exe
        11⤵
        
        PID:9816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36179.exe
        12⤵
        
        PID:11624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9816 -s 216
        12⤵
        
        PID:6164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6960 -s 216
        11⤵
        
        PID:11052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4824 -s 216
        10⤵
        
        PID:7320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3932 -s 236
        9⤵
        
        PID:5328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2596 -s 236
        8⤵
        
        PID:4608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13548.exe
        7⤵
        
        PID:4000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28749.exe
        8⤵
        
        PID:4688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52942.exe
        9⤵
        
        PID:6232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46702.exe
        10⤵
        
        PID:9552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30398.exe
        11⤵
        
        PID:12608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56706.exe
        12⤵
        
        PID:14280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9552 -s 216
        11⤵
        
        PID:7380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6232 -s 216
        10⤵
        
        PID:10744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4688 -s 216
        9⤵
        
        PID:7696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4000 -s 236
        8⤵
        
        PID:5404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 564 -s 240
        7⤵
        Program crash
        
        PID:3464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40434.exe
        6⤵
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37690.exe
        7⤵
        
        PID:3840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54405.exe
        8⤵
        
        PID:5080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26575.exe
        9⤵
        
        PID:6452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18628.exe
        10⤵
        
        PID:9388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62110.exe
        11⤵
        
        PID:12524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32477.exe
        12⤵
        
        PID:13412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9388 -s 216
        11⤵
        
        PID:12408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6452 -s 216
        10⤵
        
        PID:10684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5080 -s 216
        9⤵
        
        PID:7408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3840 -s 216
        8⤵
        
        PID:6208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1604 -s 216
        7⤵
        
        PID:4532
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2480 -s 240
        6⤵
        Program crash
        
        PID:1552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10948.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60300.exe
        6⤵
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13185.exe
        7⤵
        
        PID:3760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16689.exe
        8⤵
        
        PID:4568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10814.exe
        9⤵
        
        PID:6376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63085.exe
        10⤵
        
        PID:10084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16418.exe
        11⤵
        
        PID:12352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42036.exe
        12⤵
        
        PID:14028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10084 -s 220
        11⤵
        
        PID:6372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6376 -s 216
        10⤵
        
        PID:10300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4568 -s 216
        9⤵
        
        PID:7644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3760 -s 236
        8⤵
        
        PID:5908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1724 -s 236
        7⤵
        
        PID:4476
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 684 -s 236
        6⤵
        Program crash
        
        PID:3856
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1664 -s 240
        5⤵
        Program crash
        
        PID:2272
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2764 -s 240
      4⤵
      Program crash
      PID:1708
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2680 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:1916
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2868 -s 240
  2⤵
  - Program crash
  PID:2732

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-23689.exe

Filesize
184KB

MD5
cc23e43045cad4af751c574b67695def

SHA1
9a80419a844390c56e62d89d762e0035c5c6f7c5

SHA256
d1481fdb9d18227c46856ae71e74e18f32dbc58918b789597fa02b07b5f7ebd7

SHA512
36c604c45fd3d68a089f50d6f68d37e77983e10c813bbfa2140c70b203776e20fdd3507abf12675d5ddd8c1b3477135505fca4985225b0bf307b92f7559c06f8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30398.exe

Filesize
184KB

MD5
0d816e315d2532a6469024b010e8faa4

SHA1
6271b02aade70ca519c564714ee37c9c48276c6e

SHA256
9d4f6a59b6dd1ddcf0068ea8d77b9131e961dd4151c38ab51261d2611f577668

SHA512
7d59958037bb78a75ef0f07bc332b380d10c7589eb9e25a9e7d386318f336ee6fec76b2a1f8d12b24e219636705af12d4d7c928cc69869d1b7b21eef9d1ff430

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3094.exe

Filesize
184KB

MD5
2d003c1d7c61c741dbe6e4f7ecff3d07

SHA1
72c3b92687c78044d27195b9dca42878ab2d4d80

SHA256
2ec38f02d7b8c41f46b2118483e29b9c72faadf6d4d0e743567c2f9f27558459

SHA512
7f08f5a98c9184404ff1b517a537f1864c81a5c86107fb9ab512d6e96ea63af488adc7ab8eaf31806dda779c9c8fa0c447c9aef7353e3299ee2100fc115f9211

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31857.exe

Filesize
184KB

MD5
2438373302da7f3ae7b8bdf71ab56fc6

SHA1
4c534d7d7d9cb381964f2bf97d960088cd664ce7

SHA256
aac952f4d5de4d22de65114788e364034fe6ae2993582c9c5582a7e9878697d9

SHA512
2886f516a484906024012daa907605af0f821bab2f2394dfc22fe7ac45ce7206f8090e623ebc156062f4235d684cbab2baa100d9183ff64392ad7d4173651c68

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36158.exe

Filesize
184KB

MD5
1b6d462d732fc66f935a7c52fc1bb68f

SHA1
2c4ea263386781b7b452b4a6122338be5da66c75

SHA256
1863c091941343a93f4126e1623bf94f8cebaee162966fe6be37c799fba18a9f

SHA512
d473100c0f0d3f9000710ac31d6de196853cc23e5943b50d70f1bc6c1c0cf69e27e9594b74206807b3c0f655c9a005fbfb965779137c833e29d05547e2b45775

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40434.exe

Filesize
184KB

MD5
aed2053bbec8bc9933a7ae64e30da819

SHA1
95237c64d62e901b3078fa179282f8acfed08d40

SHA256
94524c108cfcb0696c87af8b9381dbc2344b08f61adf13e1617d68eb36c01ea4

SHA512
8e71ba019bd43fa9a574e722ea02cc6f9ed17d0f00f8b321153572137a23d89693cc11898422563fbc4ee106920fbb0f165f9026c5c05a04b512a08a4d5f6dea

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43262.exe

Filesize
184KB

MD5
ef7f26994e394e8be01069b9b509e910

SHA1
46aafef326870ad271ee807d16568a85f53a9e79

SHA256
d4ee9780e98445a4b9012f229a2bad55efd6d87e4847c628e08b7ec161ae5ddd

SHA512
58ff9ead5e4b2834f7406cf2c8c85bc30d591149e0fe24bdb327e150301e2a1c19ba9d679279a29a9c837ac82fc7ebd109525f4ec523c7f3aff5623800782f8d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47824.exe

Filesize
184KB

MD5
8e7c8fdcbe69062bbd0f110e1d1fd364

SHA1
74a661458fb04173bb317af8d88d46c9a364f44a

SHA256
207aeb6649cd8f7daf095a5fe3c8a88e2facfcedfbcac5623752cdf51bf6effa

SHA512
aadcbe2e534afe49df7687eede94cfea8f8b4ec79c98f3ec55ba385983b80d17acb3faf5117f86fc6ca98bc7cba550851c832f5d37be57908be898472e8b6d95

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53216.exe

Filesize
184KB

MD5
53a439d5990c4387939a7659236e7f18

SHA1
31daea0bf6cb20ec775464f423bb82c401a04e42

SHA256
b4a181bdd08f7d2cfc091e95df2322f1e99166c31f362a63eb343d1c9009cb3e

SHA512
c55aad04144cc9f225c0453bbbef977569c9faa4dae84f10843ba87f35860040ffd5fcbab09bcb228d1fc472f8b703f18d56173744071e397b14f9028a2311ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5981.exe

Filesize
184KB

MD5
2ab87a49051f7ae5e416ea942005c38b

SHA1
82d4ea294fb52645f84a6a9c1e83783b1746f3c6

SHA256
a51472dd4e78dfa2df471a06af2898ccd347090b99abf182943719f71dd76e91

SHA512
cbfba5d7dcc83addcdba475fef3da5f7beb83fde374cfebfa62eff8e6e094159dbd3cbe16226886108a6564ee44af0c2f76b968ea6ceaf9d8568bb5f93bbd36b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6304.exe

Filesize
184KB

MD5
056d2d60254a2b97fb0e62564f518b77

SHA1
800de52d8b264b67871de4f989bed2154944bbd8

SHA256
02dd9f2e339888e048b1e236dd8fa737242d5d73ed313623964f8093c1d32421

SHA512
fede45eb2838d2bbc3c9c6985c8a8823657e3a34f3f34546f3e83086c76a780ff5480c785bc2437468c53e16e852b17d7b14dff3ae9fccd4274340ca9391119b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6449.exe

Filesize
184KB

MD5
aa8faa543beec9e1bb3a54b2d84fbc2f

SHA1
e6d6538916279d73b650bec0c1c7f7309b8d0d04

SHA256
f814f7e3309aa033c418f463d2c5cef8eb71191f47f019cc1c031a446c052129

SHA512
2adc890786c3ed88f0253622dfacf7882d128accabf6fe869224de0f4be605e40d29dcdb1c8fa8eca7da2a6fe525ae9442371211983c5de286dc95611dff0659

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6688.exe

Filesize
184KB

MD5
77bba8538b7f022812f27bc2e1b4ab4d

SHA1
a25b89c92da245819f8c0f5c1164bef1b59731f7

SHA256
091dae04ba0ba692ae4b76fb0c48de9a80a5e942c5a37570ea5a542baa463fea

SHA512
ab5cdf2349ed1bc707f36f36e6278b8d0c8a39364a0ef89d058549627d109c96b741bae49ce2dde875e53eadf6dad50de928ea1247a4a087260e69857b572c20

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6854.exe

Filesize
184KB

MD5
8152d837388c299cbf7d4bd7fe23e30e

SHA1
39bf105a6ec3f410b273a7e6fc33d823472afea6

SHA256
aaf17777cd7a4471799d8cd152111818e7a19c1d9715da4af86bed22af8f7824

SHA512
40f5d495a1de3a63e629ccabe116e13a23cab4256930ba61f858d7527e6ecc9fa96fce2720f3ef240f8ce8366c1b1367de002aae6c8ceb35d8e44356caa6a25e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7207.exe

Filesize
184KB

MD5
5dc45f38133240ebde7ca92ac6d5bef4

SHA1
69cf73041b135f6b6186b70147d29d5ca76ec418

SHA256
556188431b418e2731cd60a891a42bd25a92544a79521d33d544d883e809a2dd

SHA512
3830bf4982431203b027978fc198d13120f71627e8ed5eb03297bd43e88a3a6afed91821c93e82866c9b47fba3d513b9b35dede7245bb560fc166076001c72cf

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-16075.exe

Filesize
184KB

MD5
6f297a36191cbfbff8bc2284fb0f23f6

SHA1
fb16a7469c01ce593978defd979859af7ec874b9

SHA256
ac196229270f40045849611a91adc42a7516506c464ed8a64f5d6fa4f8667a92

SHA512
648c2265e30d5e89e7fd97339f5e2f576aff363b617dec260daa71cf0a07c99d3ad1e6c221ae5c2621ed2a85dc92f3a014e8407b8347d3fb145b99e076449e8e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-27616.exe

Filesize
184KB

MD5
b217865e7a382fd611adfc5a68e936a0

SHA1
46ca180f9a653bda95b5e75ab19dde99b7dbfafc

SHA256
3347bdb6d3944a191a57e6153534c80d9b2db73a6f408ab782b956e57cdcf0ff

SHA512
798cc83a3ea61192e6987d8a0fc3da65d90f3b4df9470d96655963529a5ff53abf87a611887a215f536b7e7f9ba8f131b58f3179cb3d23f478869a741c299790

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-29266.exe

Filesize
184KB

MD5
abb2788d80714311d54f5ba3276f7c3a

SHA1
0754a275f3b39b4c9da298d04afd3c9b562e7d4f

SHA256
ec2685d81ec5dae8c504f5d54b6bb30ff83b8ea84621cca52784dcaa41fa8a53

SHA512
acc66536758d44a8183be0b6b915eb84879c3230fa434fa9d3c0ab0c4a363e4556a7b96290f00bc0a4cd0aa5c223fd64edd5b1f59e8e575b4f7ea5e444c69762

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-36107.exe

Filesize
184KB

MD5
30de6eaecf07966b5609a10d455feed7

SHA1
f51c8a30439e441b1510e5f3ba0d97a457564992

SHA256
be3a8d5dc1477767248a9b01359ab561f77597caaf3f2674d84c293d7f2ab255

SHA512
b6bd3e6cc077a1818db6b1a1e8a6acd63ddd865d968226452baa0c720576e72199db8400ee80abfdf74bbbe3e5719a86ec4eb3080e7461b3d96ec58b28319382

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49132.exe

Filesize
184KB

MD5
fffb060dad85999bd00e5b2b02714f4f

SHA1
40eff1bd99fdf8b8cb849cc8632d4576350c0aa1

SHA256
f1b22ff894d61999e206b7d0f6d691f6fa358a0816453b0b86e39b6a919aaf26

SHA512
3531a930090bf4583130aba643bf8a9e72ac2f28a28562f8d17ac02b678eaa55b9f4577fe0cf50078c1bb61909c1f478a9899c2e1a5444b840368aef440c7e42

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-50590.exe

Filesize
184KB

MD5
8223f317b21d05b0f9795a2fe2ddc78e

SHA1
d27533820aacd59cfea9233617842c815ef5f15c

SHA256
8a5cac46c39993561502a24b65e294480b6e47a9338cdaea623b5638e9391bb0

SHA512
4f786d8ba148534f1bb7fa64d8e01fb2373fd443cbde7ae4e4fad77a8d3ca5ecfb82c9d87b7f55300a742f40a796bb059ed110857ccfdcf257bf6fc28522c67e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-53050.exe

Filesize
184KB

MD5
f5f347e48c187046f78837b4dd2e64e0

SHA1
7f8085b4cb2130f666bb22e713739d4b81395096

SHA256
4a9e589e26af3a5dd68f149d7358c4cada39b7873a3f500431aea4ced460307b

SHA512
146eaeb142d236bb9c3a56eeda0b4babc6f76f303af1148be61ad890e557724ea803270f6e743563ee28a6211b9a4f6ca6a7979ea0ed67d8855e4f4375eb3d30

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-56205.exe

Filesize
184KB

MD5
0a4b3dccfd17529d6aceda5d580bd18c

SHA1
f86b601a4394522fff3732f0d4fea956eb57971a

SHA256
f2f89de532d0ca19b33495293b77b29f8295519cfafab64d9a85be4d1d0851f7

SHA512
db0c0d31afdae19e59537db9faba3ef0dd58719716fb4ec89ae969b8702d375a180969b32f0bd71c337a5293b0e2b1194ca4fca8ac9a5f532aa6747bee3b6d9f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-62061.exe

Filesize
184KB

MD5
8a532b3d3d61026b9e0e204a273301ee

SHA1
ac8dbe0c1f92ec9258ca85c5654d20cc8feee32a

SHA256
69b56af1951ce7eab328f71d4a62309e13dc3d53fb20308cc1669fc5ee644f76

SHA512
09e38cedd1fb3a7e6a46d2bda4e84976ffa943d5f9e9afad71b81358cc3dca4bcef5497fc13dfc223160e9be3d71f1050be2800f338aa8a91d538351a9fc1112

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-7907.exe

Filesize
184KB

MD5
ac04f952d251477cfffbbd9ff5a5403a

SHA1
6e6b38f183020e9d14bde668d53444b9b50d6f49

SHA256
150b3199a3321365e556dabd08bf2e54739fbb8c982ab92d86ee94f59f6bb965

SHA512
e362a8f08e3b18ec8ec40cddf603c426cb8a95bf44f7bae56086ba929f60f8755a4ed886158fbd28d2a0eade721bc8cad3433eb44b261c3498b8c47ae5b44e00

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads