c0f0c672fce3447c7858bf8a2c98f702dc06c1cd18212396107409d622b1c0d7

Analysis

max time kernel
150s
max time network
126s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
26/05/2024, 03:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5a16a1683c014264efd6d7a6d9cded40_NeikiAnalytics.exe
Size

184KB
MD5

5a16a1683c014264efd6d7a6d9cded40
SHA1

46e170a753fa49f228d4b7ba18796c7932a52693
SHA256

c0f0c672fce3447c7858bf8a2c98f702dc06c1cd18212396107409d622b1c0d7
SHA512

f47b316f1ea25984adb59f1d878bbfdff2a9a4a7b55a0f6c75def28aa1118dbc3364b4aef23ff335be47da454c3b57aee7f41eec4e18740545a732a1d92c64c9
SSDEEP

3072:psMnmUoT2dDhdkjYesu8OxpAIK0OfXJagvBfO5qe7bWhlnVOFVnT:psmoIvkjD8upAIf2FBhlnVOFV

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2884	Unicorn-27394.exe
2984	Unicorn-12562.exe
2964	Unicorn-7772.exe
2524	Unicorn-4275.exe
2388	Unicorn-65406.exe
2632	Unicorn-20804.exe
1200	Unicorn-55173.exe
1028	Unicorn-18971.exe
1008	Unicorn-61525.exe
2428	Unicorn-29538.exe
2684	Unicorn-26200.exe
832	Unicorn-14597.exe
2272	Unicorn-27596.exe
1488	Unicorn-63222.exe
2080	Unicorn-14706.exe
2220	Unicorn-10300.exe
524	Unicorn-47379.exe
2552	Unicorn-17011.exe
2200	Unicorn-30009.exe
1468	Unicorn-17917.exe
708	Unicorn-17917.exe
980	Unicorn-30915.exe
1828	Unicorn-1388.exe
1212	Unicorn-14387.exe
2256	Unicorn-33869.exe
1760	Unicorn-49556.exe
1900	Unicorn-20221.exe
2208	Unicorn-20029.exe
880	Unicorn-16691.exe
3004	Unicorn-1663.exe
2444	Unicorn-50672.exe
2852	Unicorn-51092.exe
2600	Unicorn-43900.exe
2416	Unicorn-23842.exe
2424	Unicorn-27372.exe
2312	Unicorn-26111.exe
2736	Unicorn-39986.exe
2340	Unicorn-62182.exe
764	Unicorn-65327.exe
2668	Unicorn-15935.exe
2588	Unicorn-48223.exe
1756	Unicorn-449.exe
948	Unicorn-33999.exe
2152	Unicorn-12872.exe
1668	Unicorn-63142.exe
1492	Unicorn-29400.exe
936	Unicorn-12680.exe
2720	Unicorn-49074.exe
2012	Unicorn-32546.exe
2276	Unicorn-61689.exe
2016	Unicorn-16018.exe
2888	Unicorn-65.exe
2952	Unicorn-49266.exe
3008	Unicorn-24814.exe
2848	Unicorn-4564.exe
2676	Unicorn-20132.exe
1624	Unicorn-25473.exe
1440	Unicorn-42302.exe
2140	Unicorn-22436.exe
1316	Unicorn-21175.exe
2116	Unicorn-7792.exe
1580	Unicorn-53272.exe
928	Unicorn-60200.exe
632	Unicorn-45831.exe

Loads dropped DLL 64 IoCs

pid	Process
2648	5a16a1683c014264efd6d7a6d9cded40_NeikiAnalytics.exe
2648	5a16a1683c014264efd6d7a6d9cded40_NeikiAnalytics.exe
2884	Unicorn-27394.exe
2648	5a16a1683c014264efd6d7a6d9cded40_NeikiAnalytics.exe
2884	Unicorn-27394.exe
2648	5a16a1683c014264efd6d7a6d9cded40_NeikiAnalytics.exe
2984	Unicorn-12562.exe
2984	Unicorn-12562.exe
2884	Unicorn-27394.exe
2884	Unicorn-27394.exe
2964	Unicorn-7772.exe
2964	Unicorn-7772.exe
2820	WerFault.exe
2820	WerFault.exe
2820	WerFault.exe
2820	WerFault.exe
2820	WerFault.exe
2524	Unicorn-4275.exe
2984	Unicorn-12562.exe
2524	Unicorn-4275.exe
2984	Unicorn-12562.exe
2388	Unicorn-65406.exe
2388	Unicorn-65406.exe
2632	Unicorn-20804.exe
2632	Unicorn-20804.exe
2964	Unicorn-7772.exe
2964	Unicorn-7772.exe
944	WerFault.exe
944	WerFault.exe
944	WerFault.exe
944	WerFault.exe
1676	WerFault.exe
1676	WerFault.exe
1676	WerFault.exe
1676	WerFault.exe
1676	WerFault.exe
944	WerFault.exe
1200	Unicorn-55173.exe
1200	Unicorn-55173.exe
2524	Unicorn-4275.exe
2524	Unicorn-4275.exe
1028	Unicorn-18971.exe
1028	Unicorn-18971.exe
1008	Unicorn-61525.exe
1008	Unicorn-61525.exe
2388	Unicorn-65406.exe
2388	Unicorn-65406.exe
2684	Unicorn-26200.exe
2684	Unicorn-26200.exe
2428	Unicorn-29538.exe
2428	Unicorn-29538.exe
2632	Unicorn-20804.exe
2632	Unicorn-20804.exe
2936	WerFault.exe
2936	WerFault.exe
2936	WerFault.exe
2936	WerFault.exe
2936	WerFault.exe
2120	WerFault.exe
2120	WerFault.exe
2120	WerFault.exe
2120	WerFault.exe
2944	WerFault.exe
2944	WerFault.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2520	2648	WerFault.exe	27
2820	2884	WerFault.exe	28
944	2984	WerFault.exe	29
1676	2964	WerFault.exe	30
2936	2524	WerFault.exe	32
2120	2388	WerFault.exe	33
2944	2632	WerFault.exe	34
2612	1200	WerFault.exe	36
2100	1028	WerFault.exe	37
2624	1008	WerFault.exe	38
2460	2684	WerFault.exe	40
2372	2428	WerFault.exe	39
900	2272	WerFault.exe	44
3024	1488	WerFault.exe	45
2204	2220	WerFault.exe	47
1720	524	WerFault.exe	48
2180	832	WerFault.exe	43
2748	2200	WerFault.exe	50
2856	2552	WerFault.exe	49
2688	2080	WerFault.exe	46
2528	764	WerFault.exe	80
2540	1756	WerFault.exe	83
2988	1468	WerFault.exe	55
1412	980	WerFault.exe	56
2248	1212	WerFault.exe	58
3036	1760	WerFault.exe	61
2500	2208	WerFault.exe	63
2172	1828	WerFault.exe	57
1272	3004	WerFault.exe	66
1768	2588	WerFault.exe	82
1388	2312	WerFault.exe	78
2464	880	WerFault.exe	64
1476	2852	WerFault.exe	68
1084	2276	WerFault.exe	92
776	1668	WerFault.exe	86
1288	2444	WerFault.exe	67
2004	2340	WerFault.exe	79
3164	2424	WerFault.exe	76
3188	2256	WerFault.exe	60
3216	1492	WerFault.exe	87
3264	2016	WerFault.exe	91
3556	2848	WerFault.exe	103
3696	1900	WerFault.exe	62
3704	2720	WerFault.exe	90
4072	3008	WerFault.exe	102
3240	948	WerFault.exe	84
3252	928	WerFault.exe	114
3304	708	WerFault.exe	54
3344	2152	WerFault.exe	85
3396	2888	WerFault.exe	93
3424	2012	WerFault.exe	89
3460	936	WerFault.exe	88
3468	2952	WerFault.exe	94
3544	2416	WerFault.exe	75
3828	2600	WerFault.exe	74
3904	2668	WerFault.exe	81
3924	1580	WerFault.exe	113
3932	2140	WerFault.exe	109
3812	1316	WerFault.exe	110
3836	2244	WerFault.exe	116
3900	2736	WerFault.exe	77
4052	2308	WerFault.exe	124
4084	2116	WerFault.exe	111
3148	1652	WerFault.exe	152

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2648	5a16a1683c014264efd6d7a6d9cded40_NeikiAnalytics.exe
2884	Unicorn-27394.exe
2984	Unicorn-12562.exe
2964	Unicorn-7772.exe
2524	Unicorn-4275.exe
2388	Unicorn-65406.exe
2632	Unicorn-20804.exe
1200	Unicorn-55173.exe
1028	Unicorn-18971.exe
2428	Unicorn-29538.exe
1008	Unicorn-61525.exe
2684	Unicorn-26200.exe
832	Unicorn-14597.exe
2272	Unicorn-27596.exe
1488	Unicorn-63222.exe
2080	Unicorn-14706.exe
2220	Unicorn-10300.exe
524	Unicorn-47379.exe
2552	Unicorn-17011.exe
2200	Unicorn-30009.exe
708	Unicorn-17917.exe
980	Unicorn-30915.exe
1468	Unicorn-17917.exe
1828	Unicorn-1388.exe
1212	Unicorn-14387.exe
2256	Unicorn-33869.exe
2208	Unicorn-20029.exe
1760	Unicorn-49556.exe
880	Unicorn-16691.exe
1900	Unicorn-20221.exe
3004	Unicorn-1663.exe
2444	Unicorn-50672.exe
2852	Unicorn-51092.exe
2600	Unicorn-43900.exe
2312	Unicorn-26111.exe
2416	Unicorn-23842.exe
2424	Unicorn-27372.exe
2736	Unicorn-39986.exe
2340	Unicorn-62182.exe
764	Unicorn-65327.exe
2668	Unicorn-15935.exe
2588	Unicorn-48223.exe
1756	Unicorn-449.exe
948	Unicorn-33999.exe
1668	Unicorn-63142.exe
2152	Unicorn-12872.exe
936	Unicorn-12680.exe
1492	Unicorn-29400.exe
2012	Unicorn-32546.exe
2276	Unicorn-61689.exe
2016	Unicorn-16018.exe
2888	Unicorn-65.exe
2952	Unicorn-49266.exe
2720	Unicorn-49074.exe
3008	Unicorn-24814.exe
2848	Unicorn-4564.exe
2676	Unicorn-20132.exe
1624	Unicorn-25473.exe
1440	Unicorn-42302.exe
2140	Unicorn-22436.exe
1316	Unicorn-21175.exe
2116	Unicorn-7792.exe
1580	Unicorn-53272.exe
928	Unicorn-60200.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2648 wrote to memory of 2884	2648	5a16a1683c014264efd6d7a6d9cded40_NeikiAnalytics.exe	28
PID 2648 wrote to memory of 2884	2648	5a16a1683c014264efd6d7a6d9cded40_NeikiAnalytics.exe	28
PID 2648 wrote to memory of 2884	2648	5a16a1683c014264efd6d7a6d9cded40_NeikiAnalytics.exe	28
PID 2648 wrote to memory of 2884	2648	5a16a1683c014264efd6d7a6d9cded40_NeikiAnalytics.exe	28
PID 2884 wrote to memory of 2984	2884	Unicorn-27394.exe	29
PID 2884 wrote to memory of 2984	2884	Unicorn-27394.exe	29
PID 2884 wrote to memory of 2984	2884	Unicorn-27394.exe	29
PID 2884 wrote to memory of 2984	2884	Unicorn-27394.exe	29
PID 2648 wrote to memory of 2964	2648	5a16a1683c014264efd6d7a6d9cded40_NeikiAnalytics.exe	30
PID 2648 wrote to memory of 2964	2648	5a16a1683c014264efd6d7a6d9cded40_NeikiAnalytics.exe	30
PID 2648 wrote to memory of 2964	2648	5a16a1683c014264efd6d7a6d9cded40_NeikiAnalytics.exe	30
PID 2648 wrote to memory of 2964	2648	5a16a1683c014264efd6d7a6d9cded40_NeikiAnalytics.exe	30
PID 2648 wrote to memory of 2520	2648	5a16a1683c014264efd6d7a6d9cded40_NeikiAnalytics.exe	31
PID 2648 wrote to memory of 2520	2648	5a16a1683c014264efd6d7a6d9cded40_NeikiAnalytics.exe	31
PID 2648 wrote to memory of 2520	2648	5a16a1683c014264efd6d7a6d9cded40_NeikiAnalytics.exe	31
PID 2648 wrote to memory of 2520	2648	5a16a1683c014264efd6d7a6d9cded40_NeikiAnalytics.exe	31
PID 2984 wrote to memory of 2524	2984	Unicorn-12562.exe	32
PID 2984 wrote to memory of 2524	2984	Unicorn-12562.exe	32
PID 2984 wrote to memory of 2524	2984	Unicorn-12562.exe	32
PID 2984 wrote to memory of 2524	2984	Unicorn-12562.exe	32
PID 2884 wrote to memory of 2388	2884	Unicorn-27394.exe	33
PID 2884 wrote to memory of 2388	2884	Unicorn-27394.exe	33
PID 2884 wrote to memory of 2388	2884	Unicorn-27394.exe	33
PID 2884 wrote to memory of 2388	2884	Unicorn-27394.exe	33
PID 2964 wrote to memory of 2632	2964	Unicorn-7772.exe	34
PID 2964 wrote to memory of 2632	2964	Unicorn-7772.exe	34
PID 2964 wrote to memory of 2632	2964	Unicorn-7772.exe	34
PID 2964 wrote to memory of 2632	2964	Unicorn-7772.exe	34
PID 2884 wrote to memory of 2820	2884	Unicorn-27394.exe	35
PID 2884 wrote to memory of 2820	2884	Unicorn-27394.exe	35
PID 2884 wrote to memory of 2820	2884	Unicorn-27394.exe	35
PID 2884 wrote to memory of 2820	2884	Unicorn-27394.exe	35
PID 2524 wrote to memory of 1200	2524	Unicorn-4275.exe	36
PID 2524 wrote to memory of 1200	2524	Unicorn-4275.exe	36
PID 2524 wrote to memory of 1200	2524	Unicorn-4275.exe	36
PID 2524 wrote to memory of 1200	2524	Unicorn-4275.exe	36
PID 2984 wrote to memory of 1028	2984	Unicorn-12562.exe	37
PID 2984 wrote to memory of 1028	2984	Unicorn-12562.exe	37
PID 2984 wrote to memory of 1028	2984	Unicorn-12562.exe	37
PID 2984 wrote to memory of 1028	2984	Unicorn-12562.exe	37
PID 2388 wrote to memory of 1008	2388	Unicorn-65406.exe	38
PID 2388 wrote to memory of 1008	2388	Unicorn-65406.exe	38
PID 2388 wrote to memory of 1008	2388	Unicorn-65406.exe	38
PID 2388 wrote to memory of 1008	2388	Unicorn-65406.exe	38
PID 2632 wrote to memory of 2428	2632	Unicorn-20804.exe	39
PID 2632 wrote to memory of 2428	2632	Unicorn-20804.exe	39
PID 2632 wrote to memory of 2428	2632	Unicorn-20804.exe	39
PID 2632 wrote to memory of 2428	2632	Unicorn-20804.exe	39
PID 2964 wrote to memory of 2684	2964	Unicorn-7772.exe	40
PID 2964 wrote to memory of 2684	2964	Unicorn-7772.exe	40
PID 2964 wrote to memory of 2684	2964	Unicorn-7772.exe	40
PID 2964 wrote to memory of 2684	2964	Unicorn-7772.exe	40
PID 2984 wrote to memory of 944	2984	Unicorn-12562.exe	41
PID 2984 wrote to memory of 944	2984	Unicorn-12562.exe	41
PID 2984 wrote to memory of 944	2984	Unicorn-12562.exe	41
PID 2984 wrote to memory of 944	2984	Unicorn-12562.exe	41
PID 2964 wrote to memory of 1676	2964	Unicorn-7772.exe	42
PID 2964 wrote to memory of 1676	2964	Unicorn-7772.exe	42
PID 2964 wrote to memory of 1676	2964	Unicorn-7772.exe	42
PID 2964 wrote to memory of 1676	2964	Unicorn-7772.exe	42
PID 1200 wrote to memory of 832	1200	Unicorn-55173.exe	43
PID 1200 wrote to memory of 832	1200	Unicorn-55173.exe	43
PID 1200 wrote to memory of 832	1200	Unicorn-55173.exe	43
PID 1200 wrote to memory of 832	1200	Unicorn-55173.exe	43

C:\Users\Admin\AppData\Local\Temp\5a16a1683c014264efd6d7a6d9cded40_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\5a16a1683c014264efd6d7a6d9cded40_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2648
- C:\Users\Admin\AppData\Local\Temp\Unicorn-27394.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-27394.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2884
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12562.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12562.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4275.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4275.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55173.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14597.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17917.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43900.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24814.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39168.exe
        10⤵
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22192.exe
        11⤵
        
        PID:3604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37245.exe
        12⤵
        
        PID:5140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19279.exe
        13⤵
        
        PID:6704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8147.exe
        14⤵
        
        PID:9000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6704 -s 236
        14⤵
        
        PID:8348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5140 -s 216
        13⤵
        
        PID:7688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3604 -s 236
        12⤵
        
        PID:5668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1616 -s 236
        11⤵
        
        PID:4776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3008 -s 236
        10⤵
        Program crash
        
        PID:4072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1814.exe
        9⤵
        
        PID:1216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52799.exe
        10⤵
        
        PID:3500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21313.exe
        11⤵
        
        PID:5136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10304.exe
        12⤵
        
        PID:7972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36239.exe
        13⤵
        
        PID:4704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7972 -s 236
        13⤵
        
        PID:4540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5136 -s 216
        12⤵
        
        PID:7820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3500 -s 216
        11⤵
        
        PID:7044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1216 -s 216
        10⤵
        
        PID:4140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2600 -s 240
        9⤵
        Program crash
        
        PID:3828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4564.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37933.exe
        9⤵
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32119.exe
        10⤵
        
        PID:4036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5978.exe
        11⤵
        
        PID:4760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25355.exe
        12⤵
        
        PID:6892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37485.exe
        13⤵
        
        PID:7296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36090.exe
        14⤵
        
        PID:7160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6892 -s 236
        13⤵
        
        PID:8252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4760 -s 236
        12⤵
        
        PID:7372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4036 -s 216
        11⤵
        
        PID:5340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2656 -s 236
        10⤵
        
        PID:4496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2848 -s 236
        9⤵
        Program crash
        
        PID:3556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1468 -s 240
        8⤵
        Program crash
        
        PID:2988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23842.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32458.exe
        8⤵
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45871.exe
        9⤵
        
        PID:4024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64287.exe
        10⤵
        
        PID:5648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1414.exe
        11⤵
        
        PID:7492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36508.exe
        12⤵
        
        PID:4680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7492 -s 216
        12⤵
        
        PID:3656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5648 -s 216
        11⤵
        
        PID:7304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4024 -s 236
        10⤵
        
        PID:6528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1628 -s 216
        9⤵
        
        PID:4720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2416 -s 216
        8⤵
        Program crash
        
        PID:3544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 832 -s 220
        7⤵
        Program crash
        
        PID:2180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30915.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65327.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 764 -s 240
        8⤵
        Program crash
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20132.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5810.exe
        8⤵
        
        PID:976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42539.exe
        9⤵
        
        PID:3384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63321.exe
        10⤵
        
        PID:4832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35692.exe
        11⤵
        
        PID:6208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7396.exe
        12⤵
        
        PID:7180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21375.exe
        13⤵
        
        PID:5528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6208 -s 216
        12⤵
        
        PID:8568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4832 -s 216
        11⤵
        
        PID:6936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3384 -s 216
        10⤵
        
        PID:5628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 976 -s 216
        9⤵
        
        PID:3760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37748.exe
        8⤵
        
        PID:3488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56982.exe
        9⤵
        
        PID:4744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2635.exe
        10⤵
        
        PID:6236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10001.exe
        11⤵
        
        PID:7356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37109.exe
        12⤵
        
        PID:5364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6236 -s 216
        11⤵
        
        PID:8612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4744 -s 216
        10⤵
        
        PID:7012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3488 -s 236
        9⤵
        
        PID:5520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2676 -s 240
        8⤵
        
        PID:4164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 980 -s 240
        7⤵
        Program crash
        
        PID:1412
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1200 -s 240
        6⤵
        Program crash
        
        PID:2612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27596.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17917.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27372.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15353.exe
        8⤵
        
        PID:836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9290.exe
        9⤵
        
        PID:3568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17818.exe
        10⤵
        
        PID:4524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43014.exe
        11⤵
        
        PID:5680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36229.exe
        12⤵
        
        PID:8148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34182.exe
        13⤵
        
        PID:5884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8148 -s 236
        13⤵
        
        PID:9296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5680 -s 216
        12⤵
        
        PID:8544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4524 -s 216
        11⤵
        
        PID:6556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3568 -s 236
        10⤵
        
        PID:5220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 836 -s 216
        9⤵
        
        PID:4044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2424 -s 236
        8⤵
        Program crash
        
        PID:3164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11824.exe
        7⤵
        
        PID:1544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25155.exe
        8⤵
        
        PID:3728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19456.exe
        9⤵
        
        PID:5172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19554.exe
        10⤵
        
        PID:6812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24074.exe
        11⤵
        
        PID:9108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6812 -s 216
        11⤵
        
        PID:8384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5172 -s 216
        10⤵
        
        PID:7756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3728 -s 236
        9⤵
        
        PID:5660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1544 -s 216
        8⤵
        
        PID:4856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 708 -s 240
        7⤵
        Program crash
        
        PID:3304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39986.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15655.exe
        7⤵
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1358.exe
        8⤵
        
        PID:592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45233.exe
        9⤵
        
        PID:4124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51981.exe
        10⤵
        
        PID:5924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9090.exe
        11⤵
        
        PID:7500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2422.exe
        12⤵
        
        PID:6100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5924 -s 236
        11⤵
        
        PID:8376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4124 -s 236
        10⤵
        
        PID:6404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 592 -s 216
        9⤵
        
        PID:4144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2244 -s 216
        8⤵
        Program crash
        
        PID:3836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15592.exe
        7⤵
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1782.exe
        8⤵
        
        PID:4364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22957.exe
        9⤵
        
        PID:5160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14168.exe
        10⤵
        
        PID:7588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59402.exe
        11⤵
        
        PID:5792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7588 -s 216
        11⤵
        
        PID:6160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5160 -s 236
        10⤵
        
        PID:8440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4364 -s 216
        9⤵
        
        PID:6472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2296 -s 236
        8⤵
        
        PID:4624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2736 -s 240
        7⤵
        Program crash
        
        PID:3900
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2272 -s 240
        6⤵
        Program crash
        
        PID:900
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2524 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:2936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18971.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18971.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63222.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1388.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26111.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42302.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27238.exe
        9⤵
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59067.exe
        10⤵
        
        PID:3404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18394.exe
        11⤵
        
        PID:4464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11327.exe
        12⤵
        
        PID:5548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65014.exe
        13⤵
        
        PID:7828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46019.exe
        14⤵
        
        PID:5612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7828 -s 216
        14⤵
        
        PID:9248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5548 -s 216
        13⤵
        
        PID:8484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4464 -s 216
        12⤵
        
        PID:6496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3404 -s 216
        11⤵
        
        PID:5200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1652 -s 236
        10⤵
        Program crash
        
        PID:3148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4692.exe
        9⤵
        
        PID:3508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49647.exe
        10⤵
        
        PID:4380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40757.exe
        11⤵
        
        PID:6628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34439.exe
        12⤵
        
        PID:7652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10406.exe
        12⤵
        
        PID:8336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6628 -s 212
        12⤵
        
        PID:3724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4380 -s 216
        11⤵
        
        PID:6944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3508 -s 216
        10⤵
        
        PID:5908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1440 -s 220
        9⤵
        
        PID:4156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39058.exe
        8⤵
        
        PID:2040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10333.exe
        9⤵
        
        PID:3672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4385.exe
        10⤵
        
        PID:4816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24888.exe
        11⤵
        
        PID:6768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14656.exe
        12⤵
        
        PID:7940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64296.exe
        13⤵
        
        PID:2812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6768 -s 216
        12⤵
        
        PID:8980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4816 -s 216
        11⤵
        
        PID:7244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3672 -s 216
        10⤵
        
        PID:6060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2040 -s 236
        9⤵
        
        PID:4240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2312 -s 240
        8⤵
        Program crash
        
        PID:1388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21175.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-481.exe
        8⤵
        
        PID:2960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2960 -s 240
        9⤵
        
        PID:4388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1316 -s 236
        8⤵
        Program crash
        
        PID:3812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1828 -s 240
        7⤵
        Program crash
        
        PID:2172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62182.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29962.exe
        7⤵
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37269.exe
        8⤵
        
        PID:3100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64172.exe
        9⤵
        
        PID:4904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3294.exe
        10⤵
        
        PID:6328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10001.exe
        11⤵
        
        PID:964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42812.exe
        12⤵
        
        PID:5488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6328 -s 216
        11⤵
        
        PID:8628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4904 -s 216
        10⤵
        
        PID:6412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3100 -s 216
        9⤵
        
        PID:5688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2308 -s 216
        8⤵
        Program crash
        
        PID:4052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2340 -s 236
        7⤵
        Program crash
        
        PID:2004
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1488 -s 240
        6⤵
        Program crash
        
        PID:3024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14387.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15935.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25473.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54134.exe
        8⤵
        
        PID:3060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56379.exe
        9⤵
        
        PID:3352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47727.exe
        10⤵
        
        PID:5084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17877.exe
        11⤵
        
        PID:6568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19428.exe
        12⤵
        
        PID:8156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7899.exe
        13⤵
        
        PID:5360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8156 -s 236
        13⤵
        
        PID:5108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6568 -s 216
        12⤵
        
        PID:8200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5084 -s 216
        11⤵
        
        PID:6908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3352 -s 216
        10⤵
        
        PID:5796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3060 -s 236
        9⤵
        
        PID:3612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22481.exe
        8⤵
        
        PID:3444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21682.exe
        9⤵
        
        PID:4684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10004.exe
        10⤵
        
        PID:6684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29457.exe
        11⤵
        
        PID:7640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34577.exe
        12⤵
        
        PID:7056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6684 -s 236
        11⤵
        
        PID:8920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4684 -s 216
        10⤵
        
        PID:6720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3444 -s 236
        9⤵
        
        PID:5996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1624 -s 240
        8⤵
        
        PID:3868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50413.exe
        7⤵
        
        PID:2376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19717.exe
        8⤵
        
        PID:3756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16457.exe
        9⤵
        
        PID:5540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50558.exe
        10⤵
        
        PID:7348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7348 -s 220
        11⤵
        
        PID:4656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5540 -s 236
        10⤵
        
        PID:8056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3756 -s 236
        9⤵
        
        PID:6276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2376 -s 216
        8⤵
        
        PID:4460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2668 -s 240
        7⤵
        Program crash
        
        PID:3904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22436.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55395.exe
        7⤵
        
        PID:1108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43230.exe
        8⤵
        
        PID:3576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30759.exe
        9⤵
        
        PID:5624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35437.exe
        10⤵
        
        PID:7172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29672.exe
        11⤵
        
        PID:5304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7172 -s 236
        11⤵
        
        PID:6032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5624 -s 236
        10⤵
        
        PID:2744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3576 -s 236
        9⤵
        
        PID:6252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1108 -s 216
        8⤵
        
        PID:4636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2140 -s 236
        7⤵
        Program crash
        
        PID:3932
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1212 -s 240
        6⤵
        Program crash
        
        PID:2248
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1028 -s 240
        5⤵
        Program crash
        
        PID:2100
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2984 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:944
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65406.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65406.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61525.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61525.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14706.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33869.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15270.exe
        8⤵
        
        PID:1172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29670.exe
        9⤵
        
        PID:3624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58288.exe
        10⤵
        
        PID:5252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5905.exe
        11⤵
        
        PID:6956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23306.exe
        12⤵
        
        PID:9140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6956 -s 216
        12⤵
        
        PID:4280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5252 -s 236
        11⤵
        
        PID:7788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3624 -s 216
        10⤵
        
        PID:5132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1172 -s 236
        9⤵
        
        PID:4936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2888 -s 236
        8⤵
        Program crash
        
        PID:3396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10864.exe
        7⤵
        
        PID:1960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30692.exe
        8⤵
        
        PID:4000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37058.exe
        9⤵
        
        PID:4912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25765.exe
        10⤵
        
        PID:6732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3987.exe
        11⤵
        
        PID:7324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56445.exe
        12⤵
        
        PID:6216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6732 -s 216
        11⤵
        
        PID:9128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4912 -s 216
        10⤵
        
        PID:7204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4000 -s 216
        9⤵
        
        PID:6088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1960 -s 216
        8⤵
        
        PID:4488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2256 -s 240
        7⤵
        Program crash
        
        PID:3188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29400.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4300.exe
        7⤵
        
        PID:2216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25819.exe
        8⤵
        
        PID:3476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14286.exe
        9⤵
        
        PID:3628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52303.exe
        10⤵
        
        PID:6300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12679.exe
        11⤵
        
        PID:8140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27483.exe
        12⤵
        
        PID:6200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6300 -s 216
        11⤵
        
        PID:8756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3628 -s 216
        10⤵
        
        PID:7148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3476 -s 216
        9⤵
        
        PID:5840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2216 -s 236
        8⤵
        
        PID:4112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1492 -s 236
        7⤵
        Program crash
        
        PID:3216
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2080 -s 240
        6⤵
        Program crash
        
        PID:2688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49556.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48223.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7792.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3527.exe
        8⤵
        
        PID:3132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63513.exe
        9⤵
        
        PID:4796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49340.exe
        10⤵
        
        PID:5764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49879.exe
        11⤵
        
        PID:8072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61794.exe
        12⤵
        
        PID:4136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8072 -s 216
        12⤵
        
        PID:7136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5764 -s 216
        11⤵
        
        PID:7336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4796 -s 216
        10⤵
        
        PID:6748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3132 -s 216
        9⤵
        
        PID:5616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2116 -s 236
        8⤵
        Program crash
        
        PID:4084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2588 -s 236
        7⤵
        Program crash
        
        PID:1768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53272.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55587.exe
        7⤵
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10365.exe
        8⤵
        
        PID:3712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13955.exe
        9⤵
        
        PID:5504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20004.exe
        10⤵
        
        PID:8128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10154.exe
        11⤵
        
        PID:8236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8128 -s 216
        11⤵
        
        PID:7132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5504 -s 216
        10⤵
        
        PID:2108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3712 -s 236
        9⤵
        
        PID:6224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1540 -s 216
        8⤵
        
        PID:5064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1580 -s 236
        7⤵
        Program crash
        
        PID:3924
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1760 -s 240
        6⤵
        Program crash
        
        PID:3036
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1008 -s 240
        5⤵
        Program crash
        
        PID:2624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10300.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10300.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20221.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33999.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65130.exe
        7⤵
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6130.exe
        8⤵
        
        PID:3664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41184.exe
        9⤵
        
        PID:5324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52418.exe
        10⤵
        
        PID:6884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45802.exe
        11⤵
        
        PID:9180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6884 -s 220
        11⤵
        
        PID:8652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5324 -s 216
        10⤵
        
        PID:7764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3664 -s 236
        9⤵
        
        PID:5536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2968 -s 216
        8⤵
        
        PID:4784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 948 -s 236
        7⤵
        Program crash
        
        PID:3240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61409.exe
        6⤵
        
        PID:2364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14822.exe
        7⤵
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45003.exe
        8⤵
        
        PID:4948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31982.exe
        9⤵
        
        PID:6984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5715.exe
        10⤵
        
        PID:7652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62890.exe
        11⤵
        
        PID:6228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6984 -s 216
        10⤵
        
        PID:9208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4948 -s 236
        9⤵
        
        PID:7456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2024 -s 216
        8⤵
        
        PID:5392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2364 -s 216
        7⤵
        
        PID:4576
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1900 -s 240
        6⤵
        Program crash
        
        PID:3696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63142.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30346.exe
        6⤵
        
        PID:2192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31844.exe
        7⤵
        
        PID:3872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16783.exe
        8⤵
        
        PID:4336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35474.exe
        9⤵
        
        PID:6540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14656.exe
        10⤵
        
        PID:8164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19777.exe
        11⤵
        
        PID:8296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6540 -s 216
        10⤵
        
        PID:8972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4336 -s 216
        9⤵
        
        PID:6824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3872 -s 216
        8⤵
        
        PID:5892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2192 -s 216
        7⤵
        
        PID:4416
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1668 -s 236
        6⤵
        Program crash
        
        PID:776
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2220 -s 240
        5⤵
        Program crash
        
        PID:2204
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2388 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:2120
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2884 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2820
- C:\Users\Admin\AppData\Local\Temp\Unicorn-7772.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-7772.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2964
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20804.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20804.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29538.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29538.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17011.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50672.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32546.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47943.exe
        8⤵
        
        PID:696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19250.exe
        9⤵
        
        PID:3300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25424.exe
        10⤵
        
        PID:5280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36850.exe
        11⤵
        
        PID:6760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23005.exe
        12⤵
        
        PID:9080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6760 -s 216
        12⤵
        
        PID:5056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5280 -s 216
        11⤵
        
        PID:7712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3300 -s 216
        10⤵
        
        PID:2756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 696 -s 216
        9⤵
        
        PID:5116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2012 -s 236
        8⤵
        Program crash
        
        PID:3424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59489.exe
        7⤵
        
        PID:1336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15507.exe
        8⤵
        
        PID:3892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40213.exe
        9⤵
        
        PID:5012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24312.exe
        10⤵
        
        PID:6832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5497.exe
        11⤵
        
        PID:8256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22828.exe
        12⤵
        
        PID:5940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6832 -s 216
        11⤵
        
        PID:8480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5012 -s 216
        10⤵
        
        PID:7220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3892 -s 236
        9⤵
        
        PID:5228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1336 -s 236
        8⤵
        
        PID:4424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2444 -s 240
        7⤵
        Program crash
        
        PID:1288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61689.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45831.exe
        7⤵
        Executes dropped EXE
        
        PID:632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58649.exe
        8⤵
        
        PID:1704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7562.exe
        9⤵
        
        PID:3292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47727.exe
        10⤵
        
        PID:5076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35583.exe
        11⤵
        
        PID:6360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29208.exe
        12⤵
        
        PID:7984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31266.exe
        13⤵
        
        PID:6012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6360 -s 216
        12⤵
        
        PID:8748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5076 -s 216
        11⤵
        
        PID:6396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3292 -s 216
        10⤵
        
        PID:5804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1704 -s 236
        9⤵
        
        PID:3888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3649.exe
        8⤵
        
        PID:3324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38210.exe
        9⤵
        
        PID:4604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50274.exe
        10⤵
        
        PID:6420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47080.exe
        11⤵
        
        PID:7400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46616.exe
        12⤵
        
        PID:1980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6420 -s 216
        11⤵
        
        PID:8900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4604 -s 216
        10⤵
        
        PID:6460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3324 -s 216
        9⤵
        
        PID:5952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 632 -s 240
        8⤵
        
        PID:4048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39442.exe
        7⤵
        
        PID:472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24174.exe
        8⤵
        
        PID:3596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47068.exe
        9⤵
        
        PID:4952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35007.exe
        10⤵
        
        PID:6428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9425.exe
        11⤵
        
        PID:7504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12324.exe
        12⤵
        
        PID:6192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6428 -s 216
        11⤵
        
        PID:8636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4952 -s 216
        10⤵
        
        PID:6548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3596 -s 216
        9⤵
        
        PID:5740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 472 -s 236
        8⤵
        
        PID:4172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2276 -s 240
        7⤵
        Program crash
        
        PID:1084
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2552 -s 240
        6⤵
        Program crash
        
        PID:2856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51092.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49074.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35821.exe
        7⤵
        
        PID:1160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34039.exe
        8⤵
        
        PID:3140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57016.exe
        9⤵
        
        PID:4612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40840.exe
        10⤵
        
        PID:6800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61688.exe
        11⤵
        
        PID:8176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46232.exe
        12⤵
        
        PID:5464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6800 -s 220
        11⤵
        
        PID:8864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4612 -s 216
        10⤵
        
        PID:7212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3140 -s 216
        9⤵
        
        PID:5320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1160 -s 216
        8⤵
        
        PID:4584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2720 -s 216
        7⤵
        Program crash
        
        PID:3704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51508.exe
        6⤵
        
        PID:2408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43857.exe
        7⤵
        
        PID:3804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51533.exe
        8⤵
        
        PID:4596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58966.exe
        9⤵
        
        PID:5992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35222.exe
        10⤵
        
        PID:7912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51732.exe
        11⤵
        
        PID:5704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7912 -s 216
        11⤵
        
        PID:7108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5992 -s 216
        10⤵
        
        PID:8492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4596 -s 216
        9⤵
        
        PID:6592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3804 -s 236
        8⤵
        
        PID:5348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2408 -s 216
        7⤵
        
        PID:3788
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2852 -s 240
        6⤵
        Program crash
        
        PID:1476
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2428 -s 240
        5⤵
        Program crash
        
        PID:2372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30009.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30009.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1663.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49266.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63703.exe
        7⤵
        
        PID:1140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2913.exe
        8⤵
        
        PID:3176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22648.exe
        9⤵
        
        PID:5972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62328.exe
        10⤵
        
        PID:7864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38294.exe
        11⤵
        
        PID:4224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7864 -s 236
        11⤵
        
        PID:5156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5972 -s 216
        10⤵
        
        PID:7992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3176 -s 236
        9⤵
        
        PID:6948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1140 -s 216
        8⤵
        
        PID:4984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2952 -s 236
        7⤵
        Program crash
        
        PID:3468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10096.exe
        6⤵
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57339.exe
        7⤵
        
        PID:3232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30156.exe
        8⤵
        
        PID:4992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1649.exe
        9⤵
        
        PID:6388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10001.exe
        10⤵
        
        PID:7360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62210.exe
        11⤵
        
        PID:5208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6388 -s 216
        10⤵
        
        PID:8620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4992 -s 216
        9⤵
        
        PID:6584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3232 -s 216
        8⤵
        
        PID:5756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2508 -s 236
        7⤵
        
        PID:3768
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3004 -s 240
        6⤵
        Program crash
        
        PID:1272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12680.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47751.exe
        6⤵
        
        PID:1096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61439.exe
        7⤵
        
        PID:4068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33260.exe
        8⤵
        
        PID:5592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57361.exe
        9⤵
        
        PID:1832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62688.exe
        10⤵
        
        PID:8392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1832 -s 236
        10⤵
        
        PID:4544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5592 -s 216
        9⤵
        
        PID:8016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4068 -s 216
        8⤵
        
        PID:6500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1096 -s 236
        7⤵
        
        PID:4852
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 936 -s 216
        6⤵
        Program crash
        
        PID:3460
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2200 -s 240
        5⤵
        Program crash
        
        PID:2748
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2632 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:2944
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26200.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26200.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47379.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47379.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20029.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-449.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1756 -s 240
        7⤵
        Program crash
        
        PID:2540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60200.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22915.exe
        7⤵
        
        PID:1080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-235.exe
        8⤵
        
        PID:3692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25315.exe
        9⤵
        
        PID:5424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35890.exe
        10⤵
        
        PID:6924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24074.exe
        11⤵
        
        PID:9116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6924 -s 216
        11⤵
        
        PID:5096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5424 -s 216
        10⤵
        
        PID:7796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3692 -s 216
        9⤵
        
        PID:5988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1080 -s 216
        8⤵
        
        PID:4404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 928 -s 236
        7⤵
        Program crash
        
        PID:3252
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2208 -s 240
        6⤵
        Program crash
        
        PID:2500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12872.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15738.exe
        6⤵
        
        PID:1224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55990.exe
        7⤵
        
        PID:3780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28003.exe
        8⤵
        
        PID:5452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4617.exe
        9⤵
        
        PID:5716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9282.exe
        10⤵
        
        PID:7432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51815.exe
        11⤵
        
        PID:6016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7432 -s 216
        11⤵
        
        PID:6352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5716 -s 216
        10⤵
        
        PID:8368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5452 -s 216
        9⤵
        
        PID:6368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3780 -s 216
        8⤵
        
        PID:5432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1224 -s 216
        7⤵
        
        PID:4888
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2152 -s 236
        6⤵
        Program crash
        
        PID:3344
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 524 -s 240
        5⤵
        Program crash
        
        PID:1720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16691.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16691.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16018.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36397.exe
        6⤵
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10525.exe
        7⤵
        
        PID:3640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16591.exe
        8⤵
        
        PID:4480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7892.exe
        9⤵
        
        PID:6600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21310.exe
        10⤵
        
        PID:7532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63554.exe
        11⤵
        
        PID:6848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6600 -s 216
        10⤵
        
        PID:9052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4480 -s 216
        9⤵
        
        PID:6992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3640 -s 216
        8⤵
        
        PID:5900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2000 -s 236
        7⤵
        
        PID:4232
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2016 -s 236
        6⤵
        Program crash
        
        PID:3264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3.exe
        5⤵
        
        PID:1700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27521.exe
        6⤵
        
        PID:3796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-830.exe
        7⤵
        
        PID:4180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7892.exe
        8⤵
        
        PID:6608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12378.exe
        9⤵
        
        PID:7600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46066.exe
        10⤵
        
        PID:6076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6608 -s 216
        9⤵
        
        PID:8732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4180 -s 216
        8⤵
        
        PID:6920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3796 -s 216
        7⤵
        
        PID:5852
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1700 -s 236
        6⤵
        
        PID:4316
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 880 -s 240
        5⤵
        Program crash
        
        PID:2464
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2684 -s 240
      4⤵
      Program crash
      PID:2460
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2964 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:1676
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2648 -s 240
  2⤵
  - Program crash
  PID:2520

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-12562.exe

Filesize
184KB

MD5
b404948b9b5d945dadea2a61e64cd055

SHA1
fbc4d3dc50eefa4d3c7abe3d8aa47e1157338477

SHA256
41e2f8517ccb88b1081fded01e0a075743e07ed6f47be1c40d2c0c246bc1a10a

SHA512
64d13971cd6e53d69ffc5dfeb2be45f8c2e2bee841202450cd99ea2f9b2256b99da9697cf11004aad058199260ef1bca1a34c3b347d9f04bff49a70918db82b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14597.exe

Filesize
184KB

MD5
5f7c77e51d6890e30155c24dc5fac9a8

SHA1
aff0e8c4b291d64d0f0912e05866115ec0654620

SHA256
dcf0a04089d812a380fc4165e2f45a7f99dcd65a42f02864dae19f4f8540d51f

SHA512
8f53c33fd4bcb93505749e17fb6ef3f176c60628d92439b361a45a67081f1a8d85e1d2cd1e5f0c3f9477750c8063dee82f2e126cea2193f9249de44a50570f0e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22192.exe

Filesize
184KB

MD5
89fc716acb153a97cc6c67b817d3c0cf

SHA1
3b2a5d57d99b1a624d87a7f59435c5e0242bf22f

SHA256
b1096e69546d89831b8e6d4790682c9a2d158044e0a59b53451137b892d753e9

SHA512
212882fd82fa7ce8794cbf63a64fd7e2214dacd90977ab2e9af592f744620d274bad5fe5193bfe5d3f38443b612df1ba454809d1f300395e9423e03032b306d2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26200.exe

Filesize
184KB

MD5
4455e0f55696784c9054739e15b04c4b

SHA1
8bbd1fe0be4cf47d867eb9225ccb14c2da39db52

SHA256
85d04c1e6393e709d3971a0c9f55bd5a2ef69bcfe6c33453856f486c3e027031

SHA512
bcd7e48fa0030a5610d7f71652e4c64d35898ec1a86df27aae270ef257f65dda2de72568d38ad7108fb0eb3a2c5fbee1f0b21a08cc947cbda26b81e7050abfa4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36229.exe

Filesize
184KB

MD5
2b952c8e7ecff73bf1bd1b2b2b1ba8b3

SHA1
a649226a8fb45d7821b08492eb542ca4d446d49d

SHA256
96ad58a877388be02b737d934571098f1e0bf819f6890530b34bea93e76ec341

SHA512
d8d85166cde2f4f04cc3bb8cedc477ed5e3db68a35562c07ad6d42929f6d7ea87298fcf34a90352038644628a73e011a707d312b168fd2d3a68806d940ce3b15

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36239.exe

Filesize
184KB

MD5
2d35c10104d49a4d8a197cc12b4810a0

SHA1
502b65a0dc93049f2403f7064524536b85975c21

SHA256
a679c15447a2ae1bf0db091f19a26f77f592aa58ad5d93b390c61a21e7348832

SHA512
d594a06632ed960433b805113490e870d308ab798943b9591f49005688ad7cca95636bec08ebe027e7814538db0e76f7b7f314a5f24e8f3975262648d07d08cc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39986.exe

Filesize
184KB

MD5
17d04355f4e7c46d0fcf75048a7d266d

SHA1
f8ee63462b47b1f5570cd34c0513a9d50f3d2779

SHA256
59d15a7d86eec68be2bd85c359824cd26190a3dab64faec6e4880214c126f3ac

SHA512
5aaede267a3678f8039eea1b3556694e3784da728438168f2f9bbc556642036a60549261abb4b0364bec665175947d72676f679c88424155f5c6f9badc872080

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4275.exe

Filesize
184KB

MD5
4ba8452b0b5b8ff26ce213b5a7e3b107

SHA1
f05a96d2a3cf25e4b91462b97bf6e043e947342a

SHA256
cb79e2fc822bceb2694289a980c6f8365054e04de83842878bcb98530ae4325d

SHA512
9a1cf513b20a3e8d9c96f17eef65f7d7d0d6007efa7aca988b0115bff37a036ae94d14b8f154ddde8d02bfff07601bb54395cfbae5cad39f84923d44f1e31470

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5810.exe

Filesize
184KB

MD5
33d6af4e0d2bfd3ae8092ed74f660a21

SHA1
48444eebb7a007d9bb76e909297d0479d148fef4

SHA256
4ba3d1f49df1dd26b1fb40bee58cdc42e647ad657a22c4cfe9dd8c17bf1c27c5

SHA512
c385557ce183c39c6ea86914f7d5685490080654ae9199e19337af545ff051a1623d090abd061dcb2b3a4c03c2b15a26850a810391cfe9a6cc4f1476bfaaf7cf

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-18971.exe

Filesize
184KB

MD5
b52e108c5158b0787421f75bf1322850

SHA1
4d07ec3af0b963381b6596571bce3e12d30fd4d1

SHA256
d714400a8196a64f778d479ce07900684f837eee72a9270fad64b56d61bdbc22

SHA512
c2890bdae287ad823ec3acf75f36913096c292b5646b96efbd615f336b1bf2fef3659af403e617ce20448b5e631f921bbecb7edbb789978f56e4523719e985b2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-20804.exe

Filesize
184KB

MD5
70484a93e34bc55757569cd1d049503a

SHA1
79d70856cb83c61055bb784ecc8a4211092cb489

SHA256
f75ed9c64c6cb22079923b28c9c28b81beda57600786bada0859659cda3e2e5f

SHA512
1dd71b1903c82e25a05dd202f293d9c26b336e334ab677b2fbdbb8169655a68ad9a75ad34ff0188106ab9c0512dea5c535db447a7b84e71326993a5a06dc40ca

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-27394.exe

Filesize
184KB

MD5
4bd7b864811a75fc759875d43e22dfbe

SHA1
56cf6b1602087d8c19fc3e42db54272d83404269

SHA256
2dcb4a23371f836595ef6687af9d7356cd97df3b930e6080eb98a882f9ab82ad

SHA512
cc81bd5f783c17311a9b8217da04860d461c709d3e7784b4ff978aae1c0e482ef687a852ef6168446006351794278999241b59e557d92199524aca873c11cdf1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-27596.exe

Filesize
184KB

MD5
a3cad3c50b53befef25435c82833bf29

SHA1
f73e1b8a29feab9f759e6d59fff8565ffa6bb2e0

SHA256
a7c3e5ecd6cd5896609413c44c07d9c20f99b09d51e13ae38f34787955367c00

SHA512
09592b482ff00a7fb98bc9eb4cc40d327b6a7ccd76e833bf075d066451ee77800376da66a52e873bf69aba0ea3dfba470cd6b5bad0a8e582338f6198653a5ba5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-29538.exe

Filesize
184KB

MD5
05a1bc73b827ecd9e1f2bd555702d149

SHA1
70c5510b18f05b307ef46fe074efb44c9b374cda

SHA256
48f418aaf12e04a3d955ddf2cdfb0ef3c72daee82dbdcdfdfc1ba19967ba507d

SHA512
ede7a24a0e6809879f87480899312cd2003be6362f8eb53056839fe03edb827f0b00929cdfb72ace12239dece46b536ba7a0fd7d0e4cf8c8c5b803481474b85e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55173.exe

Filesize
184KB

MD5
627813483025015919ba5427d8439853

SHA1
89fb75136a4103d4c418cc356e63cec77582398e

SHA256
f033f9dd05f976f98888b5485946100978af3167ac5a477268422fd3ed0f1932

SHA512
4c08e2df302d6891bee78f57a51cfb212385e5a65ffee0927f0a47f8605e49bcfe5b2f45716894e44edd58209d006daa111b5fad1d65374553318f448c6bdbe0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-61525.exe

Filesize
184KB

MD5
934fd7adf61dbb5ca9c36d6745cc4a83

SHA1
dd0070e94bf6e6b9bd35fdf193b743ffcdabedce

SHA256
44d19b8ef0c53baae74618a3bc20ab24cfde02e132714fb0c48b500a5c90b943

SHA512
caf834ac39a2ec83e3d6501e0b9a41663ef8b0ecc02e8666c64c4aa353c681945f5c6328413743490aed9547232037eee83307a2520e4c0bc0ecb2190683d0c2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-63222.exe

Filesize
184KB

MD5
63473fded20a1533e9221e6307c76547

SHA1
48192c6c36d1178996706d2112d39f5fa6c1bcb6

SHA256
aa602a6af58006ab2678d6508ae6a2a970ed51b261f16cbbe99c1da2280a612c

SHA512
e9787fc3908ebfc62a2e6f64ed676597f045975b3ba5fa49ec2be8671a109611c40634d9c6caeba73bbac23b934d1e52d4651f00f8cce3a78a622573b3a58f91

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-65406.exe

Filesize
184KB

MD5
1102397a9da99ea95775378fb3e9862c

SHA1
097f9ebb3beb10ca3921439ff7286b9590eac189

SHA256
b863cec2c5b3f2c50e3f0bdf3e568105796ac59f303dc2d0c13b734cf6b23358

SHA512
b5b56ea8d62768835fcafe352cf3c57e07eef166794cb6be2e31ae871db371fdff7d478357407097b9a123eb6a9bd9027a8020e01a7bcedbab0cc2d644db976b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-7772.exe

Filesize
184KB

MD5
3095689d0d329168e05f45b0a1ab69d1

SHA1
56bd34e523a4a8278a5a486cc6a6b5566976c4e7

SHA256
0b3e3296a1cf49ee9c8941bd6068067d6fc4c13a9922543604d2e499218a751d

SHA512
a2f7e63cdd84183accfc316ecc741e766bc4f31aacde4b0e412b6a8115d19b882cb3cab183343db37c1f6f17eacedf93bbc229d89b4f7f4b953344eebcd3da95

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads