b84d1715b906fe9c0cbe9b3090a25c5bec66c3c4db13dea4e8c4647ea0588b0d

Analysis

max time kernel
150s
max time network
121s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
29/05/2024, 22:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

58ad1dfbb1326a17823120084a1d9bf0_NeikiAnalytics.exe
Size

184KB
MD5

58ad1dfbb1326a17823120084a1d9bf0
SHA1

3b542a4be585f28fa7c658f2934a2262d3993702
SHA256

b84d1715b906fe9c0cbe9b3090a25c5bec66c3c4db13dea4e8c4647ea0588b0d
SHA512

2ec039c64eb622d9d173d5a01b83ea187936cf6fc17499c1319131b83ec28e145fb5cd8c81192a5e36f0e89a40d0458a22efdf0004bfb7370c0a7cdcea8b1f02
SSDEEP

3072:NhWcn1oTEORTjHXHMKLLFUVOhlnViF+n3:Nh7oHHHXTLSVOhlnViF+

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2248	Unicorn-37890.exe
1320	Unicorn-9384.exe
2688	Unicorn-55056.exe
2636	Unicorn-42332.exe
2508	Unicorn-11605.exe
2496	Unicorn-22466.exe
2824	Unicorn-41310.exe
956	Unicorn-17360.exe
1768	Unicorn-17360.exe
1716	Unicorn-37226.exe
1696	Unicorn-37226.exe
2844	Unicorn-9296.exe
1468	Unicorn-54968.exe
2052	Unicorn-19603.exe
1220	Unicorn-50329.exe
604	Unicorn-11242.exe
268	Unicorn-22103.exe
556	Unicorn-7158.exe
1660	Unicorn-48746.exe
2444	Unicorn-11517.exe
2160	Unicorn-22378.exe
1096	Unicorn-42244.exe
1828	Unicorn-21632.exe
1836	Unicorn-52358.exe
1428	Unicorn-32492.exe
296	Unicorn-28408.exe
2424	Unicorn-1211.exe
1232	Unicorn-11880.exe
3040	Unicorn-27662.exe
1280	Unicorn-7796.exe
2336	Unicorn-58388.exe
2620	Unicorn-57594.exe
2628	Unicorn-2918.exe
2680	Unicorn-22784.exe
2756	Unicorn-53510.exe
2488	Unicorn-64371.exe
2544	Unicorn-2363.exe
2984	Unicorn-32898.exe
948	Unicorn-43758.exe
1900	Unicorn-8948.exe
1656	Unicorn-47288.exe
708	Unicorn-30760.exe
1604	Unicorn-41620.exe
2700	Unicorn-57402.exe
1544	Unicorn-22592.exe
1224	Unicorn-18508.exe
2804	Unicorn-49234.exe
2016	Unicorn-64179.exe
2952	Unicorn-29368.exe
1212	Unicorn-61761.exe
3024	Unicorn-33727.exe
2296	Unicorn-59623.exe
3008	Unicorn-47947.exe
1472	Unicorn-15829.exe
3020	Unicorn-27527.exe
2260	Unicorn-65030.exe
1584	Unicorn-49893.exe
2732	Unicorn-6914.exe
2724	Unicorn-48502.exe
2572	Unicorn-29473.exe
2976	Unicorn-36249.exe
2768	Unicorn-52031.exe
1592	Unicorn-43671.exe
940	Unicorn-19721.exe

Loads dropped DLL 64 IoCs

pid	Process
2244	58ad1dfbb1326a17823120084a1d9bf0_NeikiAnalytics.exe
2244	58ad1dfbb1326a17823120084a1d9bf0_NeikiAnalytics.exe
2248	Unicorn-37890.exe
2248	Unicorn-37890.exe
2244	58ad1dfbb1326a17823120084a1d9bf0_NeikiAnalytics.exe
2244	58ad1dfbb1326a17823120084a1d9bf0_NeikiAnalytics.exe
1320	Unicorn-9384.exe
2248	Unicorn-37890.exe
2688	Unicorn-55056.exe
1320	Unicorn-9384.exe
2248	Unicorn-37890.exe
2688	Unicorn-55056.exe
2180	WerFault.exe
2180	WerFault.exe
2180	WerFault.exe
2180	WerFault.exe
2180	WerFault.exe
2508	Unicorn-11605.exe
2508	Unicorn-11605.exe
2688	Unicorn-55056.exe
2688	Unicorn-55056.exe
1320	Unicorn-9384.exe
1320	Unicorn-9384.exe
2496	Unicorn-22466.exe
2636	Unicorn-42332.exe
2636	Unicorn-42332.exe
2496	Unicorn-22466.exe
2840	WerFault.exe
2840	WerFault.exe
2840	WerFault.exe
2840	WerFault.exe
2808	WerFault.exe
2808	WerFault.exe
2808	WerFault.exe
2808	WerFault.exe
2808	WerFault.exe
2840	WerFault.exe
2508	Unicorn-11605.exe
2824	Unicorn-41310.exe
2508	Unicorn-11605.exe
2824	Unicorn-41310.exe
1768	Unicorn-17360.exe
1768	Unicorn-17360.exe
956	Unicorn-17360.exe
956	Unicorn-17360.exe
1696	Unicorn-37226.exe
1696	Unicorn-37226.exe
2636	Unicorn-42332.exe
2636	Unicorn-42332.exe
1716	Unicorn-37226.exe
1716	Unicorn-37226.exe
2496	Unicorn-22466.exe
2496	Unicorn-22466.exe
2028	WerFault.exe
1992	WerFault.exe
2028	WerFault.exe
1992	WerFault.exe
2028	WerFault.exe
1992	WerFault.exe
2028	WerFault.exe
1992	WerFault.exe
1992	WerFault.exe
1596	WerFault.exe
1596	WerFault.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2148	2244	WerFault.exe	27
2180	2248	WerFault.exe	28
2840	1320	WerFault.exe	29
2808	2688	WerFault.exe	30
1992	2508	WerFault.exe	32
2028	2636	WerFault.exe	34
1596	2496	WerFault.exe	33
596	556	WerFault.exe	49
1616	2824	WerFault.exe	36
2408	1768	WerFault.exe	37
2000	956	WerFault.exe	38
820	1696	WerFault.exe	40
2280	1716	WerFault.exe	39
1244	1468	WerFault.exe	43
1020	2844	WerFault.exe	44
560	2052	WerFault.exe	45
648	1220	WerFault.exe	46
1140	604	WerFault.exe	47
1528	1660	WerFault.exe	50
1480	268	WerFault.exe	48
772	2444	WerFault.exe	54
2340	1096	WerFault.exe	55
2252	1428	WerFault.exe	59
2720	1836	WerFault.exe	58
2760	296	WerFault.exe	60
2660	3040	WerFault.exe	65
1236	1280	WerFault.exe	64
856	1828	WerFault.exe	57
1668	2336	WerFault.exe	66
2540	1232	WerFault.exe	62
2008	912	WerFault.exe	142
2344	2620	WerFault.exe	72
1444	2680	WerFault.exe	74
2912	2488	WerFault.exe	76
3092	2756	WerFault.exe	75
3124	2628	WerFault.exe	73
3148	2984	WerFault.exe	78
3168	2544	WerFault.exe	77
3200	2700	WerFault.exe	84
3216	1224	WerFault.exe	87
3232	2952	WerFault.exe	88
3248	708	WerFault.exe	82
3292	2804	WerFault.exe	89
3468	2920	WerFault.exe	139
3756	1900	WerFault.exe	80
3320	1544	WerFault.exe	85
3508	3008	WerFault.exe	100
3536	1656	WerFault.exe	81
4024	948	WerFault.exe	79
4048	2572	WerFault.exe	107
4056	2976	WerFault.exe	108
4076	2016	WerFault.exe	86
3484	2768	WerFault.exe	109
3660	676	WerFault.exe	121
3728	1592	WerFault.exe	110
3820	852	WerFault.exe	114
3824	1604	WerFault.exe	83
3872	940	WerFault.exe	111
3608	2796	WerFault.exe	116
4080	2860	WerFault.exe	118
3268	1112	WerFault.exe	123
3564	1980	WerFault.exe	113
3132	2812	WerFault.exe	132
4088	2504	WerFault.exe	130

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2244	58ad1dfbb1326a17823120084a1d9bf0_NeikiAnalytics.exe
2248	Unicorn-37890.exe
1320	Unicorn-9384.exe
2688	Unicorn-55056.exe
2636	Unicorn-42332.exe
2508	Unicorn-11605.exe
2496	Unicorn-22466.exe
2824	Unicorn-41310.exe
956	Unicorn-17360.exe
1768	Unicorn-17360.exe
1696	Unicorn-37226.exe
1716	Unicorn-37226.exe
2844	Unicorn-9296.exe
1468	Unicorn-54968.exe
2052	Unicorn-19603.exe
1220	Unicorn-50329.exe
604	Unicorn-11242.exe
556	Unicorn-7158.exe
268	Unicorn-22103.exe
1660	Unicorn-48746.exe
2444	Unicorn-11517.exe
2160	Unicorn-22378.exe
1096	Unicorn-42244.exe
1836	Unicorn-52358.exe
1428	Unicorn-32492.exe
1828	Unicorn-21632.exe
296	Unicorn-28408.exe
3040	Unicorn-27662.exe
1232	Unicorn-11880.exe
1280	Unicorn-7796.exe
2336	Unicorn-58388.exe
2620	Unicorn-57594.exe
2628	Unicorn-2918.exe
2756	Unicorn-53510.exe
2680	Unicorn-22784.exe
2488	Unicorn-64371.exe
2544	Unicorn-2363.exe
2984	Unicorn-32898.exe
948	Unicorn-43758.exe
1900	Unicorn-8948.exe
1656	Unicorn-47288.exe
2016	Unicorn-64179.exe
2700	Unicorn-57402.exe
708	Unicorn-30760.exe
1224	Unicorn-18508.exe
1604	Unicorn-41620.exe
2804	Unicorn-49234.exe
1544	Unicorn-22592.exe
2952	Unicorn-29368.exe
1212	Unicorn-61761.exe
3024	Unicorn-33727.exe
2296	Unicorn-59623.exe
3008	Unicorn-47947.exe
1472	Unicorn-15829.exe
3020	Unicorn-27527.exe
2260	Unicorn-65030.exe
1584	Unicorn-49893.exe
2732	Unicorn-6914.exe
2724	Unicorn-48502.exe
2572	Unicorn-29473.exe
2976	Unicorn-36249.exe
2768	Unicorn-52031.exe
1592	Unicorn-43671.exe
940	Unicorn-19721.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2244 wrote to memory of 2248	2244	58ad1dfbb1326a17823120084a1d9bf0_NeikiAnalytics.exe	28
PID 2244 wrote to memory of 2248	2244	58ad1dfbb1326a17823120084a1d9bf0_NeikiAnalytics.exe	28
PID 2244 wrote to memory of 2248	2244	58ad1dfbb1326a17823120084a1d9bf0_NeikiAnalytics.exe	28
PID 2244 wrote to memory of 2248	2244	58ad1dfbb1326a17823120084a1d9bf0_NeikiAnalytics.exe	28
PID 2248 wrote to memory of 1320	2248	Unicorn-37890.exe	29
PID 2248 wrote to memory of 1320	2248	Unicorn-37890.exe	29
PID 2248 wrote to memory of 1320	2248	Unicorn-37890.exe	29
PID 2248 wrote to memory of 1320	2248	Unicorn-37890.exe	29
PID 2244 wrote to memory of 2688	2244	58ad1dfbb1326a17823120084a1d9bf0_NeikiAnalytics.exe	30
PID 2244 wrote to memory of 2688	2244	58ad1dfbb1326a17823120084a1d9bf0_NeikiAnalytics.exe	30
PID 2244 wrote to memory of 2688	2244	58ad1dfbb1326a17823120084a1d9bf0_NeikiAnalytics.exe	30
PID 2244 wrote to memory of 2688	2244	58ad1dfbb1326a17823120084a1d9bf0_NeikiAnalytics.exe	30
PID 2244 wrote to memory of 2148	2244	58ad1dfbb1326a17823120084a1d9bf0_NeikiAnalytics.exe	31
PID 2244 wrote to memory of 2148	2244	58ad1dfbb1326a17823120084a1d9bf0_NeikiAnalytics.exe	31
PID 2244 wrote to memory of 2148	2244	58ad1dfbb1326a17823120084a1d9bf0_NeikiAnalytics.exe	31
PID 2244 wrote to memory of 2148	2244	58ad1dfbb1326a17823120084a1d9bf0_NeikiAnalytics.exe	31
PID 1320 wrote to memory of 2508	1320	Unicorn-9384.exe	32
PID 1320 wrote to memory of 2508	1320	Unicorn-9384.exe	32
PID 1320 wrote to memory of 2508	1320	Unicorn-9384.exe	32
PID 1320 wrote to memory of 2508	1320	Unicorn-9384.exe	32
PID 2248 wrote to memory of 2496	2248	Unicorn-37890.exe	33
PID 2248 wrote to memory of 2496	2248	Unicorn-37890.exe	33
PID 2248 wrote to memory of 2496	2248	Unicorn-37890.exe	33
PID 2248 wrote to memory of 2496	2248	Unicorn-37890.exe	33
PID 2688 wrote to memory of 2636	2688	Unicorn-55056.exe	34
PID 2688 wrote to memory of 2636	2688	Unicorn-55056.exe	34
PID 2688 wrote to memory of 2636	2688	Unicorn-55056.exe	34
PID 2688 wrote to memory of 2636	2688	Unicorn-55056.exe	34
PID 2248 wrote to memory of 2180	2248	Unicorn-37890.exe	35
PID 2248 wrote to memory of 2180	2248	Unicorn-37890.exe	35
PID 2248 wrote to memory of 2180	2248	Unicorn-37890.exe	35
PID 2248 wrote to memory of 2180	2248	Unicorn-37890.exe	35
PID 2508 wrote to memory of 2824	2508	Unicorn-11605.exe	36
PID 2508 wrote to memory of 2824	2508	Unicorn-11605.exe	36
PID 2508 wrote to memory of 2824	2508	Unicorn-11605.exe	36
PID 2508 wrote to memory of 2824	2508	Unicorn-11605.exe	36
PID 2688 wrote to memory of 1768	2688	Unicorn-55056.exe	37
PID 2688 wrote to memory of 1768	2688	Unicorn-55056.exe	37
PID 2688 wrote to memory of 1768	2688	Unicorn-55056.exe	37
PID 2688 wrote to memory of 1768	2688	Unicorn-55056.exe	37
PID 1320 wrote to memory of 956	1320	Unicorn-9384.exe	38
PID 1320 wrote to memory of 956	1320	Unicorn-9384.exe	38
PID 1320 wrote to memory of 956	1320	Unicorn-9384.exe	38
PID 1320 wrote to memory of 956	1320	Unicorn-9384.exe	38
PID 2636 wrote to memory of 1696	2636	Unicorn-42332.exe	40
PID 2636 wrote to memory of 1696	2636	Unicorn-42332.exe	40
PID 2636 wrote to memory of 1696	2636	Unicorn-42332.exe	40
PID 2496 wrote to memory of 1716	2496	Unicorn-22466.exe	39
PID 2636 wrote to memory of 1696	2636	Unicorn-42332.exe	40
PID 2496 wrote to memory of 1716	2496	Unicorn-22466.exe	39
PID 2496 wrote to memory of 1716	2496	Unicorn-22466.exe	39
PID 2496 wrote to memory of 1716	2496	Unicorn-22466.exe	39
PID 1320 wrote to memory of 2840	1320	Unicorn-9384.exe	41
PID 1320 wrote to memory of 2840	1320	Unicorn-9384.exe	41
PID 1320 wrote to memory of 2840	1320	Unicorn-9384.exe	41
PID 1320 wrote to memory of 2840	1320	Unicorn-9384.exe	41
PID 2688 wrote to memory of 2808	2688	Unicorn-55056.exe	42
PID 2688 wrote to memory of 2808	2688	Unicorn-55056.exe	42
PID 2688 wrote to memory of 2808	2688	Unicorn-55056.exe	42
PID 2688 wrote to memory of 2808	2688	Unicorn-55056.exe	42
PID 2824 wrote to memory of 2844	2824	Unicorn-41310.exe	44
PID 2824 wrote to memory of 2844	2824	Unicorn-41310.exe	44
PID 2824 wrote to memory of 2844	2824	Unicorn-41310.exe	44
PID 2824 wrote to memory of 2844	2824	Unicorn-41310.exe	44

C:\Users\Admin\AppData\Local\Temp\58ad1dfbb1326a17823120084a1d9bf0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\58ad1dfbb1326a17823120084a1d9bf0_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2244
- C:\Users\Admin\AppData\Local\Temp\Unicorn-37890.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-37890.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2248
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9384.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9384.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11605.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11605.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41310.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9296.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11517.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57594.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61761.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25052.exe
        10⤵
        
        PID:2504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53038.exe
        11⤵
        
        PID:3260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38212.exe
        12⤵
        
        PID:4688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57400.exe
        13⤵
        
        PID:6988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49367.exe
        14⤵
        
        PID:8512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44536.exe
        15⤵
        
        PID:936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8512 -s 236
        15⤵
        
        PID:11564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6988 -s 216
        14⤵
        
        PID:9248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4688 -s 236
        13⤵
        
        PID:7536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3260 -s 216
        12⤵
        
        PID:5764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2504 -s 236
        11⤵
        Program crash
        
        PID:4088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59815.exe
        10⤵
        
        PID:3312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55124.exe
        11⤵
        
        PID:4796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43586.exe
        12⤵
        
        PID:7048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16503.exe
        13⤵
        
        PID:8632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10898.exe
        14⤵
        
        PID:11616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8632 -s 236
        14⤵
        
        PID:11668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7048 -s 236
        13⤵
        
        PID:9476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4796 -s 236
        12⤵
        
        PID:7632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3312 -s 236
        11⤵
        
        PID:5936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1212 -s 240
        10⤵
        
        PID:4112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18315.exe
        9⤵
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36318.exe
        10⤵
        
        PID:1580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-796.exe
        11⤵
        
        PID:3976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21596.exe
        12⤵
        
        PID:5480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59870.exe
        13⤵
        
        PID:7956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63036.exe
        14⤵
        
        PID:11140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7956 -s 236
        14⤵
        
        PID:6832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5480 -s 216
        13⤵
        
        PID:8248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3976 -s 216
        12⤵
        
        PID:6980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1580 -s 236
        11⤵
        
        PID:5648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2812 -s 236
        10⤵
        Program crash
        
        PID:3132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2620 -s 240
        9⤵
        Program crash
        
        PID:2344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33727.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64823.exe
        9⤵
        
        PID:808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32618.exe
        10⤵
        
        PID:3372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25768.exe
        11⤵
        
        PID:4724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12475.exe
        12⤵
        
        PID:6960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27193.exe
        13⤵
        
        PID:8548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5060.exe
        14⤵
        
        PID:11760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8548 -s 216
        14⤵
        
        PID:7516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6960 -s 216
        13⤵
        
        PID:9704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4724 -s 216
        12⤵
        
        PID:7464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3372 -s 216
        11⤵
        
        PID:5820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 808 -s 236
        10⤵
        
        PID:3308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5160.exe
        9⤵
        
        PID:3412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59208.exe
        10⤵
        
        PID:4768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20452.exe
        11⤵
        
        PID:7020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4442.exe
        12⤵
        
        PID:9160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5060.exe
        13⤵
        
        PID:11752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9160 -s 216
        13⤵
        
        PID:11712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7020 -s 216
        12⤵
        
        PID:9904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4768 -s 216
        11⤵
        
        PID:7612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3412 -s 216
        10⤵
        
        PID:5836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3024 -s 240
        9⤵
        
        PID:4100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2444 -s 240
        8⤵
        Program crash
        
        PID:772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2918.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49893.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39826.exe
        9⤵
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24341.exe
        10⤵
        
        PID:3776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5238.exe
        11⤵
        
        PID:5876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22455.exe
        12⤵
        
        PID:8156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41007.exe
        13⤵
        
        PID:1516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21013.exe
        14⤵
        
        PID:11656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8156 -s 216
        13⤵
        
        PID:9524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5876 -s 216
        12⤵
        
        PID:8884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3776 -s 236
        11⤵
        
        PID:7124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2476 -s 216
        10⤵
        
        PID:4236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57760.exe
        9⤵
        
        PID:3832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18799.exe
        10⤵
        
        PID:5064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54743.exe
        11⤵
        
        PID:7260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18745.exe
        12⤵
        
        PID:9412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11884.exe
        13⤵
        
        PID:11432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9412 -s 236
        13⤵
        
        PID:11496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7260 -s 216
        12⤵
        
        PID:10736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5064 -s 216
        11⤵
        
        PID:8348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3832 -s 216
        10⤵
        
        PID:6452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1584 -s 240
        9⤵
        
        PID:4212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46603.exe
        8⤵
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58575.exe
        9⤵
        
        PID:3680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38451.exe
        10⤵
        
        PID:4528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64582.exe
        11⤵
        
        PID:6460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45392.exe
        12⤵
        
        PID:9164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30146.exe
        13⤵
        
        PID:11184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9164 -s 216
        13⤵
        
        PID:11524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6460 -s 216
        12⤵
        
        PID:10104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4528 -s 216
        11⤵
        
        PID:7928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3680 -s 216
        10⤵
        
        PID:5460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2644 -s 236
        9⤵
        
        PID:4840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2628 -s 240
        8⤵
        Program crash
        
        PID:3124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2844 -s 240
        7⤵
        Program crash
        
        PID:1020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22378.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22784.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59623.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23490.exe
        9⤵
        
        PID:1324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35332.exe
        10⤵
        
        PID:3500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14091.exe
        11⤵
        
        PID:4904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45724.exe
        12⤵
        
        PID:7088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-358.exe
        13⤵
        
        PID:9188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21641.exe
        14⤵
        
        PID:10548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9188 -s 216
        14⤵
        
        PID:11928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7088 -s 236
        13⤵
        
        PID:9928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4904 -s 216
        12⤵
        
        PID:7676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3500 -s 216
        11⤵
        
        PID:6088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1324 -s 216
        10⤵
        
        PID:4440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56307.exe
        9⤵
        
        PID:3544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41082.exe
        10⤵
        
        PID:5068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60114.exe
        11⤵
        
        PID:6516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9185.exe
        12⤵
        
        PID:9740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49943.exe
        12⤵
        
        PID:9940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48750.exe
        13⤵
        
        PID:6900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9940 -s 216
        13⤵
        
        PID:12120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6516 -s 240
        12⤵
        
        PID:9832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5068 -s 216
        11⤵
        
        PID:8100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3544 -s 216
        10⤵
        
        PID:5476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2296 -s 240
        9⤵
        
        PID:4544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34350.exe
        8⤵
        
        PID:2920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2920 -s 240
        9⤵
        Program crash
        
        PID:3468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2680 -s 240
        8⤵
        Program crash
        
        PID:1444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15829.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64522.exe
        8⤵
        
        PID:912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 912 -s 200
        9⤵
        Program crash
        
        PID:2008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1472 -s 236
        8⤵
        
        PID:4472
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2824 -s 240
        6⤵
        Program crash
        
        PID:1616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54968.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42244.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53510.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27527.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56162.exe
        9⤵
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1206.exe
        10⤵
        
        PID:3632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5051.exe
        10⤵
        
        PID:3696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16744.exe
        11⤵
        
        PID:5920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48220.exe
        12⤵
        
        PID:8128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6056.exe
        13⤵
        
        PID:10504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32985.exe
        14⤵
        
        PID:11556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8128 -s 216
        13⤵
        
        PID:10460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5920 -s 216
        12⤵
        
        PID:8872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3696 -s 216
        11⤵
        
        PID:7140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2324 -s 220
        10⤵
        
        PID:5244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-391.exe
        9⤵
        
        PID:3804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15893.exe
        10⤵
        
        PID:4452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39585.exe
        11⤵
        
        PID:7064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10939.exe
        12⤵
        
        PID:9596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48283.exe
        13⤵
        
        PID:5560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9596 -s 236
        13⤵
        
        PID:11940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7064 -s 216
        12⤵
        
        PID:10160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4452 -s 216
        11⤵
        
        PID:8064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3804 -s 216
        10⤵
        
        PID:5872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3020 -s 240
        9⤵
        
        PID:4828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1486.exe
        8⤵
        
        PID:1064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12581.exe
        9⤵
        
        PID:3580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35929.exe
        10⤵
        
        PID:4120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29964.exe
        11⤵
        
        PID:7004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27577.exe
        12⤵
        
        PID:9316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43659.exe
        13⤵
        
        PID:10888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9316 -s 216
        13⤵
        
        PID:11804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7004 -s 216
        12⤵
        
        PID:10024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4120 -s 216
        11⤵
        
        PID:7360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3580 -s 236
        10⤵
        
        PID:5420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1064 -s 216
        9⤵
        
        PID:4584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2756 -s 240
        8⤵
        Program crash
        
        PID:3092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65030.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9099.exe
        8⤵
        
        PID:1996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12088.exe
        9⤵
        
        PID:3848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50895.exe
        10⤵
        
        PID:4708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45999.exe
        11⤵
        
        PID:7180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30373.exe
        12⤵
        
        PID:9772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24734.exe
        13⤵
        
        PID:6660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9772 -s 216
        13⤵
        
        PID:7796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7180 -s 216
        12⤵
        
        PID:10848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4708 -s 236
        11⤵
        
        PID:8224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3848 -s 216
        10⤵
        
        PID:6424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1996 -s 236
        9⤵
        
        PID:5056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45316.exe
        8⤵
        
        PID:3904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20553.exe
        9⤵
        
        PID:5176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40737.exe
        10⤵
        
        PID:7764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6056.exe
        11⤵
        
        PID:10532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36773.exe
        12⤵
        
        PID:11540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10532 -s 216
        12⤵
        
        PID:7300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7764 -s 216
        11⤵
        
        PID:10468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5176 -s 216
        10⤵
        
        PID:8708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3904 -s 216
        9⤵
        
        PID:6568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2260 -s 240
        8⤵
        
        PID:4872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1096 -s 240
        7⤵
        Program crash
        
        PID:2340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64371.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47947.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46048.exe
        8⤵
        
        PID:592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35332.exe
        9⤵
        
        PID:3492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32374.exe
        10⤵
        
        PID:5008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62252.exe
        11⤵
        
        PID:6364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42159.exe
        12⤵
        
        PID:9400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37977.exe
        13⤵
        
        PID:5792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9400 -s 236
        13⤵
        
        PID:12000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6364 -s 216
        12⤵
        
        PID:10088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5008 -s 216
        11⤵
        
        PID:8168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3492 -s 216
        10⤵
        
        PID:5372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 592 -s 236
        9⤵
        
        PID:4520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3008 -s 236
        8⤵
        Program crash
        
        PID:3508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56909.exe
        7⤵
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20065.exe
        8⤵
        
        PID:3208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45441.exe
        9⤵
        
        PID:4784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-882.exe
        10⤵
        
        PID:7224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-187.exe
        11⤵
        
        PID:9968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42668.exe
        12⤵
        
        PID:12164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9968 -s 216
        12⤵
        
        PID:7444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7224 -s 216
        11⤵
        
        PID:9948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4784 -s 216
        10⤵
        
        PID:8308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3208 -s 216
        9⤵
        
        PID:6468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2752 -s 236
        8⤵
        
        PID:4172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2488 -s 240
        7⤵
        Program crash
        
        PID:2912
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1468 -s 240
        6⤵
        Program crash
        
        PID:1244
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2508 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:1992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17360.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17360.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50329.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52358.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32898.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46603.exe
        8⤵
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1590.exe
        9⤵
        
        PID:4060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24253.exe
        10⤵
        
        PID:4392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1074.exe
        11⤵
        
        PID:6436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34650.exe
        12⤵
        
        PID:9824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10239.exe
        13⤵
        
        PID:6828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9824 -s 216
        13⤵
        
        PID:12276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6436 -s 216
        12⤵
        
        PID:9740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4392 -s 216
        11⤵
        
        PID:7236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4060 -s 216
        10⤵
        
        PID:6416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2640 -s 236
        9⤵
        
        PID:5036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2984 -s 216
        8⤵
        Program crash
        
        PID:3148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36249.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12991.exe
        8⤵
        
        PID:580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21025.exe
        9⤵
        
        PID:3588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56925.exe
        10⤵
        
        PID:4364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58552.exe
        11⤵
        
        PID:5556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11624.exe
        12⤵
        
        PID:9344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-784.exe
        13⤵
        
        PID:11864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9344 -s 216
        13⤵
        
        PID:7664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5556 -s 216
        12⤵
        
        PID:10036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4364 -s 216
        11⤵
        
        PID:7660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3588 -s 216
        10⤵
        
        PID:6000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 580 -s 216
        9⤵
        
        PID:4896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2976 -s 236
        8⤵
        Program crash
        
        PID:4056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1836 -s 240
        7⤵
        Program crash
        
        PID:2720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8948.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29473.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47802.exe
        8⤵
        
        PID:1908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55259.exe
        9⤵
        
        PID:3280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50978.exe
        10⤵
        
        PID:5748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14478.exe
        11⤵
        
        PID:8044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5677.exe
        12⤵
        
        PID:9884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59196.exe
        13⤵
        
        PID:12136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9884 -s 236
        13⤵
        
        PID:7468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8044 -s 236
        12⤵
        
        PID:9984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5748 -s 216
        11⤵
        
        PID:8804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3280 -s 236
        10⤵
        
        PID:6940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1908 -s 216
        9⤵
        
        PID:4480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2572 -s 216
        8⤵
        Program crash
        
        PID:4048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14314.exe
        7⤵
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50189.exe
        8⤵
        
        PID:3940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11289.exe
        9⤵
        
        PID:5424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-555.exe
        10⤵
        
        PID:7820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37463.exe
        11⤵
        
        PID:10984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7820 -s 236
        11⤵
        
        PID:10628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5424 -s 216
        10⤵
        
        PID:9192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3940 -s 216
        9⤵
        
        PID:6892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2032 -s 236
        8⤵
        
        PID:5628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1900 -s 240
        7⤵
        Program crash
        
        PID:3756
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1220 -s 240
        6⤵
        Program crash
        
        PID:648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28408.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47288.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43671.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40210.exe
        8⤵
        
        PID:2192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33552.exe
        9⤵
        
        PID:4152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33931.exe
        10⤵
        
        PID:5768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51977.exe
        11⤵
        
        PID:8164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26389.exe
        12⤵
        
        PID:11204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8164 -s 236
        12⤵
        
        PID:10956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5768 -s 216
        11⤵
        
        PID:8700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4152 -s 216
        10⤵
        
        PID:7292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2192 -s 236
        9⤵
        
        PID:6032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1592 -s 236
        8⤵
        Program crash
        
        PID:3728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16260.exe
        7⤵
        
        PID:784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8964.exe
        8⤵
        
        PID:3740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30340.exe
        9⤵
        
        PID:5616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16399.exe
        10⤵
        
        PID:8188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8573.exe
        11⤵
        
        PID:2740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8188 -s 236
        11⤵
        
        PID:6212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5616 -s 236
        10⤵
        
        PID:8756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3740 -s 216
        9⤵
        
        PID:6388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 784 -s 216
        8⤵
        
        PID:5636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1656 -s 240
        7⤵
        Program crash
        
        PID:3536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19721.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46240.exe
        7⤵
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35498.exe
        8⤵
        
        PID:4244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14086.exe
        9⤵
        
        PID:6148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47701.exe
        10⤵
        
        PID:7280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2927.exe
        11⤵
        
        PID:4292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7280 -s 216
        11⤵
        
        PID:11508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6148 -s 216
        10⤵
        
        PID:9368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4244 -s 216
        9⤵
        
        PID:7488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3012 -s 216
        8⤵
        
        PID:6104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 940 -s 216
        7⤵
        Program crash
        
        PID:3872
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 296 -s 240
        6⤵
        Program crash
        
        PID:2760
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 956 -s 240
        5⤵
        Program crash
        
        PID:2000
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1320 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:2840
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22466.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22466.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37226.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37226.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7158.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:556
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 556 -s 220
        6⤵
        Program crash
        
        PID:596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7796.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57402.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62145.exe
        7⤵
        
        PID:776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13375.exe
        8⤵
        
        PID:536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35031.exe
        9⤵
        
        PID:3460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59447.exe
        10⤵
        
        PID:4780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22263.exe
        11⤵
        
        PID:7696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7696 -s 220
        12⤵
        
        PID:10192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4780 -s 216
        11⤵
        
        PID:8692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3460 -s 216
        10⤵
        
        PID:6548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 536 -s 236
        9⤵
        
        PID:4808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6997.exe
        8⤵
        
        PID:3560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39603.exe
        9⤵
        
        PID:5428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5428 -s 220
        10⤵
        
        PID:7932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3560 -s 216
        9⤵
        
        PID:6760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 776 -s 240
        8⤵
        
        PID:4252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24236.exe
        7⤵
        
        PID:376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9950.exe
        8⤵
        
        PID:4000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3640.exe
        9⤵
        
        PID:4696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62143.exe
        10⤵
        
        PID:5296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65532.exe
        11⤵
        
        PID:10000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19176.exe
        12⤵
        
        PID:11348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10000 -s 216
        12⤵
        
        PID:11372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5296 -s 216
        11⤵
        
        PID:9352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4696 -s 216
        10⤵
        
        PID:7200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4000 -s 236
        9⤵
        
        PID:6076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 376 -s 236
        8⤵
        
        PID:4876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2700 -s 240
        7⤵
        Program crash
        
        PID:3200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3385.exe
        6⤵
        
        PID:852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42156.exe
        7⤵
        
        PID:2372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47750.exe
        8⤵
        
        PID:4200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11372.exe
        9⤵
        
        PID:5240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51977.exe
        10⤵
        
        PID:8140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37738.exe
        11⤵
        
        PID:5812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8140 -s 216
        11⤵
        
        PID:11516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5240 -s 216
        10⤵
        
        PID:9220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4200 -s 216
        9⤵
        
        PID:7364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2372 -s 216
        8⤵
        
        PID:6052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 852 -s 216
        7⤵
        Program crash
        
        PID:3820
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1280 -s 240
        6⤵
        Program crash
        
        PID:1236
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1716 -s 240
        5⤵
        Program crash
        
        PID:2280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48746.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48746.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27662.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30760.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45617.exe
        7⤵
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42156.exe
        8⤵
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18970.exe
        9⤵
        
        PID:4368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62903.exe
        10⤵
        
        PID:6332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58355.exe
        11⤵
        
        PID:8436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54157.exe
        12⤵
        
        PID:5744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8436 -s 236
        12⤵
        
        PID:11724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6332 -s 216
        11⤵
        
        PID:9468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4368 -s 216
        10⤵
        
        PID:7788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2668 -s 216
        9⤵
        
        PID:5156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2860 -s 236
        8⤵
        Program crash
        
        PID:4080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 708 -s 236
        7⤵
        Program crash
        
        PID:3248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21667.exe
        6⤵
        
        PID:684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34625.exe
        7⤵
        
        PID:3708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3708 -s 240
        8⤵
        
        PID:6064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 684 -s 236
        7⤵
        
        PID:4652
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3040 -s 240
        6⤵
        Program crash
        
        PID:2660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41620.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41533.exe
        6⤵
        
        PID:676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42156.exe
        7⤵
        
        PID:1776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17325.exe
        8⤵
        
        PID:3604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45908.exe
        9⤵
        
        PID:6080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9517.exe
        10⤵
        
        PID:7268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48511.exe
        11⤵
        
        PID:10208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39124.exe
        12⤵
        
        PID:12252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10208 -s 216
        12⤵
        
        PID:7600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7268 -s 216
        11⤵
        
        PID:10424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6080 -s 216
        10⤵
        
        PID:9024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3604 -s 216
        9⤵
        
        PID:6168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1776 -s 216
        8⤵
        
        PID:5620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 676 -s 216
        7⤵
        Program crash
        
        PID:3660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5954.exe
        6⤵
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31414.exe
        7⤵
        
        PID:4272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34507.exe
        8⤵
        
        PID:5504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4272 -s 216
        8⤵
        
        PID:7404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2532 -s 216
        7⤵
        
        PID:6112
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1604 -s 240
        6⤵
        Program crash
        
        PID:3824
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1660 -s 240
        5⤵
        Program crash
        
        PID:1528
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2496 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1596
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2248 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2180
- C:\Users\Admin\AppData\Local\Temp\Unicorn-55056.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-55056.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2688
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42332.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42332.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37226.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37226.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11242.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1211.exe
        6⤵
        Executes dropped EXE
        
        PID:2424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43758.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52031.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60822.exe
        8⤵
        
        PID:2160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14994.exe
        9⤵
        
        PID:3516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49416.exe
        10⤵
        
        PID:5984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15355.exe
        11⤵
        
        PID:7176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39305.exe
        12⤵
        
        PID:10656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37152.exe
        13⤵
        
        PID:7960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7176 -s 216
        12⤵
        
        PID:11016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5984 -s 216
        11⤵
        
        PID:8892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3516 -s 236
        10⤵
        
        PID:7160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2160 -s 236
        9⤵
        
        PID:4196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 236
        8⤵
        Program crash
        
        PID:3484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1870.exe
        7⤵
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5456.exe
        8⤵
        
        PID:3784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53583.exe
        9⤵
        
        PID:5968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9299.exe
        10⤵
        
        PID:7752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44754.exe
        11⤵
        
        PID:10288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7752 -s 216
        11⤵
        
        PID:6920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5968 -s 216
        10⤵
        
        PID:8268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3784 -s 216
        9⤵
        
        PID:6576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2872 -s 236
        8⤵
        
        PID:5732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 948 -s 240
        7⤵
        Program crash
        
        PID:4024
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 604 -s 240
        6⤵
        Program crash
        
        PID:1140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11880.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49234.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10806.exe
        7⤵
        
        PID:2068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44102.exe
        8⤵
        
        PID:1644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45337.exe
        9⤵
        
        PID:3652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46043.exe
        10⤵
        
        PID:4260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13627.exe
        11⤵
        
        PID:7056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58495.exe
        12⤵
        
        PID:9504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62133.exe
        13⤵
        
        PID:11120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9504 -s 216
        13⤵
        
        PID:11824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7056 -s 216
        12⤵
        
        PID:9992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4260 -s 216
        11⤵
        
        PID:7496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3652 -s 236
        10⤵
        
        PID:5680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1644 -s 216
        9⤵
        
        PID:4620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43753.exe
        8⤵
        
        PID:3732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4216.exe
        9⤵
        
        PID:5268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16041.exe
        10⤵
        
        PID:7844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64219.exe
        11⤵
        
        PID:9584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48859.exe
        12⤵
        
        PID:11164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9584 -s 236
        12⤵
        
        PID:12084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7844 -s 216
        11⤵
        
        PID:11112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5268 -s 216
        10⤵
        
        PID:8716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3732 -s 216
        9⤵
        
        PID:6616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2068 -s 240
        8⤵
        
        PID:4920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54963.exe
        7⤵
        
        PID:1780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8388.exe
        8⤵
        
        PID:3404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33381.exe
        9⤵
        
        PID:5388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16041.exe
        10⤵
        
        PID:7856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16415.exe
        11⤵
        
        PID:10236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10236 -s 240
        12⤵
        
        PID:10328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7856 -s 216
        11⤵
        
        PID:10476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5388 -s 216
        10⤵
        
        PID:8728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3404 -s 220
        9⤵
        
        PID:6696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1780 -s 236
        8⤵
        
        PID:4140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2804 -s 240
        7⤵
        Program crash
        
        PID:3292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52394.exe
        6⤵
        
        PID:1556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34625.exe
        7⤵
        
        PID:3720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3720 -s 220
        8⤵
        
        PID:5184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1556 -s 236
        7⤵
        
        PID:4756
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1232 -s 240
        6⤵
        Program crash
        
        PID:2540
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1696 -s 240
        5⤵
        Program crash
        
        PID:820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22103.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22103.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58388.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18508.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23251.exe
        7⤵
        
        PID:2716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21544.exe
        8⤵
        
        PID:1452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48414.exe
        9⤵
        
        PID:3704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56790.exe
        10⤵
        
        PID:5892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31282.exe
        11⤵
        
        PID:7892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5724.exe
        12⤵
        
        PID:10028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56866.exe
        13⤵
        
        PID:12200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10028 -s 236
        13⤵
        
        PID:12092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7892 -s 216
        12⤵
        
        PID:10260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5892 -s 216
        11⤵
        
        PID:9200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3704 -s 216
        10⤵
        
        PID:7036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1452 -s 216
        9⤵
        
        PID:5672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30925.exe
        8⤵
        
        PID:3332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53417.exe
        9⤵
        
        PID:5016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64857.exe
        10⤵
        
        PID:7416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40675.exe
        11⤵
        
        PID:10248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14811.exe
        12⤵
        
        PID:6408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7416 -s 220
        11⤵
        
        PID:10356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5016 -s 216
        10⤵
        
        PID:8528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3332 -s 216
        9⤵
        
        PID:6532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2716 -s 220
        8⤵
        
        PID:4740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59047.exe
        7⤵
        
        PID:1104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40485.exe
        8⤵
        
        PID:4040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55363.exe
        9⤵
        
        PID:5132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30623.exe
        10⤵
        
        PID:7652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49554.exe
        11⤵
        
        PID:9964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38932.exe
        12⤵
        
        PID:6972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7652 -s 216
        11⤵
        
        PID:10916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5132 -s 216
        10⤵
        
        PID:8652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4040 -s 216
        9⤵
        
        PID:6556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1104 -s 236
        8⤵
        
        PID:4860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1224 -s 240
        7⤵
        Program crash
        
        PID:3216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64838.exe
        6⤵
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46240.exe
        7⤵
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27138.exe
        8⤵
        
        PID:4308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52789.exe
        9⤵
        
        PID:6284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19113.exe
        10⤵
        
        PID:7396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44863.exe
        11⤵
        
        PID:11236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7396 -s 236
        11⤵
        
        PID:10080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6284 -s 216
        10⤵
        
        PID:9260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4308 -s 216
        9⤵
        
        PID:7732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3016 -s 216
        8⤵
        
        PID:6128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2796 -s 216
        7⤵
        Program crash
        
        PID:3608
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2336 -s 240
        6⤵
        Program crash
        
        PID:1668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29368.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49701.exe
        6⤵
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56354.exe
        7⤵
        
        PID:716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 716 -s 220
        8⤵
        
        PID:4568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-199.exe
        7⤵
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58077.exe
        8⤵
        
        PID:5332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28485.exe
        9⤵
        
        PID:7592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16363.exe
        10⤵
        
        PID:10436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34547.exe
        11⤵
        
        PID:11428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7592 -s 216
        10⤵
        
        PID:10432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5332 -s 216
        9⤵
        
        PID:8608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2424 -s 216
        8⤵
        
        PID:6640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2288 -s 240
        7⤵
        
        PID:4956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1678.exe
        6⤵
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28809.exe
        7⤵
        
        PID:3800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43111.exe
        8⤵
        
        PID:5232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60581.exe
        9⤵
        
        PID:7448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26145.exe
        10⤵
        
        PID:10072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44474.exe
        11⤵
        
        PID:7080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10072 -s 216
        11⤵
        
        PID:12232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7448 -s 236
        10⤵
        
        PID:10320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5232 -s 216
        9⤵
        
        PID:8536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3800 -s 216
        8⤵
        
        PID:6624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2500 -s 216
        7⤵
        
        PID:4940
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2952 -s 240
        6⤵
        Program crash
        
        PID:3232
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 268 -s 240
        5⤵
        Program crash
        
        PID:1480
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2636 -s 220
      4⤵
      Loads dropped DLL
      Program crash
      PID:2028
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17360.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17360.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19603.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19603.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21632.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22592.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2638.exe
        7⤵
        
        PID:1112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62768.exe
        8⤵
        
        PID:1088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53780.exe
        9⤵
        
        PID:4336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17979.exe
        10⤵
        
        PID:6276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52325.exe
        11⤵
        
        PID:8236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28335.exe
        12⤵
        
        PID:10268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8236 -s 236
        12⤵
        
        PID:10576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6276 -s 236
        11⤵
        
        PID:9444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4336 -s 216
        10⤵
        
        PID:7740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1088 -s 216
        9⤵
        
        PID:5124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1112 -s 236
        8⤵
        Program crash
        
        PID:3268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38818.exe
        7⤵
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56219.exe
        8⤵
        
        PID:3368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17128.exe
        9⤵
        
        PID:5200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58718.exe
        10⤵
        
        PID:7324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41874.exe
        11⤵
        
        PID:10972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7324 -s 236
        11⤵
        
        PID:10652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5200 -s 236
        10⤵
        
        PID:9032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3368 -s 216
        9⤵
        
        PID:6248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2012 -s 216
        8⤵
        
        PID:5664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1544 -s 240
        7⤵
        Program crash
        
        PID:3320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13499.exe
        6⤵
        
        PID:1800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46878.exe
        7⤵
        
        PID:3624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26199.exe
        8⤵
        
        PID:4324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50000.exe
        9⤵
        
        PID:6396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63949.exe
        10⤵
        
        PID:9172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23540.exe
        11⤵
        
        PID:10744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9172 -s 236
        11⤵
        
        PID:11456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6396 -s 236
        10⤵
        
        PID:9852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4324 -s 216
        9⤵
        
        PID:2428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3624 -s 216
        8⤵
        
        PID:6004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1800 -s 236
        7⤵
        
        PID:4628
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1828 -s 240
        6⤵
        Program crash
        
        PID:856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64179.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62145.exe
        6⤵
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42156.exe
        7⤵
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41528.exe
        8⤵
        
        PID:4408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7672.exe
        9⤵
        
        PID:6372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44541.exe
        10⤵
        
        PID:8504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22689.exe
        11⤵
        
        PID:10520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8504 -s 236
        11⤵
        
        PID:5516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6372 -s 216
        10⤵
        
        PID:9532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4408 -s 216
        9⤵
        
        PID:7872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2712 -s 216
        8⤵
        
        PID:5196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1980 -s 216
        7⤵
        Program crash
        
        PID:3564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5954.exe
        6⤵
        
        PID:876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50573.exe
        7⤵
        
        PID:3476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35685.exe
        8⤵
        
        PID:6136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13383.exe
        9⤵
        
        PID:1136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27951.exe
        10⤵
        
        PID:11144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1136 -s 236
        10⤵
        
        PID:6224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6136 -s 216
        9⤵
        
        PID:8256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3476 -s 216
        8⤵
        
        PID:7104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 876 -s 236
        7⤵
        
        PID:5804
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2016 -s 220
        6⤵
        Program crash
        
        PID:4076
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2052 -s 240
        5⤵
        Program crash
        
        PID:560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32492.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32492.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2363.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6914.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19214.exe
        7⤵
        
        PID:2040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30371.exe
        8⤵
        
        PID:3932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43303.exe
        9⤵
        
        PID:5100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54551.exe
        10⤵
        
        PID:7340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13456.exe
        11⤵
        
        PID:1488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12953.exe
        12⤵
        
        PID:11396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1488 -s 236
        12⤵
        
        PID:11412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7340 -s 220
        11⤵
        
        PID:11096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5100 -s 216
        10⤵
        
        PID:8472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3932 -s 216
        9⤵
        
        PID:6500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2040 -s 236
        8⤵
        
        PID:4396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37147.exe
        7⤵
        
        PID:3964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31435.exe
        8⤵
        
        PID:5300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38791.exe
        9⤵
        
        PID:7620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30037.exe
        10⤵
        
        PID:10148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39124.exe
        11⤵
        
        PID:12260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10148 -s 236
        11⤵
        
        PID:7572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7620 -s 216
        10⤵
        
        PID:10412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5300 -s 216
        9⤵
        
        PID:8624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3964 -s 216
        8⤵
        
        PID:6632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2732 -s 240
        7⤵
        
        PID:4924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60801.exe
        6⤵
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16557.exe
        7⤵
        
        PID:3916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47195.exe
        8⤵
        
        PID:5204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5350.exe
        9⤵
        
        PID:7564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46373.exe
        10⤵
        
        PID:10116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4977.exe
        11⤵
        
        PID:11320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10116 -s 216
        11⤵
        
        PID:11360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7564 -s 216
        10⤵
        
        PID:10392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5204 -s 216
        9⤵
        
        PID:8592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3916 -s 216
        8⤵
        
        PID:6596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2836 -s 236
        7⤵
        
        PID:4892
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2544 -s 240
        6⤵
        Program crash
        
        PID:3168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48502.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23298.exe
        6⤵
        
        PID:1588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41061.exe
        7⤵
        
        PID:3688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29105.exe
        8⤵
        
        PID:5464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13902.exe
        9⤵
        
        PID:7896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36923.exe
        10⤵
        
        PID:8980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31599.exe
        11⤵
        
        PID:1108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8980 -s 216
        11⤵
        
        PID:11716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7896 -s 216
        10⤵
        
        PID:9540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5464 -s 216
        9⤵
        
        PID:8744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3688 -s 216
        8⤵
        
        PID:6808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1588 -s 236
        7⤵
        
        PID:4356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8943.exe
        6⤵
        
        PID:3744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35327.exe
        7⤵
        
        PID:5496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38215.exe
        8⤵
        
        PID:7380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44183.exe
        9⤵
        
        PID:10220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61391.exe
        10⤵
        
        PID:10780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10220 -s 236
        10⤵
        
        PID:10732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7380 -s 216
        9⤵
        
        PID:11060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5496 -s 216
        8⤵
        
        PID:8492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3744 -s 216
        7⤵
        
        PID:6864
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2724 -s 240
        6⤵
        
        PID:4576
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1428 -s 220
        5⤵
        Program crash
        
        PID:2252
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1768 -s 240
      4⤵
      Program crash
      PID:2408
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2688 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2808
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2244 -s 240
  2⤵
  - Program crash
  PID:2148

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10939.exe

Filesize
184KB

MD5
b6e8e30a20c0bde47a7750e444a0ea55

SHA1
48084fb15dbf88e9c1487120cb22d527144d46e6

SHA256
3addb6c7c2835764f48add53530ba8a4c3ca966f14ecca7a22a7b732e1cf5454

SHA512
2326e85582ecd96f77faf311c7a00bc4857a7c716a37f65f5876567ab82e6322df5ece705374a6f8c45af6aeb67be80ab27b64bd107e051112682b771082928e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-17360.exe

Filesize
184KB

MD5
3217a89b53f700378fa9f447b2a5a48e

SHA1
5fd40073fa44a2a2179241557a9a60e5574a3279

SHA256
8eb960d5778c27662a48a66f6b770046d4354ce394ce007d56615d4e0309ce56

SHA512
086f706af2b0900e9503caa59c7bd650251e1e628474c4ed4dd8079c4a963727e109e66a29d69fdaddfe5d5fb4fa00634919c0ef7d2323e5632bde5c50dd6a69

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40737.exe

Filesize
184KB

MD5
327186275c3d084f8eae6cea32f12788

SHA1
f0d32b615a1f8c360583ee9d9c32accd108ea834

SHA256
dbe780180e5cd254fe23f8adc33566d7a1a401b546249708524a5d364eed12d8

SHA512
81fd984d13460d7183a9e49a5a779265eb58c2b42f1beea151ed73d1a94e7ad12bd467d94e04b454c4b57a84030058617a4514b2c389a64d5e562cf38af7e5cc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41533.exe

Filesize
184KB

MD5
2501502fc24312ba6385b50cbd6526da

SHA1
7fd4c18b665a872f407cacfd4f4a097a32cd948e

SHA256
da0d77277a3f20c52009ebfe0fbadb147cd56ac74c33e2ec7b762bcf187d60ef

SHA512
55e271fed28b8df38560347ac3efceeb7088b4ddd38673f5744af887c7afc383562ed05c50771dbea547c453c027b503219426050c4adcca2ca9b6329789e496

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55363.exe

Filesize
184KB

MD5
f863611d5dc336210814c1ba9c21c4c6

SHA1
2d4203eccb54251f34401831fceb9a03b4039ba3

SHA256
98add548e63082e773624c5bf1d975884f9959f42a8f594fe0b65050fb803952

SHA512
672c3c137a0a0b321915628de17385769a6c086e4357278210ca6750d68b66bcd836594faf1689b071c55e5c55ef380300d3ae2443281d839f5f85014cec3fb7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6056.exe

Filesize
184KB

MD5
bbb4e21447cfb7191d3dd5597c7b2a83

SHA1
7237f097a8d9cc073d0aa18e7ea7a8b78e2ba0e2

SHA256
264b3ad15836f8577a2a2ce0cda2b3b95a9f0cb3071427d84093e450ec9284df

SHA512
3053c3bc33159740b7dae6b25fc5cb3246431e63f99b23d91206f69e03d7b777f30309914485db5c5bc480ba971b53cf82f9db8f6c55e0ef504c29c61dbe9c4b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-65532.exe

Filesize
184KB

MD5
f0fe5e8eb0d872460e82085bb0841c87

SHA1
111affd2d1642bbc78623a45bb94a6b36e34e3b5

SHA256
b0bf64cffe7ef6729963b60e5c2b4866266882d34fa9ba8992368ea828e6bcdb

SHA512
dbc3e5f407b0f469b29d18dfe10d7d48a1cd262e69ae38db1e99cf501470e144e09c887af6ef8288a7aa88216ac2aa2bc5616030a3f296cfaec8723cc98d6071

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-11605.exe

Filesize
184KB

MD5
6e8077cb2aaeb1f3d11735cfc95b3f46

SHA1
fd83d327504a3b3869d56d73cfc8da683e9a6601

SHA256
f955037d13c512b5e3c5a2445f23483f8ec58141729a788391a9ac5773b22b64

SHA512
0cbbe6875f8872331d463278ffcec91cbbccd68c5c9d2826cec5851a2f2f542359fa0c068c6c75fd4baa2d992a98cd28684d3993b82157e626f1b8fe877a6d26

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-19603.exe

Filesize
184KB

MD5
bebc28914f658c64da70213155b1d0c5

SHA1
e4c89c238bdfbd37fb520c6c01d59f64eb89f653

SHA256
b70d0308a1d90ed408a4130d7446a9beb40a4d42164aeb969eb06873e3b1b5c2

SHA512
1ec92e2f0e39372c7ee82ccb9e61f7d87a5b2e3264405d54b12a87eef1a3f0696fdf628e8fa01075eba04a2ae5a9bba64e89f58f1b1a86584df22954af1fd255

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-22466.exe

Filesize
184KB

MD5
e228bd6adc417ef9a870ad03c1f4dc9d

SHA1
684e649bedb28dac240a57a40f85c5a12bac3f81

SHA256
7be9d94e04df0dfae7119b296f553cd1c3e2670f45edc64ad8b54a958c7d28b4

SHA512
14464f10c122acfae66f6dd8355bd135b7d8e4f68742ef694482c3392b927b198e1a96e339ad6bb3b62d3f0464ee070cfc4f20d92d21dd786b198d7e73184b70

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-37226.exe

Filesize
184KB

MD5
1b40f51840cc7358c1f78ce5c5fb9dc4

SHA1
f241bf3bc691562f33282a35ef573aa4ab3615be

SHA256
a9f1861c7db7c99b185a0fa8b1c3f04a7094e306e6e0c856cda880ee40706db1

SHA512
cc776ded1cd14a2088d9acf9a556e4ea5a504feeff24296c89974d66e213eb716cf3b88e99aaeffff72371c670f70617cf6ae52c27a577f5fe8574ce0f051a1f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-37890.exe

Filesize
184KB

MD5
0fcef08bcdfbc75627f157e0317f364a

SHA1
ce34419f92c49b2b9262fd411c9b727abe2fa9ae

SHA256
86ab9ace3f788ec50e89e8100b9f64c3f8e46809a28d49847a21e68aeb580125

SHA512
4b5277f8482fd1fbc22ecd6b3d73a23965bc013af21e358b22a2344b78cc047bbb3eb9645a786dfdb44ad6680cabb21ac1603954b2e7e7e1ea47c8b4e1d51850

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-41310.exe

Filesize
184KB

MD5
0265586d64ee85dfca33384a16850041

SHA1
0af1544a98ffa3892efed85e501b86f39efdbc32

SHA256
ba66482c8a128a4242090cc45786ac91c5e9dbdfbf904b4e385713ff53327a53

SHA512
4559f7547e1fff6f617d2f8e6234edff23342dd35eeae5af3c4750c02ebe65cb85e5bc08a1e5ee5b723789d09a9f30cd91706ea3882a5e469d12be643b9cd7dd

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-42332.exe

Filesize
184KB

MD5
9eeca03d9c60f0e256357cff4308ee0f

SHA1
9fa7c4528ee9869662cb6ab776911665fd5af523

SHA256
6b52b8706be65bbd3a21c938f4d202c1ca0d4b60210b4b45c2b4a37371efaa34

SHA512
fb2da8797af5188e1b5f2c8c6a9c58040633c52053f08182c277161200c144ece6fb750aec9ab1a6634415afffe1af36dcf21e73e1c5411cb22a9412ebf067a1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-54968.exe

Filesize
184KB

MD5
7808fa7b67e718b57d6b4f08e8f015ed

SHA1
0c42b5dda85df596c771bf1dd666262dfbcb51ad

SHA256
cf77b86740574f10cf2d04b21a38e4342f81d914afaa3ba9d885929517597b7f

SHA512
cbe6f00ac9996041ca65b9cf3a650c2ca168c03ae57c50b50fc40da8d33e6e0908b99d00113a17ff59153c6daac7b1619f0a53cebf3c1d5e77ab0afcc04e196b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55056.exe

Filesize
184KB

MD5
d9e3be075debeeba281003a918960ef0

SHA1
e058147b7e669388fa00af9a7307c0e99e5e0826

SHA256
96b98981789c9d44fcd8272be5bb6c845d019f808866396dbbdd4b8161cafa80

SHA512
3d8f729470d53b312bdbc25a920f8fb119609c3d5de02665dfc97d0e063c3134cf1319d664160832284d0417eb530eb242c50f38a5fcb8a260db51c166423c72

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9296.exe

Filesize
184KB

MD5
9607eaebbcdd3de256472b7664514540

SHA1
afd73e1d1d6e84ac693ad97ae36bc98c75952748

SHA256
b593269bc611691f3c644a437503a7995e74ad41a88dca23494d188c0bd5c8a9

SHA512
84c3dc4dd5ad4994b0c8c4881bc9be002161f8d733b97077e486da0581296cb8c37fb4b73fbab1f7ebbddeb962d96fb1efa4136c6c1d230c6ec16468b34db0f2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9384.exe

Filesize
184KB

MD5
829d886257a98d187a2577b844b0893c

SHA1
0a7a1b0a95f76c90465d755ef2379b6ad025269a

SHA256
d6cc9c23a98255aab27e1a1fd6e8cce157f0e37518c0f650af2871b61311d2bb

SHA512
3582f8831c6bd8b104c5b9b595b257b0f6ea3ac6fb7bb952c04b060c89818baf9aeadeb2516ed10c2e36e94fed5027e37b8a6085213a3c643ad6685d4cb55268

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads