e6b7e5e3380a2f1377588d8426e808fdc591ec280cbb70340168ef20505f17c0

Analysis

max time kernel
150s
max time network
121s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
29/05/2024, 23:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5ab9ba44cc3704b7af9dac47949258f0_NeikiAnalytics.exe
Size

184KB
MD5

5ab9ba44cc3704b7af9dac47949258f0
SHA1

1f5c58be0c42a311e59481a851b45a4fbde02843
SHA256

e6b7e5e3380a2f1377588d8426e808fdc591ec280cbb70340168ef20505f17c0
SHA512

7fcb3049ecb9ae2db4389e2dc4a2dbc703fa233d3db3a8b4af057f358d515235f8123bcc963a015b924dae9d0a2b601224ab58634debc64f6ff958e15c9744a8
SSDEEP

3072:YhDIGgoC299MdR4o/MJLpLJ/IKpA7012g+Jlq58OUhPplnVOF7:YhCoh4R4dLpJ/INfRxplnVOF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2248	Unicorn-2179.exe
2280	Unicorn-59631.exe
2688	Unicorn-9039.exe
2660	Unicorn-2153.exe
2484	Unicorn-28796.exe
2644	Unicorn-8930.exe
2800	Unicorn-46284.exe
940	Unicorn-61229.exe
1928	Unicorn-58536.exe
2448	Unicorn-3860.exe
2192	Unicorn-23726.exe
2852	Unicorn-3544.exe
2912	Unicorn-54691.exe
1504	Unicorn-4099.exe
480	Unicorn-62859.exe
1248	Unicorn-12267.exe
1664	Unicorn-58775.exe
1920	Unicorn-6066.exe
844	Unicorn-8183.exe
2436	Unicorn-30270.exe
1964	Unicorn-35977.exe
764	Unicorn-55350.exe
1092	Unicorn-2065.exe
296	Unicorn-21094.exe
2324	Unicorn-10233.exe
1788	Unicorn-17010.exe
1132	Unicorn-49128.exe
320	Unicorn-49128.exe
2284	Unicorn-64073.exe
1776	Unicorn-25178.exe
1936	Unicorn-45044.exe
2936	Unicorn-17032.exe
2672	Unicorn-58619.exe
2380	Unicorn-12947.exe
2472	Unicorn-29860.exe
2236	Unicorn-44805.exe
2432	Unicorn-42112.exe
3000	Unicorn-57057.exe
2648	Unicorn-18162.exe
1644	Unicorn-19554.exe
1944	Unicorn-5355.exe
956	Unicorn-5355.exe
1656	Unicorn-63279.exe
2792	Unicorn-17608.exe
2808	Unicorn-32552.exe
852	Unicorn-52418.exe
1392	Unicorn-13523.exe
1456	Unicorn-13523.exe
2864	Unicorn-28468.exe
2012	Unicorn-48334.exe
1220	Unicorn-5718.exe
664	Unicorn-40249.exe
2856	Unicorn-63362.exe
328	Unicorn-7576.exe
3012	Unicorn-19829.exe
2144	Unicorn-26605.exe
2392	Unicorn-23913.exe
1616	Unicorn-36165.exe
1624	Unicorn-1354.exe
2692	Unicorn-5246.exe
2812	Unicorn-48780.exe
2468	Unicorn-9885.exe
2528	Unicorn-64561.exe
2212	Unicorn-22329.exe

Loads dropped DLL 64 IoCs

pid	Process
2244	5ab9ba44cc3704b7af9dac47949258f0_NeikiAnalytics.exe
2244	5ab9ba44cc3704b7af9dac47949258f0_NeikiAnalytics.exe
2248	Unicorn-2179.exe
2248	Unicorn-2179.exe
2244	5ab9ba44cc3704b7af9dac47949258f0_NeikiAnalytics.exe
2244	5ab9ba44cc3704b7af9dac47949258f0_NeikiAnalytics.exe
2280	Unicorn-59631.exe
2280	Unicorn-59631.exe
2248	Unicorn-2179.exe
2248	Unicorn-2179.exe
2688	Unicorn-9039.exe
2688	Unicorn-9039.exe
2176	WerFault.exe
2176	WerFault.exe
2176	WerFault.exe
2176	WerFault.exe
2176	WerFault.exe
2660	Unicorn-2153.exe
2660	Unicorn-2153.exe
2280	Unicorn-59631.exe
2280	Unicorn-59631.exe
2644	Unicorn-8930.exe
2644	Unicorn-8930.exe
2484	Unicorn-28796.exe
2688	Unicorn-9039.exe
2484	Unicorn-28796.exe
2688	Unicorn-9039.exe
2004	WerFault.exe
2004	WerFault.exe
2004	WerFault.exe
2004	WerFault.exe
1544	WerFault.exe
1544	WerFault.exe
1544	WerFault.exe
1544	WerFault.exe
2004	WerFault.exe
1544	WerFault.exe
940	Unicorn-61229.exe
940	Unicorn-61229.exe
2800	Unicorn-46284.exe
2800	Unicorn-46284.exe
2660	Unicorn-2153.exe
2660	Unicorn-2153.exe
1928	Unicorn-58536.exe
1928	Unicorn-58536.exe
2644	Unicorn-8930.exe
2644	Unicorn-8930.exe
2192	Unicorn-23726.exe
2192	Unicorn-23726.exe
2484	Unicorn-28796.exe
2484	Unicorn-28796.exe
2448	Unicorn-3860.exe
2448	Unicorn-3860.exe
1060	WerFault.exe
1060	WerFault.exe
1060	WerFault.exe
1060	WerFault.exe
1060	WerFault.exe
1780	WerFault.exe
1780	WerFault.exe
1780	WerFault.exe
1780	WerFault.exe
1780	WerFault.exe
1096	WerFault.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2148	2244	WerFault.exe	27
2176	2248	WerFault.exe	28
2004	2280	WerFault.exe	29
1544	2688	WerFault.exe	30
1060	2660	WerFault.exe	32
1780	2644	WerFault.exe	33
1096	2484	WerFault.exe	34
2408	940	WerFault.exe	37
2000	2800	WerFault.exe	36
820	1928	WerFault.exe	38
2676	2192	WerFault.exe	39
2584	2448	WerFault.exe	40
1520	2852	WerFault.exe	43
2964	1504	WerFault.exe	45
1168	2912	WerFault.exe	44
1828	480	WerFault.exe	46
1568	1248	WerFault.exe	47
2128	844	WerFault.exe	49
1908	1920	WerFault.exe	50
912	1664	WerFault.exe	48
1972	1556	WerFault.exe	124
2620	2528	WerFault.exe	110
2732	1964	WerFault.exe	55
2080	2436	WerFault.exe	54
2984	764	WerFault.exe	56
3056	1092	WerFault.exe	57
2360	296	WerFault.exe	58
2816	2324	WerFault.exe	59
2460	1788	WerFault.exe	60
2456	320	WerFault.exe	61
2052	1132	WerFault.exe	62
2916	2284	WerFault.exe	63
684	1936	WerFault.exe	65
3016	2936	WerFault.exe	69
3084	2672	WerFault.exe	72
3108	2380	WerFault.exe	71
3220	2648	WerFault.exe	78
3200	3000	WerFault.exe	77
3236	1644	WerFault.exe	79
3208	2472	WerFault.exe	74
3404	2236	WerFault.exe	75
3432	1944	WerFault.exe	80
3448	2012	WerFault.exe	89
3472	852	WerFault.exe	85
3480	1456	WerFault.exe	86
3544	1220	WerFault.exe	90
3536	2792	WerFault.exe	83
3528	956	WerFault.exe	81
3560	1392	WerFault.exe	87
3576	2864	WerFault.exe	88
3616	1656	WerFault.exe	82
3624	2808	WerFault.exe	84
3744	716	WerFault.exe	144
3820	664	WerFault.exe	94
3928	2856	WerFault.exe	95
3692	1624	WerFault.exe	105
3932	2392	WerFault.exe	104
3996	1616	WerFault.exe	106
4156	1532	WerFault.exe	116
4164	2784	WerFault.exe	114
4180	876	WerFault.exe	115
4232	2432	WerFault.exe	76
4248	1640	WerFault.exe	122
4312	1776	WerFault.exe	64

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2244	5ab9ba44cc3704b7af9dac47949258f0_NeikiAnalytics.exe
2248	Unicorn-2179.exe
2280	Unicorn-59631.exe
2688	Unicorn-9039.exe
2660	Unicorn-2153.exe
2644	Unicorn-8930.exe
2484	Unicorn-28796.exe
940	Unicorn-61229.exe
2800	Unicorn-46284.exe
1928	Unicorn-58536.exe
2192	Unicorn-23726.exe
2448	Unicorn-3860.exe
2852	Unicorn-3544.exe
2912	Unicorn-54691.exe
1504	Unicorn-4099.exe
1248	Unicorn-12267.exe
480	Unicorn-62859.exe
1664	Unicorn-58775.exe
1920	Unicorn-6066.exe
844	Unicorn-8183.exe
2436	Unicorn-30270.exe
1964	Unicorn-35977.exe
764	Unicorn-55350.exe
1092	Unicorn-2065.exe
296	Unicorn-21094.exe
2324	Unicorn-10233.exe
1788	Unicorn-17010.exe
1132	Unicorn-49128.exe
320	Unicorn-49128.exe
1776	Unicorn-25178.exe
2284	Unicorn-64073.exe
1936	Unicorn-45044.exe
2936	Unicorn-17032.exe
2672	Unicorn-58619.exe
2380	Unicorn-12947.exe
2472	Unicorn-29860.exe
2236	Unicorn-44805.exe
2432	Unicorn-42112.exe
3000	Unicorn-57057.exe
2648	Unicorn-18162.exe
1644	Unicorn-19554.exe
956	Unicorn-5355.exe
1944	Unicorn-5355.exe
2808	Unicorn-32552.exe
1656	Unicorn-63279.exe
2792	Unicorn-17608.exe
852	Unicorn-52418.exe
1456	Unicorn-13523.exe
2864	Unicorn-28468.exe
1392	Unicorn-13523.exe
2012	Unicorn-48334.exe
1220	Unicorn-5718.exe
664	Unicorn-40249.exe
2856	Unicorn-63362.exe
328	Unicorn-7576.exe
3012	Unicorn-19829.exe
2144	Unicorn-26605.exe
2392	Unicorn-23913.exe
1616	Unicorn-36165.exe
1624	Unicorn-1354.exe
2692	Unicorn-5246.exe
2468	Unicorn-9885.exe
2812	Unicorn-48780.exe
2528	Unicorn-64561.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2244 wrote to memory of 2248	2244	5ab9ba44cc3704b7af9dac47949258f0_NeikiAnalytics.exe	28
PID 2244 wrote to memory of 2248	2244	5ab9ba44cc3704b7af9dac47949258f0_NeikiAnalytics.exe	28
PID 2244 wrote to memory of 2248	2244	5ab9ba44cc3704b7af9dac47949258f0_NeikiAnalytics.exe	28
PID 2244 wrote to memory of 2248	2244	5ab9ba44cc3704b7af9dac47949258f0_NeikiAnalytics.exe	28
PID 2248 wrote to memory of 2280	2248	Unicorn-2179.exe	29
PID 2248 wrote to memory of 2280	2248	Unicorn-2179.exe	29
PID 2248 wrote to memory of 2280	2248	Unicorn-2179.exe	29
PID 2248 wrote to memory of 2280	2248	Unicorn-2179.exe	29
PID 2244 wrote to memory of 2688	2244	5ab9ba44cc3704b7af9dac47949258f0_NeikiAnalytics.exe	30
PID 2244 wrote to memory of 2688	2244	5ab9ba44cc3704b7af9dac47949258f0_NeikiAnalytics.exe	30
PID 2244 wrote to memory of 2688	2244	5ab9ba44cc3704b7af9dac47949258f0_NeikiAnalytics.exe	30
PID 2244 wrote to memory of 2688	2244	5ab9ba44cc3704b7af9dac47949258f0_NeikiAnalytics.exe	30
PID 2244 wrote to memory of 2148	2244	5ab9ba44cc3704b7af9dac47949258f0_NeikiAnalytics.exe	31
PID 2244 wrote to memory of 2148	2244	5ab9ba44cc3704b7af9dac47949258f0_NeikiAnalytics.exe	31
PID 2244 wrote to memory of 2148	2244	5ab9ba44cc3704b7af9dac47949258f0_NeikiAnalytics.exe	31
PID 2244 wrote to memory of 2148	2244	5ab9ba44cc3704b7af9dac47949258f0_NeikiAnalytics.exe	31
PID 2280 wrote to memory of 2660	2280	Unicorn-59631.exe	32
PID 2280 wrote to memory of 2660	2280	Unicorn-59631.exe	32
PID 2280 wrote to memory of 2660	2280	Unicorn-59631.exe	32
PID 2280 wrote to memory of 2660	2280	Unicorn-59631.exe	32
PID 2248 wrote to memory of 2644	2248	Unicorn-2179.exe	33
PID 2248 wrote to memory of 2644	2248	Unicorn-2179.exe	33
PID 2248 wrote to memory of 2644	2248	Unicorn-2179.exe	33
PID 2248 wrote to memory of 2644	2248	Unicorn-2179.exe	33
PID 2688 wrote to memory of 2484	2688	Unicorn-9039.exe	34
PID 2688 wrote to memory of 2484	2688	Unicorn-9039.exe	34
PID 2688 wrote to memory of 2484	2688	Unicorn-9039.exe	34
PID 2688 wrote to memory of 2484	2688	Unicorn-9039.exe	34
PID 2248 wrote to memory of 2176	2248	Unicorn-2179.exe	35
PID 2248 wrote to memory of 2176	2248	Unicorn-2179.exe	35
PID 2248 wrote to memory of 2176	2248	Unicorn-2179.exe	35
PID 2248 wrote to memory of 2176	2248	Unicorn-2179.exe	35
PID 2660 wrote to memory of 2800	2660	Unicorn-2153.exe	36
PID 2660 wrote to memory of 2800	2660	Unicorn-2153.exe	36
PID 2660 wrote to memory of 2800	2660	Unicorn-2153.exe	36
PID 2660 wrote to memory of 2800	2660	Unicorn-2153.exe	36
PID 2280 wrote to memory of 940	2280	Unicorn-59631.exe	37
PID 2280 wrote to memory of 940	2280	Unicorn-59631.exe	37
PID 2280 wrote to memory of 940	2280	Unicorn-59631.exe	37
PID 2280 wrote to memory of 940	2280	Unicorn-59631.exe	37
PID 2644 wrote to memory of 1928	2644	Unicorn-8930.exe	38
PID 2644 wrote to memory of 1928	2644	Unicorn-8930.exe	38
PID 2644 wrote to memory of 1928	2644	Unicorn-8930.exe	38
PID 2644 wrote to memory of 1928	2644	Unicorn-8930.exe	38
PID 2484 wrote to memory of 2192	2484	Unicorn-28796.exe	39
PID 2484 wrote to memory of 2192	2484	Unicorn-28796.exe	39
PID 2484 wrote to memory of 2192	2484	Unicorn-28796.exe	39
PID 2484 wrote to memory of 2192	2484	Unicorn-28796.exe	39
PID 2688 wrote to memory of 2448	2688	Unicorn-9039.exe	40
PID 2688 wrote to memory of 2448	2688	Unicorn-9039.exe	40
PID 2688 wrote to memory of 2448	2688	Unicorn-9039.exe	40
PID 2688 wrote to memory of 2448	2688	Unicorn-9039.exe	40
PID 2280 wrote to memory of 2004	2280	Unicorn-59631.exe	41
PID 2280 wrote to memory of 2004	2280	Unicorn-59631.exe	41
PID 2280 wrote to memory of 2004	2280	Unicorn-59631.exe	41
PID 2280 wrote to memory of 2004	2280	Unicorn-59631.exe	41
PID 2688 wrote to memory of 1544	2688	Unicorn-9039.exe	42
PID 2688 wrote to memory of 1544	2688	Unicorn-9039.exe	42
PID 2688 wrote to memory of 1544	2688	Unicorn-9039.exe	42
PID 2688 wrote to memory of 1544	2688	Unicorn-9039.exe	42
PID 940 wrote to memory of 2852	940	Unicorn-61229.exe	43
PID 940 wrote to memory of 2852	940	Unicorn-61229.exe	43
PID 940 wrote to memory of 2852	940	Unicorn-61229.exe	43
PID 940 wrote to memory of 2852	940	Unicorn-61229.exe	43

C:\Users\Admin\AppData\Local\Temp\5ab9ba44cc3704b7af9dac47949258f0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\5ab9ba44cc3704b7af9dac47949258f0_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2244
- C:\Users\Admin\AppData\Local\Temp\Unicorn-2179.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-2179.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2248
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59631.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59631.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2153.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2153.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46284.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54691.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55350.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29860.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36165.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32669.exe
        10⤵
        
        PID:3372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26168.exe
        11⤵
        
        PID:3268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65394.exe
        12⤵
        
        PID:6072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15010.exe
        13⤵
        
        PID:7844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44741.exe
        14⤵
        
        PID:10888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7844 -s 236
        14⤵
        
        PID:12480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6072 -s 216
        13⤵
        
        PID:9684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3268 -s 216
        12⤵
        
        PID:7872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3372 -s 236
        11⤵
        
        PID:5560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1616 -s 216
        10⤵
        Program crash
        
        PID:3996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23481.exe
        9⤵
        
        PID:676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41243.exe
        10⤵
        
        PID:4016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64351.exe
        11⤵
        
        PID:5268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48202.exe
        12⤵
        
        PID:7432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58005.exe
        13⤵
        
        PID:10488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14689.exe
        14⤵
        
        PID:1976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10488 -s 216
        14⤵
        
        PID:13936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7432 -s 216
        13⤵
        
        PID:11684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5268 -s 216
        12⤵
        
        PID:9016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4016 -s 216
        11⤵
        
        PID:7012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 676 -s 236
        10⤵
        
        PID:5064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2472 -s 220
        9⤵
        Program crash
        
        PID:3208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48780.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34110.exe
        9⤵
        
        PID:3008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30553.exe
        10⤵
        
        PID:3796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56567.exe
        11⤵
        
        PID:5504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48586.exe
        12⤵
        
        PID:7772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61596.exe
        13⤵
        
        PID:10868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53750.exe
        14⤵
        
        PID:12852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10868 -s 216
        14⤵
        
        PID:13496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7772 -s 220
        13⤵
        
        PID:11948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5504 -s 220
        12⤵
        
        PID:8484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3796 -s 216
        11⤵
        
        PID:6424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3008 -s 236
        10⤵
        
        PID:4876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52104.exe
        9⤵
        
        PID:4052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5228.exe
        10⤵
        
        PID:5656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42364.exe
        11⤵
        
        PID:7664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61020.exe
        12⤵
        
        PID:10708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64741.exe
        13⤵
        
        PID:6192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10708 -s 216
        13⤵
        
        PID:13392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7664 -s 216
        12⤵
        
        PID:11832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5656 -s 216
        11⤵
        
        PID:9168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4052 -s 216
        10⤵
        
        PID:7008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2812 -s 240
        9⤵
        
        PID:4308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 764 -s 240
        8⤵
        Program crash
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44805.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11468.exe
        8⤵
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30602.exe
        9⤵
        
        PID:2188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31129.exe
        10⤵
        
        PID:3608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17564.exe
        11⤵
        
        PID:5448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13474.exe
        12⤵
        
        PID:7328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22977.exe
        13⤵
        
        PID:10580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16818.exe
        14⤵
        
        PID:7976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7328 -s 236
        13⤵
        
        PID:12068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5448 -s 216
        12⤵
        
        PID:980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3608 -s 236
        11⤵
        
        PID:7204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2188 -s 236
        10⤵
        
        PID:5868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41989.exe
        9⤵
        
        PID:3752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22935.exe
        10⤵
        
        PID:4772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21669.exe
        11⤵
        
        PID:6548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44409.exe
        12⤵
        
        PID:10164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4409.exe
        13⤵
        
        PID:13036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10164 -s 216
        13⤵
        
        PID:13052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6548 -s 216
        12⤵
        
        PID:10736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4772 -s 216
        11⤵
        
        PID:8396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3752 -s 216
        10⤵
        
        PID:6484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2832 -s 240
        9⤵
        
        PID:4480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6652.exe
        8⤵
        
        PID:1472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21892.exe
        9⤵
        
        PID:3912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5674.exe
        10⤵
        
        PID:5592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50148.exe
        11⤵
        
        PID:7364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61513.exe
        12⤵
        
        PID:10452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12250.exe
        13⤵
        
        PID:13016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10452 -s 216
        13⤵
        
        PID:14100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7364 -s 216
        12⤵
        
        PID:11560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5592 -s 216
        11⤵
        
        PID:9000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3912 -s 236
        10⤵
        
        PID:7412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1472 -s 236
        9⤵
        
        PID:4344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2236 -s 240
        8⤵
        Program crash
        
        PID:3404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2912 -s 240
        7⤵
        Program crash
        
        PID:1168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21094.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19554.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5246.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52392.exe
        9⤵
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20439.exe
        10⤵
        
        PID:3952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25265.exe
        11⤵
        
        PID:5192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49162.exe
        12⤵
        
        PID:7904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2473.exe
        13⤵
        
        PID:10984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7904 -s 216
        13⤵
        
        PID:12124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5192 -s 216
        12⤵
        
        PID:8516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3952 -s 216
        11⤵
        
        PID:6996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2356 -s 236
        10⤵
        
        PID:4712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8549.exe
        9⤵
        
        PID:4040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2898.exe
        10⤵
        
        PID:5220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49956.exe
        11⤵
        
        PID:7040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50631.exe
        12⤵
        
        PID:10148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52240.exe
        13⤵
        
        PID:13180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10148 -s 216
        13⤵
        
        PID:13328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7040 -s 216
        12⤵
        
        PID:11232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5220 -s 216
        11⤵
        
        PID:8524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4040 -s 236
        10⤵
        
        PID:6736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2692 -s 240
        9⤵
        
        PID:4640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1800.exe
        8⤵
        
        PID:2560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9940.exe
        9⤵
        
        PID:3152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49167.exe
        10⤵
        
        PID:5320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41980.exe
        11⤵
        
        PID:7308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51290.exe
        12⤵
        
        PID:10916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7263.exe
        13⤵
        
        PID:13188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10916 -s 216
        13⤵
        
        PID:13660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7308 -s 216
        12⤵
        
        PID:11968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5320 -s 216
        11⤵
        
        PID:8988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3152 -s 216
        10⤵
        
        PID:7036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2560 -s 236
        9⤵
        
        PID:5776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1644 -s 240
        8⤵
        Program crash
        
        PID:3236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9885.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7467.exe
        8⤵
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28415.exe
        9⤵
        
        PID:4068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60843.exe
        10⤵
        
        PID:5184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52753.exe
        11⤵
        
        PID:7652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-143.exe
        12⤵
        
        PID:10832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19708.exe
        13⤵
        
        PID:13368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10832 -s 236
        13⤵
        
        PID:13724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7652 -s 220
        12⤵
        
        PID:11940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5184 -s 216
        11⤵
        
        PID:9364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4068 -s 216
        10⤵
        
        PID:6684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1720 -s 236
        9⤵
        
        PID:5380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63780.exe
        8⤵
        
        PID:3352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44315.exe
        9⤵
        
        PID:5400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4948.exe
        10⤵
        
        PID:7068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56853.exe
        11⤵
        
        PID:9824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32374.exe
        12⤵
        
        PID:13152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9824 -s 216
        12⤵
        
        PID:13232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7068 -s 216
        11⤵
        
        PID:10360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5400 -s 236
        10⤵
        
        PID:8200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3352 -s 216
        9⤵
        
        PID:5516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2468 -s 240
        8⤵
        
        PID:4696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 296 -s 240
        7⤵
        Program crash
        
        PID:2360
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2800 -s 240
        6⤵
        Program crash
        
        PID:2000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4099.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2065.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42112.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64561.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2528 -s 200
        9⤵
        Program crash
        
        PID:2620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2432 -s 236
        8⤵
        Program crash
        
        PID:4232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22329.exe
        7⤵
        Executes dropped EXE
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54530.exe
        8⤵
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43381.exe
        9⤵
        
        PID:3804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60843.exe
        10⤵
        
        PID:5156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10350.exe
        11⤵
        
        PID:7736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15769.exe
        12⤵
        
        PID:11016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61223.exe
        13⤵
        
        PID:13384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7736 -s 216
        12⤵
        
        PID:12308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5156 -s 216
        11⤵
        
        PID:9452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3804 -s 216
        10⤵
        
        PID:6568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2764 -s 236
        9⤵
        
        PID:5356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19431.exe
        8⤵
        
        PID:3864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20797.exe
        9⤵
        
        PID:4868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56178.exe
        10⤵
        
        PID:6840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59759.exe
        11⤵
        
        PID:10404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59121.exe
        12⤵
        
        PID:12732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10404 -s 204
        12⤵
        
        PID:13980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6840 -s 216
        11⤵
        
        PID:11488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4868 -s 216
        10⤵
        
        PID:8612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3864 -s 216
        9⤵
        
        PID:6528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2212 -s 240
        8⤵
        
        PID:4420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1092 -s 240
        7⤵
        Program crash
        
        PID:3056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57057.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1354.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36753.exe
        8⤵
        
        PID:3340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22084.exe
        9⤵
        
        PID:3988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42644.exe
        10⤵
        
        PID:5208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15249.exe
        11⤵
        
        PID:8652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45125.exe
        12⤵
        
        PID:10996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8652 -s 236
        12⤵
        
        PID:12536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5208 -s 216
        11⤵
        
        PID:9764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3988 -s 216
        10⤵
        
        PID:8000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3340 -s 236
        9⤵
        
        PID:5744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1624 -s 236
        8⤵
        Program crash
        
        PID:3692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1800.exe
        7⤵
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22385.exe
        8⤵
        
        PID:3684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54621.exe
        9⤵
        
        PID:5608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15446.exe
        10⤵
        
        PID:7028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44409.exe
        11⤵
        
        PID:10188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16854.exe
        12⤵
        
        PID:13084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10188 -s 216
        12⤵
        
        PID:7944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7028 -s 216
        11⤵
        
        PID:10864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5608 -s 216
        10⤵
        
        PID:7864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3684 -s 236
        9⤵
        
        PID:5468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2708 -s 236
        8⤵
        
        PID:4304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3000 -s 220
        7⤵
        Program crash
        
        PID:3200
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1504 -s 240
        6⤵
        Program crash
        
        PID:2964
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2660 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:1060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61229.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61229.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3544.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30270.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12947.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19829.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26819.exe
        9⤵
        
        PID:1580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40667.exe
        10⤵
        
        PID:3272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26971.exe
        11⤵
        
        PID:6076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18820.exe
        12⤵
        
        PID:8168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29007.exe
        13⤵
        
        PID:10536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38992.exe
        14⤵
        
        PID:7912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8168 -s 216
        13⤵
        
        PID:12060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6076 -s 216
        12⤵
        
        PID:9036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3272 -s 216
        11⤵
        
        PID:7056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1580 -s 236
        10⤵
        
        PID:4792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24885.exe
        9⤵
        
        PID:3396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54237.exe
        10⤵
        
        PID:4112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21477.exe
        11⤵
        
        PID:6892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9214.exe
        12⤵
        
        PID:10212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39796.exe
        13⤵
        
        PID:13144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10212 -s 216
        13⤵
        
        PID:13320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6892 -s 216
        12⤵
        
        PID:11136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4112 -s 216
        11⤵
        
        PID:7900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3396 -s 216
        10⤵
        
        PID:5996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3012 -s 240
        9⤵
        
        PID:4576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59169.exe
        8⤵
        
        PID:848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51165.exe
        9⤵
        
        PID:3832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31762.exe
        10⤵
        
        PID:5244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64922.exe
        11⤵
        
        PID:7804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31062.exe
        12⤵
        
        PID:11156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20715.exe
        13⤵
        
        PID:13988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11156 -s 216
        13⤵
        
        PID:7452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7804 -s 220
        12⤵
        
        PID:12196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5244 -s 220
        11⤵
        
        PID:9212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3832 -s 216
        10⤵
        
        PID:7048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 848 -s 236
        9⤵
        
        PID:5836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2380 -s 240
        8⤵
        Program crash
        
        PID:3108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26605.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41209.exe
        8⤵
        
        PID:1676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24523.exe
        9⤵
        
        PID:3904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23978.exe
        10⤵
        
        PID:5644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61689.exe
        11⤵
        
        PID:7928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29775.exe
        12⤵
        
        PID:11092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55001.exe
        13⤵
        
        PID:9196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7928 -s 236
        12⤵
        
        PID:12372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5644 -s 216
        11⤵
        
        PID:9584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3904 -s 216
        10⤵
        
        PID:7596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1676 -s 236
        9⤵
        
        PID:6064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-573.exe
        8⤵
        
        PID:3944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31871.exe
        9⤵
        
        PID:5704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51902.exe
        10⤵
        
        PID:6436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45369.exe
        11⤵
        
        PID:10256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10256 -s 208
        12⤵
        
        PID:13004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6436 -s 216
        11⤵
        
        PID:11384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5704 -s 216
        10⤵
        
        PID:8816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3944 -s 216
        9⤵
        
        PID:6760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2144 -s 240
        8⤵
        
        PID:4920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2436 -s 240
        7⤵
        Program crash
        
        PID:2080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58619.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7576.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63959.exe
        8⤵
        
        PID:716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 716 -s 372
        9⤵
        Program crash
        
        PID:3744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41605.exe
        8⤵
        
        PID:3764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23511.exe
        9⤵
        
        PID:5164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41897.exe
        10⤵
        
        PID:7160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56853.exe
        11⤵
        
        PID:9872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18800.exe
        12⤵
        
        PID:12976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9872 -s 220
        12⤵
        
        PID:7544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7160 -s 216
        11⤵
        
        PID:10328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5164 -s 236
        10⤵
        
        PID:8240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3764 -s 216
        9⤵
        
        PID:6036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 328 -s 240
        8⤵
        
        PID:4608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30772.exe
        7⤵
        
        PID:528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61471.exe
        8⤵
        
        PID:3772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46069.exe
        9⤵
        
        PID:4776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53381.exe
        10⤵
        
        PID:6376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29972.exe
        11⤵
        
        PID:9876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47533.exe
        12⤵
        
        PID:12700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9876 -s 216
        12⤵
        
        PID:6124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6376 -s 216
        11⤵
        
        PID:10516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4776 -s 236
        10⤵
        
        PID:7972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3772 -s 216
        9⤵
        
        PID:5632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 528 -s 236
        8⤵
        
        PID:4672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2672 -s 240
        7⤵
        Program crash
        
        PID:3084
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2852 -s 240
        6⤵
        Program crash
        
        PID:1520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35977.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17032.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40249.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8728.exe
        8⤵
        
        PID:776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3718.exe
        9⤵
        
        PID:3136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7885.exe
        10⤵
        
        PID:4008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10272.exe
        11⤵
        
        PID:5288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38005.exe
        12⤵
        
        PID:6952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2992.exe
        13⤵
        
        PID:9272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32374.exe
        14⤵
        
        PID:13136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9272 -s 216
        14⤵
        
        PID:7516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6952 -s 216
        13⤵
        
        PID:11196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5288 -s 236
        12⤵
        
        PID:7720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4008 -s 216
        11⤵
        
        PID:5584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3136 -s 236
        10⤵
        
        PID:5684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30806.exe
        9⤵
        
        PID:3232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52483.exe
        10⤵
        
        PID:5432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60563.exe
        11⤵
        
        PID:6916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30211.exe
        12⤵
        
        PID:9972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16854.exe
        13⤵
        
        PID:13064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9972 -s 216
        13⤵
        
        PID:7456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6916 -s 216
        12⤵
        
        PID:10388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5432 -s 216
        11⤵
        
        PID:7320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3232 -s 216
        10⤵
        
        PID:6088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 776 -s 240
        9⤵
        
        PID:4736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30915.exe
        8⤵
        
        PID:3164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38612.exe
        9⤵
        
        PID:4064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4242.exe
        10⤵
        
        PID:5408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49629.exe
        11⤵
        
        PID:7880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3708.exe
        12⤵
        
        PID:10548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7880 -s 216
        12⤵
        
        PID:12428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5408 -s 216
        11⤵
        
        PID:9560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4064 -s 216
        10⤵
        
        PID:7080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3164 -s 236
        9⤵
        
        PID:5876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 664 -s 240
        8⤵
        Program crash
        
        PID:3820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27757.exe
        7⤵
        
        PID:1124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24139.exe
        8⤵
        
        PID:3256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26168.exe
        9⤵
        
        PID:3276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20626.exe
        10⤵
        
        PID:5348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4943.exe
        11⤵
        
        PID:8892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28104.exe
        12⤵
        
        PID:11528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8892 -s 236
        12⤵
        
        PID:12572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5348 -s 216
        11⤵
        
        PID:9816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3276 -s 216
        10⤵
        
        PID:8072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3256 -s 236
        9⤵
        
        PID:5904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2218.exe
        8⤵
        
        PID:3760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45130.exe
        9⤵
        
        PID:5568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14486.exe
        10⤵
        
        PID:6404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37455.exe
        11⤵
        
        PID:9960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64253.exe
        12⤵
        
        PID:12816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9960 -s 216
        12⤵
        
        PID:12696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6404 -s 216
        11⤵
        
        PID:10664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5568 -s 236
        10⤵
        
        PID:8028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11533.exe
        9⤵
        
        PID:6456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14896.exe
        10⤵
        
        PID:9988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35473.exe
        11⤵
        
        PID:12872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9988 -s 216
        11⤵
        
        PID:13236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6456 -s 236
        10⤵
        
        PID:10684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3760 -s 220
        9⤵
        
        PID:8040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1124 -s 240
        8⤵
        
        PID:6000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2936 -s 240
        7⤵
        Program crash
        
        PID:3016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63362.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25065.exe
        7⤵
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1772.exe
        8⤵
        
        PID:4000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42369.exe
        9⤵
        
        PID:5576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7553.exe
        10⤵
        
        PID:7832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5934.exe
        11⤵
        
        PID:10400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59884.exe
        12⤵
        
        PID:13376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10400 -s 216
        12⤵
        
        PID:8092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7832 -s 216
        11⤵
        
        PID:11484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5576 -s 220
        10⤵
        
        PID:8208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4000 -s 216
        9⤵
        
        PID:6776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2788 -s 236
        8⤵
        
        PID:3812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2856 -s 236
        7⤵
        Program crash
        
        PID:3928
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1964 -s 240
        6⤵
        Program crash
        
        PID:2732
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 940 -s 240
        5⤵
        Program crash
        
        PID:2408
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2280 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:2004
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8930.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8930.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58536.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58536.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62859.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18162.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23913.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48308.exe
        8⤵
        
        PID:308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59333.exe
        9⤵
        
        PID:3876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58129.exe
        10⤵
        
        PID:5324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30221.exe
        11⤵
        
        PID:6388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22380.exe
        12⤵
        
        PID:9948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-278.exe
        13⤵
        
        PID:12776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9948 -s 216
        13⤵
        
        PID:12668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6388 -s 216
        12⤵
        
        PID:10624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5324 -s 236
        11⤵
        
        PID:8316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3876 -s 236
        10⤵
        
        PID:6240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 308 -s 236
        9⤵
        
        PID:4688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2392 -s 236
        8⤵
        Program crash
        
        PID:3932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23481.exe
        7⤵
        
        PID:2116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2648 -s 220
        7⤵
        Program crash
        
        PID:3220
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 480 -s 236
        6⤵
        Program crash
        
        PID:1828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17010.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5355.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58531.exe
        7⤵
        
        PID:856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37137.exe
        8⤵
        
        PID:3500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-952.exe
        9⤵
        
        PID:4968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52094.exe
        10⤵
        
        PID:7064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19905.exe
        11⤵
        
        PID:10008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14668.exe
        12⤵
        
        PID:12760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10008 -s 216
        12⤵
        
        PID:5460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7064 -s 216
        11⤵
        
        PID:11208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4968 -s 216
        10⤵
        
        PID:8636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3500 -s 216
        9⤵
        
        PID:6676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 856 -s 216
        8⤵
        
        PID:4500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10544.exe
        7⤵
        
        PID:1996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21268.exe
        8⤵
        
        PID:4356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45597.exe
        9⤵
        
        PID:6748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46355.exe
        10⤵
        
        PID:10132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16854.exe
        11⤵
        
        PID:13076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10132 -s 216
        11⤵
        
        PID:12804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6748 -s 216
        10⤵
        
        PID:10956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4356 -s 236
        9⤵
        
        PID:7636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1996 -s 236
        8⤵
        
        PID:5740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1944 -s 240
        7⤵
        Program crash
        
        PID:3432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34581.exe
        6⤵
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55612.exe
        7⤵
        
        PID:4088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10298.exe
        8⤵
        
        PID:4928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23122.exe
        9⤵
        
        PID:6452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19111.exe
        10⤵
        
        PID:10524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27217.exe
        11⤵
        
        PID:13168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10524 -s 204
        11⤵
        
        PID:14160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6452 -s 216
        10⤵
        
        PID:11700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4928 -s 216
        9⤵
        
        PID:8704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4088 -s 216
        8⤵
        
        PID:6216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2784 -s 236
        7⤵
        Program crash
        
        PID:4164
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1788 -s 240
        6⤵
        Program crash
        
        PID:2460
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1928 -s 240
        5⤵
        Program crash
        
        PID:820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12267.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12267.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10233.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5355.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44717.exe
        7⤵
        
        PID:1008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2327.exe
        8⤵
        
        PID:3632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29925.exe
        9⤵
        
        PID:5472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58124.exe
        10⤵
        
        PID:7144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63843.exe
        11⤵
        
        PID:10376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41031.exe
        12⤵
        
        PID:13048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10376 -s 220
        12⤵
        
        PID:14140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7144 -s 216
        11⤵
        
        PID:11452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5472 -s 216
        10⤵
        
        PID:8536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3632 -s 216
        9⤵
        
        PID:6848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1008 -s 236
        8⤵
        
        PID:4816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10544.exe
        7⤵
        
        PID:708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35898.exe
        8⤵
        
        PID:3964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12628.exe
        9⤵
        
        PID:4756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33188.exe
        10⤵
        
        PID:8060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54388.exe
        11⤵
        
        PID:10352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34804.exe
        12⤵
        
        PID:14200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10352 -s 236
        12⤵
        
        PID:7792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8060 -s 216
        11⤵
        
        PID:11428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4756 -s 216
        10⤵
        
        PID:8948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3964 -s 216
        9⤵
        
        PID:6504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 708 -s 236
        8⤵
        
        PID:4728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 956 -s 220
        7⤵
        Program crash
        
        PID:3528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63746.exe
        6⤵
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52776.exe
        7⤵
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7501.exe
        8⤵
        
        PID:3132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29157.exe
        9⤵
        
        PID:4128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21669.exe
        10⤵
        
        PID:6600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44409.exe
        11⤵
        
        PID:10192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35473.exe
        12⤵
        
        PID:12880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10192 -s 216
        12⤵
        
        PID:5144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6600 -s 216
        11⤵
        
        PID:10732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4128 -s 216
        10⤵
        
        PID:8404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3132 -s 236
        9⤵
        
        PID:6328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52462.exe
        8⤵
        
        PID:4364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62592.exe
        9⤵
        
        PID:6464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22380.exe
        10⤵
        
        PID:9940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14668.exe
        11⤵
        
        PID:12752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9940 -s 216
        11⤵
        
        PID:5492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6464 -s 216
        10⤵
        
        PID:10612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4364 -s 216
        9⤵
        
        PID:8916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1620 -s 240
        8⤵
        
        PID:6428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30422.exe
        7⤵
        
        PID:3336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2706.exe
        8⤵
        
        PID:4172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4647.exe
        9⤵
        
        PID:6932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40408.exe
        10⤵
        
        PID:10604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38701.exe
        11⤵
        
        PID:12796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10604 -s 204
        11⤵
        
        PID:13948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6932 -s 216
        10⤵
        
        PID:11820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4172 -s 216
        9⤵
        
        PID:8764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3336 -s 236
        8⤵
        
        PID:6360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1640 -s 240
        7⤵
        Program crash
        
        PID:4248
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2324 -s 240
        6⤵
        Program crash
        
        PID:2816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63279.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13990.exe
        6⤵
        
        PID:1280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22050.exe
        7⤵
        
        PID:808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14600.exe
        8⤵
        
        PID:3180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7366.exe
        9⤵
        
        PID:5892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56837.exe
        10⤵
        
        PID:7616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39697.exe
        11⤵
        
        PID:10892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32251.exe
        12⤵
        
        PID:14232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7616 -s 236
        11⤵
        
        PID:12300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5892 -s 216
        10⤵
        
        PID:9420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3180 -s 216
        9⤵
        
        PID:6912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 808 -s 236
        8⤵
        
        PID:4292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6987.exe
        7⤵
        
        PID:3288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44699.exe
        8⤵
        
        PID:5968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7745.exe
        9⤵
        
        PID:7628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51674.exe
        10⤵
        
        PID:11068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63117.exe
        11⤵
        
        PID:13688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11068 -s 216
        11⤵
        
        PID:8176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7628 -s 220
        10⤵
        
        PID:12180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5968 -s 216
        9⤵
        
        PID:9092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3288 -s 216
        8⤵
        
        PID:6880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1280 -s 220
        7⤵
        
        PID:5072
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1656 -s 236
        6⤵
        Program crash
        
        PID:3616
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1248 -s 240
        5⤵
        Program crash
        
        PID:1568
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2644 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1780
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2248 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2176
- C:\Users\Admin\AppData\Local\Temp\Unicorn-9039.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-9039.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2688
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28796.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28796.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23726.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23726.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58775.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45044.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48334.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23721.exe
        8⤵
        
        PID:876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57052.exe
        9⤵
        
        PID:1444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1444 -s 240
        10⤵
        
        PID:4912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24200.exe
        9⤵
        
        PID:3172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6214.exe
        10⤵
        
        PID:4960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21669.exe
        11⤵
        
        PID:6620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16781.exe
        12⤵
        
        PID:10312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12167.exe
        13⤵
        
        PID:4340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10312 -s 216
        13⤵
        
        PID:13924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6620 -s 220
        12⤵
        
        PID:11412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4960 -s 216
        11⤵
        
        PID:8420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3172 -s 236
        10⤵
        
        PID:6224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 876 -s 240
        9⤵
        Program crash
        
        PID:4180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6460.exe
        8⤵
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28799.exe
        9⤵
        
        PID:3080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29733.exe
        10⤵
        
        PID:5804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14159.exe
        11⤵
        
        PID:8020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15493.exe
        12⤵
        
        PID:10272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57938.exe
        13⤵
        
        PID:7476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10272 -s 220
        13⤵
        
        PID:14072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8020 -s 216
        12⤵
        
        PID:11116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5804 -s 216
        11⤵
        
        PID:9024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3080 -s 216
        10⤵
        
        PID:6964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2072 -s 236
        9⤵
        
        PID:4848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2012 -s 240
        8⤵
        Program crash
        
        PID:3448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16107.exe
        7⤵
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30410.exe
        8⤵
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54372.exe
        9⤵
        
        PID:3848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33817.exe
        10⤵
        
        PID:4856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16708.exe
        11⤵
        
        PID:6804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21851.exe
        12⤵
        
        PID:10220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6739.exe
        13⤵
        
        PID:12988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10220 -s 220
        13⤵
        
        PID:13044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6804 -s 216
        12⤵
        
        PID:11008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4856 -s 216
        11⤵
        
        PID:8476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3848 -s 216
        10⤵
        
        PID:6656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2152 -s 236
        9⤵
        
        PID:4516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16032.exe
        8⤵
        
        PID:3896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63583.exe
        9⤵
        
        PID:4888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2317.exe
        10⤵
        
        PID:6940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55675.exe
        11⤵
        
        PID:10344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6604.exe
        12⤵
        
        PID:13212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10344 -s 204
        12⤵
        
        PID:14172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6940 -s 220
        11⤵
        
        PID:11444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4888 -s 216
        10⤵
        
        PID:8500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3896 -s 216
        9⤵
        
        PID:6200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1532 -s 240
        8⤵
        Program crash
        
        PID:4156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1936 -s 240
        7⤵
        Program crash
        
        PID:684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5718.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44717.exe
        7⤵
        
        PID:1020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44608.exe
        8⤵
        
        PID:2376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9016.exe
        9⤵
        
        PID:4280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58425.exe
        10⤵
        
        PID:6816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27881.exe
        11⤵
        
        PID:10180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52157.exe
        12⤵
        
        PID:12932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10180 -s 216
        12⤵
        
        PID:12896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6816 -s 216
        11⤵
        
        PID:10972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4280 -s 236
        10⤵
        
        PID:7708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2376 -s 236
        9⤵
        
        PID:5672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26338.exe
        8⤵
        
        PID:3780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24881.exe
        9⤵
        
        PID:5060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49681.exe
        10⤵
        
        PID:6788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9790.exe
        11⤵
        
        PID:9780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17814.exe
        12⤵
        
        PID:13224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9780 -s 216
        12⤵
        
        PID:13632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6788 -s 216
        11⤵
        
        PID:10288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5060 -s 236
        10⤵
        
        PID:7692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3780 -s 216
        9⤵
        
        PID:5912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1020 -s 240
        8⤵
        
        PID:4448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20658.exe
        7⤵
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44066.exe
        8⤵
        
        PID:3264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59691.exe
        9⤵
        
        PID:4996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21669.exe
        10⤵
        
        PID:6572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16781.exe
        11⤵
        
        PID:10304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38701.exe
        12⤵
        
        PID:12784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10304 -s 204
        12⤵
        
        PID:13956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6572 -s 220
        11⤵
        
        PID:11404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4996 -s 216
        10⤵
        
        PID:8412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3264 -s 216
        9⤵
        
        PID:6576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2868 -s 236
        8⤵
        
        PID:4940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1220 -s 220
        7⤵
        Program crash
        
        PID:3544
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1664 -s 240
        6⤵
        Program crash
        
        PID:912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25178.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17608.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4514.exe
        7⤵
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24331.exe
        8⤵
        
        PID:3916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46453.exe
        9⤵
        
        PID:5548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58508.exe
        10⤵
        
        PID:6560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17850.exe
        11⤵
        
        PID:10640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37715.exe
        12⤵
        
        PID:12848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10640 -s 220
        12⤵
        
        PID:14276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6560 -s 216
        11⤵
        
        PID:11804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5548 -s 236
        10⤵
        
        PID:8940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3916 -s 216
        9⤵
        
        PID:6648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2532 -s 236
        8⤵
        
        PID:5028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2792 -s 236
        7⤵
        Program crash
        
        PID:3536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33019.exe
        6⤵
        
        PID:1556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1556 -s 188
        7⤵
        Program crash
        
        PID:1972
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1776 -s 240
        6⤵
        Program crash
        
        PID:4312
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2192 -s 240
        5⤵
        Program crash
        
        PID:2676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8183.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8183.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49128.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13523.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62615.exe
        7⤵
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58998.exe
        8⤵
        
        PID:1588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55633.exe
        9⤵
        
        PID:4048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61035.exe
        10⤵
        
        PID:6020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41897.exe
        11⤵
        
        PID:7148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11736.exe
        12⤵
        
        PID:9936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3999.exe
        13⤵
        
        PID:12588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9936 -s 216
        13⤵
        
        PID:13916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7148 -s 216
        12⤵
        
        PID:11088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6020 -s 216
        11⤵
        
        PID:8232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4048 -s 236
        10⤵
        
        PID:5700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1588 -s 216
        9⤵
        
        PID:4144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13017.exe
        8⤵
        
        PID:3300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19427.exe
        9⤵
        
        PID:5132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1331.exe
        10⤵
        
        PID:7744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31062.exe
        11⤵
        
        PID:11144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46397.exe
        12⤵
        
        PID:13732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11144 -s 216
        12⤵
        
        PID:7280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7744 -s 220
        11⤵
        
        PID:12188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5132 -s 216
        10⤵
        
        PID:8356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3300 -s 216
        9⤵
        
        PID:6860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2568 -s 220
        8⤵
        
        PID:4584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12490.exe
        7⤵
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25352.exe
        8⤵
        
        PID:4324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21477.exe
        9⤵
        
        PID:6884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54907.exe
        10⤵
        
        PID:10044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29106.exe
        11⤵
        
        PID:13100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10044 -s 216
        11⤵
        
        PID:13408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6884 -s 216
        10⤵
        
        PID:10596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4324 -s 236
        9⤵
        
        PID:7852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1660 -s 236
        8⤵
        
        PID:5720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1456 -s 240
        7⤵
        Program crash
        
        PID:3480
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1132 -s 236
        6⤵
        Program crash
        
        PID:2052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28468.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18075.exe
        6⤵
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36440.exe
        7⤵
        
        PID:1576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55633.exe
        8⤵
        
        PID:3184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65529.exe
        9⤵
        
        PID:4760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4760 -s 224
        10⤵
        
        PID:6844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3184 -s 216
        9⤵
        
        PID:5228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27189.exe
        8⤵
        
        PID:4828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40143.exe
        9⤵
        
        PID:6476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49453.exe
        10⤵
        
        PID:9908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24399.exe
        11⤵
        
        PID:12672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9908 -s 216
        11⤵
        
        PID:13208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6476 -s 216
        10⤵
        
        PID:11348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4828 -s 216
        9⤵
        
        PID:8388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1576 -s 240
        8⤵
        
        PID:6160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13017.exe
        7⤵
        
        PID:3392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39847.exe
        8⤵
        
        PID:5092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62592.exe
        9⤵
        
        PID:6512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34378.exe
        10⤵
        
        PID:10676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3096.exe
        11⤵
        
        PID:12296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10676 -s 216
        11⤵
        
        PID:14260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6512 -s 216
        10⤵
        
        PID:11844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5092 -s 216
        9⤵
        
        PID:8924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3392 -s 216
        8⤵
        
        PID:6716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1596 -s 240
        7⤵
        
        PID:4528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47301.exe
        6⤵
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62540.exe
        7⤵
        
        PID:3156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49193.exe
        8⤵
        
        PID:5000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56671.exe
        9⤵
        
        PID:6692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16781.exe
        10⤵
        
        PID:10320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32671.exe
        11⤵
        
        PID:12856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10320 -s 204
        11⤵
        
        PID:14004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6692 -s 220
        10⤵
        
        PID:11420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5000 -s 216
        9⤵
        
        PID:8436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3156 -s 236
        8⤵
        
        PID:6232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15513.exe
        7⤵
        
        PID:5052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35566.exe
        8⤵
        
        PID:6480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34103.exe
        9⤵
        
        PID:10012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10012 -s 212
        10⤵
        
        PID:12680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6480 -s 216
        9⤵
        
        PID:11056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5052 -s 216
        8⤵
        
        PID:8584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1672 -s 220
        7⤵
        
        PID:6288
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2864 -s 240
        6⤵
        Program crash
        
        PID:3576
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 844 -s 240
        5⤵
        Program crash
        
        PID:2128
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2484 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1096
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3860.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3860.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6066.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6066.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49128.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52418.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35973.exe
        7⤵
        
        PID:1884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22939.exe
        8⤵
        
        PID:3840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19894.exe
        9⤵
        
        PID:5716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61305.exe
        10⤵
        
        PID:7780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55566.exe
        11⤵
        
        PID:11180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10216.exe
        12⤵
        
        PID:13844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11180 -s 220
        12⤵
        
        PID:13852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7780 -s 216
        11⤵
        
        PID:12204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5716 -s 216
        10⤵
        
        PID:9468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3840 -s 216
        9⤵
        
        PID:7608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1884 -s 236
        8⤵
        
        PID:6048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49439.exe
        7⤵
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57579.exe
        8⤵
        
        PID:3348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9312.exe
        9⤵
        
        PID:5748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13474.exe
        10⤵
        
        PID:7340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13054.exe
        11⤵
        
        PID:10696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21561.exe
        12⤵
        
        PID:8760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7340 -s 236
        11⤵
        
        PID:12168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5748 -s 216
        10⤵
        
        PID:1572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3348 -s 216
        9⤵
        
        PID:6928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2956 -s 236
        8⤵
        
        PID:4616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 852 -s 240
        7⤵
        Program crash
        
        PID:3472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55578.exe
        6⤵
        
        PID:584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9797.exe
        7⤵
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34144.exe
        8⤵
        
        PID:3968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51160.exe
        9⤵
        
        PID:5488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56095.exe
        10⤵
        
        PID:6552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17035.exe
        11⤵
        
        PID:10048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64253.exe
        12⤵
        
        PID:12808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10048 -s 216
        12⤵
        
        PID:12708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6552 -s 236
        11⤵
        
        PID:10828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5488 -s 236
        10⤵
        
        PID:8112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30007.exe
        9⤵
        
        PID:6612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60553.exe
        10⤵
        
        PID:10100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46319.exe
        11⤵
        
        PID:12904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10100 -s 204
        11⤵
        
        PID:12864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6612 -s 216
        10⤵
        
        PID:10948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3968 -s 220
        9⤵
        
        PID:8148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1528 -s 236
        8⤵
        
        PID:5692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35767.exe
        7⤵
        
        PID:4012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8373.exe
        8⤵
        
        PID:5240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60366.exe
        9⤵
        
        PID:8784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55047.exe
        10⤵
        
        PID:10632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8784 -s 216
        10⤵
        
        PID:12456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5240 -s 216
        9⤵
        
        PID:9784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4012 -s 216
        8⤵
        
        PID:8008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 584 -s 220
        7⤵
        
        PID:5764
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 320 -s 240
        6⤵
        Program crash
        
        PID:2456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32552.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13990.exe
        6⤵
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20801.exe
        7⤵
        
        PID:3216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20448.exe
        8⤵
        
        PID:5784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15529.exe
        9⤵
        
        PID:6636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39593.exe
        10⤵
        
        PID:10020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10968.exe
        11⤵
        
        PID:12828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10020 -s 216
        11⤵
        
        PID:13060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6636 -s 216
        10⤵
        
        PID:10752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5784 -s 216
        9⤵
        
        PID:8856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3216 -s 216
        8⤵
        
        PID:7124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1732 -s 216
        7⤵
        
        PID:4704
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2808 -s 236
        6⤵
        Program crash
        
        PID:3624
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1920 -s 240
        5⤵
        Program crash
        
        PID:1908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64073.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64073.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13523.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51577.exe
        6⤵
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5363.exe
        7⤵
        
        PID:3416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39100.exe
        8⤵
        
        PID:5304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50828.exe
        9⤵
        
        PID:9128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30782.exe
        10⤵
        
        PID:12052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9128 -s 236
        10⤵
        
        PID:12620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5304 -s 216
        9⤵
        
        PID:9856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3416 -s 216
        8⤵
        
        PID:8044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2696 -s 236
        7⤵
        
        PID:5596
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1392 -s 216
        6⤵
        Program crash
        
        PID:3560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59662.exe
        5⤵
        
        PID:1452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30410.exe
        6⤵
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9255.exe
        7⤵
        
        PID:3556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26779.exe
        8⤵
        
        PID:5188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38747.exe
        9⤵
        
        PID:7816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23937.exe
        10⤵
        
        PID:11064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52863.exe
        11⤵
        
        PID:9056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7816 -s 236
        10⤵
        
        PID:12332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5188 -s 216
        9⤵
        
        PID:9480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3556 -s 236
        8⤵
        
        PID:6772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2032 -s 236
        7⤵
        
        PID:4972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50843.exe
        6⤵
        
        PID:3696
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1452 -s 240
        6⤵
        
        PID:4400
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2284 -s 220
        5⤵
        Program crash
        
        PID:2916
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2448 -s 240
      4⤵
      Program crash
      PID:2584
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2688 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:1544
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2244 -s 240
  2⤵
  - Program crash
  PID:2148

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10298.exe

Filesize
184KB

MD5
c5efe46ee2a7114aa6f466b34fc96b5b

SHA1
6be077085424955e57cd13917ccd382fdbf40b4e

SHA256
c7079289c9acbaa8ff695a2083984abcf7fa9ebe5884843920cef293c8fd4556

SHA512
4ac8c4aa5ffbeaca74173b8b65f2f5af1f817db0331029b654efa30782a3855c1b07d55e126e9ab9d70a79496a3cdae3d74406b02723aa172cb152c1ee7bca5e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2153.exe

Filesize
184KB

MD5
0b02e18de8150fcce44a3eb54b1caf4f

SHA1
d96559396007d513ca9084cb05539df401993f07

SHA256
d2f7d2ad53bd1687716da29e11be217716d56a824da96c5eb2edc491947c2ff0

SHA512
b3353be34395e6efc2495d8451233659f6295837258edab1ecaa305520ec79a9bb82ede12f3747a29f9b71648c88a0b2d79e698e47d83e9398588dffb2511c65

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23726.exe

Filesize
184KB

MD5
bbb088e459f27860636154b0f78283ec

SHA1
23d190d7f781afd5d35be2ce5e106ee016d9257b

SHA256
2ece91c6af4ff14ca447c0cf9ff56cd8ff837cab78368604f8027526d9262403

SHA512
994cfd9e7221359763cf943bbc7268ebfb17a9e53fea52896658c267a80227f956f672d5edca82bb132db87203da2178e8a51799dbf87d71b9744666fe9d7a9a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29106.exe

Filesize
184KB

MD5
fc5934ac7d366dc052a31c0d6f27d2ec

SHA1
bc33468c6d00cf7954078bced7e6716166069dbf

SHA256
0bd0263182f061dbaaa4a42ebacc1156d0e4a56b7842eee6cd92c4c3a528d8f9

SHA512
3dcb99ed68cbbc29de6bdbaf002b045e2e10d476469cb623ac3f111f6fa9a42a1afd5373c415b89c9ea735dc695a4f6ccdd6cb8dbdc69b9801e43ea73f5e710d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3860.exe

Filesize
184KB

MD5
8da47346740aafef94d583ff4b13f0b0

SHA1
1d0e56a192d9e45539319b380d62a5a2a56b95f8

SHA256
0a31ddf28c66ebdeb1807ae6b8c7ae4b6e44667acf748372a73333b4750adc83

SHA512
d5f2c52312b70021c3c0bb493ba54b4449044bbbe5b3fb26cd358c0a44a10faf2ae4f70d6af772d29324a03207ab7caa81bb68060ef09cdcbe3f027f608add4f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40667.exe

Filesize
184KB

MD5
6cd3499fa72b80d7554c7a40dc6f82ae

SHA1
3f64fddfbe33bd1ac313ef0232c2902a125a31ea

SHA256
401915c66904eacabaa52cba355a18c33b9fc1ff8d0ba48eea2b7ec4424021eb

SHA512
78668edbb25442f16172548c37cce9c2d912236fc64a3cf79cf7c092cb0f91d7a37d80a6d37a1967683b5dbb15ce5bd7d8c92c72a29b216ec6ef0ca9743483cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46284.exe

Filesize
184KB

MD5
7ecb6feeb912496c96c7b9659b36e61d

SHA1
3d930eb1e68381b357db63d17f4c021823df4253

SHA256
66a7c61537c5723c1ec5cfbc31c2936d9b9e4a1363519a338cf74e886606cc7c

SHA512
e88a48a77f9bb0f02c0904bc650bf009ce3422101b4af5ea6a367d870adb38c35b9b3056bd41d77a46f53583126d17b1ec2646c9a08fafd63254e496c3af6e4e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46397.exe

Filesize
184KB

MD5
28fe0c96b99edaab98df254eb3a215b0

SHA1
032665a2065b27946f647997c5faeb1f6bcb25ef

SHA256
ea42715423c4613f1056b12e92890e2bb7c33629a90052f984f3baceda314098

SHA512
a9ac755239e9b7735fb4b580dc37fa178124150354194fa7cb391b19ce49fda9935079063999637e5e030ab6e29c6552036450609a571013e3359b727a778061

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6066.exe

Filesize
184KB

MD5
0f82fca8b3e102753f64576cd6363599

SHA1
e6887c78334bd38575b5a07f0805ef4fde91eb8a

SHA256
301b3c4b4e41d65f10d934132dc77b3898d9531e10980b1e63476e37d5b58599

SHA512
83188b5fae96568f4828874b69aa2abfc656aa29fda17a12883859a619db8124323ef3331d3ae95050c39aff5bfd869a4b26b9c481ccf5860d6a1a2f0700f4ec

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8930.exe

Filesize
184KB

MD5
54396ec21373a51cf87f038bb75cae6c

SHA1
13c54eb3b409dfbd03f2b58840f6266e75127d2d

SHA256
04d39734b53399396b476f9645ec0cd59d2572a3dcb80b15146281d2e1dc312d

SHA512
a75a620c9dd3690999923a5171143946017c9483bcf02081714ce026558c421aa35e9aa7aa05364f4e4e5de2b423d7cf1fb15c5fa82a87f71fcd58082041cabc

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-2179.exe

Filesize
184KB

MD5
8c47070a8db47236f8ea9c1a77bea606

SHA1
abd7c9036c557fea5782fd3f120f6439f3f1502f

SHA256
9f3ceb02527feae25b3b10d87c9fc2177e8c12e0c75445f51d698004d9a9ae2b

SHA512
6506359c95586b0c30fd53be389dd1d547f59b78c32279b8dd993343cbf182b4d1effc250b34bfda9b6faf8f5883bc9d08abec0aaf59436d8bcfbd7b8bdd3881

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-28796.exe

Filesize
184KB

MD5
127878c1a5a014b87323ff83938864df

SHA1
dd17c9fdd825c2236ea0da7f0d430fef840a96a7

SHA256
fa69f65d395786d1a2e1722886b397735ed1fbf36fe02bab8c78075a10f6dfaf

SHA512
cb26fc37e8b10abb0fc3a1cc882be73441a5b818759cd6413aa31d1ccbb8f07ec41be59a0a2c2efa261864d08b6f714dfa01bf07bcd96c01950afe023c39a625

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3544.exe

Filesize
184KB

MD5
6aa1dc8dc735a43e302faa7a0165a751

SHA1
4644a1ee6c4e8ff6154d2223621feca626db7bbc

SHA256
edb54d35ead09b69defde013bc5ab497e65fb346143ec3f05397a5f828c6c9ad

SHA512
a2d5aa913f3ce41d2822687b30f2c1fe1b57365a57b3269b993ab43b7f6ce3072cbce74ea25d1bbf85abcc6947439202c405f6936df129a398418e3ebaaa28dd

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-4099.exe

Filesize
184KB

MD5
fe460d9306abd43b2580ec8e175f3230

SHA1
b888eeed1e7d2dee5b5a672a953e8e09880dded0

SHA256
135b255ce2ac34d8d51e773c4b120778f0d96900424deec669ebbb9740806c54

SHA512
03b8c0d8cf1c6b5649aacde228aba86bc375613b817f045f9f28216fed4e7418a0d22677eb7b79ce5ec60a163ea028543db3bd23aa08c7d57d8225b064ba41ca

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-54691.exe

Filesize
184KB

MD5
a2ad9936b2138a914570035da97312bb

SHA1
3735b86ef06506d30d47a741428014a28eef93eb

SHA256
82c45ed0d5387f7dd4177861e9775f3dc5f87e658ff948e8c24b8d5b2a6add52

SHA512
c9aee734cf4a5ae6102692853497561e5551422417a6e77f9c559e66c482d543a0628e977049160779366cdd0242f4e4733b1013413f600f49deafa7f0f74fd3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-58536.exe

Filesize
184KB

MD5
5247921571bd9c3e186c2bc1104d87aa

SHA1
9238742d5d196fc6efb1cdc3c2402409012a248f

SHA256
d8518e8ea1b573c7176dbd3044b6a82b4f80199979b53ba081d34f2b7a69fa31

SHA512
c53795de5c030fbb5c639cca5a33a351bbf40b7bd92b27c3c4c46c056caf7568f7091afe8ef6a05a6d186b0f04c2f4a3bb225a7ba012c57c1e15f9e446942666

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-59631.exe

Filesize
184KB

MD5
d6d6472f12a8328450dcabbcd918fe8e

SHA1
afa5db81b5bb755cc897fd6e814838c27ff64d3b

SHA256
82eb999a9ef5a505848f713e48602904ab9b49f94473493ab854dc9e97b067c1

SHA512
9af843a4ad3d86a5eb4a8a67f370798e9ce8d39a1be25c545b02daf66db7b4f5c97484bfd76d8694931215bbf93cc740b951da1c7a15701fe07d5e2f89718c57

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-61229.exe

Filesize
184KB

MD5
5b2140dc299b0e8381eed84d98a43b87

SHA1
80e9e036bb4486e63f31738666cdd88d479ad14e

SHA256
e9a7bdb9f6f932040fcf940c968f538a9b0ff54078a4651ca861949755b781b9

SHA512
3607a1adc5dae74ff7374595a6b9422cdcf2f82cf5fe94f35483dde3bb49f6e456a607ac81e5655087e96580981cb6fdf8bec66b929b27c8acc8e96ef281f470

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9039.exe

Filesize
184KB

MD5
160c0e91d7e6a1b1c9ab4ab52c64532a

SHA1
163a530cfdf63efe2be70390e08b743890d4f14a

SHA256
3b6dde272f54cf5696fdb38387844847489c9331b81c2215c779f9eda0e2b174

SHA512
e617d194370fa1643e2ab45551d976df35bc5c74947d30a4592a9e2b39ff62cb5d9b1de969c3f6dc6394b38ef92c2d17e1d4f580dbd251cd1d4d62e2ea4a1c34

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads