622956446956c34fea108b2b04c9fb243ff6caa7832cd1859e0c72345dcb5493

Analysis

max time kernel
150s
max time network
118s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
25-05-2024 18:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

05ead9eeda1fd23fb426dfe757a006c0_NeikiAnalytics.exe
Size

184KB
MD5

05ead9eeda1fd23fb426dfe757a006c0
SHA1

21c1a845cab2c7f8b3afc3e6f8ff5fe332e87e2d
SHA256

622956446956c34fea108b2b04c9fb243ff6caa7832cd1859e0c72345dcb5493
SHA512

1b135870d7f43f03e9fdf9102985347301fbb2943c91f6a05b94468f7eb70f09f85f241b5eaaa4ebc88bf8a53e840c4e8bee6d18e6f8c7cdd12a9143501f72e3
SSDEEP

1536:+fS/6jAAu3Lxotx1t1OAlowMa2IyvZclN7d8OOWR2Vzqtiml5hj5nizpv2:8d03LxoT71OddatWetOWRK4imlnViFO

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2660	Unicorn-32771.exe
2272	Unicorn-47208.exe
3036	Unicorn-62153.exe
2716	Unicorn-33970.exe
2516	Unicorn-3243.exe
2524	Unicorn-18188.exe
1560	Unicorn-22355.exe
2460	Unicorn-11494.exe
804	Unicorn-42221.exe
2152	Unicorn-46305.exe
2900	Unicorn-26439.exe
1372	Unicorn-59709.exe
1748	Unicorn-59408.exe
3016	Unicorn-12900.exe
1788	Unicorn-40934.exe
2800	Unicorn-55879.exe
2848	Unicorn-10207.exe
476	Unicorn-45018.exe
580	Unicorn-59963.exe
2088	Unicorn-56476.exe
1344	Unicorn-5884.exe
1536	Unicorn-11359.exe
644	Unicorn-26304.exe
1948	Unicorn-19528.exe
1476	Unicorn-48116.exe
1036	Unicorn-48116.exe
2256	Unicorn-63061.exe
780	Unicorn-17390.exe
2864	Unicorn-32334.exe
1720	Unicorn-52200.exe
1732	Unicorn-52200.exe
1228	Unicorn-36418.exe
2084	Unicorn-20740.exe
296	Unicorn-35684.exe
2968	Unicorn-59634.exe
2896	Unicorn-45244.exe
2596	Unicorn-29462.exe
2480	Unicorn-18602.exe
2556	Unicorn-22686.exe
2532	Unicorn-37630.exe
2776	Unicorn-20548.exe
1220	Unicorn-47745.exe
2392	Unicorn-53220.exe
2796	Unicorn-57304.exe
1692	Unicorn-41522.exe
1924	Unicorn-61388.exe
1608	Unicorn-10796.exe
1620	Unicorn-30662.exe
832	Unicorn-65472.exe
2224	Unicorn-34746.exe
1800	Unicorn-49691.exe
2836	Unicorn-38830.exe
664	Unicorn-53775.exe
2440	Unicorn-38228.exe
944	Unicorn-59717.exe
1820	Unicorn-30614.exe
1700	Unicorn-30937.exe
1584	Unicorn-15155.exe
1668	Unicorn-51357.exe
1596	Unicorn-55441.exe
3028	Unicorn-39659.exe
2728	Unicorn-39659.exe
2784	Unicorn-59525.exe
2484	Unicorn-43743.exe

Loads dropped DLL 64 IoCs

pid	Process
2248	05ead9eeda1fd23fb426dfe757a006c0_NeikiAnalytics.exe
2248	05ead9eeda1fd23fb426dfe757a006c0_NeikiAnalytics.exe
2660	Unicorn-32771.exe
2660	Unicorn-32771.exe
2248	05ead9eeda1fd23fb426dfe757a006c0_NeikiAnalytics.exe
2248	05ead9eeda1fd23fb426dfe757a006c0_NeikiAnalytics.exe
3036	Unicorn-62153.exe
3036	Unicorn-62153.exe
2272	Unicorn-47208.exe
2272	Unicorn-47208.exe
2660	Unicorn-32771.exe
2660	Unicorn-32771.exe
2904	WerFault.exe
2904	WerFault.exe
2904	WerFault.exe
2904	WerFault.exe
2904	WerFault.exe
2272	Unicorn-47208.exe
2516	Unicorn-3243.exe
2272	Unicorn-47208.exe
2516	Unicorn-3243.exe
2716	Unicorn-33970.exe
2716	Unicorn-33970.exe
3036	Unicorn-62153.exe
2524	Unicorn-18188.exe
3036	Unicorn-62153.exe
2524	Unicorn-18188.exe
1928	WerFault.exe
1928	WerFault.exe
1928	WerFault.exe
1928	WerFault.exe
1928	WerFault.exe
1892	WerFault.exe
1892	WerFault.exe
1892	WerFault.exe
1892	WerFault.exe
1892	WerFault.exe
1560	Unicorn-22355.exe
1560	Unicorn-22355.exe
804	Unicorn-42221.exe
804	Unicorn-42221.exe
2516	Unicorn-3243.exe
2516	Unicorn-3243.exe
2152	Unicorn-46305.exe
2152	Unicorn-46305.exe
2524	Unicorn-18188.exe
2524	Unicorn-18188.exe
2900	Unicorn-26439.exe
2900	Unicorn-26439.exe
2460	Unicorn-11494.exe
2460	Unicorn-11494.exe
2716	Unicorn-33970.exe
2716	Unicorn-33970.exe
1576	WerFault.exe
1576	WerFault.exe
1576	WerFault.exe
1576	WerFault.exe
1576	WerFault.exe
2476	WerFault.exe
2476	WerFault.exe
2476	WerFault.exe
2476	WerFault.exe
2476	WerFault.exe
2964	WerFault.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2732	2248	WerFault.exe	27
2904	2660	WerFault.exe	28
1928	3036	WerFault.exe	30
1892	2272	WerFault.exe	29
1576	2516	WerFault.exe	33
2476	2716	WerFault.exe	32
2964	2524	WerFault.exe	34
1672	1560	WerFault.exe	36
2812	804	WerFault.exe	37
2584	2152	WerFault.exe	40
2980	2900	WerFault.exe	39
2704	2460	WerFault.exe	38
2916	1372	WerFault.exe	43
1780	1748	WerFault.exe	44
1524	3016	WerFault.exe	45
1552	580	WerFault.exe	50
2336	476	WerFault.exe	49
2252	2848	WerFault.exe	48
2948	1788	WerFault.exe	46
2124	2800	WerFault.exe	47
2212	832	WerFault.exe	88
2996	2088	WerFault.exe	54
2772	1344	WerFault.exe	55
2804	1536	WerFault.exe	56
284	644	WerFault.exe	57
2656	1948	WerFault.exe	58
1216	1476	WerFault.exe	60
1292	2256	WerFault.exe	61
1688	1732	WerFault.exe	64
1676	1228	WerFault.exe	66
1588	780	WerFault.exe	62
2100	1720	WerFault.exe	65
2672	2864	WerFault.exe	63
2168	1036	WerFault.exe	59
3508	296	WerFault.exe	70
3524	2084	WerFault.exe	69
3556	2532	WerFault.exe	79
3728	2224	WerFault.exe	89
3752	2836	WerFault.exe	91
3776	1220	WerFault.exe	81
3800	772	WerFault.exe	123
3816	2392	WerFault.exe	82
3920	2896	WerFault.exe	75
3984	664	WerFault.exe	92
4068	2776	WerFault.exe	80
4092	2440	WerFault.exe	95
3148	944	WerFault.exe	97
3192	2596	WerFault.exe	76
3268	2968	WerFault.exe	71
3408	1584	WerFault.exe	105
3404	1700	WerFault.exe	104
3516	1800	WerFault.exe	90
3644	3028	WerFault.exe	108
3708	1196	WerFault.exe	114
3852	1668	WerFault.exe	106
3864	1716	WerFault.exe	112
3900	2784	WerFault.exe	110
3720	1512	WerFault.exe	113
3944	2480	WerFault.exe	77
4052	2556	WerFault.exe	78
3128	2484	WerFault.exe	111
3336	2728	WerFault.exe	109
3440	1596	WerFault.exe	107
3452	2400	WerFault.exe	115

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2248	05ead9eeda1fd23fb426dfe757a006c0_NeikiAnalytics.exe
2660	Unicorn-32771.exe
3036	Unicorn-62153.exe
2272	Unicorn-47208.exe
2716	Unicorn-33970.exe
2516	Unicorn-3243.exe
2524	Unicorn-18188.exe
1560	Unicorn-22355.exe
804	Unicorn-42221.exe
2460	Unicorn-11494.exe
2152	Unicorn-46305.exe
2900	Unicorn-26439.exe
1372	Unicorn-59709.exe
1748	Unicorn-59408.exe
3016	Unicorn-12900.exe
1788	Unicorn-40934.exe
2848	Unicorn-10207.exe
580	Unicorn-59963.exe
2800	Unicorn-55879.exe
476	Unicorn-45018.exe
2088	Unicorn-56476.exe
1344	Unicorn-5884.exe
1536	Unicorn-11359.exe
644	Unicorn-26304.exe
1948	Unicorn-19528.exe
1476	Unicorn-48116.exe
1036	Unicorn-48116.exe
2256	Unicorn-63061.exe
1732	Unicorn-52200.exe
2864	Unicorn-32334.exe
1228	Unicorn-36418.exe
780	Unicorn-17390.exe
1720	Unicorn-52200.exe
2084	Unicorn-20740.exe
296	Unicorn-35684.exe
2968	Unicorn-59634.exe
2896	Unicorn-45244.exe
2596	Unicorn-29462.exe
2480	Unicorn-18602.exe
2556	Unicorn-22686.exe
2532	Unicorn-37630.exe
2776	Unicorn-20548.exe
1220	Unicorn-47745.exe
2392	Unicorn-53220.exe
2796	Unicorn-57304.exe
1692	Unicorn-41522.exe
1924	Unicorn-61388.exe
1620	Unicorn-30662.exe
832	Unicorn-65472.exe
1608	Unicorn-10796.exe
2224	Unicorn-34746.exe
1800	Unicorn-49691.exe
2836	Unicorn-38830.exe
664	Unicorn-53775.exe
2440	Unicorn-38228.exe
944	Unicorn-59717.exe
1820	Unicorn-30614.exe
1700	Unicorn-30937.exe
1584	Unicorn-15155.exe
1668	Unicorn-51357.exe
1596	Unicorn-55441.exe
2484	Unicorn-43743.exe
2728	Unicorn-39659.exe
3028	Unicorn-39659.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2248 wrote to memory of 2660	2248	05ead9eeda1fd23fb426dfe757a006c0_NeikiAnalytics.exe	28
PID 2248 wrote to memory of 2660	2248	05ead9eeda1fd23fb426dfe757a006c0_NeikiAnalytics.exe	28
PID 2248 wrote to memory of 2660	2248	05ead9eeda1fd23fb426dfe757a006c0_NeikiAnalytics.exe	28
PID 2248 wrote to memory of 2660	2248	05ead9eeda1fd23fb426dfe757a006c0_NeikiAnalytics.exe	28
PID 2660 wrote to memory of 2272	2660	Unicorn-32771.exe	29
PID 2660 wrote to memory of 2272	2660	Unicorn-32771.exe	29
PID 2660 wrote to memory of 2272	2660	Unicorn-32771.exe	29
PID 2660 wrote to memory of 2272	2660	Unicorn-32771.exe	29
PID 2248 wrote to memory of 3036	2248	05ead9eeda1fd23fb426dfe757a006c0_NeikiAnalytics.exe	30
PID 2248 wrote to memory of 3036	2248	05ead9eeda1fd23fb426dfe757a006c0_NeikiAnalytics.exe	30
PID 2248 wrote to memory of 3036	2248	05ead9eeda1fd23fb426dfe757a006c0_NeikiAnalytics.exe	30
PID 2248 wrote to memory of 3036	2248	05ead9eeda1fd23fb426dfe757a006c0_NeikiAnalytics.exe	30
PID 2248 wrote to memory of 2732	2248	05ead9eeda1fd23fb426dfe757a006c0_NeikiAnalytics.exe	31
PID 2248 wrote to memory of 2732	2248	05ead9eeda1fd23fb426dfe757a006c0_NeikiAnalytics.exe	31
PID 2248 wrote to memory of 2732	2248	05ead9eeda1fd23fb426dfe757a006c0_NeikiAnalytics.exe	31
PID 2248 wrote to memory of 2732	2248	05ead9eeda1fd23fb426dfe757a006c0_NeikiAnalytics.exe	31
PID 3036 wrote to memory of 2716	3036	Unicorn-62153.exe	32
PID 3036 wrote to memory of 2716	3036	Unicorn-62153.exe	32
PID 3036 wrote to memory of 2716	3036	Unicorn-62153.exe	32
PID 3036 wrote to memory of 2716	3036	Unicorn-62153.exe	32
PID 2272 wrote to memory of 2516	2272	Unicorn-47208.exe	33
PID 2272 wrote to memory of 2516	2272	Unicorn-47208.exe	33
PID 2272 wrote to memory of 2516	2272	Unicorn-47208.exe	33
PID 2272 wrote to memory of 2516	2272	Unicorn-47208.exe	33
PID 2660 wrote to memory of 2524	2660	Unicorn-32771.exe	34
PID 2660 wrote to memory of 2524	2660	Unicorn-32771.exe	34
PID 2660 wrote to memory of 2524	2660	Unicorn-32771.exe	34
PID 2660 wrote to memory of 2524	2660	Unicorn-32771.exe	34
PID 2660 wrote to memory of 2904	2660	Unicorn-32771.exe	35
PID 2660 wrote to memory of 2904	2660	Unicorn-32771.exe	35
PID 2660 wrote to memory of 2904	2660	Unicorn-32771.exe	35
PID 2660 wrote to memory of 2904	2660	Unicorn-32771.exe	35
PID 2272 wrote to memory of 1560	2272	Unicorn-47208.exe	36
PID 2272 wrote to memory of 1560	2272	Unicorn-47208.exe	36
PID 2272 wrote to memory of 1560	2272	Unicorn-47208.exe	36
PID 2272 wrote to memory of 1560	2272	Unicorn-47208.exe	36
PID 2516 wrote to memory of 804	2516	Unicorn-3243.exe	37
PID 2516 wrote to memory of 804	2516	Unicorn-3243.exe	37
PID 2516 wrote to memory of 804	2516	Unicorn-3243.exe	37
PID 2516 wrote to memory of 804	2516	Unicorn-3243.exe	37
PID 2716 wrote to memory of 2460	2716	Unicorn-33970.exe	38
PID 2716 wrote to memory of 2460	2716	Unicorn-33970.exe	38
PID 2716 wrote to memory of 2460	2716	Unicorn-33970.exe	38
PID 2716 wrote to memory of 2460	2716	Unicorn-33970.exe	38
PID 3036 wrote to memory of 2900	3036	Unicorn-62153.exe	39
PID 3036 wrote to memory of 2900	3036	Unicorn-62153.exe	39
PID 3036 wrote to memory of 2900	3036	Unicorn-62153.exe	39
PID 3036 wrote to memory of 2900	3036	Unicorn-62153.exe	39
PID 2524 wrote to memory of 2152	2524	Unicorn-18188.exe	40
PID 2524 wrote to memory of 2152	2524	Unicorn-18188.exe	40
PID 2524 wrote to memory of 2152	2524	Unicorn-18188.exe	40
PID 2524 wrote to memory of 2152	2524	Unicorn-18188.exe	40
PID 3036 wrote to memory of 1928	3036	Unicorn-62153.exe	41
PID 3036 wrote to memory of 1928	3036	Unicorn-62153.exe	41
PID 3036 wrote to memory of 1928	3036	Unicorn-62153.exe	41
PID 3036 wrote to memory of 1928	3036	Unicorn-62153.exe	41
PID 2272 wrote to memory of 1892	2272	Unicorn-47208.exe	42
PID 2272 wrote to memory of 1892	2272	Unicorn-47208.exe	42
PID 2272 wrote to memory of 1892	2272	Unicorn-47208.exe	42
PID 2272 wrote to memory of 1892	2272	Unicorn-47208.exe	42
PID 1560 wrote to memory of 1372	1560	Unicorn-22355.exe	43
PID 1560 wrote to memory of 1372	1560	Unicorn-22355.exe	43
PID 1560 wrote to memory of 1372	1560	Unicorn-22355.exe	43
PID 1560 wrote to memory of 1372	1560	Unicorn-22355.exe	43

C:\Users\Admin\AppData\Local\Temp\05ead9eeda1fd23fb426dfe757a006c0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\05ead9eeda1fd23fb426dfe757a006c0_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2248
- C:\Users\Admin\AppData\Local\Temp\Unicorn-32771.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-32771.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2660
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47208.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47208.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3243.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3243.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42221.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59408.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11359.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45244.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1917.exe
        9⤵
        
        PID:3064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45467.exe
        10⤵
        
        PID:3240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27734.exe
        11⤵
        
        PID:6244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20071.exe
        12⤵
        
        PID:8428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27513.exe
        13⤵
        
        PID:12128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8428 -s 216
        13⤵
        
        PID:12100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6244 -s 216
        12⤵
        
        PID:9460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3240 -s 216
        11⤵
        
        PID:7832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3064 -s 236
        10⤵
        
        PID:5432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2896 -s 236
        9⤵
        Program crash
        
        PID:3920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39659.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57169.exe
        9⤵
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30693.exe
        10⤵
        
        PID:3980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3980 -s 220
        11⤵
        
        PID:5860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2032 -s 236
        10⤵
        
        PID:5024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3028 -s 236
        9⤵
        Program crash
        
        PID:3644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1536 -s 240
        8⤵
        Program crash
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29462.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59525.exe
        8⤵
        Executes dropped EXE
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20221.exe
        9⤵
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37491.exe
        10⤵
        
        PID:4648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35540.exe
        11⤵
        
        PID:5136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21441.exe
        12⤵
        
        PID:8460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4248.exe
        13⤵
        
        PID:12076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53112.exe
        14⤵
        
        PID:8584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8460 -s 236
        13⤵
        
        PID:4636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5136 -s 216
        12⤵
        
        PID:10024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4648 -s 216
        11⤵
        
        PID:7720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2496 -s 216
        10⤵
        
        PID:5808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2784 -s 216
        9⤵
        Program crash
        
        PID:3900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28943.exe
        8⤵
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64325.exe
        9⤵
        
        PID:4404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58783.exe
        10⤵
        
        PID:5380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53454.exe
        11⤵
        
        PID:8452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40289.exe
        12⤵
        
        PID:11108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8452 -s 216
        12⤵
        
        PID:12048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5380 -s 216
        11⤵
        
        PID:9588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4404 -s 216
        10⤵
        
        PID:7368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2536 -s 236
        9⤵
        
        PID:5348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2596 -s 240
        8⤵
        Program crash
        
        PID:3192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1748 -s 240
        7⤵
        Program crash
        
        PID:1780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26304.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18602.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51357.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38695.exe
        9⤵
        
        PID:1468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15124.exe
        10⤵
        
        PID:4444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40309.exe
        11⤵
        
        PID:5444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8228.exe
        12⤵
        
        PID:9136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13895.exe
        13⤵
        
        PID:11568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25510.exe
        14⤵
        
        PID:9092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9136 -s 216
        13⤵
        
        PID:11992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5444 -s 220
        12⤵
        
        PID:9912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4444 -s 220
        11⤵
        
        PID:7384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1468 -s 236
        10⤵
        
        PID:5512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1668 -s 236
        9⤵
        Program crash
        
        PID:3852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57724.exe
        8⤵
        
        PID:1756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64133.exe
        9⤵
        
        PID:4608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54014.exe
        10⤵
        
        PID:6040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8913.exe
        11⤵
        
        PID:8912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45992.exe
        12⤵
        
        PID:11504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8912 -s 216
        12⤵
        
        PID:11936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6040 -s 216
        11⤵
        
        PID:9840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4608 -s 216
        10⤵
        
        PID:7520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1756 -s 216
        9⤵
        
        PID:5780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2480 -s 220
        8⤵
        Program crash
        
        PID:3944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39659.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38503.exe
        8⤵
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37299.exe
        9⤵
        
        PID:3880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51601.exe
        10⤵
        
        PID:5252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20294.exe
        11⤵
        
        PID:7324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28810.exe
        12⤵
        
        PID:10424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7324 -s 216
        12⤵
        
        PID:10868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5252 -s 216
        11⤵
        
        PID:8568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3880 -s 216
        10⤵
        
        PID:7148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2432 -s 216
        9⤵
        
        PID:5472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2728 -s 216
        8⤵
        Program crash
        
        PID:3336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 644 -s 240
        7⤵
        Program crash
        
        PID:284
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 804 -s 240
        6⤵
        Program crash
        
        PID:2812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12900.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19528.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22686.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55441.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15945.exe
        9⤵
        
        PID:2376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37491.exe
        10⤵
        
        PID:4640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44201.exe
        11⤵
        
        PID:6112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2582.exe
        12⤵
        
        PID:8312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26231.exe
        13⤵
        
        PID:11984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8312 -s 236
        13⤵
        
        PID:12256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6112 -s 216
        12⤵
        
        PID:9964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4640 -s 216
        11⤵
        
        PID:7488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2376 -s 216
        10⤵
        
        PID:5800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1596 -s 236
        9⤵
        Program crash
        
        PID:3440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39057.exe
        8⤵
        
        PID:2016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19017.exe
        9⤵
        
        PID:4664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54014.exe
        10⤵
        
        PID:6028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11627.exe
        11⤵
        
        PID:8980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9619.exe
        12⤵
        
        PID:11656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32661.exe
        13⤵
        
        PID:7196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11656 -s 216
        13⤵
        
        PID:1736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8980 -s 236
        12⤵
        
        PID:11952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6028 -s 216
        11⤵
        
        PID:9852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4664 -s 216
        10⤵
        
        PID:7532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2016 -s 216
        9⤵
        
        PID:5840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2556 -s 240
        8⤵
        Program crash
        
        PID:4052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43743.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64029.exe
        8⤵
        
        PID:3652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61995.exe
        9⤵
        
        PID:4688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46749.exe
        10⤵
        
        PID:5160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22489.exe
        11⤵
        
        PID:7284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16916.exe
        12⤵
        
        PID:11152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20876.exe
        13⤵
        
        PID:7964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7284 -s 216
        12⤵
        
        PID:11460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5160 -s 216
        11⤵
        
        PID:8368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4688 -s 236
        10⤵
        
        PID:6940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3652 -s 216
        9⤵
        
        PID:4128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2484 -s 216
        8⤵
        Program crash
        
        PID:3128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1948 -s 240
        7⤵
        Program crash
        
        PID:2656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37630.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6240.exe
        7⤵
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24305.exe
        8⤵
        
        PID:288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44891.exe
        9⤵
        
        PID:3572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39541.exe
        10⤵
        
        PID:5792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36386.exe
        11⤵
        
        PID:8404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37549.exe
        12⤵
        
        PID:10440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31784.exe
        13⤵
        
        PID:7228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10440 -s 236
        13⤵
        
        PID:8484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8404 -s 220
        12⤵
        
        PID:12228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5792 -s 216
        11⤵
        
        PID:9560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3572 -s 216
        10⤵
        
        PID:6224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 288 -s 236
        9⤵
        
        PID:4716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1512 -s 236
        8⤵
        Program crash
        
        PID:3720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49364.exe
        7⤵
        
        PID:1772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37408.exe
        8⤵
        
        PID:3304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47133.exe
        9⤵
        
        PID:5584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63329.exe
        10⤵
        
        PID:8024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47751.exe
        11⤵
        
        PID:10940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8024 -s 236
        11⤵
        
        PID:10608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5584 -s 216
        10⤵
        
        PID:9256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3304 -s 216
        9⤵
        
        PID:7084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1772 -s 216
        8⤵
        
        PID:4228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2532 -s 240
        7⤵
        Program crash
        
        PID:3556
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3016 -s 240
        6⤵
        Program crash
        
        PID:1524
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2516 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:1576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22355.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22355.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59709.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56476.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20740.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59717.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11668.exe
        9⤵
        
        PID:376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27294.exe
        10⤵
        
        PID:3080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2208.exe
        11⤵
        
        PID:5396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55488.exe
        12⤵
        
        PID:7612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19874.exe
        13⤵
        
        PID:10392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28193.exe
        14⤵
        
        PID:12116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10392 -s 216
        14⤵
        
        PID:8856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7612 -s 236
        13⤵
        
        PID:10860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5396 -s 216
        12⤵
        
        PID:8688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3080 -s 236
        11⤵
        
        PID:7008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 376 -s 236
        10⤵
        
        PID:4932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 944 -s 236
        9⤵
        Program crash
        
        PID:3148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61424.exe
        8⤵
        
        PID:2208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61336.exe
        9⤵
        
        PID:3688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57527.exe
        10⤵
        
        PID:4216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12514.exe
        11⤵
        
        PID:5364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43101.exe
        12⤵
        
        PID:7660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25468.exe
        13⤵
        
        PID:10300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61140.exe
        14⤵
        
        PID:7440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7660 -s 220
        13⤵
        
        PID:11556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5364 -s 216
        12⤵
        
        PID:8696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4216 -s 236
        11⤵
        
        PID:6992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3688 -s 216
        10⤵
        
        PID:4884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19955.exe
        9⤵
        
        PID:4280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38965.exe
        10⤵
        
        PID:5532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40963.exe
        11⤵
        
        PID:7996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23138.exe
        12⤵
        
        PID:11116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7996 -s 216
        12⤵
        
        PID:11416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5532 -s 216
        11⤵
        
        PID:8936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4280 -s 216
        10⤵
        
        PID:7060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2208 -s 240
        9⤵
        
        PID:4176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2084 -s 240
        8⤵
        Program crash
        
        PID:3524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30614.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15753.exe
        8⤵
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25348.exe
        9⤵
        
        PID:4004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52779.exe
        10⤵
        
        PID:5280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40304.exe
        11⤵
        
        PID:8160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64196.exe
        12⤵
        
        PID:10796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8160 -s 236
        12⤵
        
        PID:10512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5280 -s 216
        11⤵
        
        PID:8228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4004 -s 236
        10⤵
        
        PID:6984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2176 -s 236
        9⤵
        
        PID:4836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52545.exe
        8⤵
        
        PID:4036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30989.exe
        9⤵
        
        PID:5308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14948.exe
        10⤵
        
        PID:6844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57014.exe
        11⤵
        
        PID:1324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6844 -s 236
        11⤵
        
        PID:10636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5308 -s 216
        10⤵
        
        PID:8272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4036 -s 236
        9⤵
        
        PID:6820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1820 -s 240
        8⤵
        
        PID:4860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2088 -s 240
        7⤵
        Program crash
        
        PID:2996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35684.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38228.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38311.exe
        8⤵
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42286.exe
        9⤵
        
        PID:3584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49359.exe
        10⤵
        
        PID:4164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32394.exe
        11⤵
        
        PID:6380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24731.exe
        12⤵
        
        PID:8360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61337.exe
        13⤵
        
        PID:1680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8360 -s 216
        13⤵
        
        PID:12152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6380 -s 236
        12⤵
        
        PID:9796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4164 -s 216
        11⤵
        
        PID:7968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3584 -s 216
        10⤵
        
        PID:5868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50682.exe
        9⤵
        
        PID:4248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56069.exe
        10⤵
        
        PID:5880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40304.exe
        11⤵
        
        PID:8168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4196.exe
        12⤵
        
        PID:10848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40860.exe
        13⤵
        
        PID:7000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8168 -s 236
        12⤵
        
        PID:10972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5880 -s 216
        11⤵
        
        PID:8252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4248 -s 216
        10⤵
        
        PID:7348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2416 -s 240
        9⤵
        
        PID:6032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16966.exe
        8⤵
        
        PID:3620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18633.exe
        9⤵
        
        PID:4200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29619.exe
        10⤵
        
        PID:5680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2623.exe
        11⤵
        
        PID:8188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44326.exe
        12⤵
        
        PID:10520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8188 -s 216
        12⤵
        
        PID:11704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5680 -s 216
        11⤵
        
        PID:8224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4200 -s 216
        10⤵
        
        PID:7200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3620 -s 216
        9⤵
        
        PID:5928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2440 -s 240
        8⤵
        Program crash
        
        PID:4092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53256.exe
        7⤵
        
        PID:344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6489.exe
        8⤵
        
        PID:3844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13801.exe
        9⤵
        
        PID:4768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54419.exe
        10⤵
        
        PID:7220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48654.exe
        11⤵
        
        PID:10348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7220 -s 216
        11⤵
        
        PID:10820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4768 -s 236
        10⤵
        
        PID:8388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3844 -s 216
        9⤵
        
        PID:6552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 344 -s 216
        8⤵
        
        PID:4136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 296 -s 240
        7⤵
        Program crash
        
        PID:3508
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1372 -s 240
        6⤵
        Program crash
        
        PID:2916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5884.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59634.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30937.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42203.exe
        8⤵
        
        PID:1488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28939.exe
        9⤵
        
        PID:3824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5908.exe
        10⤵
        
        PID:4996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46609.exe
        11⤵
        
        PID:8032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30647.exe
        12⤵
        
        PID:10884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40668.exe
        13⤵
        
        PID:8752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8032 -s 216
        12⤵
        
        PID:11012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4996 -s 216
        11⤵
        
        PID:9036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3824 -s 236
        10⤵
        
        PID:6888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1488 -s 236
        9⤵
        
        PID:4700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1700 -s 216
        8⤵
        Program crash
        
        PID:3404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16883.exe
        7⤵
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60241.exe
        8⤵
        
        PID:4364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58783.exe
        9⤵
        
        PID:5404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59572.exe
        10⤵
        
        PID:7644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10143.exe
        11⤵
        
        PID:10524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7644 -s 216
        11⤵
        
        PID:10952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5404 -s 236
        10⤵
        
        PID:8712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4364 -s 216
        9⤵
        
        PID:7268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2548 -s 216
        8⤵
        
        PID:5332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2968 -s 240
        7⤵
        Program crash
        
        PID:3268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15155.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19645.exe
        7⤵
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24471.exe
        8⤵
        
        PID:3228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10760.exe
        9⤵
        
        PID:5960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2260.exe
        10⤵
        
        PID:8212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49588.exe
        11⤵
        
        PID:11184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8212 -s 216
        11⤵
        
        PID:11468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5960 -s 216
        10⤵
        
        PID:9404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3228 -s 216
        9⤵
        
        PID:6368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2708 -s 236
        8⤵
        
        PID:4580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1584 -s 236
        7⤵
        Program crash
        
        PID:3408
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1344 -s 240
        6⤵
        Program crash
        
        PID:2772
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1560 -s 240
        5⤵
        Program crash
        
        PID:1672
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2272 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1892
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18188.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18188.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46305.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46305.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40934.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52200.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65472.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 832 -s 240
        8⤵
        Program crash
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11455.exe
        7⤵
        
        PID:1460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19536.exe
        8⤵
        
        PID:3112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42068.exe
        9⤵
        
        PID:3628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30906.exe
        10⤵
        
        PID:4464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53734.exe
        11⤵
        
        PID:7396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6251.exe
        12⤵
        
        PID:10456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47689.exe
        13⤵
        
        PID:7796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7396 -s 236
        12⤵
        
        PID:10844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4464 -s 236
        11⤵
        
        PID:8560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3628 -s 236
        10⤵
        
        PID:6764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3112 -s 236
        9⤵
        
        PID:4600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47776.exe
        8⤵
        
        PID:3712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12898.exe
        9⤵
        
        PID:5832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35452.exe
        10⤵
        
        PID:7848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24918.exe
        11⤵
        
        PID:10672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57741.exe
        12⤵
        
        PID:7704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10672 -s 216
        12⤵
        
        PID:12168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7848 -s 216
        11⤵
        
        PID:11140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5832 -s 216
        10⤵
        
        PID:8944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3712 -s 216
        9⤵
        
        PID:6256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1460 -s 220
        8⤵
        
        PID:4676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1720 -s 240
        7⤵
        Program crash
        
        PID:2100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49691.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16931.exe
        7⤵
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30911.exe
        8⤵
        
        PID:1508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43329.exe
        9⤵
        
        PID:3960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26521.exe
        10⤵
        
        PID:4784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60148.exe
        11⤵
        
        PID:7772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33086.exe
        12⤵
        
        PID:10708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7772 -s 236
        12⤵
        
        PID:11144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4784 -s 216
        11⤵
        
        PID:8864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3960 -s 236
        10⤵
        
        PID:6796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1508 -s 236
        9⤵
        
        PID:4660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2072 -s 216
        8⤵
        
        PID:3492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5892.exe
        7⤵
        
        PID:1180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21155.exe
        8⤵
        
        PID:4528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63552.exe
        9⤵
        
        PID:5420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4398.exe
        10⤵
        
        PID:8176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9707.exe
        11⤵
        
        PID:10408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4814.exe
        12⤵
        
        PID:7540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8176 -s 216
        11⤵
        
        PID:11628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5420 -s 216
        10⤵
        
        PID:9368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4528 -s 216
        9⤵
        
        PID:7512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1180 -s 216
        8⤵
        
        PID:5740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1800 -s 220
        7⤵
        Program crash
        
        PID:3516
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1788 -s 220
        6⤵
        Program crash
        
        PID:2948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36418.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30662.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4678.exe
        7⤵
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13074.exe
        8⤵
        
        PID:3948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16708.exe
        9⤵
        
        PID:4488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44663.exe
        10⤵
        
        PID:6168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7294.exe
        11⤵
        
        PID:11076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6168 -s 216
        11⤵
        
        PID:11288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4488 -s 216
        10⤵
        
        PID:8728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3948 -s 236
        9⤵
        
        PID:6660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2764 -s 216
        8⤵
        
        PID:4536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16006.exe
        7⤵
        
        PID:3272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21394.exe
        8⤵
        
        PID:4300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23013.exe
        9⤵
        
        PID:6052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14943.exe
        10⤵
        
        PID:8532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26283.exe
        11⤵
        
        PID:10268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8532 -s 220
        11⤵
        
        PID:12144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6052 -s 216
        10⤵
        
        PID:9676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4300 -s 216
        9⤵
        
        PID:6436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3272 -s 236
        8⤵
        
        PID:5352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1620 -s 240
        7⤵
        
        PID:4824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27791.exe
        6⤵
        
        PID:896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39956.exe
        7⤵
        
        PID:3376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53744.exe
        8⤵
        
        PID:3364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40911.exe
        9⤵
        
        PID:5672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27149.exe
        10⤵
        
        PID:7460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25468.exe
        11⤵
        
        PID:10344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7460 -s 220
        11⤵
        
        PID:11544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5672 -s 216
        10⤵
        
        PID:9360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3364 -s 216
        9⤵
        
        PID:7140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3376 -s 236
        8⤵
        
        PID:4340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11320.exe
        7⤵
        
        PID:3420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10184.exe
        8⤵
        
        PID:5708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26490.exe
        9⤵
        
        PID:7292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39583.exe
        10⤵
        
        PID:10912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48888.exe
        11⤵
        
        PID:7392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7292 -s 216
        10⤵
        
        PID:10840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5708 -s 216
        9⤵
        
        PID:8416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3420 -s 236
        8⤵
        
        PID:7160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 896 -s 240
        7⤵
        
        PID:4416
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1228 -s 240
        6⤵
        Program crash
        
        PID:1676
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2152 -s 240
        5⤵
        Program crash
        
        PID:2584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55879.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55879.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52200.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57304.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37543.exe
        7⤵
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-184.exe
        8⤵
        
        PID:2624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2624 -s 220
        9⤵
        
        PID:5084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2056 -s 216
        8⤵
        
        PID:4332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23297.exe
        7⤵
        
        PID:628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23340.exe
        8⤵
        
        PID:4352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25535.exe
        9⤵
        
        PID:5652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2883.exe
        10⤵
        
        PID:8832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64959.exe
        11⤵
        
        PID:10964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8832 -s 216
        11⤵
        
        PID:11588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5652 -s 216
        10⤵
        
        PID:9812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4352 -s 216
        9⤵
        
        PID:7184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 628 -s 236
        8⤵
        
        PID:5820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2796 -s 240
        7⤵
        
        PID:4940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56572.exe
        6⤵
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1061.exe
        7⤵
        
        PID:3232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31700.exe
        8⤵
        
        PID:4212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31181.exe
        9⤵
        
        PID:6124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24819.exe
        10⤵
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23714.exe
        11⤵
        
        PID:10588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60512.exe
        12⤵
        
        PID:9032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2876 -s 216
        11⤵
        
        PID:11792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6124 -s 216
        10⤵
        
        PID:9396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4212 -s 216
        9⤵
        
        PID:6532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3232 -s 216
        8⤵
        
        PID:5232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1612 -s 236
        7⤵
        
        PID:4748
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1732 -s 240
        6⤵
        Program crash
        
        PID:1688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41522.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39489.exe
        6⤵
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20605.exe
        7⤵
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47522.exe
        8⤵
        
        PID:3476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51217.exe
        9⤵
        
        PID:5624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40662.exe
        10⤵
        
        PID:8332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38727.exe
        11⤵
        
        PID:11204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8332 -s 216
        11⤵
        
        PID:12132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5624 -s 220
        10⤵
        
        PID:9484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3476 -s 236
        9⤵
        
        PID:7092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2568 -s 236
        8⤵
        
        PID:4236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27355.exe
        7⤵
        
        PID:3592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-646.exe
        8⤵
        
        PID:5756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17637.exe
        9⤵
        
        PID:7632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58057.exe
        10⤵
        
        PID:11028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7632 -s 236
        10⤵
        
        PID:11164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5756 -s 216
        9⤵
        
        PID:8652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3592 -s 216
        8⤵
        
        PID:6208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3052 -s 240
        7⤵
        
        PID:4460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30396.exe
        6⤵
        
        PID:3092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64673.exe
        7⤵
        
        PID:4876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35924.exe
        8⤵
        
        PID:6348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34461.exe
        9⤵
        
        PID:8300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15561.exe
        10⤵
        
        PID:11716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62266.exe
        11⤵
        
        PID:9116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8300 -s 216
        10⤵
        
        PID:5140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6348 -s 216
        9⤵
        
        PID:9332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4876 -s 236
        8⤵
        
        PID:7956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3092 -s 216
        7⤵
        
        PID:5556
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1692 -s 240
        6⤵
        
        PID:4000
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2800 -s 240
        5⤵
        Program crash
        
        PID:2124
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2524 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:2964
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2660 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2904
- C:\Users\Admin\AppData\Local\Temp\Unicorn-62153.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-62153.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3036
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33970.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33970.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11494.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11494.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45018.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48116.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38830.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51741.exe
        8⤵
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64413.exe
        9⤵
        
        PID:3884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12239.exe
        10⤵
        
        PID:4964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21254.exe
        11⤵
        
        PID:7736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4497.exe
        12⤵
        
        PID:10616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7736 -s 216
        12⤵
        
        PID:11096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4964 -s 216
        11⤵
        
        PID:8800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3884 -s 236
        10⤵
        
        PID:6580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2832 -s 236
        9⤵
        
        PID:4400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2836 -s 236
        8⤵
        Program crash
        
        PID:3752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35959.exe
        7⤵
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3199.exe
        8⤵
        
        PID:1832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15363.exe
        9⤵
        
        PID:3736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11398.exe
        10⤵
        
        PID:6188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34653.exe
        11⤵
        
        PID:8908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64570.exe
        12⤵
        
        PID:4956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8908 -s 216
        12⤵
        
        PID:6692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6188 -s 216
        11⤵
        
        PID:10164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3736 -s 216
        10⤵
        
        PID:7804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1832 -s 216
        9⤵
        
        PID:5212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2104 -s 216
        8⤵
        
        PID:4724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1036 -s 240
        7⤵
        Program crash
        
        PID:2168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53775.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19069.exe
        7⤵
        
        PID:1516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27704.exe
        8⤵
        
        PID:3172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12794.exe
        9⤵
        
        PID:3284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47517.exe
        10⤵
        
        PID:5148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36578.exe
        11⤵
        
        PID:8304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65130.exe
        12⤵
        
        PID:10764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48888.exe
        13⤵
        
        PID:7240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38255.exe
        14⤵
        
        PID:7728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8304 -s 216
        12⤵
        
        PID:11864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5148 -s 216
        11⤵
        
        PID:9492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3284 -s 216
        10⤵
        
        PID:6688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3172 -s 236
        9⤵
        
        PID:5424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9265.exe
        8⤵
        
        PID:3392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61139.exe
        9⤵
        
        PID:5020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65467.exe
        10⤵
        
        PID:1796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48602.exe
        11⤵
        
        PID:10452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1796 -s 216
        11⤵
        
        PID:11640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5020 -s 216
        10⤵
        
        PID:9084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3392 -s 236
        9⤵
        
        PID:6900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1516 -s 220
        8⤵
        
        PID:4684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50817.exe
        7⤵
        
        PID:3316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18633.exe
        8⤵
        
        PID:4192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53547.exe
        9⤵
        
        PID:5416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43236.exe
        10⤵
        
        PID:7568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44954.exe
        11⤵
        
        PID:10544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7568 -s 236
        11⤵
        
        PID:10948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5416 -s 216
        10⤵
        
        PID:8644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4192 -s 216
        9⤵
        
        PID:6260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3316 -s 216
        8⤵
        
        PID:5572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 664 -s 240
        7⤵
        Program crash
        
        PID:3984
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 476 -s 240
        6⤵
        Program crash
        
        PID:2336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63061.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53220.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23153.exe
        7⤵
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20605.exe
        8⤵
        
        PID:1340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44891.exe
        9⤵
        
        PID:3496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53739.exe
        10⤵
        
        PID:6016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41586.exe
        11⤵
        
        PID:8504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45909.exe
        12⤵
        
        PID:10472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55219.exe
        13⤵
        
        PID:6576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10472 -s 216
        13⤵
        
        PID:7844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8504 -s 216
        12⤵
        
        PID:11564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6016 -s 216
        11⤵
        
        PID:9668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3496 -s 216
        10⤵
        
        PID:6428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1340 -s 236
        9⤵
        
        PID:5184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41361.exe
        8⤵
        
        PID:3928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54533.exe
        9⤵
        
        PID:4632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13360.exe
        10⤵
        
        PID:7856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4632 -s 216
        10⤵
        
        PID:8780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3928 -s 236
        9⤵
        
        PID:6716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2180 -s 220
        8⤵
        
        PID:4568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30396.exe
        7⤵
        
        PID:3100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-542.exe
        8⤵
        
        PID:4020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23013.exe
        9⤵
        
        PID:6064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20351.exe
        10⤵
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18862.exe
        11⤵
        
        PID:11212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45380.exe
        12⤵
        
        PID:924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2164 -s 216
        11⤵
        
        PID:11476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6064 -s 216
        10⤵
        
        PID:8668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4020 -s 216
        9⤵
        
        PID:6484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3100 -s 216
        8⤵
        
        PID:5200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2392 -s 240
        7⤵
        Program crash
        
        PID:3816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42181.exe
        6⤵
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23620.exe
        7⤵
        
        PID:3140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46474.exe
        8⤵
        
        PID:4436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36308.exe
        9⤵
        
        PID:6508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1492.exe
        10⤵
        
        PID:7344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21576.exe
        11⤵
        
        PID:11240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7344 -s 216
        11⤵
        
        PID:11604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6508 -s 216
        10⤵
        
        PID:9180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4436 -s 216
        9⤵
        
        PID:8100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3140 -s 216
        8⤵
        
        PID:6152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1984 -s 236
        7⤵
        
        PID:5012
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2256 -s 240
        6⤵
        Program crash
        
        PID:1292
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2460 -s 240
        5⤵
        Program crash
        
        PID:2704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59963.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59963.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48116.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20548.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2156.exe
        7⤵
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12052.exe
        8⤵
        
        PID:300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23293.exe
        9⤵
        
        PID:4472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58783.exe
        10⤵
        
        PID:5320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14751.exe
        11⤵
        
        PID:8656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25681.exe
        12⤵
        
        PID:11200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34498.exe
        13⤵
        
        PID:7576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8656 -s 216
        12⤵
        
        PID:12280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5320 -s 216
        11⤵
        
        PID:9764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4472 -s 216
        10⤵
        
        PID:7420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 300 -s 236
        9⤵
        
        PID:5388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1716 -s 236
        8⤵
        Program crash
        
        PID:3864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12607.exe
        7⤵
        
        PID:1232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9094.exe
        8⤵
        
        PID:4308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45763.exe
        9⤵
        
        PID:6140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46054.exe
        10⤵
        
        PID:8756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57777.exe
        11⤵
        
        PID:10924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8756 -s 216
        11⤵
        
        PID:12272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6140 -s 220
        10⤵
        
        PID:9788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4308 -s 216
        9⤵
        
        PID:7312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1232 -s 236
        8⤵
        
        PID:5316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2776 -s 240
        7⤵
        Program crash
        
        PID:4068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21185.exe
        6⤵
        
        PID:1196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30527.exe
        7⤵
        
        PID:2216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55965.exe
        8⤵
        
        PID:4560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31949.exe
        9⤵
        
        PID:5972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49759.exe
        10⤵
        
        PID:6920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11897.exe
        11⤵
        
        PID:10304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15504.exe
        12⤵
        
        PID:8736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6920 -s 236
        11⤵
        
        PID:10684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5972 -s 216
        10⤵
        
        PID:8280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4560 -s 216
        9⤵
        
        PID:6828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2216 -s 236
        8⤵
        
        PID:5764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1196 -s 236
        7⤵
        Program crash
        
        PID:3708
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1476 -s 240
        6⤵
        Program crash
        
        PID:1216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47745.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45135.exe
        6⤵
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63199.exe
        7⤵
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1274.exe
        8⤵
        
        PID:4760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4621.exe
        9⤵
        
        PID:6216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51788.exe
        10⤵
        
        PID:7888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43200.exe
        11⤵
        
        PID:10740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12515.exe
        12⤵
        
        PID:6372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7888 -s 216
        11⤵
        
        PID:9920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6216 -s 216
        10⤵
        
        PID:8892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4760 -s 216
        9⤵
        
        PID:7496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2276 -s 216
        8⤵
        
        PID:5196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2400 -s 236
        7⤵
        Program crash
        
        PID:3452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61616.exe
        6⤵
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59281.exe
        7⤵
        
        PID:3312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64045.exe
        8⤵
        
        PID:5896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51653.exe
        9⤵
        
        PID:5636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13983.exe
        10⤵
        
        PID:10720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5636 -s 216
        10⤵
        
        PID:11848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5896 -s 220
        9⤵
        
        PID:9316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3312 -s 216
        8⤵
        
        PID:6304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2528 -s 236
        7⤵
        
        PID:4388
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1220 -s 240
        6⤵
        Program crash
        
        PID:3776
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 580 -s 220
        5⤵
        Program crash
        
        PID:1552
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2716 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:2476
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26439.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26439.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10207.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10207.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17390.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61388.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24859.exe
        7⤵
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60589.exe
        8⤵
        
        PID:4840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27756.exe
        9⤵
        
        PID:6320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14232.exe
        10⤵
        
        PID:9104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45328.exe
        11⤵
        
        PID:12248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58182.exe
        12⤵
        
        PID:2296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9104 -s 236
        11⤵
        
        PID:3088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6320 -s 216
        10⤵
        
        PID:10220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4840 -s 216
        9⤵
        
        PID:7948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3000 -s 216
        8⤵
        
        PID:5612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1924 -s 216
        7⤵
        
        PID:3704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27791.exe
        6⤵
        
        PID:656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20605.exe
        7⤵
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1357.exe
        8⤵
        
        PID:4492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22157.exe
        9⤵
        
        PID:6628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4398.exe
        10⤵
        
        PID:7896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10823.exe
        11⤵
        
        PID:10976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7896 -s 216
        11⤵
        
        PID:12012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6628 -s 216
        10⤵
        
        PID:9436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4492 -s 216
        9⤵
        
        PID:7860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2452 -s 216
        8⤵
        
        PID:6440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 656 -s 216
        7⤵
        
        PID:5048
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 780 -s 240
        6⤵
        Program crash
        
        PID:1588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10796.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2301.exe
        6⤵
        
        PID:268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15472.exe
        7⤵
        
        PID:4912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46749.exe
        8⤵
        
        PID:5152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25805.exe
        9⤵
        
        PID:7672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9240.exe
        10⤵
        
        PID:10980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7672 -s 216
        10⤵
        
        PID:10320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5152 -s 216
        9⤵
        
        PID:8680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4912 -s 216
        8⤵
        
        PID:6932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 268 -s 236
        7⤵
        
        PID:4372
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1608 -s 236
        6⤵
        
        PID:3372
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2848 -s 240
        5⤵
        Program crash
        
        PID:2252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32334.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32334.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34746.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-594.exe
        6⤵
        
        PID:772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62514.exe
        7⤵
        
        PID:3200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57143.exe
        8⤵
        
        PID:3672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61907.exe
        9⤵
        
        PID:6092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55784.exe
        10⤵
        
        PID:8592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27134.exe
        11⤵
        
        PID:11172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8592 -s 204
        11⤵
        
        PID:11344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6092 -s 220
        10⤵
        
        PID:9720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3672 -s 216
        9⤵
        
        PID:6420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3200 -s 236
        8⤵
        
        PID:5168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 772 -s 236
        7⤵
        Program crash
        
        PID:3800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20090.exe
        6⤵
        
        PID:3328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16988.exe
        7⤵
        
        PID:3212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61523.exe
        8⤵
        
        PID:5488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5488 -s 240
        9⤵
        
        PID:6288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3212 -s 216
        8⤵
        
        PID:6616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3328 -s 236
        7⤵
        
        PID:3156
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2224 -s 240
        6⤵
        Program crash
        
        PID:3728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23707.exe
        5⤵
        
        PID:540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52400.exe
        6⤵
        
        PID:532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27616.exe
        7⤵
        
        PID:4160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34793.exe
        8⤵
        
        PID:6864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27850.exe
        9⤵
        
        PID:10032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31784.exe
        10⤵
        
        PID:11712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10032 -s 216
        10⤵
        
        PID:12264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6864 -s 216
        9⤵
        
        PID:10500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4160 -s 216
        8⤵
        
        PID:7628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 532 -s 216
        7⤵
        
        PID:6276
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 540 -s 236
        6⤵
        
        PID:4740
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2864 -s 240
        5⤵
        Program crash
        
        PID:2672
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2900 -s 240
      4⤵
      Program crash
      PID:2980
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3036 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:1928
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2248 -s 240
  2⤵
  - Program crash
  PID:2732

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-11494.exe

Filesize
184KB

MD5
9a41105515d2a2710dda3e9a8ac2df00

SHA1
3d45060bee72a6e04ac339e3a2097f8d8feebdd6

SHA256
07607e24bdf51b7db4f3d196d7363d232afc4ca036bdd72476f55d9538cc139d

SHA512
332da6e1cd735fe4fb6e65fd44733109db6249bd33c4d3d232fcf63306b9636aff586506c454b8792570031d39ad5ebe4a1d2726692d1ca173b256b3e7531f4e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-1492.exe

Filesize
184KB

MD5
a596f97ed94a032da3fa97a9d35a0512

SHA1
a21d4ba6838e255d7f7b654ef0619a9da13ef9d8

SHA256
59c58c26fbf3b326e7ad0a0894c187529a124d87bb0de9cb76288da58f25666d

SHA512
145b216ee10fc9fff35a26f102f45f6d87ed4f0092183e7da2d44c74e7ec513ba9a02a72f156a3c3e6ada966bd686586e0409b4d718da374e980a6df726be32f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26439.exe

Filesize
184KB

MD5
eadc02444ddbe3176c8dabfa112a7d06

SHA1
cefb7cfcb8649104d9e5eee81ef3bc672b68241f

SHA256
12d64d695c71aa2f30231ed04814514540f0245517bac3736ddda59e04fc8d9e

SHA512
21060c70cc770454cd4e44bb62927614d31eddf7a492bc547a73843426c78580d16b6ba3421b13d81ad81e94972cd73bdbf07878f2fee61d78a1b510120f0ff5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37299.exe

Filesize
184KB

MD5
7e15ad33c3b476c322797a40746fed37

SHA1
5d842539bb5d4070831726cb93eb1b16cd38d3ac

SHA256
56f43c2b664875376a3a9edcc21ba2c9571ce72d745c4deb594d1a4d3fc8e1ea

SHA512
7ec550b1f7bb192943180f5cc0abefd89005a927fe2875d44139482a2da15b5a0b3028bad2f0e268f2a0d64ee7560d60e5300830a1ff439efa48325a27326319

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46305.exe

Filesize
184KB

MD5
109799d021b1e95d85567c4e073412b9

SHA1
4776883009c2bacdad3085e730d6e7e4880abadd

SHA256
e1d527e87846195713f38d925cd810108a6363858518394b181b8282f6df13ca

SHA512
9b86d4f22cf1fde9773534ff9d7e86f92ee52d1d8e847f50cef4f18765a8daededcd9c48d1c9faa1a27cdf7ac7ba87418e1f91d6163e0e065ef922172e125948

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57169.exe

Filesize
184KB

MD5
548e5c5fe8c254abcf10a65c5e5329e4

SHA1
ef78e414fce74f392a1ac002a83e16a2cc270b45

SHA256
0089228979f221790f2ed4fdcb4ddd6e4098738bed74f46ad0f3b3404e50e000

SHA512
b1ce415ade147c26aca3d531d8f1017ff4083f946288cfb47bc607fb73fa01a3fa95ed6e6fa213d25dcb7fbb4cd2df5caa740559a5e3c9c49c345d0767987ca8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63329.exe

Filesize
184KB

MD5
57423694ece8616ee012fb59c1383ea5

SHA1
27215c18784b46e6f8edcc2bd761cdd7815cca2f

SHA256
80f71162e28efd5cf9f88dc7931c7bf8e0b399b414492e84ea0702149093eff0

SHA512
c84aef791b1aedab71bfc9bbdb20b199aa6cfbfaa8f00d6081a4325b037f50206bd235bdf622353871f8d704aa8e55ff1d928ec815026f09c207533f9950befe

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6489.exe

Filesize
184KB

MD5
9149e1c7e07503883553c98561184a54

SHA1
ba838c11d5716c199e25c3b4a8eda9cb93290021

SHA256
e2a040d6c7131c1756c81f84895a9bc5e3cd755aa6203ae6015451f5ded0a8ed

SHA512
dd80f2edb62c4302cbbf1a5f1b196a1b114cc8607c3970368fbc753f3950ef455e6d4fffe5ae74c671dc0870f7b2e95a1e49a1ecd0a2677519609c280177a32b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-12900.exe

Filesize
184KB

MD5
2c58e3f63e768a4ed0ceef586aca969c

SHA1
58aa216dfc1f4dc54e8147a5e7379f996cd54c93

SHA256
69a5fcfb8139a191db4952783cc792c00f7c5920350e4cb09e5e74b2744f7b2f

SHA512
4251b707461ab0a0c9c4f4f77388cbaea2a8d886dd1501e616403b25cbb0069ac5c1c340b4084bf0b327d7b2d56e56fdc906e724e34ae5be7381ba69f2b1cd64

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-18188.exe

Filesize
184KB

MD5
71a113d86968c161de53f1e2f5f26724

SHA1
f2172104b16274a306d340c2400ea6bf61d608ab

SHA256
2f598c7173e440d398f10e406a28da8c897f053ecb70bbff716b12ee05fafd3e

SHA512
744e4b18c6c45406042039d108af86e1bddf60e800aba41b59ede97b97da6a613b4dc868580964cbf43a3b9b0f2c1fca69f3753aabec1e70866b3f93d86d3162

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-22355.exe

Filesize
184KB

MD5
2758298cc0f1e4c301bbb7af04708f1b

SHA1
a682bc649fb5fc728702ac130d88ae83d02f899a

SHA256
3be420392bf6141955640bcedd77cb2b37b1b87d494ba490d5d6985d93a7baf0

SHA512
a67a1c8f9a02830c230fa4e22b0d42c2767066aaadd30ed10c4c5311c110c0abfc8a5afc5e7d3b14ee121f7f1bbd2367b3c6e9f0a2a5c15bf028d8ce49046341

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3243.exe

Filesize
184KB

MD5
d63aca6ce8979e9b9ab65d482408a74b

SHA1
b96cd3a649aeebdf81f8889944c7251cb6569dcf

SHA256
7cba7436a4562f7a37151818d061f376c8caafc47b0cdc860bcd5e3839181b78

SHA512
8a1a80d9da4358dc3ebc0de935282aed259fe46a64942ec7b3433612fd9d603d204e7be67c7b259fd6819371537c5fdd07cb4a9381538cc52efe73705064c3ee

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-32771.exe

Filesize
184KB

MD5
823e67b3b8d29068dcd89a8bb04822b1

SHA1
b60e67f93f06bfe0679f8e0611bcbfda18367210

SHA256
fa7ad29a197b5ea32527db2b36d8ef6e9bf7df818eaa4b5dc86f0cda08003afd

SHA512
b78d7bb11788d6fe5a3cf689c6ff21aed5f767930a8ece9c72c37b4279539dd3c2496c47dbf4e6cf60c8da77dbcc7869f6eac5e91ac4cd0e875af5bb24025283

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-33970.exe

Filesize
184KB

MD5
f0fceaed5113f180b09261b518a79ce0

SHA1
9886213fdd8dc8a788d4032117b12a9c714ca757

SHA256
76dac2274a44e282d5fd627521d64e7eaa8de85e3dc5ab068d5e5427808d93d1

SHA512
806fbd285096f8edbfe2fbac7a814910e5e236cab77330e85ebf5cbfb8e8510e9609c8200a74017429d80892d5165b78466d011fe8916c70cc93fa2ea8cef9be

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-42221.exe

Filesize
184KB

MD5
ebffd52459213a7912a9a6c69baddfaa

SHA1
b872a3971667347ae5b4ef809682819c63cd0f09

SHA256
f9a66916eb0a50b2634afbb539e7d7f5f9a12fa37bdd0766e772cec08c51fffc

SHA512
3995e1df50144050f19265606ec0204d2f40fc530e9a98cb7bef972e2c48ec7d711ae8ca96a938f69d5470a1988764a04b7b2b3c862d193e81f704cd7cd9bfbc

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-47208.exe

Filesize
184KB

MD5
3c47b0b4caa38200fc0ae54de859f1c9

SHA1
f9213b4bd6f20b17c27ef903d5224d78874ff2cf

SHA256
86c576f5921d8f99b2c1f5ce9b5d7ddcd036ef7ecfd46cb100e97f106eb06c8d

SHA512
928f3c9d0bd4f9bf8d34b38ecdd3a3d0ef159b469d5d91ebd1f24bed4dd9d2958dbf10574cddaed5cf90e75ec6b88968f7a494e1a76b1e6c98c4ceddc79bcdaa

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-59408.exe

Filesize
184KB

MD5
9402e28e790024cfc208750d3c617160

SHA1
a7e96afa9d55fe5f4c6a0fdce1239cf5bd322536

SHA256
9a5f2f498ccee2bb8a4c05dbaa4044094d853b0cada1f581daa7d9e27835ca2c

SHA512
89926ae2bbd03e55e16bda7f01c72559642a1100cdf4476244b6dc944fd26b011013442b7ee6199233326c746e34e1a2c5d4c84f181caab092e7931abe1c1f49

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-59709.exe

Filesize
184KB

MD5
c2036ebb87542915565916e250951a79

SHA1
c897a42efab8d3222aa0fcbf3aec58dfb57361cc

SHA256
67905deaad4c4d65200f2dc88c8eeb1fd3e0e3f61c6e2f31ab82cbec19a77fe1

SHA512
44361c3c786911020392be92319ec7b1a6abbb65c1f2f439173386e862f6212084bdfd98fed44511729b4f6f20d09f1c72baa48fdb9dcae02f983205334a7aba

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-62153.exe

Filesize
184KB

MD5
6e15d44f50b580781e7156db756b8043

SHA1
655636e777ad93ea682e51a2d6ba24d7370641a4

SHA256
6391f5d32e68f649de031f3341ceea2a1ddf5c5606bcf729352b0ab3dc0618b2

SHA512
ee4ed70b31c39cb6cbb382b2a3ae51887624e59dd7b779d81e8fb336f89af0dd67fc775487e340992136eb6c9e33f9668d47679cb68d58f7c1ca6e7626dd958a

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads