b01e6d0f24a4a3d2a125023e9739798e31103cbc2e07eb544666640f9d0b29f9

Analysis

max time kernel
150s
max time network
118s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
27-05-2024 07:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

25cea91fc4b388e1e7b3e499db267cd0_NeikiAnalytics.exe
Size

184KB
MD5

25cea91fc4b388e1e7b3e499db267cd0
SHA1

152501a7519e4de413db28efbfb2ac431fa69eba
SHA256

b01e6d0f24a4a3d2a125023e9739798e31103cbc2e07eb544666640f9d0b29f9
SHA512

237eaff065d240763f2e21b5ce0a8585e4c475f12a71862f0cedf51a09ed86c4c2fe54d420f239dde5c263d62eb40bcac8e6c18f0d3f893f657465c4f40ef07b
SSDEEP

3072:OW9rYRofP8hOdFaWeOFLRVsKhlnViFbn3:OW8o2KFa4LjsKhlnViFb

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
1732	Unicorn-13178.exe
2616	Unicorn-49032.exe
2608	Unicorn-3360.exe
2192	Unicorn-56858.exe
2580	Unicorn-15826.exe
2464	Unicorn-61497.exe
2532	Unicorn-38872.exe
2788	Unicorn-60231.exe
1432	Unicorn-22920.exe
1664	Unicorn-14751.exe
1780	Unicorn-34849.exe
2020	Unicorn-32489.exe
3004	Unicorn-61824.exe
1932	Unicorn-65161.exe
2560	Unicorn-65353.exe
320	Unicorn-29151.exe
980	Unicorn-16537.exe
896	Unicorn-8176.exe
1808	Unicorn-45680.exe
2916	Unicorn-39391.exe
2128	Unicorn-39391.exe
1212	Unicorn-2997.exe
956	Unicorn-14694.exe
2112	Unicorn-44222.exe
688	Unicorn-2120.exe
1136	Unicorn-21986.exe
2124	Unicorn-40242.exe
2060	Unicorn-12208.exe
2072	Unicorn-24783.exe
1468	Unicorn-53049.exe
1420	Unicorn-7377.exe
2928	Unicorn-4191.exe
2216	Unicorn-25166.exe
2652	Unicorn-28696.exe
2856	Unicorn-59759.exe
2752	Unicorn-63288.exe
2520	Unicorn-63288.exe
2972	Unicorn-18726.exe
1508	Unicorn-38784.exe
2696	Unicorn-6303.exe
2712	Unicorn-63672.exe
2780	Unicorn-63672.exe
1592	Unicorn-27278.exe
1784	Unicorn-22640.exe
2116	Unicorn-52167.exe
1476	Unicorn-6495.exe
2288	Unicorn-26593.exe
2420	Unicorn-59910.exe
576	Unicorn-932.exe
744	Unicorn-36257.exe
1208	Unicorn-247.exe
768	Unicorn-3776.exe
2144	Unicorn-8415.exe
280	Unicorn-8415.exe
892	Unicorn-61337.exe
2120	Unicorn-59993.exe
1700	Unicorn-43465.exe
2260	Unicorn-15431.exe
1548	Unicorn-19153.exe
1492	Unicorn-48488.exe
2196	Unicorn-43657.exe
2592	Unicorn-35489.exe
2504	Unicorn-7455.exe
2640	Unicorn-56848.exe

Loads dropped DLL 64 IoCs

pid	Process
2248	25cea91fc4b388e1e7b3e499db267cd0_NeikiAnalytics.exe
2248	25cea91fc4b388e1e7b3e499db267cd0_NeikiAnalytics.exe
2248	25cea91fc4b388e1e7b3e499db267cd0_NeikiAnalytics.exe
1732	Unicorn-13178.exe
1732	Unicorn-13178.exe
2248	25cea91fc4b388e1e7b3e499db267cd0_NeikiAnalytics.exe
2616	Unicorn-49032.exe
2616	Unicorn-49032.exe
2608	Unicorn-3360.exe
1732	Unicorn-13178.exe
2608	Unicorn-3360.exe
1732	Unicorn-13178.exe
2340	WerFault.exe
2340	WerFault.exe
2340	WerFault.exe
2340	WerFault.exe
2340	WerFault.exe
2192	Unicorn-56858.exe
2192	Unicorn-56858.exe
2616	Unicorn-49032.exe
2616	Unicorn-49032.exe
2464	Unicorn-61497.exe
2464	Unicorn-61497.exe
2580	Unicorn-15826.exe
2580	Unicorn-15826.exe
2608	Unicorn-3360.exe
2608	Unicorn-3360.exe
2388	WerFault.exe
2388	WerFault.exe
2388	WerFault.exe
2388	WerFault.exe
2388	WerFault.exe
1020	WerFault.exe
1020	WerFault.exe
1020	WerFault.exe
1020	WerFault.exe
1020	WerFault.exe
2532	Unicorn-38872.exe
2532	Unicorn-38872.exe
2192	Unicorn-56858.exe
2192	Unicorn-56858.exe
2788	Unicorn-60231.exe
2788	Unicorn-60231.exe
1432	Unicorn-22920.exe
1432	Unicorn-22920.exe
2464	Unicorn-61497.exe
2464	Unicorn-61497.exe
1780	Unicorn-34849.exe
1780	Unicorn-34849.exe
1664	Unicorn-14751.exe
1664	Unicorn-14751.exe
2580	Unicorn-15826.exe
2580	Unicorn-15826.exe
316	WerFault.exe
316	WerFault.exe
316	WerFault.exe
316	WerFault.exe
316	WerFault.exe
2344	WerFault.exe
2344	WerFault.exe
2344	WerFault.exe
2344	WerFault.exe
2344	WerFault.exe
824	WerFault.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2600	2248	WerFault.exe	27
2340	1732	WerFault.exe	28
2388	2616	WerFault.exe	30
1020	2608	WerFault.exe	29
316	2192	WerFault.exe	32
2344	2464	WerFault.exe	34
824	2580	WerFault.exe	33
1632	2532	WerFault.exe	36
2028	2788	WerFault.exe	37
3048	1432	WerFault.exe	38
2676	1780	WerFault.exe	40
2908	1664	WerFault.exe	39
1680	2020	WerFault.exe	43
2024	3004	WerFault.exe	44
2036	1932	WerFault.exe	45
1948	2560	WerFault.exe	46
2012	320	WerFault.exe	47
388	980	WerFault.exe	48
2844	896	WerFault.exe	49
2360	1808	WerFault.exe	50
1408	2128	WerFault.exe	54
1724	2916	WerFault.exe	55
2664	956	WerFault.exe	57
2924	1212	WerFault.exe	56
1968	2112	WerFault.exe	58
1588	2124	WerFault.exe	61
2244	688	WerFault.exe	59
1736	1136	WerFault.exe	60
2264	2072	WerFault.exe	63
2668	1468	WerFault.exe	64
2700	2060	WerFault.exe	62
2632	1420	WerFault.exe	65
1600	2928	WerFault.exe	69
1668	2216	WerFault.exe	72
2572	2972	WerFault.exe	77
1940	2520	WerFault.exe	75
3084	2856	WerFault.exe	74
3108	1508	WerFault.exe	78
3124	2696	WerFault.exe	79
3148	1476	WerFault.exe	85
3180	2712	WerFault.exe	80
3188	2116	WerFault.exe	84
3304	2652	WerFault.exe	73
3316	2780	WerFault.exe	81
3372	2752	WerFault.exe	76
3424	2288	WerFault.exe	86
3452	1592	WerFault.exe	82
3876	1784	WerFault.exe	83
3260	768	WerFault.exe	99
3440	280	WerFault.exe	101
3812	1700	WerFault.exe	104
3912	1492	WerFault.exe	107
3944	1548	WerFault.exe	106
4004	2260	WerFault.exe	105
3256	1352	WerFault.exe	115
3628	1228	WerFault.exe	113
3532	2524	WerFault.exe	114
3592	2196	WerFault.exe	108
3620	1764	WerFault.exe	118
3708	1196	WerFault.exe	119
3328	576	WerFault.exe	94
3368	2420	WerFault.exe	92
3312	564	WerFault.exe	127
3492	696	WerFault.exe	126

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2248	25cea91fc4b388e1e7b3e499db267cd0_NeikiAnalytics.exe
1732	Unicorn-13178.exe
2616	Unicorn-49032.exe
2608	Unicorn-3360.exe
2192	Unicorn-56858.exe
2464	Unicorn-61497.exe
2580	Unicorn-15826.exe
2532	Unicorn-38872.exe
2788	Unicorn-60231.exe
1432	Unicorn-22920.exe
1664	Unicorn-14751.exe
1780	Unicorn-34849.exe
2020	Unicorn-32489.exe
3004	Unicorn-61824.exe
1932	Unicorn-65161.exe
2560	Unicorn-65353.exe
320	Unicorn-29151.exe
980	Unicorn-16537.exe
896	Unicorn-8176.exe
1808	Unicorn-45680.exe
2128	Unicorn-39391.exe
2916	Unicorn-39391.exe
1212	Unicorn-2997.exe
956	Unicorn-14694.exe
2112	Unicorn-44222.exe
688	Unicorn-2120.exe
1136	Unicorn-21986.exe
2124	Unicorn-40242.exe
2060	Unicorn-12208.exe
2072	Unicorn-24783.exe
1468	Unicorn-53049.exe
1420	Unicorn-7377.exe
2928	Unicorn-4191.exe
2216	Unicorn-25166.exe
2652	Unicorn-28696.exe
2856	Unicorn-59759.exe
2520	Unicorn-63288.exe
2752	Unicorn-63288.exe
2972	Unicorn-18726.exe
1508	Unicorn-38784.exe
2696	Unicorn-6303.exe
2780	Unicorn-63672.exe
1592	Unicorn-27278.exe
2712	Unicorn-63672.exe
1784	Unicorn-22640.exe
2116	Unicorn-52167.exe
1476	Unicorn-6495.exe
2288	Unicorn-26593.exe
2420	Unicorn-59910.exe
576	Unicorn-932.exe
744	Unicorn-36257.exe
1208	Unicorn-247.exe
768	Unicorn-3776.exe
280	Unicorn-8415.exe
2144	Unicorn-8415.exe
892	Unicorn-61337.exe
2120	Unicorn-59993.exe
1700	Unicorn-43465.exe
2260	Unicorn-15431.exe
1548	Unicorn-19153.exe
1492	Unicorn-48488.exe
2196	Unicorn-43657.exe
2592	Unicorn-35489.exe
2504	Unicorn-7455.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2248 wrote to memory of 1732	2248	25cea91fc4b388e1e7b3e499db267cd0_NeikiAnalytics.exe	28
PID 2248 wrote to memory of 1732	2248	25cea91fc4b388e1e7b3e499db267cd0_NeikiAnalytics.exe	28
PID 2248 wrote to memory of 1732	2248	25cea91fc4b388e1e7b3e499db267cd0_NeikiAnalytics.exe	28
PID 2248 wrote to memory of 1732	2248	25cea91fc4b388e1e7b3e499db267cd0_NeikiAnalytics.exe	28
PID 2248 wrote to memory of 2616	2248	25cea91fc4b388e1e7b3e499db267cd0_NeikiAnalytics.exe	30
PID 2248 wrote to memory of 2616	2248	25cea91fc4b388e1e7b3e499db267cd0_NeikiAnalytics.exe	30
PID 2248 wrote to memory of 2616	2248	25cea91fc4b388e1e7b3e499db267cd0_NeikiAnalytics.exe	30
PID 1732 wrote to memory of 2608	1732	Unicorn-13178.exe	29
PID 2248 wrote to memory of 2616	2248	25cea91fc4b388e1e7b3e499db267cd0_NeikiAnalytics.exe	30
PID 1732 wrote to memory of 2608	1732	Unicorn-13178.exe	29
PID 1732 wrote to memory of 2608	1732	Unicorn-13178.exe	29
PID 1732 wrote to memory of 2608	1732	Unicorn-13178.exe	29
PID 2248 wrote to memory of 2600	2248	25cea91fc4b388e1e7b3e499db267cd0_NeikiAnalytics.exe	31
PID 2248 wrote to memory of 2600	2248	25cea91fc4b388e1e7b3e499db267cd0_NeikiAnalytics.exe	31
PID 2248 wrote to memory of 2600	2248	25cea91fc4b388e1e7b3e499db267cd0_NeikiAnalytics.exe	31
PID 2248 wrote to memory of 2600	2248	25cea91fc4b388e1e7b3e499db267cd0_NeikiAnalytics.exe	31
PID 2616 wrote to memory of 2192	2616	Unicorn-49032.exe	32
PID 2616 wrote to memory of 2192	2616	Unicorn-49032.exe	32
PID 2616 wrote to memory of 2192	2616	Unicorn-49032.exe	32
PID 2616 wrote to memory of 2192	2616	Unicorn-49032.exe	32
PID 2608 wrote to memory of 2580	2608	Unicorn-3360.exe	33
PID 2608 wrote to memory of 2580	2608	Unicorn-3360.exe	33
PID 2608 wrote to memory of 2580	2608	Unicorn-3360.exe	33
PID 2608 wrote to memory of 2580	2608	Unicorn-3360.exe	33
PID 1732 wrote to memory of 2464	1732	Unicorn-13178.exe	34
PID 1732 wrote to memory of 2464	1732	Unicorn-13178.exe	34
PID 1732 wrote to memory of 2464	1732	Unicorn-13178.exe	34
PID 1732 wrote to memory of 2464	1732	Unicorn-13178.exe	34
PID 1732 wrote to memory of 2340	1732	Unicorn-13178.exe	35
PID 1732 wrote to memory of 2340	1732	Unicorn-13178.exe	35
PID 1732 wrote to memory of 2340	1732	Unicorn-13178.exe	35
PID 1732 wrote to memory of 2340	1732	Unicorn-13178.exe	35
PID 2192 wrote to memory of 2532	2192	Unicorn-56858.exe	36
PID 2192 wrote to memory of 2532	2192	Unicorn-56858.exe	36
PID 2192 wrote to memory of 2532	2192	Unicorn-56858.exe	36
PID 2192 wrote to memory of 2532	2192	Unicorn-56858.exe	36
PID 2616 wrote to memory of 2788	2616	Unicorn-49032.exe	37
PID 2616 wrote to memory of 2788	2616	Unicorn-49032.exe	37
PID 2616 wrote to memory of 2788	2616	Unicorn-49032.exe	37
PID 2616 wrote to memory of 2788	2616	Unicorn-49032.exe	37
PID 2464 wrote to memory of 1432	2464	Unicorn-61497.exe	38
PID 2464 wrote to memory of 1432	2464	Unicorn-61497.exe	38
PID 2464 wrote to memory of 1432	2464	Unicorn-61497.exe	38
PID 2464 wrote to memory of 1432	2464	Unicorn-61497.exe	38
PID 2580 wrote to memory of 1664	2580	Unicorn-15826.exe	39
PID 2580 wrote to memory of 1664	2580	Unicorn-15826.exe	39
PID 2580 wrote to memory of 1664	2580	Unicorn-15826.exe	39
PID 2580 wrote to memory of 1664	2580	Unicorn-15826.exe	39
PID 2608 wrote to memory of 1780	2608	Unicorn-3360.exe	40
PID 2608 wrote to memory of 1780	2608	Unicorn-3360.exe	40
PID 2608 wrote to memory of 1780	2608	Unicorn-3360.exe	40
PID 2608 wrote to memory of 1780	2608	Unicorn-3360.exe	40
PID 2616 wrote to memory of 2388	2616	Unicorn-49032.exe	41
PID 2616 wrote to memory of 2388	2616	Unicorn-49032.exe	41
PID 2616 wrote to memory of 2388	2616	Unicorn-49032.exe	41
PID 2616 wrote to memory of 2388	2616	Unicorn-49032.exe	41
PID 2608 wrote to memory of 1020	2608	Unicorn-3360.exe	42
PID 2608 wrote to memory of 1020	2608	Unicorn-3360.exe	42
PID 2608 wrote to memory of 1020	2608	Unicorn-3360.exe	42
PID 2608 wrote to memory of 1020	2608	Unicorn-3360.exe	42
PID 2532 wrote to memory of 2020	2532	Unicorn-38872.exe	43
PID 2532 wrote to memory of 2020	2532	Unicorn-38872.exe	43
PID 2532 wrote to memory of 2020	2532	Unicorn-38872.exe	43
PID 2532 wrote to memory of 2020	2532	Unicorn-38872.exe	43

C:\Users\Admin\AppData\Local\Temp\25cea91fc4b388e1e7b3e499db267cd0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\25cea91fc4b388e1e7b3e499db267cd0_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2248
- C:\Users\Admin\AppData\Local\Temp\Unicorn-13178.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-13178.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1732
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3360.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3360.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15826.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15826.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14751.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8176.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24783.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22640.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11176.exe
        9⤵
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42474.exe
        10⤵
        
        PID:2148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18310.exe
        11⤵
        
        PID:4044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23619.exe
        12⤵
        
        PID:4780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2005.exe
        13⤵
        
        PID:7080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52979.exe
        14⤵
        
        PID:8884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36766.exe
        15⤵
        
        PID:11432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13220.exe
        16⤵
        
        PID:12968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11432 -s 216
        16⤵
        
        PID:8420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8884 -s 216
        15⤵
        
        PID:12364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7080 -s 216
        14⤵
        
        PID:9480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4780 -s 236
        13⤵
        
        PID:7628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4044 -s 216
        12⤵
        
        PID:6320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2148 -s 216
        11⤵
        
        PID:4736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23524.exe
        10⤵
        
        PID:3268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63691.exe
        11⤵
        
        PID:4252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61761.exe
        12⤵
        
        PID:6488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14447.exe
        13⤵
        
        PID:9140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63491.exe
        14⤵
        
        PID:11852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63983.exe
        15⤵
        
        PID:7688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9140 -s 220
        14⤵
        
        PID:12664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6488 -s 216
        13⤵
        
        PID:9904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4252 -s 216
        12⤵
        
        PID:8064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3268 -s 216
        11⤵
        
        PID:6736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2588 -s 240
        10⤵
        
        PID:4716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6464.exe
        9⤵
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63748.exe
        10⤵
        
        PID:3836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22519.exe
        11⤵
        
        PID:6092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8056.exe
        12⤵
        
        PID:8132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52967.exe
        13⤵
        
        PID:11252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52885.exe
        14⤵
        
        PID:12300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11252 -s 216
        14⤵
        
        PID:7388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8132 -s 236
        13⤵
        
        PID:12144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6092 -s 216
        12⤵
        
        PID:9056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3836 -s 216
        11⤵
        
        PID:7204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2784 -s 236
        10⤵
        
        PID:5604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1784 -s 240
        9⤵
        Program crash
        
        PID:3876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40511.exe
        8⤵
        
        PID:1228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1441.exe
        9⤵
        
        PID:1688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17516.exe
        10⤵
        
        PID:3920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63852.exe
        11⤵
        
        PID:5764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13136.exe
        12⤵
        
        PID:6760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29985.exe
        13⤵
        
        PID:8540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50985.exe
        14⤵
        
        PID:11800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32982.exe
        15⤵
        
        PID:8952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8540 -s 220
        14⤵
        
        PID:12624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6760 -s 216
        13⤵
        
        PID:10316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5764 -s 216
        12⤵
        
        PID:8068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3920 -s 216
        11⤵
        
        PID:7060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1688 -s 216
        10⤵
        
        PID:5132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1228 -s 236
        9⤵
        Program crash
        
        PID:3628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2072 -s 240
        8⤵
        Program crash
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52167.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35681.exe
        8⤵
        
        PID:1776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26138.exe
        9⤵
        
        PID:996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16198.exe
        10⤵
        
        PID:3732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7282.exe
        11⤵
        
        PID:4852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11133.exe
        12⤵
        
        PID:6904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5620.exe
        13⤵
        
        PID:8724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11135.exe
        14⤵
        
        PID:10632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8181.exe
        15⤵
        
        PID:13156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10632 -s 216
        15⤵
        
        PID:6560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8724 -s 236
        14⤵
        
        PID:11884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6904 -s 216
        13⤵
        
        PID:9872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4852 -s 216
        12⤵
        
        PID:7192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 996 -s 236
        10⤵
        
        PID:4628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29388.exe
        9⤵
        
        PID:3788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14407.exe
        10⤵
        
        PID:4980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59566.exe
        11⤵
        
        PID:6680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7815.exe
        12⤵
        
        PID:8592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10341.exe
        13⤵
        
        PID:11368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11035.exe
        14⤵
        
        PID:7696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11368 -s 216
        14⤵
        
        PID:7920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8592 -s 220
        13⤵
        
        PID:12000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6680 -s 216
        12⤵
        
        PID:10168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4980 -s 216
        11⤵
        
        PID:8056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3788 -s 216
        10⤵
        
        PID:5972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1776 -s 240
        9⤵
        
        PID:4420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47113.exe
        8⤵
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58766.exe
        9⤵
        
        PID:3624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23619.exe
        10⤵
        
        PID:4784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12285.exe
        11⤵
        
        PID:6172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37219.exe
        12⤵
        
        PID:9084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12453.exe
        13⤵
        
        PID:11476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59546.exe
        14⤵
        
        PID:7136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11476 -s 216
        14⤵
        
        PID:9852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9084 -s 216
        13⤵
        
        PID:12344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6172 -s 216
        12⤵
        
        PID:9604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4784 -s 216
        11⤵
        
        PID:7776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3624 -s 216
        10⤵
        
        PID:6512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1944 -s 236
        9⤵
        
        PID:5004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2116 -s 240
        8⤵
        Program crash
        
        PID:3188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 896 -s 240
        7⤵
        Program crash
        
        PID:2844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53049.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8415.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65442.exe
        8⤵
        
        PID:2316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26369.exe
        9⤵
        
        PID:3664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20132.exe
        10⤵
        
        PID:5656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7423.exe
        11⤵
        
        PID:7244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9637.exe
        12⤵
        
        PID:9344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35059.exe
        13⤵
        
        PID:11904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9344 -s 236
        13⤵
        
        PID:13036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7244 -s 216
        12⤵
        
        PID:10956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5656 -s 216
        11⤵
        
        PID:8668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3664 -s 216
        10⤵
        
        PID:7036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2316 -s 236
        9⤵
        
        PID:2040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 280 -s 236
        8⤵
        Program crash
        
        PID:3440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1468 -s 236
        7⤵
        Program crash
        
        PID:2668
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1664 -s 240
        6⤵
        Program crash
        
        PID:2908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45680.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7377.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6495.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43849.exe
        8⤵
        
        PID:2716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11145.exe
        9⤵
        
        PID:1176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49721.exe
        10⤵
        
        PID:3768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55715.exe
        11⤵
        
        PID:4796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35062.exe
        12⤵
        
        PID:6712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7815.exe
        13⤵
        
        PID:8604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26211.exe
        14⤵
        
        PID:11076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56479.exe
        15⤵
        
        PID:5720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11076 -s 216
        15⤵
        
        PID:9160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8604 -s 216
        14⤵
        
        PID:12124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6712 -s 216
        13⤵
        
        PID:10176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4796 -s 216
        12⤵
        
        PID:8072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3768 -s 236
        11⤵
        
        PID:6032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1176 -s 216
        10⤵
        
        PID:5104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64640.exe
        9⤵
        
        PID:3932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14983.exe
        10⤵
        
        PID:4260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43422.exe
        11⤵
        
        PID:6764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13596.exe
        12⤵
        
        PID:8660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37648.exe
        13⤵
        
        PID:10976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35353.exe
        14⤵
        
        PID:12956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10976 -s 216
        14⤵
        
        PID:7180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8660 -s 216
        13⤵
        
        PID:11644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6764 -s 216
        12⤵
        
        PID:9892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4260 -s 216
        11⤵
        
        PID:8112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3932 -s 236
        10⤵
        
        PID:5848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2716 -s 240
        9⤵
        
        PID:4216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14440.exe
        8⤵
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1973.exe
        9⤵
        
        PID:4080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23811.exe
        10⤵
        
        PID:5048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37065.exe
        11⤵
        
        PID:6568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52185.exe
        12⤵
        
        PID:8888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42324.exe
        13⤵
        
        PID:11840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63812.exe
        14⤵
        
        PID:12352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8888 -s 236
        13⤵
        
        PID:12672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6568 -s 236
        12⤵
        
        PID:10284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5048 -s 236
        11⤵
        
        PID:8140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4080 -s 216
        10⤵
        
        PID:6752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2728 -s 236
        9⤵
        
        PID:4768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1476 -s 240
        8⤵
        Program crash
        
        PID:3148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57040.exe
        7⤵
        
        PID:1196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50834.exe
        8⤵
        
        PID:1536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1864.exe
        9⤵
        
        PID:3780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55492.exe
        10⤵
        
        PID:5704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33931.exe
        11⤵
        
        PID:7616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15029.exe
        12⤵
        
        PID:10816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65256.exe
        13⤵
        
        PID:12948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10816 -s 216
        13⤵
        
        PID:6228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7616 -s 216
        12⤵
        
        PID:11676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5704 -s 216
        11⤵
        
        PID:8500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3780 -s 216
        10⤵
        
        PID:6252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1536 -s 216
        9⤵
        
        PID:4508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1196 -s 236
        8⤵
        Program crash
        
        PID:3708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1420 -s 240
        7⤵
        Program crash
        
        PID:2632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26593.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43849.exe
        7⤵
        
        PID:1352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35650.exe
        8⤵
        
        PID:552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6955.exe
        9⤵
        
        PID:3076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22628.exe
        10⤵
        
        PID:5736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39987.exe
        11⤵
        
        PID:7552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55787.exe
        12⤵
        
        PID:10744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32117.exe
        13⤵
        
        PID:12860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10744 -s 216
        13⤵
        
        PID:12748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7552 -s 236
        12⤵
        
        PID:11416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5736 -s 236
        11⤵
        
        PID:8380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3076 -s 216
        10⤵
        
        PID:6404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 552 -s 236
        9⤵
        
        PID:5124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1352 -s 236
        8⤵
        Program crash
        
        PID:3256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56817.exe
        7⤵
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17516.exe
        8⤵
        
        PID:3904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39156.exe
        9⤵
        
        PID:5796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23983.exe
        10⤵
        
        PID:7104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35958.exe
        11⤵
        
        PID:9008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20814.exe
        12⤵
        
        PID:11524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21773.exe
        13⤵
        
        PID:6400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11524 -s 216
        13⤵
        
        PID:2404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9008 -s 216
        12⤵
        
        PID:12372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7104 -s 216
        11⤵
        
        PID:9672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5796 -s 216
        10⤵
        
        PID:8272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3904 -s 216
        9⤵
        
        PID:6672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2180 -s 216
        8⤵
        
        PID:5164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2288 -s 220
        7⤵
        Program crash
        
        PID:3424
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1808 -s 240
        6⤵
        Program crash
        
        PID:2360
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2580 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34849.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34849.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16537.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40242.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6303.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43657.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26330.exe
        9⤵
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64708.exe
        10⤵
        
        PID:3740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47407.exe
        11⤵
        
        PID:5920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9893.exe
        12⤵
        
        PID:7924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30977.exe
        13⤵
        
        PID:11160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27831.exe
        14⤵
        
        PID:13252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11160 -s 236
        14⤵
        
        PID:12660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7924 -s 216
        13⤵
        
        PID:12008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5920 -s 236
        12⤵
        
        PID:3028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3740 -s 216
        11⤵
        
        PID:6968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2684 -s 216
        10⤵
        
        PID:5384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2196 -s 236
        9⤵
        Program crash
        
        PID:3592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46428.exe
        8⤵
        
        PID:2040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17350.exe
        9⤵
        
        PID:3520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41299.exe
        10⤵
        
        PID:4476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52280.exe
        11⤵
        
        PID:5864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4001.exe
        12⤵
        
        PID:8492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29973.exe
        13⤵
        
        PID:10880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16931.exe
        14⤵
        
        PID:920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10880 -s 216
        14⤵
        
        PID:12936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8492 -s 216
        13⤵
        
        PID:11348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5864 -s 216
        12⤵
        
        PID:9640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4476 -s 236
        11⤵
        
        PID:7344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3520 -s 216
        10⤵
        
        PID:5440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2696 -s 240
        8⤵
        Program crash
        
        PID:3124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7455.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-756.exe
        8⤵
        
        PID:752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8304.exe
        9⤵
        
        PID:3580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14874.exe
        10⤵
        
        PID:4304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14127.exe
        11⤵
        
        PID:5956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30509.exe
        12⤵
        
        PID:8872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56013.exe
        13⤵
        
        PID:1460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12327.exe
        14⤵
        
        PID:6204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1460 -s 216
        14⤵
        
        PID:8996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8872 -s 236
        13⤵
        
        PID:11520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5956 -s 216
        12⤵
        
        PID:9952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4304 -s 216
        11⤵
        
        PID:7588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3580 -s 216
        10⤵
        
        PID:5404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 752 -s 236
        9⤵
        
        PID:4984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63405.exe
        8⤵
        
        PID:3680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31128.exe
        9⤵
        
        PID:4184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17875.exe
        10⤵
        
        PID:6552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13679.exe
        11⤵
        
        PID:8332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44851.exe
        12⤵
        
        PID:11128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47730.exe
        13⤵
        
        PID:7836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11128 -s 220
        13⤵
        
        PID:9568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8332 -s 216
        12⤵
        
        PID:11412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6552 -s 216
        11⤵
        
        PID:9996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4184 -s 236
        10⤵
        
        PID:7964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3680 -s 216
        9⤵
        
        PID:5820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2504 -s 240
        8⤵
        
        PID:4200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2124 -s 240
        7⤵
        Program crash
        
        PID:1588
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 980 -s 236
        6⤵
        Program crash
        
        PID:388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12208.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8415.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33839.exe
        7⤵
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59150.exe
        8⤵
        
        PID:3924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63032.exe
        9⤵
        
        PID:4444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62747.exe
        10⤵
        
        PID:6952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5947.exe
        11⤵
        
        PID:9232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1182.exe
        12⤵
        
        PID:12052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51171.exe
        13⤵
        
        PID:9576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9232 -s 216
        12⤵
        
        PID:12772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6952 -s 216
        11⤵
        
        PID:10452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4444 -s 216
        10⤵
        
        PID:8208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3924 -s 236
        9⤵
        
        PID:5904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1752 -s 236
        8⤵
        
        PID:4636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47453.exe
        7⤵
        
        PID:3976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56483.exe
        8⤵
        
        PID:4464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18835.exe
        9⤵
        
        PID:6376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3508.exe
        10⤵
        
        PID:8572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45458.exe
        11⤵
        
        PID:10636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32307.exe
        12⤵
        
        PID:5276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10636 -s 216
        12⤵
        
        PID:2064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8572 -s 236
        11⤵
        
        PID:12200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6376 -s 216
        10⤵
        
        PID:9664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4464 -s 216
        9⤵
        
        PID:7752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3976 -s 216
        8⤵
        
        PID:5544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2144 -s 240
        7⤵
        
        PID:4560
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2060 -s 216
        6⤵
        Program crash
        
        PID:2700
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1780 -s 240
        5⤵
        Program crash
        
        PID:2676
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2608 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1020
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61497.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61497.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22920.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22920.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65353.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2560
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2560 -s 240
        6⤵
        Program crash
        
        PID:1948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2120.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63672.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11368.exe
        7⤵
        
        PID:1012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34306.exe
        8⤵
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10525.exe
        9⤵
        
        PID:3340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15533.exe
        10⤵
        
        PID:4880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10723.exe
        11⤵
        
        PID:6828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20473.exe
        12⤵
        
        PID:8812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52168.exe
        13⤵
        
        PID:11184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47735.exe
        14⤵
        
        PID:6792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11184 -s 216
        14⤵
        
        PID:6820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8812 -s 216
        13⤵
        
        PID:11764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6828 -s 216
        12⤵
        
        PID:10332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4880 -s 216
        11⤵
        
        PID:7612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3340 -s 236
        10⤵
        
        PID:7068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2812 -s 236
        9⤵
        
        PID:4968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63021.exe
        8⤵
        
        PID:3476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30635.exe
        9⤵
        
        PID:4208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9130.exe
        10⤵
        
        PID:6412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29632.exe
        11⤵
        
        PID:9180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56013.exe
        12⤵
        
        PID:10564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1528.exe
        13⤵
        
        PID:6396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10564 -s 216
        13⤵
        
        PID:9096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9180 -s 216
        12⤵
        
        PID:11504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6412 -s 216
        11⤵
        
        PID:9928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4208 -s 216
        10⤵
        
        PID:7848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3476 -s 216
        9⤵
        
        PID:5620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1012 -s 220
        8⤵
        
        PID:4724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2712 -s 236
        7⤵
        Program crash
        
        PID:3180
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 688 -s 216
        6⤵
        Program crash
        
        PID:2244
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1432 -s 240
        5⤵
        Program crash
        
        PID:3048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29151.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29151.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21986.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63672.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27513.exe
        7⤵
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1633.exe
        8⤵
        
        PID:940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7531.exe
        9⤵
        
        PID:3264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31263.exe
        10⤵
        
        PID:5984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64024.exe
        11⤵
        
        PID:7300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50063.exe
        12⤵
        
        PID:10428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15536.exe
        13⤵
        
        PID:12332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10428 -s 216
        13⤵
        
        PID:13188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7300 -s 216
        12⤵
        
        PID:10592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5984 -s 216
        11⤵
        
        PID:8832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3264 -s 236
        10⤵
        
        PID:7056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 940 -s 236
        9⤵
        
        PID:5504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1764 -s 236
        8⤵
        Program crash
        
        PID:3620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30968.exe
        7⤵
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43473.exe
        8⤵
        
        PID:3864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20542.exe
        9⤵
        
        PID:5360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50599.exe
        10⤵
        
        PID:6700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3913.exe
        11⤵
        
        PID:9464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60144.exe
        12⤵
        
        PID:11080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43137.exe
        13⤵
        
        PID:13064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11080 -s 216
        13⤵
        
        PID:13180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9464 -s 216
        12⤵
        
        PID:11744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6700 -s 216
        11⤵
        
        PID:10676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5360 -s 216
        10⤵
        
        PID:8356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3864 -s 216
        9⤵
        
        PID:6648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2528 -s 216
        8⤵
        
        PID:4344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2780 -s 240
        7⤵
        Program crash
        
        PID:3316
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1136 -s 236
        6⤵
        Program crash
        
        PID:1736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27278.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60377.exe
        6⤵
        
        PID:2524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1441.exe
        7⤵
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55388.exe
        8⤵
        
        PID:3640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46639.exe
        9⤵
        
        PID:6048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55345.exe
        10⤵
        
        PID:7332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61519.exe
        11⤵
        
        PID:10424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48067.exe
        12⤵
        
        PID:12520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10424 -s 216
        12⤵
        
        PID:8484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7332 -s 236
        11⤵
        
        PID:12164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6048 -s 216
        10⤵
        
        PID:8880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3640 -s 216
        9⤵
        
        PID:6624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2212 -s 236
        8⤵
        
        PID:5548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2524 -s 236
        7⤵
        Program crash
        
        PID:3532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22608.exe
        6⤵
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7339.exe
        7⤵
        
        PID:3644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39239.exe
        8⤵
        
        PID:5948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42182.exe
        9⤵
        
        PID:7816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39913.exe
        10⤵
        
        PID:11068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38609.exe
        11⤵
        
        PID:13164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11068 -s 216
        11⤵
        
        PID:12508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7816 -s 216
        10⤵
        
        PID:11940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5948 -s 216
        9⤵
        
        PID:8928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3644 -s 216
        8⤵
        
        PID:6976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1512 -s 216
        7⤵
        
        PID:5392
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1592 -s 240
        6⤵
        Program crash
        
        PID:3452
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 320 -s 240
        5⤵
        Program crash
        
        PID:2012
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2464 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:2344
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1732 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2340
- C:\Users\Admin\AppData\Local\Temp\Unicorn-49032.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-49032.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2616
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56858.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56858.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38872.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38872.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32489.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39391.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4191.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59910.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34607.exe
        9⤵
        
        PID:352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32451.exe
        10⤵
        
        PID:3240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6156.exe
        11⤵
        
        PID:4756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18835.exe
        12⤵
        
        PID:6368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62714.exe
        13⤵
        
        PID:8448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53901.exe
        14⤵
        
        PID:11216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12327.exe
        15⤵
        
        PID:6192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11216 -s 216
        15⤵
        
        PID:13024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8448 -s 236
        14⤵
        
        PID:11428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6368 -s 216
        13⤵
        
        PID:9616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4756 -s 216
        12⤵
        
        PID:7760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3240 -s 216
        11⤵
        
        PID:5588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 352 -s 236
        10⤵
        
        PID:3568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61978.exe
        9⤵
        
        PID:3272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48538.exe
        10⤵
        
        PID:4336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45949.exe
        11⤵
        
        PID:5748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4961.exe
        12⤵
        
        PID:8412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-948.exe
        13⤵
        
        PID:11536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47595.exe
        14⤵
        
        PID:13248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11536 -s 216
        14⤵
        
        PID:9528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8412 -s 216
        13⤵
        
        PID:12448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5748 -s 236
        12⤵
        
        PID:9592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4336 -s 216
        11⤵
        
        PID:7276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3272 -s 216
        10⤵
        
        PID:6024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2420 -s 240
        9⤵
        Program crash
        
        PID:3368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6573.exe
        8⤵
        
        PID:696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44752.exe
        9⤵
        
        PID:1816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39986.exe
        10⤵
        
        PID:4240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61984.exe
        11⤵
        
        PID:5668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62029.exe
        12⤵
        
        PID:8900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1908.exe
        13⤵
        
        PID:11636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13272.exe
        14⤵
        
        PID:8748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8900 -s 216
        13⤵
        
        PID:12500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5668 -s 216
        12⤵
        
        PID:10004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4240 -s 216
        11⤵
        
        PID:7604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1816 -s 236
        10⤵
        
        PID:5292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 696 -s 236
        9⤵
        Program crash
        
        PID:3492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2928 -s 220
        8⤵
        Program crash
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-932.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42967.exe
        8⤵
        
        PID:564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61088.exe
        9⤵
        
        PID:2132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17511.exe
        10⤵
        
        PID:4172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21720.exe
        11⤵
        
        PID:5912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5812.exe
        12⤵
        
        PID:8768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19112.exe
        13⤵
        
        PID:11124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39951.exe
        14⤵
        
        PID:13292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11124 -s 216
        14⤵
        
        PID:9172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8768 -s 216
        13⤵
        
        PID:11736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5912 -s 216
        12⤵
        
        PID:9912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4172 -s 236
        11⤵
        
        PID:7480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2132 -s 236
        10⤵
        
        PID:5208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 564 -s 236
        9⤵
        Program crash
        
        PID:3312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8358.exe
        8⤵
        
        PID:2408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56706.exe
        9⤵
        
        PID:4308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53816.exe
        10⤵
        
        PID:6160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6004.exe
        11⤵
        
        PID:8848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51976.exe
        12⤵
        
        PID:11260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10080.exe
        13⤵
        
        PID:6484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11260 -s 216
        13⤵
        
        PID:13152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8848 -s 216
        12⤵
        
        PID:11728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6160 -s 216
        11⤵
        
        PID:9972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4308 -s 216
        10⤵
        
        PID:7596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2408 -s 216
        9⤵
        
        PID:5324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 576 -s 240
        8⤵
        Program crash
        
        PID:3328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2128 -s 240
        7⤵
        Program crash
        
        PID:1408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25166.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3776.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43351.exe
        8⤵
        
        PID:2484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51449.exe
        9⤵
        
        PID:3852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54366.exe
        10⤵
        
        PID:5316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56847.exe
        11⤵
        
        PID:6264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44287.exe
        12⤵
        
        PID:9400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57477.exe
        13⤵
        
        PID:12252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9400 -s 216
        13⤵
        
        PID:12916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6264 -s 216
        12⤵
        
        PID:10568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5316 -s 216
        11⤵
        
        PID:8324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3852 -s 216
        10⤵
        
        PID:6536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2484 -s 216
        9⤵
        
        PID:5076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 768 -s 236
        8⤵
        Program crash
        
        PID:3260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15317.exe
        7⤵
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48870.exe
        8⤵
        
        PID:3604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30635.exe
        9⤵
        
        PID:4128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61761.exe
        10⤵
        
        PID:6504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12029.exe
        11⤵
        
        PID:8788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3984.exe
        12⤵
        
        PID:11720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20476.exe
        13⤵
        
        PID:8408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8788 -s 220
        12⤵
        
        PID:12600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6504 -s 216
        11⤵
        
        PID:10256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4128 -s 216
        10⤵
        
        PID:8104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3604 -s 216
        9⤵
        
        PID:6744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2508 -s 236
        8⤵
        
        PID:4744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2216 -s 240
        7⤵
        Program crash
        
        PID:1668
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2020 -s 240
        6⤵
        Program crash
        
        PID:1680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2997.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63288.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19153.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59770.exe
        8⤵
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14640.exe
        9⤵
        
        PID:4456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11247.exe
        10⤵
        
        PID:5928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32543.exe
        11⤵
        
        PID:8292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53517.exe
        12⤵
        
        PID:10972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12760.exe
        13⤵
        
        PID:13076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10972 -s 216
        13⤵
        
        PID:2084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8292 -s 236
        12⤵
        
        PID:11396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5928 -s 216
        11⤵
        
        PID:9540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4456 -s 236
        10⤵
        
        PID:7352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2808 -s 216
        9⤵
        
        PID:6116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1548 -s 236
        8⤵
        Program crash
        
        PID:3944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23568.exe
        7⤵
        
        PID:1268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59809.exe
        8⤵
        
        PID:3972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4973.exe
        9⤵
        
        PID:5212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43090.exe
        10⤵
        
        PID:7160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49352.exe
        11⤵
        
        PID:9808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24779.exe
        12⤵
        
        PID:11672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9808 -s 216
        12⤵
        
        PID:13028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7160 -s 216
        11⤵
        
        PID:10844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5212 -s 216
        10⤵
        
        PID:8684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3972 -s 216
        9⤵
        
        PID:6592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1268 -s 216
        8⤵
        
        PID:4400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2752 -s 240
        7⤵
        Program crash
        
        PID:3372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48488.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10761.exe
        7⤵
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60001.exe
        8⤵
        
        PID:3092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44361.exe
        9⤵
        
        PID:5416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18119.exe
        10⤵
        
        PID:6776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12273.exe
        11⤵
        
        PID:9492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40181.exe
        12⤵
        
        PID:11280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9492 -s 236
        12⤵
        
        PID:12980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6776 -s 216
        11⤵
        
        PID:10684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5416 -s 216
        10⤵
        
        PID:8372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3092 -s 216
        9⤵
        
        PID:6836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2976 -s 216
        8⤵
        
        PID:4108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1492 -s 236
        7⤵
        Program crash
        
        PID:3912
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1212 -s 220
        6⤵
        Program crash
        
        PID:2924
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2532 -s 240
        5⤵
        Program crash
        
        PID:1632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61824.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61824.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39391.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28696.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36257.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2126.exe
        8⤵
        
        PID:336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-821.exe
        9⤵
        
        PID:3480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5663.exe
        10⤵
        
        PID:4360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34019.exe
        11⤵
        
        PID:6476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5319.exe
        12⤵
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36683.exe
        13⤵
        
        PID:11136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38109.exe
        14⤵
        
        PID:7660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11136 -s 216
        14⤵
        
        PID:9688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2008 -s 216
        13⤵
        
        PID:11304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6476 -s 216
        12⤵
        
        PID:9944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4360 -s 216
        11⤵
        
        PID:7872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3480 -s 236
        10⤵
        
        PID:5724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 336 -s 216
        9⤵
        
        PID:4492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5185.exe
        8⤵
        
        PID:3544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37184.exe
        9⤵
        
        PID:5060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50355.exe
        10⤵
        
        PID:6524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21656.exe
        11⤵
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36683.exe
        12⤵
        
        PID:11120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36116.exe
        13⤵
        
        PID:7500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11120 -s 216
        13⤵
        
        PID:13084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2052 -s 216
        12⤵
        
        PID:11328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6524 -s 216
        11⤵
        
        PID:9936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5060 -s 216
        10⤵
        
        PID:7956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3544 -s 236
        9⤵
        
        PID:5744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 744 -s 240
        8⤵
        
        PID:3392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39629.exe
        7⤵
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46654.exe
        8⤵
        
        PID:4120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28160.exe
        9⤵
        
        PID:5312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44541.exe
        10⤵
        
        PID:8616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62536.exe
        11⤵
        
        PID:11168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49790.exe
        12⤵
        
        PID:6248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11168 -s 216
        12⤵
        
        PID:8504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8616 -s 216
        11⤵
        
        PID:11660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5312 -s 216
        10⤵
        
        PID:9864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4120 -s 236
        9⤵
        
        PID:7416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2896 -s 216
        8⤵
        
        PID:5140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2652 -s 240
        7⤵
        Program crash
        
        PID:3304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-247.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43351.exe
        7⤵
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49062.exe
        8⤵
        
        PID:3684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46203.exe
        9⤵
        
        PID:5080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20262.exe
        10⤵
        
        PID:7116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53171.exe
        11⤵
        
        PID:8916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52635.exe
        12⤵
        
        PID:11116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55405.exe
        13⤵
        
        PID:7948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11116 -s 220
        13⤵
        
        PID:9108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8916 -s 216
        12⤵
        
        PID:11276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7116 -s 216
        11⤵
        
        PID:9548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5080 -s 216
        10⤵
        
        PID:7736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3684 -s 216
        9⤵
        
        PID:6388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2460 -s 236
        8⤵
        
        PID:4532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61869.exe
        7⤵
        
        PID:3724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21315.exe
        8⤵
        
        PID:4896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35638.exe
        9⤵
        
        PID:6960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55179.exe
        10⤵
        
        PID:8780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51675.exe
        11⤵
        
        PID:11320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23034.exe
        12⤵
        
        PID:7936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11320 -s 216
        12⤵
        
        PID:9708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8780 -s 216
        11⤵
        
        PID:11824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6960 -s 220
        10⤵
        
        PID:9268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4896 -s 216
        9⤵
        
        PID:7272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3724 -s 216
        8⤵
        
        PID:5976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1208 -s 240
        7⤵
        
        PID:4412
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2916 -s 240
        6⤵
        Program crash
        
        PID:1724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59759.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43465.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43242.exe
        7⤵
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18585.exe
        8⤵
        
        PID:3940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46172.exe
        9⤵
        
        PID:5836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58710.exe
        10⤵
        
        PID:7788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40105.exe
        11⤵
        
        PID:11104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54753.exe
        12⤵
        
        PID:13136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11104 -s 216
        12⤵
        
        PID:7468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7788 -s 216
        11⤵
        
        PID:11980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5836 -s 216
        10⤵
        
        PID:8972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3940 -s 236
        9⤵
        
        PID:6632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2056 -s 216
        8⤵
        
        PID:5180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1700 -s 236
        7⤵
        Program crash
        
        PID:3812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7232.exe
        6⤵
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26478.exe
        7⤵
        
        PID:4024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51688.exe
        8⤵
        
        PID:5560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35446.exe
        9⤵
        
        PID:6872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23275.exe
        10⤵
        
        PID:8716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8716 -s 188
        11⤵
        
        PID:8740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6872 -s 216
        10⤵
        
        PID:10208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5560 -s 216
        9⤵
        
        PID:8180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4024 -s 216
        8⤵
        
        PID:6000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2672 -s 216
        7⤵
        
        PID:4700
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2856 -s 240
        6⤵
        Program crash
        
        PID:3084
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3004 -s 220
        5⤵
        Program crash
        
        PID:2024
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2192 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:316
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60231.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60231.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65161.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65161.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14694.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63288.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59993.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49298.exe
        8⤵
        
        PID:776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49254.exe
        9⤵
        
        PID:3796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6239.exe
        10⤵
        
        PID:5024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4122.exe
        11⤵
        
        PID:6236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28480.exe
        12⤵
        
        PID:8964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26896.exe
        13⤵
        
        PID:11172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36116.exe
        14⤵
        
        PID:7504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11172 -s 216
        14⤵
        
        PID:6544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8964 -s 216
        13⤵
        
        PID:12040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6236 -s 216
        12⤵
        
        PID:9880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5024 -s 216
        11⤵
        
        PID:7720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3796 -s 216
        10⤵
        
        PID:5492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 776 -s 236
        9⤵
        
        PID:4576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45725.exe
        8⤵
        
        PID:3888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21917.exe
        9⤵
        
        PID:5028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16998.exe
        10⤵
        
        PID:6616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14530.exe
        11⤵
        
        PID:8468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60995.exe
        12⤵
        
        PID:11248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44284.exe
        13⤵
        
        PID:7544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11248 -s 220
        13⤵
        
        PID:7984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8468 -s 216
        12⤵
        
        PID:11284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6616 -s 216
        11⤵
        
        PID:10132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5028 -s 216
        10⤵
        
        PID:7992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3888 -s 236
        9⤵
        
        PID:5844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2120 -s 240
        8⤵
        
        PID:3996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22525.exe
        7⤵
        
        PID:1676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32534.exe
        8⤵
        
        PID:3648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63416.exe
        9⤵
        
        PID:4820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58907.exe
        10⤵
        
        PID:6652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23768.exe
        11⤵
        
        PID:8508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10834.exe
        12⤵
        
        PID:11292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44284.exe
        13⤵
        
        PID:7540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11292 -s 220
        13⤵
        
        PID:8976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8508 -s 216
        12⤵
        
        PID:11756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6652 -s 216
        11⤵
        
        PID:10124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4820 -s 216
        10⤵
        
        PID:8016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3648 -s 216
        9⤵
        
        PID:5896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1676 -s 236
        8⤵
        
        PID:4524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2520 -s 240
        7⤵
        Program crash
        
        PID:1940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15431.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35458.exe
        7⤵
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56540.exe
        8⤵
        
        PID:3900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46556.exe
        9⤵
        
        PID:5880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10033.exe
        10⤵
        
        PID:6316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26223.exe
        11⤵
        
        PID:9368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10284.exe
        12⤵
        
        PID:12212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9368 -s 216
        12⤵
        
        PID:12888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6316 -s 216
        11⤵
        
        PID:10540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5880 -s 216
        10⤵
        
        PID:8596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3900 -s 216
        9⤵
        
        PID:7048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2832 -s 216
        8⤵
        
        PID:5240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2260 -s 236
        7⤵
        Program crash
        
        PID:4004
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 956 -s 240
        6⤵
        Program crash
        
        PID:2664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18726.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61337.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16434.exe
        7⤵
        
        PID:2440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-546.exe
        8⤵
        
        PID:3508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3508 -s 220
        9⤵
        
        PID:4356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2440 -s 236
        8⤵
        
        PID:4552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53317.exe
        7⤵
        
        PID:3572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5855.exe
        8⤵
        
        PID:4644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10941.exe
        9⤵
        
        PID:6804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23275.exe
        10⤵
        
        PID:8672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8672 -s 188
        11⤵
        
        PID:8732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6804 -s 216
        10⤵
        
        PID:10200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4644 -s 216
        9⤵
        
        PID:8156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3572 -s 236
        8⤵
        
        PID:5784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 892 -s 240
        7⤵
        
        PID:4388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63174.exe
        6⤵
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24558.exe
        7⤵
        
        PID:3844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47080.exe
        8⤵
        
        PID:4180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43614.exe
        9⤵
        
        PID:6844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14172.exe
        10⤵
        
        PID:8816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12292.exe
        11⤵
        
        PID:11088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10023.exe
        12⤵
        
        PID:2888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11088 -s 216
        12⤵
        
        PID:7172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8816 -s 236
        11⤵
        
        PID:11364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6844 -s 216
        10⤵
        
        PID:9920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4180 -s 216
        9⤵
        
        PID:8172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3844 -s 216
        8⤵
        
        PID:5940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2152 -s 236
        7⤵
        
        PID:4608
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2972 -s 240
        6⤵
        Program crash
        
        PID:2572
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1932 -s 240
        5⤵
        Program crash
        
        PID:2036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44222.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44222.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38784.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35489.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2785.exe
        7⤵
        
        PID:1496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51449.exe
        8⤵
        
        PID:3860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9996.exe
        9⤵
        
        PID:5264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9265.exe
        10⤵
        
        PID:7172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45119.exe
        10⤵
        
        PID:7444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23634.exe
        11⤵
        
        PID:10620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23513.exe
        12⤵
        
        PID:12512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10620 -s 236
        12⤵
        
        PID:13220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7444 -s 216
        11⤵
        
        PID:10692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5264 -s 220
        10⤵
        
        PID:9176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3860 -s 216
        9⤵
        
        PID:6636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1496 -s 216
        8⤵
        
        PID:4132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23991.exe
        7⤵
        
        PID:3284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5440.exe
        8⤵
        
        PID:5480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15815.exe
        9⤵
        
        PID:7148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46020.exe
        10⤵
        
        PID:9300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11462.exe
        11⤵
        
        PID:12104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36563.exe
        12⤵
        
        PID:9832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9300 -s 236
        11⤵
        
        PID:12796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7148 -s 216
        10⤵
        
        PID:10460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5480 -s 216
        9⤵
        
        PID:8280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3284 -s 216
        8⤵
        
        PID:6724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2592 -s 240
        7⤵
        
        PID:4332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14440.exe
        6⤵
        
        PID:2436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26478.exe
        7⤵
        
        PID:4032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64376.exe
        8⤵
        
        PID:4320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1813.exe
        9⤵
        
        PID:7020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6170.exe
        10⤵
        
        PID:9196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19470.exe
        11⤵
        
        PID:11588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48389.exe
        12⤵
        
        PID:8048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11588 -s 216
        12⤵
        
        PID:9696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9196 -s 216
        11⤵
        
        PID:12408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7020 -s 216
        10⤵
        
        PID:9744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4320 -s 216
        9⤵
        
        PID:7460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4032 -s 236
        8⤵
        
        PID:6304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2436 -s 216
        7⤵
        
        PID:4708
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1508 -s 240
        6⤵
        Program crash
        
        PID:3108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56848.exe
        5⤵
        Executes dropped EXE
        
        PID:2640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21329.exe
        6⤵
        
        PID:3348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39213.exe
        7⤵
        
        PID:4884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50163.exe
        8⤵
        
        PID:6440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43965.exe
        9⤵
        
        PID:8520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12759.exe
        10⤵
        
        PID:10708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57574.exe
        11⤵
        
        PID:13176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10708 -s 216
        11⤵
        
        PID:2168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8520 -s 216
        10⤵
        
        PID:11584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6440 -s 216
        9⤵
        
        PID:9648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4884 -s 216
        8⤵
        
        PID:7864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3348 -s 236
        7⤵
        
        PID:5688
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2640 -s 216
        6⤵
        
        PID:3820
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2112 -s 240
        5⤵
        Program crash
        
        PID:1968
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2788 -s 240
      4⤵
      Program crash
      PID:2028
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2616 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2388
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2248 -s 240
  2⤵
  - Program crash
  PID:2600

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-14983.exe

Filesize
184KB

MD5
14c8c6ac91440e90f9a2bf28cac510c8

SHA1
b97b3798e4aa49545aa1e5e9bd937f6297821568

SHA256
5edb95972bd7d95d83e51299231c0c47687276c118c4508237df9100c0993fff

SHA512
f17984df580edfa5410952ce8e0519e0d8278cf0181d23e6a67d45d579207a3a8951e927a0b641d8d2cbf4b1dc30e7433bd8e6b247cc6bc0334a696e7c6f7c55

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21656.exe

Filesize
184KB

MD5
2368d716c828a548cfa4fe4d0c6f38c3

SHA1
8c9d47304cb88fa562372c000bdf65a098ba803b

SHA256
c24d5dca150c8fa8a18bd56bd249d26db93c2a6fd4b37a3b340d9cd47e6188be

SHA512
9efde299a7a9f8abd1e4e36bd8ed05b9d243552a313c0107ec481b1dc6971caddead3ab8e11914011610547ca9211abf3a9227928c2f2bfd6ba8f4b3c6e5ec2c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22920.exe

Filesize
184KB

MD5
4e677255380be394b0138cbdf26a83ce

SHA1
b5cf8f0e5da7f74553ed993422b86b6e2511c0aa

SHA256
9fdfb031fc8531394a06e2329b0f4d5a2144f5235ce3b82c4a5ac2a422612fde

SHA512
4476bec55330abceab72c7d5d966af8eabfce969912de21f720be759f7453d253df86bf84044194e099fba9abfcc33b09563426b8a3e6830277fa5dc404abd96

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32489.exe

Filesize
184KB

MD5
cbdc0cbb78c07e54f27945e7e9eebf55

SHA1
7d9446905edda77f8275a4ad8c664f54e1309b25

SHA256
1b2c7912ccb1360e074727aaeb7d996304fce3b0cecfefe5a0eef0018b04fa3b

SHA512
43422bb9fce23de2ac53511f18b54d2aac50aefaf1c6f456be6b8f71ef7449aa922e66e8dc3f6638b257d59f245cd82cdbf2a490edc642fc72436dca6dcae628

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3360.exe

Filesize
184KB

MD5
8a30f99d726ea5d2a301198802eea8d8

SHA1
ed34b5e080ae13102d5977fc374943ef22191bec

SHA256
9622eec5ce69621d02aa84a5aba448a4207251df554cdfb7f9ffdf055da0558d

SHA512
9e51e8ee346cbe5aeb50f63b4b6e698c13bfd7a6946ab7d09e632c8996966cbd186af59f49582e6410bd84ec2454acd83cec40406a27f41674794c0428de01e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40511.exe

Filesize
184KB

MD5
5b840456c449a6fabafdae304698b911

SHA1
03a7dd10313d98daca69c7c68d1a397e171f40fa

SHA256
d81aca00baa92578594c4962a3f28e8fffd08aeac7af38f7934c01ac8b0e8e7b

SHA512
cea4806b9831a1c27dcab284a51f55310b8df8738addf1801e4740875dada936fc7bc774bb515408b4f6296c7d79f25fd92cdf65bc9a7e188db7ee5b5029022e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5440.exe

Filesize
184KB

MD5
80d98e675eff0804ec5fb70779dc55f9

SHA1
803776292f9addbfc35b04e5a33b59c689f04c1a

SHA256
bec35124d49ad00fe7b097904ae147876b6cca893e2b648df218b733b9705dd0

SHA512
42fbbfdc6796399c370080d85789e7b3f2a40557e378a58482940b4a0de4bfd6f7c374f316e29d2ee6e86f33fbdac377b910a1cdc319ae75e2c92a4e29bdf071

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6303.exe

Filesize
184KB

MD5
eb26cc3a5ba10666aa4f23ef6b5251e5

SHA1
a94f292433e0988b6eaf384ef3e127e74502fe8e

SHA256
c279fe08ff2254983e49957ddf7bb4ca700b15ff83e29e5bf65da03b85fb3f98

SHA512
db7a7ef34fa9447970d43f9d733ec45d3f4d0132fe78d01aec2327f628be5cc97c5c4dfe5c43861adf74d8be4b1ed2d3208628db148f0e93c8f259d3772a7795

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9130.exe

Filesize
184KB

MD5
2c3e364061beef78980d376e02a8f31d

SHA1
75b0282f7a6afb5bbaff86ac0ec995b08b928cb2

SHA256
b80b75a7bb5200bdf99c925ecd87587fa7e4462cdbcb4b893efa27ee6b0f6a85

SHA512
081c86c59f6df76036a933ec20d36c5ef00991af3089a0e65f9945e11f81f58fb1816e017f41bd6a1e1560cd76f7d28ee676300e3c484a837e2b2fa57687b43b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-13178.exe

Filesize
184KB

MD5
f998f802436ea2c5732bfdc1c55e5899

SHA1
7a2e5a1d19bb42aa29179f4c5f4d20bfe48e140c

SHA256
8f02f382e554d03b17793a180fc4e60750774661630986c16ceda7e59a0148e1

SHA512
8263cc5538eb4ac42eac5764395e2c8c66103ca97a834a5a524eab0f76dfed520b639da308ac92421c4e53bdd08c64eb1f178bd662b9584abd8a97a661c63cd3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-14751.exe

Filesize
184KB

MD5
65bb0dc4735aab4d255addd78c440eb8

SHA1
1d251c11e3793b521160150776e48174abe78aee

SHA256
96b4e28741dde4e003d74bf111b08eae8ce5eeee4a33dbfaff75ed7c743f9047

SHA512
ce764fc12826f630fc96b6dfcaf2f6846e60e0fe13bd56db2f7e1e01c0a75c049fa8dd55ce97245b6116907cd0f78516e34d0860acd554eafce1e0482c620dcb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-15826.exe

Filesize
184KB

MD5
5566200ff7a5a2aa61eace8be134d1c6

SHA1
0f588b8a3beb8ed0cbb2ed5b1e41d8eb6aee57ec

SHA256
ab3283d673fea8e5ad93d3a39d9a4e78320549cd7372808632312da857ef3386

SHA512
930901886c44648c1d3606f031265cd0ec56d3a9faf4d014c7e308545f4d0157271f6d7c30616ca0db8d6b1c2f5f0a87a91c679d71c15dc029057c9c0beeff3c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-34849.exe

Filesize
184KB

MD5
48ac7e4fda56f59b07b3294bbdf95630

SHA1
365ce3489e912342323d3576a793a1595038cec0

SHA256
155c3b968d5c32d8209ec50b7244f1a126dfea126f2e4b4d83bd4e9abf7ad7c0

SHA512
d4c1de2b2d386d77ecb4f198c3d5d4c984f1872a83740c072feff35f0f61b47b6b7e119492ffcce2bed494c008afd4611f2bf2af64db0ac83b62b51fda3ba631

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-38872.exe

Filesize
184KB

MD5
184eb257ea96a1d5d00328a5c645c4d2

SHA1
4bec1e3274c2ab9be6ebc5b3a96259bc61e7fee6

SHA256
77368b09b9e930a2812513f8f31552c571d9301ce61de8843c90a6835be56ec8

SHA512
a777fc80133a7a3da0695840005332fc20082467b7452cff86e57e9f7cf7e793fe73bff2a7527233cde05c57e86f61537aeb47fbef860f338ab4b4d6574e8ece

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49032.exe

Filesize
184KB

MD5
52c3a576a6bba35edd5d0ebc50b1dd9a

SHA1
506bf3ec41c1fb0c5ea90b94634cc8dfee089181

SHA256
f314cbfaf6304e8d6cd06bb0d0fdfeef8f1607c5b0e61b0a1baf8a8ec10bda40

SHA512
1740f9f411ade51716f4d4ec6e4817951ce7c6d449b6463c06933e421ca400e8bf2a2eb82a08860c07c4db5e073ac6aac366e283b780dcffb086f0225e14ba03

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-56858.exe

Filesize
184KB

MD5
8d9ee54720628053877647ca2bccf2c7

SHA1
3a3874f89fc6cb2e27ae4bd1a12bce282b0ce0eb

SHA256
29d156d8a1bc9ce45e001ebe6a0fd1532237c85a4ce106b0fd5fc97d284faca4

SHA512
02c14ddf46a4eb474a1c4d86685a2221541a692e6227445a1bc441077f37295aa62ff6e03e73afa5d0106f4978801547eb564a3c2c6435a20e3109e90c5a0d86

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60231.exe

Filesize
184KB

MD5
e8dc763b2877d9a3e11c8253d501339b

SHA1
8000312ea01be33b0d4d94c7e7df9af4a407be32

SHA256
2b31d5d4892344d56fd10e7ae205cab9b0a05f347ccb146e12eb1566571b13a6

SHA512
3d1de4b59feb0df06ab64f2d08703f6459adc4b84e5cf6559612820e7b9632980ebc4cf0792d54ed2b035bc5ebc6faea98ca7d32061c4615746b63732bf3ad7d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-61497.exe

Filesize
184KB

MD5
50c843cb7e5978da39b38e20dfc936e1

SHA1
0220970c1b935f271a03e7ec39608f6b0c43e2f8

SHA256
0efbb1a52c3c56d2ea20f123114888caeabeb55f3079a95423fc1beb1e2162df

SHA512
d9d5428c42466cc8377cf3e5aa2fdb2209a7fc9dabd12f80b9483c2b4be133e3cf0f7d41c381709e7d12664b2cedc2dd025868e307925e7c3fdb69a4f9d76be8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-61824.exe

Filesize
184KB

MD5
0ca15c6b18ecde9eab68ad87968481ae

SHA1
2c81d93676fd495173a41a26461e933ddff094db

SHA256
8933a682a5025631485a5e72012073c2d7952cb2b06d33b07c560b0ae080b961

SHA512
d09b7df6f636c01ab357e407c2f3a83d98181e4746fa4c52cd82680f738ddcdccbda1fc3a1d27705aa8aa9dc1807ee80338b39f3efcd286f3706b334bba44580

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-65161.exe

Filesize
184KB

MD5
67d6cba0bcf7b550a39710cef5bfe307

SHA1
6842b567e1473f88c4701a0a9a7a1cd1080a76a6

SHA256
3989c8464ee67cf1d5f9612460d68ded2207734d849c1c2ce7e9bfbd32f85dec

SHA512
5662a381a5b4281e50d660f09cfb13098cd93d203ddf902b1ea8bfb8d3acf1adea88fbd2e88d685cbfd1e1890d32184998b1822cad91227732b5e17d59a400cd

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads