8cfaf15d699bff97d4305f201345d1ba9723d984d8b0f029f82f69097bd34ab6

Analysis

max time kernel
149s
max time network
118s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
30/05/2024, 15:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

57a94745af62f00763c7dc46165e97f0_NeikiAnalytics.exe
Size

184KB
MD5

57a94745af62f00763c7dc46165e97f0
SHA1

b308d568da13acb0d5278acb6aea66903304e06f
SHA256

8cfaf15d699bff97d4305f201345d1ba9723d984d8b0f029f82f69097bd34ab6
SHA512

d085d02d8ccf2a7ca5bb521e9b9393fba9dea7eb045af30fef1fa6508659b5a284f023fca42fa4243289d233c3d77def79d867e4c2eb550f7ee00243c107acc9
SSDEEP

3072:N9h8L8ofFpo6d6uW/r3LcpjZhlfViFan3:N9Bo026uwLYjZhlfViFa

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2864	Unicorn-16251.exe
1048	Unicorn-41990.exe
2076	Unicorn-34376.exe
2804	Unicorn-31033.exe
2692	Unicorn-23419.exe
2932	Unicorn-30815.exe
2748	Unicorn-38983.exe
2784	Unicorn-15910.exe
1208	Unicorn-7353.exe
2140	Unicorn-61193.exe
2496	Unicorn-64722.exe
3040	Unicorn-40410.exe
1704	Unicorn-20544.exe
2492	Unicorn-29165.exe
1936	Unicorn-17467.exe
592	Unicorn-13020.exe
2576	Unicorn-21189.exe
1132	Unicorn-42355.exe
2572	Unicorn-21743.exe
2092	Unicorn-41609.exe
3060	Unicorn-41609.exe
1336	Unicorn-63456.exe
768	Unicorn-39506.exe
636	Unicorn-6087.exe
1588	Unicorn-55288.exe
344	Unicorn-31338.exe
1848	Unicorn-30592.exe
568	Unicorn-6642.exe
884	Unicorn-38760.exe
3064	Unicorn-14810.exe
2024	Unicorn-58303.exe
1956	Unicorn-64011.exe
2480	Unicorn-18340.exe
2512	Unicorn-14577.exe
2700	Unicorn-56165.exe
2428	Unicorn-51334.exe
1680	Unicorn-23706.exe
2740	Unicorn-65293.exe
2920	Unicorn-52294.exe
2912	Unicorn-60462.exe
1688	Unicorn-20176.exe
1728	Unicorn-40042.exe
2384	Unicorn-16092.exe
1416	Unicorn-48210.exe
2612	Unicorn-44126.exe
1200	Unicorn-23898.exe
1304	Unicorn-32066.exe
2232	Unicorn-8116.exe
2096	Unicorn-27982.exe
296	Unicorn-53233.exe
468	Unicorn-44401.exe
2124	Unicorn-4115.exe
2312	Unicorn-19897.exe
2368	Unicorn-61889.exe
1568	Unicorn-41277.exe
2012	Unicorn-21411.exe
2184	Unicorn-37193.exe
2728	Unicorn-17327.exe
2764	Unicorn-20857.exe
2420	Unicorn-13243.exe
2060	Unicorn-38131.exe
2936	Unicorn-29217.exe
2876	Unicorn-53892.exe
1216	Unicorn-52.exe

Loads dropped DLL 64 IoCs

pid	Process
2320	57a94745af62f00763c7dc46165e97f0_NeikiAnalytics.exe
2320	57a94745af62f00763c7dc46165e97f0_NeikiAnalytics.exe
2864	Unicorn-16251.exe
2864	Unicorn-16251.exe
2320	57a94745af62f00763c7dc46165e97f0_NeikiAnalytics.exe
2320	57a94745af62f00763c7dc46165e97f0_NeikiAnalytics.exe
1048	Unicorn-41990.exe
1048	Unicorn-41990.exe
2864	Unicorn-16251.exe
2864	Unicorn-16251.exe
2684	WerFault.exe
2684	WerFault.exe
2684	WerFault.exe
2684	WerFault.exe
2684	WerFault.exe
2684	WerFault.exe
2684	WerFault.exe
2468	WerFault.exe
2468	WerFault.exe
2468	WerFault.exe
2468	WerFault.exe
2468	WerFault.exe
2692	Unicorn-23419.exe
2692	Unicorn-23419.exe
2804	Unicorn-31033.exe
2804	Unicorn-31033.exe
1048	Unicorn-41990.exe
1048	Unicorn-41990.exe
1480	WerFault.exe
1480	WerFault.exe
1480	WerFault.exe
1480	WerFault.exe
1480	WerFault.exe
2932	Unicorn-30815.exe
2932	Unicorn-30815.exe
2692	Unicorn-23419.exe
2692	Unicorn-23419.exe
2784	Unicorn-15910.exe
2784	Unicorn-15910.exe
2804	Unicorn-31033.exe
2748	Unicorn-38983.exe
2804	Unicorn-31033.exe
2748	Unicorn-38983.exe
2100	WerFault.exe
2100	WerFault.exe
2100	WerFault.exe
2100	WerFault.exe
2100	WerFault.exe
1668	WerFault.exe
1668	WerFault.exe
1668	WerFault.exe
1668	WerFault.exe
1668	WerFault.exe
1208	Unicorn-7353.exe
1208	Unicorn-7353.exe
2932	Unicorn-30815.exe
2932	Unicorn-30815.exe
2140	Unicorn-61193.exe
2140	Unicorn-61193.exe
2496	Unicorn-64722.exe
2496	Unicorn-64722.exe
2784	Unicorn-15910.exe
2784	Unicorn-15910.exe
2748	Unicorn-38983.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2688	2320	WerFault.exe	27
2684	2076	WerFault.exe	30
2468	2864	WerFault.exe	28
1480	1048	WerFault.exe	29
2100	2692	WerFault.exe	34
1668	2804	WerFault.exe	32
788	2932	WerFault.exe	36
1776	2784	WerFault.exe	38
332	2748	WerFault.exe	37
2592	1208	WerFault.exe	40
2160	2140	WerFault.exe	41
2816	2496	WerFault.exe	42
2556	1704	WerFault.exe	43
2056	3040	WerFault.exe	44
3044	2492	WerFault.exe	47
2260	1936	WerFault.exe	48
2196	592	WerFault.exe	49
292	2576	WerFault.exe	50
240	1132	WerFault.exe	51
2068	2572	WerFault.exe	52
2148	2092	WerFault.exe	53
2208	1336	WerFault.exe	58
2180	768	WerFault.exe	59
2868	636	WerFault.exe	60
2660	1588	WerFault.exe	61
2716	344	WerFault.exe	62
2464	884	WerFault.exe	65
1348	3064	WerFault.exe	66
2632	568	WerFault.exe	64
672	1956	WerFault.exe	68
2828	1848	WerFault.exe	63
1896	2024	WerFault.exe	67
2280	2480	WerFault.exe	69
2916	1216	WerFault.exe	112
2064	2512	WerFault.exe	73
1504	2700	WerFault.exe	74
3088	2428	WerFault.exe	77
3112	1680	WerFault.exe	78
3160	2740	WerFault.exe	79
3228	2920	WerFault.exe	80
3292	2912	WerFault.exe	81
3324	2612	WerFault.exe	86
3316	2096	WerFault.exe	90
3356	1728	WerFault.exe	83
3348	2384	WerFault.exe	84
3364	1688	WerFault.exe	82
3396	1416	WerFault.exe	85
3428	1304	WerFault.exe	88
3444	1200	WerFault.exe	87
3436	2232	WerFault.exe	89
3460	296	WerFault.exe	91
3628	2624	WerFault.exe	176
3724	468	WerFault.exe	97
3132	2420	WerFault.exe	108
4088	2312	WerFault.exe	100
3584	2456	WerFault.exe	114
3612	1960	WerFault.exe	118
3644	532	WerFault.exe	115
4164	2876	WerFault.exe	111
4196	2368	WerFault.exe	102
4260	2764	WerFault.exe	107
4276	2124	WerFault.exe	99
4300	676	WerFault.exe	123
4332	1244	WerFault.exe	116

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2320	57a94745af62f00763c7dc46165e97f0_NeikiAnalytics.exe
2864	Unicorn-16251.exe
1048	Unicorn-41990.exe
2076	Unicorn-34376.exe
2692	Unicorn-23419.exe
2804	Unicorn-31033.exe
2932	Unicorn-30815.exe
2748	Unicorn-38983.exe
2784	Unicorn-15910.exe
1208	Unicorn-7353.exe
2140	Unicorn-61193.exe
2496	Unicorn-64722.exe
3040	Unicorn-40410.exe
1704	Unicorn-20544.exe
2492	Unicorn-29165.exe
1936	Unicorn-17467.exe
592	Unicorn-13020.exe
2576	Unicorn-21189.exe
1132	Unicorn-42355.exe
2572	Unicorn-21743.exe
2092	Unicorn-41609.exe
1336	Unicorn-63456.exe
768	Unicorn-39506.exe
636	Unicorn-6087.exe
1588	Unicorn-55288.exe
568	Unicorn-6642.exe
1848	Unicorn-30592.exe
344	Unicorn-31338.exe
884	Unicorn-38760.exe
3064	Unicorn-14810.exe
2024	Unicorn-58303.exe
1956	Unicorn-64011.exe
2480	Unicorn-18340.exe
2512	Unicorn-14577.exe
2700	Unicorn-56165.exe
2428	Unicorn-51334.exe
1680	Unicorn-23706.exe
2740	Unicorn-65293.exe
2920	Unicorn-52294.exe
2912	Unicorn-60462.exe
1688	Unicorn-20176.exe
1728	Unicorn-40042.exe
2384	Unicorn-16092.exe
1200	Unicorn-23898.exe
2612	Unicorn-44126.exe
1416	Unicorn-48210.exe
1304	Unicorn-32066.exe
2096	Unicorn-27982.exe
2232	Unicorn-8116.exe
296	Unicorn-53233.exe
468	Unicorn-44401.exe
2124	Unicorn-4115.exe
2312	Unicorn-19897.exe
2368	Unicorn-61889.exe
1568	Unicorn-41277.exe
2012	Unicorn-21411.exe
2184	Unicorn-37193.exe
2728	Unicorn-17327.exe
2420	Unicorn-13243.exe
2764	Unicorn-20857.exe
2060	Unicorn-38131.exe
2936	Unicorn-29217.exe
2876	Unicorn-53892.exe
1216	Unicorn-52.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2320 wrote to memory of 2864	2320	57a94745af62f00763c7dc46165e97f0_NeikiAnalytics.exe	28
PID 2320 wrote to memory of 2864	2320	57a94745af62f00763c7dc46165e97f0_NeikiAnalytics.exe	28
PID 2320 wrote to memory of 2864	2320	57a94745af62f00763c7dc46165e97f0_NeikiAnalytics.exe	28
PID 2320 wrote to memory of 2864	2320	57a94745af62f00763c7dc46165e97f0_NeikiAnalytics.exe	28
PID 2864 wrote to memory of 1048	2864	Unicorn-16251.exe	29
PID 2864 wrote to memory of 1048	2864	Unicorn-16251.exe	29
PID 2864 wrote to memory of 1048	2864	Unicorn-16251.exe	29
PID 2864 wrote to memory of 1048	2864	Unicorn-16251.exe	29
PID 2320 wrote to memory of 2076	2320	57a94745af62f00763c7dc46165e97f0_NeikiAnalytics.exe	30
PID 2320 wrote to memory of 2076	2320	57a94745af62f00763c7dc46165e97f0_NeikiAnalytics.exe	30
PID 2320 wrote to memory of 2076	2320	57a94745af62f00763c7dc46165e97f0_NeikiAnalytics.exe	30
PID 2320 wrote to memory of 2076	2320	57a94745af62f00763c7dc46165e97f0_NeikiAnalytics.exe	30
PID 2320 wrote to memory of 2688	2320	57a94745af62f00763c7dc46165e97f0_NeikiAnalytics.exe	31
PID 2320 wrote to memory of 2688	2320	57a94745af62f00763c7dc46165e97f0_NeikiAnalytics.exe	31
PID 2320 wrote to memory of 2688	2320	57a94745af62f00763c7dc46165e97f0_NeikiAnalytics.exe	31
PID 2320 wrote to memory of 2688	2320	57a94745af62f00763c7dc46165e97f0_NeikiAnalytics.exe	31
PID 1048 wrote to memory of 2804	1048	Unicorn-41990.exe	32
PID 1048 wrote to memory of 2804	1048	Unicorn-41990.exe	32
PID 1048 wrote to memory of 2804	1048	Unicorn-41990.exe	32
PID 1048 wrote to memory of 2804	1048	Unicorn-41990.exe	32
PID 2076 wrote to memory of 2684	2076	Unicorn-34376.exe	33
PID 2076 wrote to memory of 2684	2076	Unicorn-34376.exe	33
PID 2076 wrote to memory of 2684	2076	Unicorn-34376.exe	33
PID 2076 wrote to memory of 2684	2076	Unicorn-34376.exe	33
PID 2864 wrote to memory of 2692	2864	Unicorn-16251.exe	34
PID 2864 wrote to memory of 2692	2864	Unicorn-16251.exe	34
PID 2864 wrote to memory of 2692	2864	Unicorn-16251.exe	34
PID 2864 wrote to memory of 2692	2864	Unicorn-16251.exe	34
PID 2864 wrote to memory of 2468	2864	Unicorn-16251.exe	35
PID 2864 wrote to memory of 2468	2864	Unicorn-16251.exe	35
PID 2864 wrote to memory of 2468	2864	Unicorn-16251.exe	35
PID 2864 wrote to memory of 2468	2864	Unicorn-16251.exe	35
PID 2692 wrote to memory of 2932	2692	Unicorn-23419.exe	36
PID 2692 wrote to memory of 2932	2692	Unicorn-23419.exe	36
PID 2692 wrote to memory of 2932	2692	Unicorn-23419.exe	36
PID 2692 wrote to memory of 2932	2692	Unicorn-23419.exe	36
PID 2804 wrote to memory of 2748	2804	Unicorn-31033.exe	37
PID 2804 wrote to memory of 2748	2804	Unicorn-31033.exe	37
PID 2804 wrote to memory of 2748	2804	Unicorn-31033.exe	37
PID 2804 wrote to memory of 2748	2804	Unicorn-31033.exe	37
PID 1048 wrote to memory of 2784	1048	Unicorn-41990.exe	38
PID 1048 wrote to memory of 2784	1048	Unicorn-41990.exe	38
PID 1048 wrote to memory of 2784	1048	Unicorn-41990.exe	38
PID 1048 wrote to memory of 2784	1048	Unicorn-41990.exe	38
PID 1048 wrote to memory of 1480	1048	Unicorn-41990.exe	39
PID 1048 wrote to memory of 1480	1048	Unicorn-41990.exe	39
PID 1048 wrote to memory of 1480	1048	Unicorn-41990.exe	39
PID 1048 wrote to memory of 1480	1048	Unicorn-41990.exe	39
PID 2932 wrote to memory of 1208	2932	Unicorn-30815.exe	40
PID 2932 wrote to memory of 1208	2932	Unicorn-30815.exe	40
PID 2932 wrote to memory of 1208	2932	Unicorn-30815.exe	40
PID 2932 wrote to memory of 1208	2932	Unicorn-30815.exe	40
PID 2692 wrote to memory of 2140	2692	Unicorn-23419.exe	41
PID 2692 wrote to memory of 2140	2692	Unicorn-23419.exe	41
PID 2692 wrote to memory of 2140	2692	Unicorn-23419.exe	41
PID 2692 wrote to memory of 2140	2692	Unicorn-23419.exe	41
PID 2784 wrote to memory of 2496	2784	Unicorn-15910.exe	42
PID 2784 wrote to memory of 2496	2784	Unicorn-15910.exe	42
PID 2784 wrote to memory of 2496	2784	Unicorn-15910.exe	42
PID 2784 wrote to memory of 2496	2784	Unicorn-15910.exe	42
PID 2804 wrote to memory of 1704	2804	Unicorn-31033.exe	43
PID 2804 wrote to memory of 1704	2804	Unicorn-31033.exe	43
PID 2804 wrote to memory of 1704	2804	Unicorn-31033.exe	43
PID 2804 wrote to memory of 1704	2804	Unicorn-31033.exe	43

C:\Users\Admin\AppData\Local\Temp\57a94745af62f00763c7dc46165e97f0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\57a94745af62f00763c7dc46165e97f0_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2320
- C:\Users\Admin\AppData\Local\Temp\Unicorn-16251.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-16251.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2864
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41990.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41990.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31033.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31033.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38983.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40410.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41609.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18340.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27982.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61505.exe
        10⤵
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61863.exe
        11⤵
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3228.exe
        12⤵
        
        PID:3652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50094.exe
        13⤵
        
        PID:5292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9082.exe
        14⤵
        
        PID:7748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8499.exe
        15⤵
        
        PID:10976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3082.exe
        16⤵
        
        PID:13860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10976 -s 220
        16⤵
        
        PID:7864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7748 -s 220
        15⤵
        
        PID:12108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5292 -s 216
        14⤵
        
        PID:9400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3652 -s 216
        13⤵
        
        PID:6392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2424 -s 236
        12⤵
        
        PID:4772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28479.exe
        11⤵
        
        PID:3928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54671.exe
        12⤵
        
        PID:5632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4806.exe
        13⤵
        
        PID:7576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24706.exe
        14⤵
        
        PID:10532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22314.exe
        15⤵
        
        PID:12384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10532 -s 216
        15⤵
        
        PID:12808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7576 -s 216
        14⤵
        
        PID:11388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5632 -s 220
        13⤵
        
        PID:9240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3928 -s 216
        12⤵
        
        PID:6820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2212 -s 240
        11⤵
        
        PID:4512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27654.exe
        10⤵
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16502.exe
        11⤵
        
        PID:4216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17858.exe
        12⤵
        
        PID:3332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4809.exe
        13⤵
        
        PID:9696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20996.exe
        14⤵
        
        PID:11684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9696 -s 216
        14⤵
        
        PID:11752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3332 -s 216
        13⤵
        
        PID:10816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4216 -s 236
        12⤵
        
        PID:7640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2872 -s 236
        11⤵
        
        PID:6140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 220
        10⤵
        Program crash
        
        PID:3316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25111.exe
        9⤵
        
        PID:1960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5418.exe
        10⤵
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11484.exe
        10⤵
        
        PID:3564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16441.exe
        11⤵
        
        PID:3596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61355.exe
        12⤵
        
        PID:6220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22783.exe
        13⤵
        
        PID:8860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44924.exe
        14⤵
        
        PID:11888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8860 -s 216
        14⤵
        
        PID:13160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6220 -s 216
        13⤵
        
        PID:9572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3596 -s 216
        12⤵
        
        PID:7632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3564 -s 236
        11⤵
        
        PID:5804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1960 -s 220
        10⤵
        Program crash
        
        PID:3612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2480 -s 240
        9⤵
        Program crash
        
        PID:2280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53233.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 296 -s 220
        9⤵
        Program crash
        
        PID:3460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2092 -s 240
        8⤵
        Program crash
        
        PID:2148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64011.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23898.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28641.exe
        9⤵
        
        PID:1080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13778.exe
        10⤵
        
        PID:900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31817.exe
        11⤵
        
        PID:4060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62538.exe
        12⤵
        
        PID:5192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7629.exe
        13⤵
        
        PID:8112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64586.exe
        14⤵
        
        PID:10316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24940.exe
        15⤵
        
        PID:13176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10316 -s 216
        15⤵
        
        PID:13828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8112 -s 216
        14⤵
        
        PID:11300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5192 -s 216
        13⤵
        
        PID:9512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4060 -s 216
        12⤵
        
        PID:6228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 900 -s 236
        11⤵
        
        PID:5076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40923.exe
        10⤵
        
        PID:3900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10405.exe
        11⤵
        
        PID:5796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48579.exe
        12⤵
        
        PID:7328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21259.exe
        13⤵
        
        PID:10464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19263.exe
        14⤵
        
        PID:13636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10464 -s 216
        14⤵
        
        PID:14252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7328 -s 216
        13⤵
        
        PID:11936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5796 -s 216
        12⤵
        
        PID:8792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3900 -s 216
        11⤵
        
        PID:7152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1080 -s 240
        10⤵
        
        PID:4128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60327.exe
        9⤵
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7312.exe
        10⤵
        
        PID:3796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54178.exe
        11⤵
        
        PID:5252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41563.exe
        12⤵
        
        PID:7668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62121.exe
        13⤵
        
        PID:11236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6927.exe
        14⤵
        
        PID:13548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11236 -s 220
        14⤵
        
        PID:14216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7668 -s 216
        13⤵
        
        PID:11800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5252 -s 220
        12⤵
        
        PID:9296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3796 -s 216
        11⤵
        
        PID:6292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2808 -s 236
        10⤵
        
        PID:4940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1200 -s 240
        9⤵
        Program crash
        
        PID:3444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54084.exe
        8⤵
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46451.exe
        9⤵
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36394.exe
        10⤵
        
        PID:3108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33182.exe
        11⤵
        
        PID:5728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2886.exe
        12⤵
        
        PID:7980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64586.exe
        13⤵
        
        PID:10324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2516.exe
        14⤵
        
        PID:12960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10324 -s 216
        14⤵
        
        PID:13328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7980 -s 216
        13⤵
        
        PID:11292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5728 -s 216
        12⤵
        
        PID:8980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3108 -s 216
        11⤵
        
        PID:6848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1716 -s 216
        10⤵
        
        PID:4856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48817.exe
        9⤵
        
        PID:3380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50395.exe
        10⤵
        
        PID:5496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34380.exe
        11⤵
        
        PID:7716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32298.exe
        12⤵
        
        PID:10284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43440.exe
        13⤵
        
        PID:13064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10284 -s 216
        13⤵
        
        PID:13576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7716 -s 216
        12⤵
        
        PID:10880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5496 -s 220
        11⤵
        
        PID:9980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3380 -s 236
        10⤵
        
        PID:6732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2812 -s 240
        9⤵
        
        PID:4456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1956 -s 240
        8⤵
        Program crash
        
        PID:672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3040 -s 220
        7⤵
        Program crash
        
        PID:2056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21743.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58303.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32066.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34898.exe
        9⤵
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56814.exe
        10⤵
        
        PID:4064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5745.exe
        11⤵
        
        PID:6036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33587.exe
        12⤵
        
        PID:7940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-331.exe
        13⤵
        
        PID:10904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27971.exe
        14⤵
        
        PID:13796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10904 -s 216
        14⤵
        
        PID:7844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7940 -s 220
        13⤵
        
        PID:12076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6036 -s 216
        12⤵
        
        PID:9496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4064 -s 216
        11⤵
        
        PID:7036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2380 -s 216
        10⤵
        
        PID:4824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1304 -s 236
        9⤵
        Program crash
        
        PID:3428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62252.exe
        8⤵
        
        PID:1940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38283.exe
        9⤵
        
        PID:1488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11396.exe
        10⤵
        
        PID:3752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1194.exe
        11⤵
        
        PID:5416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40603.exe
        12⤵
        
        PID:7448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3133.exe
        13⤵
        
        PID:10352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44125.exe
        14⤵
        
        PID:12824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10352 -s 216
        14⤵
        
        PID:1068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7448 -s 216
        13⤵
        
        PID:11284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5416 -s 220
        12⤵
        
        PID:8892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3752 -s 216
        11⤵
        
        PID:6708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1488 -s 216
        10⤵
        
        PID:4892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36647.exe
        9⤵
        
        PID:4016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54754.exe
        10⤵
        
        PID:6088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48579.exe
        11⤵
        
        PID:7320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36465.exe
        12⤵
        
        PID:11188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6927.exe
        13⤵
        
        PID:13560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11188 -s 220
        13⤵
        
        PID:14228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7320 -s 216
        12⤵
        
        PID:11760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6088 -s 220
        11⤵
        
        PID:8696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4016 -s 216
        10⤵
        
        PID:7100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1940 -s 240
        9⤵
        
        PID:4612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2024 -s 240
        8⤵
        Program crash
        
        PID:1896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8116.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8412.exe
        8⤵
        
        PID:676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50535.exe
        9⤵
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59637.exe
        10⤵
        
        PID:4080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62538.exe
        11⤵
        
        PID:5132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33587.exe
        12⤵
        
        PID:7960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24789.exe
        13⤵
        
        PID:10648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6268.exe
        14⤵
        
        PID:13208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10648 -s 216
        14⤵
        
        PID:13712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7960 -s 216
        13⤵
        
        PID:11996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5132 -s 216
        12⤵
        
        PID:9444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4080 -s 216
        11⤵
        
        PID:6200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2800 -s 236
        10⤵
        
        PID:4440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19159.exe
        9⤵
        
        PID:3480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1578.exe
        10⤵
        
        PID:4372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11822.exe
        11⤵
        
        PID:7296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40549.exe
        12⤵
        
        PID:11156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54509.exe
        13⤵
        
        PID:13236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11156 -s 220
        13⤵
        
        PID:13396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7296 -s 216
        12⤵
        
        PID:11700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4372 -s 216
        11⤵
        
        PID:8528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3480 -s 236
        10⤵
        
        PID:6516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 676 -s 240
        9⤵
        Program crash
        
        PID:4300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10441.exe
        8⤵
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36394.exe
        9⤵
        
        PID:3128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29098.exe
        10⤵
        
        PID:5676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38086.exe
        11⤵
        
        PID:7012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4809.exe
        12⤵
        
        PID:9704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61644.exe
        13⤵
        
        PID:1044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9704 -s 236
        13⤵
        
        PID:12340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7012 -s 216
        12⤵
        
        PID:10824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5676 -s 236
        11⤵
        
        PID:7760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3128 -s 216
        10⤵
        
        PID:6264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1596 -s 216
        9⤵
        
        PID:4840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2232 -s 240
        8⤵
        Program crash
        
        PID:3436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2572 -s 240
        7⤵
        Program crash
        
        PID:2068
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2748 -s 240
        6⤵
        Program crash
        
        PID:332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20544.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41609.exe
        6⤵
        Executes dropped EXE
        
        PID:3060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14810.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44126.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1216 -s 240
        9⤵
        Program crash
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62418.exe
        8⤵
        
        PID:1072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18605.exe
        9⤵
        
        PID:3660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62922.exe
        10⤵
        
        PID:5784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64806.exe
        11⤵
        
        PID:7976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41172.exe
        12⤵
        
        PID:7280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41375.exe
        13⤵
        
        PID:13960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7280 -s 216
        13⤵
        
        PID:13352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5784 -s 216
        11⤵
        
        PID:9540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3660 -s 216
        10⤵
        
        PID:6880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1072 -s 236
        9⤵
        
        PID:4700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2612 -s 240
        8⤵
        Program crash
        
        PID:3324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29195.exe
        7⤵
        
        PID:1244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46451.exe
        8⤵
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11313.exe
        9⤵
        
        PID:3616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9253.exe
        10⤵
        
        PID:6124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60914.exe
        11⤵
        
        PID:8164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12583.exe
        12⤵
        
        PID:10944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14711.exe
        13⤵
        
        PID:13184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10944 -s 216
        13⤵
        
        PID:13956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8164 -s 220
        12⤵
        
        PID:12084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6124 -s 216
        11⤵
        
        PID:9520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3616 -s 216
        10⤵
        
        PID:6188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1744 -s 236
        9⤵
        
        PID:4976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11868.exe
        8⤵
        
        PID:3792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1770.exe
        9⤵
        
        PID:5156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48579.exe
        10⤵
        
        PID:7312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28297.exe
        11⤵
        
        PID:11128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23456.exe
        12⤵
        
        PID:13404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11128 -s 216
        12⤵
        
        PID:14016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7312 -s 216
        11⤵
        
        PID:11652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5156 -s 216
        10⤵
        
        PID:8776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3792 -s 216
        9⤵
        
        PID:6596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1244 -s 240
        8⤵
        Program crash
        
        PID:4332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3064 -s 240
        7⤵
        Program crash
        
        PID:1348
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1704 -s 240
        6⤵
        Program crash
        
        PID:2556
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2804 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:1668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15910.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15910.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64722.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21189.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30592.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38131.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14115.exe
        9⤵
        
        PID:1332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32310.exe
        10⤵
        
        PID:3156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9829.exe
        11⤵
        
        PID:5964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41563.exe
        12⤵
        
        PID:7652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62121.exe
        13⤵
        
        PID:11224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38365.exe
        14⤵
        
        PID:13288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11224 -s 220
        14⤵
        
        PID:13416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7652 -s 216
        13⤵
        
        PID:11792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5964 -s 220
        12⤵
        
        PID:9288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3156 -s 216
        11⤵
        
        PID:7020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1332 -s 216
        10⤵
        
        PID:4848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44733.exe
        9⤵
        
        PID:3508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21807.exe
        10⤵
        
        PID:5256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40136.exe
        11⤵
        
        PID:7740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35915.exe
        12⤵
        
        PID:1884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38889.exe
        13⤵
        
        PID:12744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1884 -s 216
        13⤵
        
        PID:13116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7740 -s 216
        12⤵
        
        PID:11032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5256 -s 216
        11⤵
        
        PID:8828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3508 -s 216
        10⤵
        
        PID:6624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2060 -s 240
        9⤵
        
        PID:4348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1848 -s 236
        8⤵
        Program crash
        
        PID:2828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2576 -s 236
        7⤵
        Program crash
        
        PID:292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6642.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48210.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44977.exe
        8⤵
        
        PID:1084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13778.exe
        9⤵
        
        PID:564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40177.exe
        10⤵
        
        PID:3212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63690.exe
        11⤵
        
        PID:5852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33587.exe
        12⤵
        
        PID:7944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64778.exe
        13⤵
        
        PID:10412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51302.exe
        14⤵
        
        PID:12952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10412 -s 216
        14⤵
        
        PID:14120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7944 -s 216
        13⤵
        
        PID:11348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5852 -s 216
        12⤵
        
        PID:9436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3212 -s 236
        11⤵
        
        PID:6272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 564 -s 236
        10⤵
        
        PID:5108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8059.exe
        9⤵
        
        PID:3476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17998.exe
        10⤵
        
        PID:6000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39424.exe
        11⤵
        
        PID:7540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6143.exe
        12⤵
        
        PID:11056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58261.exe
        13⤵
        
        PID:14260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11056 -s 236
        13⤵
        
        PID:7872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7540 -s 220
        12⤵
        
        PID:11896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6000 -s 220
        11⤵
        
        PID:10032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3476 -s 216
        10⤵
        
        PID:7028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1084 -s 220
        9⤵
        
        PID:4596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60327.exe
        8⤵
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48345.exe
        9⤵
        
        PID:3932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1277.exe
        10⤵
        
        PID:5464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19690.exe
        11⤵
        
        PID:8076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8076 -s 188
        12⤵
        
        PID:7344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5464 -s 220
        11⤵
        
        PID:9476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3932 -s 216
        10⤵
        
        PID:6804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2664 -s 236
        9⤵
        
        PID:4964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1416 -s 240
        8⤵
        Program crash
        
        PID:3396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-607.exe
        7⤵
        
        PID:1992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46451.exe
        8⤵
        
        PID:1076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52621.exe
        9⤵
        
        PID:3824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33182.exe
        10⤵
        
        PID:5720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39285.exe
        11⤵
        
        PID:7276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8784.exe
        12⤵
        
        PID:9908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36839.exe
        13⤵
        
        PID:12280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9908 -s 216
        13⤵
        
        PID:12704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5720 -s 216
        11⤵
        
        PID:8368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3824 -s 236
        10⤵
        
        PID:6840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1076 -s 236
        9⤵
        
        PID:4568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20311.exe
        8⤵
        
        PID:4052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29866.exe
        9⤵
        
        PID:5640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18180.exe
        10⤵
        
        PID:7524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58177.exe
        11⤵
        
        PID:10200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2002.exe
        12⤵
        
        PID:12140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10200 -s 236
        12⤵
        
        PID:12968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7524 -s 236
        11⤵
        
        PID:10756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5640 -s 216
        10⤵
        
        PID:8572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4052 -s 216
        9⤵
        
        PID:6916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1992 -s 220
        8⤵
        
        PID:4872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 568 -s 240
        7⤵
        Program crash
        
        PID:2632
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2496 -s 240
        6⤵
        Program crash
        
        PID:2816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42355.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38760.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40042.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1842.exe
        8⤵
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22497.exe
        9⤵
        
        PID:3880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5470.exe
        10⤵
        
        PID:5344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60255.exe
        11⤵
        
        PID:7952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15302.exe
        12⤵
        
        PID:10220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7835.exe
        13⤵
        
        PID:13096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10220 -s 216
        13⤵
        
        PID:13620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7952 -s 216
        12⤵
        
        PID:10964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5344 -s 216
        11⤵
        
        PID:8948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3880 -s 216
        10⤵
        
        PID:6648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2608 -s 236
        9⤵
        
        PID:3248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1728 -s 216
        8⤵
        Program crash
        
        PID:3356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25111.exe
        7⤵
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51604.exe
        8⤵
        
        PID:1172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3420.exe
        9⤵
        
        PID:3556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63223.exe
        10⤵
        
        PID:5180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40603.exe
        11⤵
        
        PID:7356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27830.exe
        12⤵
        
        PID:10472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35381.exe
        13⤵
        
        PID:12904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10472 -s 216
        13⤵
        
        PID:12848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7356 -s 216
        12⤵
        
        PID:11372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5180 -s 220
        11⤵
        
        PID:8988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3556 -s 236
        10⤵
        
        PID:6584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1172 -s 236
        9⤵
        
        PID:4796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24395.exe
        8⤵
        
        PID:4004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9554.exe
        9⤵
        
        PID:5312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1184.exe
        10⤵
        
        PID:7224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20462.exe
        10⤵
        
        PID:7608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47700.exe
        11⤵
        
        PID:9956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62962.exe
        12⤵
        
        PID:12488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9956 -s 216
        12⤵
        
        PID:13092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7608 -s 236
        11⤵
        
        PID:11184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5312 -s 220
        10⤵
        
        PID:8672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4004 -s 216
        9⤵
        
        PID:6640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2252 -s 220
        8⤵
        
        PID:4356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 884 -s 240
        7⤵
        Program crash
        
        PID:2464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16092.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40893.exe
        7⤵
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14655.exe
        8⤵
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7504.exe
        9⤵
        
        PID:3740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50094.exe
        10⤵
        
        PID:5280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1407.exe
        11⤵
        
        PID:8256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31115.exe
        12⤵
        
        PID:10720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48635.exe
        13⤵
        
        PID:13892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10720 -s 216
        13⤵
        
        PID:8352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8256 -s 236
        12⤵
        
        PID:12356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5280 -s 216
        11⤵
        
        PID:10160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3740 -s 216
        10⤵
        
        PID:6348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 216
        9⤵
        
        PID:5088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2456 -s 236
        8⤵
        Program crash
        
        PID:3584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60327.exe
        7⤵
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15480.exe
        8⤵
        
        PID:3236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33950.exe
        9⤵
        
        PID:5740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28050.exe
        10⤵
        
        PID:7428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36657.exe
        11⤵
        
        PID:10844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7228.exe
        12⤵
        
        PID:4544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10844 -s 216
        12⤵
        
        PID:13880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7428 -s 216
        11⤵
        
        PID:11560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3236 -s 216
        9⤵
        
        PID:7136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2116 -s 216
        8⤵
        
        PID:5112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2384 -s 220
        7⤵
        Program crash
        
        PID:3348
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1132 -s 240
        6⤵
        Program crash
        
        PID:240
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2784 -s 240
        5⤵
        Program crash
        
        PID:1776
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1048 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1480
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23419.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23419.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30815.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30815.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7353.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29165.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63456.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14577.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44401.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1671.exe
        10⤵
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19399.exe
        11⤵
        
        PID:3100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53389.exe
        12⤵
        
        PID:3952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40660.exe
        13⤵
        
        PID:5928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49202.exe
        14⤵
        
        PID:8024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40549.exe
        15⤵
        
        PID:11172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38365.exe
        16⤵
        
        PID:2292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11172 -s 220
        16⤵
        
        PID:13432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8024 -s 216
        15⤵
        
        PID:11712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5928 -s 216
        14⤵
        
        PID:9756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3952 -s 216
        13⤵
        
        PID:7896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3100 -s 236
        12⤵
        
        PID:5700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37607.exe
        11⤵
        
        PID:4028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57655.exe
        12⤵
        
        PID:6180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10748.exe
        13⤵
        
        PID:8488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15053.exe
        14⤵
        
        PID:10496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10259.exe
        15⤵
        
        PID:13784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10496 -s 216
        15⤵
        
        PID:7412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8488 -s 216
        14⤵
        
        PID:12732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6180 -s 236
        13⤵
        
        PID:9648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4028 -s 216
        12⤵
        
        PID:7472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2972 -s 240
        11⤵
        
        PID:5792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51749.exe
        10⤵
        
        PID:3136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53389.exe
        11⤵
        
        PID:3896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64780.exe
        12⤵
        
        PID:5948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26426.exe
        13⤵
        
        PID:8156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59127.exe
        14⤵
        
        PID:10408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22081.exe
        15⤵
        
        PID:13144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10408 -s 216
        15⤵
        
        PID:8104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8156 -s 236
        14⤵
        
        PID:11660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5948 -s 216
        13⤵
        
        PID:10068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3896 -s 216
        12⤵
        
        PID:7680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3136 -s 236
        11⤵
        
        PID:5384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 468 -s 240
        10⤵
        Program crash
        
        PID:3724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43258.exe
        9⤵
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2870.exe
        10⤵
        
        PID:3200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57473.exe
        11⤵
        
        PID:4024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56612.exe
        12⤵
        
        PID:5984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41226.exe
        13⤵
        
        PID:7348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60502.exe
        14⤵
        
        PID:10340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30498.exe
        15⤵
        
        PID:12640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10340 -s 216
        15⤵
        
        PID:14088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7348 -s 216
        14⤵
        
        PID:11308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5984 -s 236
        13⤵
        
        PID:9808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4024 -s 216
        12⤵
        
        PID:7644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3200 -s 236
        11⤵
        
        PID:5752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12911.exe
        10⤵
        
        PID:3868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36083.exe
        11⤵
        
        PID:6024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56031.exe
        12⤵
        
        PID:8780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32589.exe
        13⤵
        
        PID:11664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8780 -s 236
        13⤵
        
        PID:13120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6024 -s 216
        12⤵
        
        PID:10192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3868 -s 216
        11⤵
        
        PID:8184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2680 -s 240
        10⤵
        
        PID:5764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2512 -s 240
        9⤵
        Program crash
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4115.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50872.exe
        9⤵
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48454.exe
        10⤵
        
        PID:3744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37375.exe
        11⤵
        
        PID:4108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49155.exe
        12⤵
        
        PID:7236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36849.exe
        13⤵
        
        PID:10948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59278.exe
        14⤵
        
        PID:12548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10948 -s 216
        14⤵
        
        PID:14080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7236 -s 216
        13⤵
        
        PID:11584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4108 -s 216
        12⤵
        
        PID:612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3744 -s 216
        11⤵
        
        PID:6372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2568 -s 216
        10⤵
        
        PID:4660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20420.exe
        9⤵
        
        PID:3872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9938.exe
        10⤵
        
        PID:5004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51921.exe
        11⤵
        
        PID:7480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25697.exe
        12⤵
        
        PID:10096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5318.exe
        13⤵
        
        PID:11768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10096 -s 216
        13⤵
        
        PID:12812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7480 -s 236
        12⤵
        
        PID:10892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5004 -s 216
        11⤵
        
        PID:8564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3872 -s 236
        10⤵
        
        PID:6484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2124 -s 240
        9⤵
        Program crash
        
        PID:4276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1336 -s 240
        8⤵
        Program crash
        
        PID:2208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56165.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19897.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26176.exe
        9⤵
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28034.exe
        10⤵
        
        PID:3636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33353.exe
        11⤵
        
        PID:3960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13965.exe
        12⤵
        
        PID:7056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65110.exe
        13⤵
        
        PID:9532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53751.exe
        14⤵
        
        PID:11912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9532 -s 216
        14⤵
        
        PID:12464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7056 -s 216
        13⤵
        
        PID:10712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3960 -s 236
        12⤵
        
        PID:7352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3636 -s 236
        11⤵
        
        PID:5332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62688.exe
        10⤵
        
        PID:4116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38470.exe
        11⤵
        
        PID:7156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3849.exe
        12⤵
        
        PID:9628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13211.exe
        13⤵
        
        PID:12212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9628 -s 216
        13⤵
        
        PID:13300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7156 -s 236
        12⤵
        
        PID:10792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4116 -s 236
        11⤵
        
        PID:7756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2708 -s 240
        10⤵
        
        PID:5272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45117.exe
        9⤵
        
        PID:3672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8319.exe
        10⤵
        
        PID:4408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55045.exe
        11⤵
        
        PID:7332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57985.exe
        12⤵
        
        PID:9944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33331.exe
        13⤵
        
        PID:12048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9944 -s 236
        13⤵
        
        PID:12572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7332 -s 236
        12⤵
        
        PID:11260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4408 -s 236
        11⤵
        
        PID:8400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2312 -s 240
        9⤵
        Program crash
        
        PID:4088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6310.exe
        8⤵
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59746.exe
        9⤵
        
        PID:3600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24225.exe
        10⤵
        
        PID:3964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8729.exe
        11⤵
        
        PID:6796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53242.exe
        12⤵
        
        PID:9412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4742.exe
        13⤵
        
        PID:11840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9412 -s 216
        13⤵
        
        PID:12444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6796 -s 216
        12⤵
        
        PID:10600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3964 -s 216
        11⤵
        
        PID:7688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3600 -s 236
        10⤵
        
        PID:6048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46352.exe
        9⤵
        
        PID:3976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13389.exe
        10⤵
        
        PID:6684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53050.exe
        11⤵
        
        PID:9344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16720.exe
        12⤵
        
        PID:11320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9344 -s 216
        12⤵
        
        PID:12344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6684 -s 216
        11⤵
        
        PID:10556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3976 -s 216
        10⤵
        
        PID:7552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2288 -s 240
        9⤵
        
        PID:5616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2700 -s 240
        8⤵
        Program crash
        
        PID:1504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2492 -s 240
        7⤵
        Program crash
        
        PID:3044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39506.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51334.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61889.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9839.exe
        9⤵
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20058.exe
        10⤵
        
        PID:3904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58947.exe
        11⤵
        
        PID:4148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45071.exe
        12⤵
        
        PID:7216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10533.exe
        13⤵
        
        PID:10144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19429.exe
        14⤵
        
        PID:12852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10144 -s 216
        14⤵
        
        PID:2844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7216 -s 216
        13⤵
        
        PID:11072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4148 -s 216
        12⤵
        
        PID:8284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3904 -s 216
        11⤵
        
        PID:6508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1964 -s 236
        10⤵
        
        PID:4716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49393.exe
        9⤵
        
        PID:3984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4702.exe
        10⤵
        
        PID:4984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65491.exe
        11⤵
        
        PID:8096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8096 -s 220
        12⤵
        
        PID:10572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4984 -s 216
        11⤵
        
        PID:9152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3984 -s 236
        10⤵
        
        PID:6356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2368 -s 240
        9⤵
        Program crash
        
        PID:4196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39366.exe
        8⤵
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56622.exe
        9⤵
        
        PID:3800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46119.exe
        10⤵
        
        PID:4896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56171.exe
        11⤵
        
        PID:8068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45318.exe
        12⤵
        
        PID:10656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6652.exe
        13⤵
        
        PID:4152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10656 -s 216
        13⤵
        
        PID:13652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8068 -s 216
        12⤵
        
        PID:11496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4896 -s 216
        11⤵
        
        PID:9044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3800 -s 216
        10⤵
        
        PID:6324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2228 -s 236
        9⤵
        
        PID:4684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2428 -s 240
        8⤵
        Program crash
        
        PID:3088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21411.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34536.exe
        8⤵
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32310.exe
        9⤵
        
        PID:3148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54754.exe
        10⤵
        
        PID:6096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2336.exe
        11⤵
        
        PID:7304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22105.exe
        12⤵
        
        PID:10108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30913.exe
        13⤵
        
        PID:12688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10108 -s 236
        13⤵
        
        PID:12660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7304 -s 216
        12⤵
        
        PID:10336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6096 -s 216
        11⤵
        
        PID:8392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3148 -s 216
        10⤵
        
        PID:7108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2036 -s 216
        9⤵
        
        PID:4832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48817.exe
        8⤵
        
        PID:3336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34142.exe
        9⤵
        
        PID:5936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13581.exe
        10⤵
        
        PID:6772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4809.exe
        11⤵
        
        PID:9712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39880.exe
        12⤵
        
        PID:11812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9712 -s 236
        12⤵
        
        PID:13136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6772 -s 216
        11⤵
        
        PID:10832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5936 -s 236
        10⤵
        
        PID:8032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3336 -s 216
        9⤵
        
        PID:6244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2012 -s 240
        8⤵
        
        PID:4580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 768 -s 240
        7⤵
        Program crash
        
        PID:2180
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1208 -s 240
        6⤵
        Program crash
        
        PID:2592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17467.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6087.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23706.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41277.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38812.exe
        9⤵
        
        PID:1860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51469.exe
        10⤵
        
        PID:4032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4032 -s 372
        11⤵
        
        PID:5980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10991.exe
        9⤵
        
        PID:3332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13638.exe
        10⤵
        
        PID:5372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-722.exe
        11⤵
        
        PID:7508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36356.exe
        12⤵
        
        PID:10808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6159.exe
        13⤵
        
        PID:13356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10808 -s 220
        13⤵
        
        PID:13916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7508 -s 220
        12⤵
        
        PID:12060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5372 -s 220
        11⤵
        
        PID:9232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1568 -s 240
        9⤵
        
        PID:4380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31198.exe
        8⤵
        
        PID:1864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42917.exe
        9⤵
        
        PID:3764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42310.exe
        10⤵
        
        PID:5856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-338.exe
        11⤵
        
        PID:7996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16621.exe
        12⤵
        
        PID:10500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14436.exe
        13⤵
        
        PID:13248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10500 -s 216
        13⤵
        
        PID:13732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7996 -s 216
        12⤵
        
        PID:11948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5856 -s 216
        11⤵
        
        PID:9468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3764 -s 216
        10⤵
        
        PID:6952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1864 -s 236
        9⤵
        
        PID:5068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1680 -s 240
        8⤵
        Program crash
        
        PID:3112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17327.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26368.exe
        8⤵
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48070.exe
        9⤵
        
        PID:3716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51547.exe
        10⤵
        
        PID:5892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11822.exe
        11⤵
        
        PID:7272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40549.exe
        12⤵
        
        PID:11164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15479.exe
        13⤵
        
        PID:13476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11164 -s 216
        13⤵
        
        PID:7420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7272 -s 216
        12⤵
        
        PID:11720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5892 -s 216
        11⤵
        
        PID:8552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3716 -s 216
        10⤵
        
        PID:6980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1692 -s 216
        9⤵
        
        PID:5060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2631.exe
        8⤵
        
        PID:3848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42227.exe
        9⤵
        
        PID:5448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-914.exe
        10⤵
        
        PID:7696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57700.exe
        11⤵
        
        PID:11008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56751.exe
        12⤵
        
        PID:13760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11008 -s 216
        12⤵
        
        PID:7832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7696 -s 220
        11⤵
        
        PID:12116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5448 -s 216
        10⤵
        
        PID:9392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3848 -s 216
        9⤵
        
        PID:6716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2728 -s 240
        8⤵
        
        PID:4420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 636 -s 240
        7⤵
        Program crash
        
        PID:2868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65293.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37193.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5947.exe
        8⤵
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23566.exe
        9⤵
        
        PID:3272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15127.exe
        10⤵
        
        PID:5320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17490.exe
        11⤵
        
        PID:7636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63327.exe
        11⤵
        
        PID:8464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64062.exe
        12⤵
        
        PID:10860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63497.exe
        13⤵
        
        PID:14300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10860 -s 216
        13⤵
        
        PID:7916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8464 -s 216
        12⤵
        
        PID:12720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5320 -s 240
        11⤵
        
        PID:5740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3272 -s 216
        10⤵
        
        PID:7464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2780 -s 236
        9⤵
        
        PID:4956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32288.exe
        8⤵
        
        PID:3684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1469.exe
        9⤵
        
        PID:5824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13576.exe
        10⤵
        
        PID:8152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55152.exe
        11⤵
        
        PID:10936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54561.exe
        12⤵
        
        PID:14196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10936 -s 236
        12⤵
        
        PID:7908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8152 -s 216
        11⤵
        
        PID:7976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5824 -s 216
        10⤵
        
        PID:9972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3684 -s 216
        9⤵
        
        PID:6944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2184 -s 240
        8⤵
        
        PID:4556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63871.exe
        7⤵
        
        PID:1496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18605.exe
        8⤵
        
        PID:3656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21698.exe
        9⤵
        
        PID:5360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6503.exe
        10⤵
        
        PID:7580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29864.exe
        11⤵
        
        PID:9668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35298.exe
        12⤵
        
        PID:12552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9668 -s 216
        12⤵
        
        PID:13200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7580 -s 216
        11⤵
        
        PID:10972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5360 -s 216
        10⤵
        
        PID:8664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3656 -s 216
        9⤵
        
        PID:6608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1496 -s 216
        8⤵
        
        PID:4492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2740 -s 240
        7⤵
        Program crash
        
        PID:3160
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1936 -s 240
        6⤵
        Program crash
        
        PID:2260
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2932 -s 240
        5⤵
        Program crash
        
        PID:788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61193.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61193.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13020.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55288.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60462.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29217.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42320.exe
        9⤵
        
        PID:692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10436.exe
        10⤵
        
        PID:4000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46695.exe
        11⤵
        
        PID:4228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49155.exe
        12⤵
        
        PID:7232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40933.exe
        13⤵
        
        PID:10928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14711.exe
        14⤵
        
        PID:5424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10928 -s 216
        14⤵
        
        PID:13932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7232 -s 216
        13⤵
        
        PID:11568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4228 -s 216
        12⤵
        
        PID:8280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4000 -s 216
        11⤵
        
        PID:6548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 692 -s 216
        10⤵
        
        PID:4160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32480.exe
        9⤵
        
        PID:3184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42118.exe
        10⤵
        
        PID:5504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28050.exe
        11⤵
        
        PID:7444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45209.exe
        12⤵
        
        PID:10884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14161.exe
        13⤵
        
        PID:12916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10884 -s 216
        13⤵
        
        PID:14104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7444 -s 216
        12⤵
        
        PID:11552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5504 -s 216
        11⤵
        
        PID:9616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3184 -s 216
        10⤵
        
        PID:6812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2936 -s 240
        9⤵
        
        PID:4732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18370.exe
        8⤵
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63721.exe
        9⤵
        
        PID:3944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1770.exe
        10⤵
        
        PID:5164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20100.exe
        11⤵
        
        PID:7656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8867.exe
        12⤵
        
        PID:9352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38458.exe
        13⤵
        
        PID:12328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9352 -s 236
        13⤵
        
        PID:12832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7656 -s 236
        12⤵
        
        PID:10760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5164 -s 216
        11⤵
        
        PID:8744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3944 -s 216
        10⤵
        
        PID:6576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2788 -s 236
        9⤵
        
        PID:3768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2912 -s 240
        8⤵
        Program crash
        
        PID:3292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53892.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38236.exe
        8⤵
        
        PID:892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7613.exe
        9⤵
        
        PID:3704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25123.exe
        10⤵
        
        PID:4932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40219.exe
        11⤵
        
        PID:7920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14809.exe
        12⤵
        
        PID:9372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20856.exe
        13⤵
        
        PID:13216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9372 -s 216
        13⤵
        
        PID:13840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7920 -s 216
        12⤵
        
        PID:1444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4932 -s 216
        11⤵
        
        PID:8924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3704 -s 236
        10⤵
        
        PID:6316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 892 -s 236
        9⤵
        
        PID:4652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12252.exe
        8⤵
        
        PID:3832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17531.exe
        9⤵
        
        PID:4788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60052.exe
        9⤵
        
        PID:5176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32674.exe
        10⤵
        
        PID:8136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17820.exe
        11⤵
        
        PID:10440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18853.exe
        12⤵
        
        PID:12932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10440 -s 216
        12⤵
        
        PID:13316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8136 -s 216
        11⤵
        
        PID:11828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5176 -s 216
        10⤵
        
        PID:9772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3832 -s 240
        9⤵
        
        PID:7248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2876 -s 240
        8⤵
        Program crash
        
        PID:4164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1588 -s 240
        7⤵
        Program crash
        
        PID:2660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20176.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36809.exe
        7⤵
        
        PID:532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5418.exe
        8⤵
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11484.exe
        8⤵
        
        PID:3572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28693.exe
        9⤵
        
        PID:3120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35808.exe
        10⤵
        
        PID:6104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-852.exe
        11⤵
        
        PID:7808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8499.exe
        12⤵
        
        PID:10988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30472.exe
        13⤵
        
        PID:12844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10988 -s 216
        13⤵
        
        PID:13868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7808 -s 220
        12⤵
        
        PID:12100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6104 -s 216
        11⤵
        
        PID:10076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3120 -s 216
        10⤵
        
        PID:7704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3572 -s 236
        9⤵
        
        PID:5816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 532 -s 240
        8⤵
        Program crash
        
        PID:3644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34753.exe
        7⤵
        
        PID:2624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2624 -s 220
        8⤵
        Program crash
        
        PID:3628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1688 -s 240
        7⤵
        Program crash
        
        PID:3364
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 592 -s 240
        6⤵
        Program crash
        
        PID:2196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31338.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52294.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20857.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22284.exe
        8⤵
        
        PID:1316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60706.exe
        9⤵
        
        PID:3772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9362.exe
        10⤵
        
        PID:4752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51895.exe
        11⤵
        
        PID:8008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4923.exe
        12⤵
        
        PID:10552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19756.exe
        13⤵
        
        PID:13676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10552 -s 220
        13⤵
        
        PID:1876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8008 -s 216
        12⤵
        
        PID:11980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4752 -s 216
        11⤵
        
        PID:8996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3772 -s 236
        10⤵
        
        PID:6284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1316 -s 216
        9⤵
        
        PID:4668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-192.exe
        8⤵
        
        PID:3916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45735.exe
        9⤵
        
        PID:4800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8122.exe
        10⤵
        
        PID:8128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7684.exe
        11⤵
        
        PID:11048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14161.exe
        12⤵
        
        PID:12872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11048 -s 216
        12⤵
        
        PID:14096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8128 -s 216
        11⤵
        
        PID:11624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4800 -s 216
        10⤵
        
        PID:9160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3916 -s 236
        9⤵
        
        PID:6456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2764 -s 240
        8⤵
        Program crash
        
        PID:4260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10586.exe
        7⤵
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24142.exe
        8⤵
        
        PID:3968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21231.exe
        9⤵
        
        PID:4236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45071.exe
        10⤵
        
        PID:7196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16429.exe
        11⤵
        
        PID:10992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51468.exe
        12⤵
        
        PID:5232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10992 -s 216
        12⤵
        
        PID:6896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7196 -s 216
        11⤵
        
        PID:11576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4236 -s 216
        10⤵
        
        PID:8316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3968 -s 236
        9⤵
        
        PID:6412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 236
        8⤵
        
        PID:4740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2920 -s 240
        7⤵
        Program crash
        
        PID:3228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13243.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10031.exe
        7⤵
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44562.exe
        8⤵
        
        PID:3176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8978.exe
        9⤵
        
        PID:4428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27225.exe
        10⤵
        
        PID:7436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59220.exe
        11⤵
        
        PID:9432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9786.exe
        12⤵
        
        PID:12068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9432 -s 216
        12⤵
        
        PID:12756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7436 -s 216
        11⤵
        
        PID:10872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4428 -s 216
        10⤵
        
        PID:8540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3176 -s 236
        9⤵
        
        PID:6424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2752 -s 236
        8⤵
        
        PID:4884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56985.exe
        7⤵
        
        PID:3596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2420 -s 240
        7⤵
        Program crash
        
        PID:3132
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 344 -s 240
        6⤵
        Program crash
        
        PID:2716
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2140 -s 240
        5⤵
        Program crash
        
        PID:2160
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2692 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:2100
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2864 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2468
- C:\Users\Admin\AppData\Local\Temp\Unicorn-34376.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-34376.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2076
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2076 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2684
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2320 -s 240
  2⤵
  - Program crash
  PID:2688

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10031.exe

Filesize
184KB

MD5
ab159d9edd255cc256df146611bd0bbc

SHA1
5f36fe5a010dda5cef0576e8bc3e362991c68529

SHA256
8bbcf46704c4228f261d39c708a130326d9dcaed1c38a04097cf547e4ba56e87

SHA512
3c9c0edb03db0f5060773b744b395dda138094b69e52b9349b8ac0a1d35f212830b329d6386ae1e233a417848f6428c2a1ba7ac2da28e3b9a339ea8f5cae3684

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-17998.exe

Filesize
184KB

MD5
60db1da54cf6d8e5e3bbda521ea6b380

SHA1
7b948f5787a4f9d192b67815e90ea3115ba4f0ed

SHA256
8d0f34c59cd6ec864088bd39aa818c940b27190b5ae95d365556b8d7722d1088

SHA512
7c237b7a7670a88b06c76143b24f666669192f3a70243831bcd6f551d6d7474b7a360f99d80e9af1815a386874689355be9d39caf7f1cdf4b5bd21446be34449

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23419.exe

Filesize
184KB

MD5
159283b35f3a1f9453270fd353485868

SHA1
eb156ba085e73b81921a649953137865adba2673

SHA256
cc01821b71891faae543c935de10922166290705d25d9e781b996163a3557a48

SHA512
0dae94f9a88ad294257be8281c0398115c11f2c617a73e2dd1078dbf0df6d761cc1f83a318e39ab4799f00625be5581f3e019ce76f6a898fd7107d34fc292692

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25697.exe

Filesize
184KB

MD5
1960e81382949856a10fe00fc97380b2

SHA1
afb633db48e9e55f16af8f0e09b249936c989966

SHA256
51484ac6cdc0081074cb3d2d1c26e6982aba37163c302d8f11098608b25b166b

SHA512
eec7612f6c357cf25cab054b8443811df87750bf5bc209c936af32ab88eb8a5e0d805225721e9c4c4570232d18a7fbf352e07e0b7a869e1b760258018f05217d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28479.exe

Filesize
184KB

MD5
ecf8d0809621fbec816e8b520e5f058f

SHA1
c07723f6a7d762b810f91023320381a15e3b3964

SHA256
a0b4738dc2accab72428c033ce52248c2ef4a69f0653a505c5f72744e3cc1ab8

SHA512
6838cba4ab8504e59f5a86854331ddd03b42477979bae4b5b1d735a3d19a1decbb48e0f2eaae0ef7ad665c83cf61b3ad5a229b517c7bec74658b0ae6a6803807

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40410.exe

Filesize
184KB

MD5
6ae304dbf466d60d546f83c0b6a2d476

SHA1
d82e68865489f05b0743913ca4801eff918e8a52

SHA256
5d30e786cee1d8f84094bc513b16da8efb793a9db4b723ed624a3ab4a7a16e93

SHA512
6e8dc98933ffed43e4b4bbd09740acb35e0b1d585408dc96228e2bef7cb080d672a96c61d64e0a04b7e2c3019e0a40505ed3ab16374f151bb0dd7a13c8b8df17

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40923.exe

Filesize
184KB

MD5
7d7b51647348446443c838476e96d397

SHA1
4166cf858762341094fc508523431fd81dc9ca3f

SHA256
4efd5d846c98c38179553770b65530aecb319063c7252a876092920dca761114

SHA512
a00db5ce7adf024bc6ffdd224962d9171397bdae05bdb1d36f120d174696f865407f344ae90ed966ff3f4c3504a18dd86f67a4bcb98bcaaf9c1fa4a8546eeaa8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6087.exe

Filesize
184KB

MD5
db70a1a1f3746a50619bfefb957d053d

SHA1
bef884ced54d5471b98aeaf7bbaaffeafb4b33b7

SHA256
f985eebef321322e85236f076b40331b5fef147be8d71a5ae0d803e429af7e80

SHA512
58badce668511cff89d3584909dc9e5ddfcb49acf8adbf60ab7ac6e1f56663288474ac9d5a6c8d4866e858f8a5566e114803a9fb023a846c7999dc207837ac32

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6143.exe

Filesize
184KB

MD5
b38acad3a1aa9ce6a7bf394053518814

SHA1
732da4d7d8bf2c3d2bd2d1497bfb123e759b7b56

SHA256
3b1db13e96137d38d3f11aeba2e0430372310187271b20b86e2a7f251e3f9519

SHA512
e82a80859360c469aa7ef41b30407b6d58e15df5873e75197009264d6de9037bc7ad9f84cd0b6f1b16ff8c875bb214be8c3715d83c997f674b7474c5652affc8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62922.exe

Filesize
184KB

MD5
a39f96b47a6cd6b11597273130ee84bc

SHA1
b751c0cf74c64af948103d54b3e21fb258398e2d

SHA256
6b1948aa865dfea33d96e9dbf6ca04cc1d13e6b0e16b470e76d3eb913f51f0a7

SHA512
96021987d854e70469bd9d0dfbf45bd0a80c78c051598789dea723896f176fe82bb342ad1a93c1bb23234115951e21f97594dec424c0615eacf308f97904e4e0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63690.exe

Filesize
184KB

MD5
71ee9ba61efcf623f6bbfb2390e01f0c

SHA1
04a7f0898daa4e24f79fdaa339e4f3dcfd05ba79

SHA256
e23f264cab353bb0f62806877a77c51d186f46f2371fca2b8aca8ed93264eaf8

SHA512
d495bb5d41efa43580eeb106da464923e3dc349ddaa2c857554de40c01646e308ec5da45f40da3b818d65f9ed83003ab7190f9552dcb538b8c78caef34677db9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-15910.exe

Filesize
184KB

MD5
12ea5c98e3a6e5721b1511765f660f60

SHA1
0aed0f74b1b3c42929d797a9fd83693f87f49a68

SHA256
854bab3922c1a89031350d0461102acb614866840ee65b3701aebf7075c7db8b

SHA512
ca4509726d585beb874aba46aba3a874033f7f939e2d3b8ce18ffd8e5d2a4c0fdfcf263371d129dc58247ecda303b1ae13e8fbd906d4e21b60649a02c87139f8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-16251.exe

Filesize
184KB

MD5
a1cc475dd8d36890428e3eb3221de124

SHA1
87a7752ee8cd66f521f594b05367220322565dda

SHA256
f242bc7e7da53d414c6af01773c94a8592502718009cff6b7c50e5c0e0d874ef

SHA512
d4df0833557efc3118aaaed3712822f732a4b7b7922a966612a230b333291aa056b6e924840fd6eebb80ed28e351d39af48f2aa254c6f6da086f2818b36e86bd

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-20544.exe

Filesize
184KB

MD5
c6e9e5035295be2ef36d1d5c7f3f8c7d

SHA1
7d345875016f3fd5016e44b429110d1c0aefca32

SHA256
543b60f7062fbd4255dccbffe0fbb56ecfcda198c03403cb5c0aaedc2b6f2ca2

SHA512
830399555d91c57d43374236cd94c50c0a573c84c8b6a7dcd7416b6435c9fffb9dfc23c6c71e9b75c3d657cd5548345fdcd9df11ee8d06b9e726db9b6480c25c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-30815.exe

Filesize
184KB

MD5
34c39744a9c88df72c78919b8d6a2fb2

SHA1
7e3d5d024692b96cbc2e81f0b7d41117e15f7ace

SHA256
1e8b6b29b8acf0bc98b231e053472be58c79623cbf6559c9eba89d022e57bcff

SHA512
3b9a3a12bdb10fba50511ef4fe402ae796fac5a4b834276c5078751c5db90281612e8c41de5f5290b830ae965fa89ee0e9c7f3bb1ee10d5e9938514cd933c55b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-31033.exe

Filesize
184KB

MD5
f38b78cc4ad2656ad883cf5666345872

SHA1
03a1837a4f7ece18e90e8a15b72959680bcc4242

SHA256
ea848c583226fd4e3879416bf3e3712658d79ff0182f28992aa6fa902d823f8a

SHA512
082ffdb85e331afca0dbb55def5a55c0e1900809948dbf9fa7c6ffed310da5a8e9a3586ead0d6f2812a902dfe38f9bd3fea9fe85cda6d20abd8ef7c86d26f523

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-34376.exe

Filesize
184KB

MD5
6f6ba588f4690afac19d45319f7d478d

SHA1
f1102aa0102cebc876cbd1e77722351eea2c0c56

SHA256
02f92b2c71289dccb74a4d5177792a2a4cd3330950a4b7fd2ccfe8a00b2e49c2

SHA512
8eea9d1d8323d4a8a3720d74e7126de1c2a5b617cfa9be58ad4e73d1806ba6b593f6830e81179339af4b919ea3a2604eaa12b3129766c506cacee4705c444e20

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-38983.exe

Filesize
184KB

MD5
0fad86041c18501739966e3f8ada6fb8

SHA1
4b13f4e554f41d66212a63ae811d6e46fac96e5f

SHA256
1c26c27e43dd19e2bcfc573037f523d2c6853c305d9a0fc2ae370dab69137822

SHA512
3b4fdcb1dd0554980535a7800958ab3a7bd51484b19c47e1c280cfb678569fc13042b9a7b1807c283f522f6c363214a6adfcd91a828a8034bbddbf6497f06223

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-41990.exe

Filesize
184KB

MD5
2dc4469b4b5a09a113481fc5506045b6

SHA1
56abb50a1ae6060607de988ca0e5002daf61c6b7

SHA256
f5caf74fd546cf9c4aff6f6ecce07dc532d0f2e1b733fcc5f30d60b7e8bd21da

SHA512
b0acd37c3715f646425148d0f532bb3cebb71fb883027780416ab059a8ddd5a820008d6b1d3942a8c1c4e85a28e28502336d88be34986b2ef0fa43c1f3f1f62d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-61193.exe

Filesize
184KB

MD5
3f7e344ef65ee93cd52bdfe43770c68d

SHA1
b892febf43a7125907b611f68bc3c998eb435cb1

SHA256
2b70ca3a2b482ec34e8ca893de950c704d82be2137fc9dc2d52da6770ad07f77

SHA512
f84f6d7fde7753b9ba362e955a4869a95634ce815568e7ae10e7039165e48eba4a2a34fced6e12c6520dd8af5d4bbfe2ca4100ca6e003606a7ad9265d4101e99

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-64722.exe

Filesize
184KB

MD5
6e3638448b547553376e13f6bc1cff76

SHA1
cc55a3fca07ccfa5eeafe9368ad97eef2ae901d4

SHA256
c6796a358f54939595eb692db780f52c0d573b97f78c2b08f42651f99d056c55

SHA512
894d3b45e48f73060d695fd3f762d74c78603dc52f0f300d20b882c05712962b46290bb91bca750e8ae45205d7391404ae1a6d02b0230798f8c69769a56cf04e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-7353.exe

Filesize
184KB

MD5
a1cf17d6b2f6963b1420bf74f0d1f7e8

SHA1
317e7a4d8dd7ee54beacf323f22f9242523b7cbb

SHA256
919e2a0e9817bdb0b6bf9a373cf5c7c2d7b0805cf37bf6a7275f4b32ffe5ac40

SHA512
8ccc494697081d5ac044d987f55e86ee71c07d0505804568f22b23826f84e32afecba2e1db8003a0c1f193796d7195bee2355d362ec61813f4075be241d7df69

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads