647d61aae3c3b3c8545d721bbe4101b8d1d6d0f64a843f0cbcb250d2fde08098

Analysis

max time kernel
150s
max time network
118s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
29/05/2024, 18:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

836350094a84cfc3b3d7514f6bebfd60_NeikiAnalytics.exe
Size

184KB
MD5

836350094a84cfc3b3d7514f6bebfd60
SHA1

ac2661c9fe190e61562e016aa97635470f27c41c
SHA256

647d61aae3c3b3c8545d721bbe4101b8d1d6d0f64a843f0cbcb250d2fde08098
SHA512

39da879aea794472349391fe15ed3cf932fa17300775a140851052681994551ae24e25470092c7a88f148ea3e84d6e88bd832982fa3021dfee31e5bf433943b5
SSDEEP

3072:kJcjHbo07ZXTdQ1Wez2LJ6/ZhlnViF7n3:kJAoIBQ1gLQ/ZhlnViF7

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
1028	Unicorn-26612.exe
1956	Unicorn-53337.exe
2664	Unicorn-2745.exe
2652	Unicorn-22694.exe
3064	Unicorn-26778.exe
2768	Unicorn-6912.exe
2784	Unicorn-1287.exe
2864	Unicorn-51043.exe
2932	Unicorn-48350.exe
1432	Unicorn-52434.exe
1688	Unicorn-1842.exe
1124	Unicorn-53228.exe
1772	Unicorn-50535.exe
1924	Unicorn-8111.exe
1948	Unicorn-27977.exe
2280	Unicorn-5418.exe
688	Unicorn-10270.exe
784	Unicorn-55942.exe
2504	Unicorn-7639.exe
1912	Unicorn-50618.exe
2352	Unicorn-34836.exe
356	Unicorn-32912.exe
976	Unicorn-45164.exe
1044	Unicorn-60109.exe
1660	Unicorn-18522.exe
2112	Unicorn-33466.exe
1160	Unicorn-2740.exe
1976	Unicorn-53332.exe
2296	Unicorn-57416.exe
2236	Unicorn-55854.exe
1296	Unicorn-40072.exe
2744	Unicorn-3337.exe
2820	Unicorn-18282.exe
2680	Unicorn-7421.exe
2116	Unicorn-46316.exe
2212	Unicorn-61261.exe
2536	Unicorn-27842.exe
2708	Unicorn-52346.exe
2860	Unicorn-1754.exe
2624	Unicorn-56430.exe
2924	Unicorn-64598.exe
1528	Unicorn-14006.exe
2336	Unicorn-33872.exe
1640	Unicorn-33872.exe
1828	Unicorn-18090.exe
1696	Unicorn-18090.exe
2300	Unicorn-48537.exe
2304	Unicorn-32755.exe
576	Unicorn-5366.exe
1148	Unicorn-55122.exe
2264	Unicorn-52429.exe
2268	Unicorn-32563.exe
1936	Unicorn-21703.exe
1676	Unicorn-61152.exe
1068	Unicorn-31817.exe
2252	Unicorn-44069.exe
2272	Unicorn-53005.exe
892	Unicorn-57089.exe
1792	Unicorn-10581.exe
1800	Unicorn-34531.exe
2740	Unicorn-18749.exe
2748	Unicorn-7888.exe
2776	Unicorn-42699.exe
2700	Unicorn-11972.exe

Loads dropped DLL 64 IoCs

pid	Process
2052	836350094a84cfc3b3d7514f6bebfd60_NeikiAnalytics.exe
2052	836350094a84cfc3b3d7514f6bebfd60_NeikiAnalytics.exe
1028	Unicorn-26612.exe
1028	Unicorn-26612.exe
2052	836350094a84cfc3b3d7514f6bebfd60_NeikiAnalytics.exe
2052	836350094a84cfc3b3d7514f6bebfd60_NeikiAnalytics.exe
2664	Unicorn-2745.exe
2664	Unicorn-2745.exe
1956	Unicorn-53337.exe
1956	Unicorn-53337.exe
1028	Unicorn-26612.exe
1028	Unicorn-26612.exe
2088	WerFault.exe
2088	WerFault.exe
2088	WerFault.exe
2088	WerFault.exe
2088	WerFault.exe
2652	Unicorn-22694.exe
2652	Unicorn-22694.exe
2664	Unicorn-2745.exe
2664	Unicorn-2745.exe
2768	Unicorn-6912.exe
2768	Unicorn-6912.exe
3064	Unicorn-26778.exe
3064	Unicorn-26778.exe
1956	Unicorn-53337.exe
1956	Unicorn-53337.exe
2184	WerFault.exe
2184	WerFault.exe
2184	WerFault.exe
2184	WerFault.exe
3044	WerFault.exe
3044	WerFault.exe
3044	WerFault.exe
3044	WerFault.exe
2184	WerFault.exe
3044	WerFault.exe
2652	Unicorn-22694.exe
2652	Unicorn-22694.exe
2864	Unicorn-51043.exe
2864	Unicorn-51043.exe
2932	Unicorn-48350.exe
2932	Unicorn-48350.exe
2768	Unicorn-6912.exe
2768	Unicorn-6912.exe
1432	Unicorn-52434.exe
1432	Unicorn-52434.exe
3064	Unicorn-26778.exe
1688	Unicorn-1842.exe
1688	Unicorn-1842.exe
3064	Unicorn-26778.exe
2384	WerFault.exe
2384	WerFault.exe
2384	WerFault.exe
2384	WerFault.exe
2384	WerFault.exe
3048	WerFault.exe
3048	WerFault.exe
3048	WerFault.exe
3048	WerFault.exe
3048	WerFault.exe
1124	Unicorn-53228.exe
1056	WerFault.exe
1056	WerFault.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2684	2052	WerFault.exe	27
2088	1028	WerFault.exe	28
2184	2664	WerFault.exe	30
3044	1956	WerFault.exe	29
2384	2652	WerFault.exe	32
3048	2768	WerFault.exe	34
1056	3064	WerFault.exe	33
2992	2864	WerFault.exe	37
2188	2932	WerFault.exe	38
2456	1432	WerFault.exe	39
2176	1688	WerFault.exe	40
2592	1124	WerFault.exe	43
1308	1772	WerFault.exe	44
1248	1924	WerFault.exe	46
2916	1948	WerFault.exe	45
2968	688	WerFault.exe	48
2140	2280	WerFault.exe	47
592	784	WerFault.exe	49
2632	2504	WerFault.exe	53
988	1912	WerFault.exe	54
1012	2352	WerFault.exe	55
2496	356	WerFault.exe	56
112	1044	WerFault.exe	58
1704	976	WerFault.exe	57
1520	2112	WerFault.exe	60
1804	1160	WerFault.exe	62
1200	1660	WerFault.exe	59
2452	1976	WerFault.exe	61
1732	2296	WerFault.exe	63
1060	2236	WerFault.exe	66
1600	2820	WerFault.exe	71
2424	2744	WerFault.exe	70
3008	2680	WerFault.exe	72
1356	1296	WerFault.exe	69
328	2212	WerFault.exe	74
3132	2624	WerFault.exe	78
3348	2536	WerFault.exe	75
3416	1828	WerFault.exe	83
3500	2116	WerFault.exe	73
3808	2336	WerFault.exe	81
3904	1676	WerFault.exe	99
3992	2924	WerFault.exe	79
4048	1640	WerFault.exe	82
4060	1528	WerFault.exe	80
3088	2860	WerFault.exe	77
3148	2708	WerFault.exe	76
3196	2988	WerFault.exe	110
3232	1448	WerFault.exe	114
3216	2748	WerFault.exe	107
3260	2596	WerFault.exe	111
3296	640	WerFault.exe	115
3344	2700	WerFault.exe	109
3380	3020	WerFault.exe	116
3388	1792	WerFault.exe	104
3480	576	WerFault.exe	94
3536	2124	WerFault.exe	112
3520	1996	WerFault.exe	118
3508	1800	WerFault.exe	105
3548	2776	WerFault.exe	108
3616	1576	WerFault.exe	117
3632	2300	WerFault.exe	88
3340	1696	WerFault.exe	84
3700	1340	WerFault.exe	123
3840	1632	WerFault.exe	124

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2052	836350094a84cfc3b3d7514f6bebfd60_NeikiAnalytics.exe
1028	Unicorn-26612.exe
1956	Unicorn-53337.exe
2664	Unicorn-2745.exe
2652	Unicorn-22694.exe
2768	Unicorn-6912.exe
3064	Unicorn-26778.exe
2864	Unicorn-51043.exe
2932	Unicorn-48350.exe
1432	Unicorn-52434.exe
1688	Unicorn-1842.exe
1124	Unicorn-53228.exe
1772	Unicorn-50535.exe
1924	Unicorn-8111.exe
1948	Unicorn-27977.exe
2280	Unicorn-5418.exe
688	Unicorn-10270.exe
784	Unicorn-55942.exe
2504	Unicorn-7639.exe
1912	Unicorn-50618.exe
2352	Unicorn-34836.exe
356	Unicorn-32912.exe
976	Unicorn-45164.exe
1044	Unicorn-60109.exe
1660	Unicorn-18522.exe
1160	Unicorn-2740.exe
2112	Unicorn-33466.exe
1976	Unicorn-53332.exe
2296	Unicorn-57416.exe
2236	Unicorn-55854.exe
1296	Unicorn-40072.exe
2744	Unicorn-3337.exe
2820	Unicorn-18282.exe
2680	Unicorn-7421.exe
2116	Unicorn-46316.exe
2212	Unicorn-61261.exe
2536	Unicorn-27842.exe
2708	Unicorn-52346.exe
2860	Unicorn-1754.exe
2624	Unicorn-56430.exe
1528	Unicorn-14006.exe
2924	Unicorn-64598.exe
2336	Unicorn-33872.exe
1640	Unicorn-33872.exe
1828	Unicorn-18090.exe
1696	Unicorn-18090.exe
2300	Unicorn-48537.exe
2304	Unicorn-32755.exe
576	Unicorn-5366.exe
1148	Unicorn-55122.exe
2264	Unicorn-52429.exe
1936	Unicorn-21703.exe
2268	Unicorn-32563.exe
1676	Unicorn-61152.exe
1068	Unicorn-31817.exe
2252	Unicorn-44069.exe
2272	Unicorn-53005.exe
892	Unicorn-57089.exe
1792	Unicorn-10581.exe
1800	Unicorn-34531.exe
2740	Unicorn-18749.exe
2776	Unicorn-42699.exe
2748	Unicorn-7888.exe
2988	Unicorn-46783.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2052 wrote to memory of 1028	2052	836350094a84cfc3b3d7514f6bebfd60_NeikiAnalytics.exe	28
PID 2052 wrote to memory of 1028	2052	836350094a84cfc3b3d7514f6bebfd60_NeikiAnalytics.exe	28
PID 2052 wrote to memory of 1028	2052	836350094a84cfc3b3d7514f6bebfd60_NeikiAnalytics.exe	28
PID 2052 wrote to memory of 1028	2052	836350094a84cfc3b3d7514f6bebfd60_NeikiAnalytics.exe	28
PID 1028 wrote to memory of 1956	1028	Unicorn-26612.exe	29
PID 1028 wrote to memory of 1956	1028	Unicorn-26612.exe	29
PID 1028 wrote to memory of 1956	1028	Unicorn-26612.exe	29
PID 1028 wrote to memory of 1956	1028	Unicorn-26612.exe	29
PID 2052 wrote to memory of 2664	2052	836350094a84cfc3b3d7514f6bebfd60_NeikiAnalytics.exe	30
PID 2052 wrote to memory of 2664	2052	836350094a84cfc3b3d7514f6bebfd60_NeikiAnalytics.exe	30
PID 2052 wrote to memory of 2664	2052	836350094a84cfc3b3d7514f6bebfd60_NeikiAnalytics.exe	30
PID 2052 wrote to memory of 2664	2052	836350094a84cfc3b3d7514f6bebfd60_NeikiAnalytics.exe	30
PID 2052 wrote to memory of 2684	2052	836350094a84cfc3b3d7514f6bebfd60_NeikiAnalytics.exe	31
PID 2052 wrote to memory of 2684	2052	836350094a84cfc3b3d7514f6bebfd60_NeikiAnalytics.exe	31
PID 2052 wrote to memory of 2684	2052	836350094a84cfc3b3d7514f6bebfd60_NeikiAnalytics.exe	31
PID 2052 wrote to memory of 2684	2052	836350094a84cfc3b3d7514f6bebfd60_NeikiAnalytics.exe	31
PID 2664 wrote to memory of 2652	2664	Unicorn-2745.exe	32
PID 2664 wrote to memory of 2652	2664	Unicorn-2745.exe	32
PID 2664 wrote to memory of 2652	2664	Unicorn-2745.exe	32
PID 2664 wrote to memory of 2652	2664	Unicorn-2745.exe	32
PID 1956 wrote to memory of 3064	1956	Unicorn-53337.exe	33
PID 1956 wrote to memory of 3064	1956	Unicorn-53337.exe	33
PID 1956 wrote to memory of 3064	1956	Unicorn-53337.exe	33
PID 1956 wrote to memory of 3064	1956	Unicorn-53337.exe	33
PID 1028 wrote to memory of 2768	1028	Unicorn-26612.exe	34
PID 1028 wrote to memory of 2768	1028	Unicorn-26612.exe	34
PID 1028 wrote to memory of 2768	1028	Unicorn-26612.exe	34
PID 1028 wrote to memory of 2768	1028	Unicorn-26612.exe	34
PID 1028 wrote to memory of 2088	1028	Unicorn-26612.exe	35
PID 1028 wrote to memory of 2088	1028	Unicorn-26612.exe	35
PID 1028 wrote to memory of 2088	1028	Unicorn-26612.exe	35
PID 1028 wrote to memory of 2088	1028	Unicorn-26612.exe	35
PID 2652 wrote to memory of 2784	2652	Unicorn-22694.exe	36
PID 2652 wrote to memory of 2784	2652	Unicorn-22694.exe	36
PID 2652 wrote to memory of 2784	2652	Unicorn-22694.exe	36
PID 2652 wrote to memory of 2784	2652	Unicorn-22694.exe	36
PID 2664 wrote to memory of 2864	2664	Unicorn-2745.exe	37
PID 2664 wrote to memory of 2864	2664	Unicorn-2745.exe	37
PID 2664 wrote to memory of 2864	2664	Unicorn-2745.exe	37
PID 2664 wrote to memory of 2864	2664	Unicorn-2745.exe	37
PID 2768 wrote to memory of 2932	2768	Unicorn-6912.exe	38
PID 2768 wrote to memory of 2932	2768	Unicorn-6912.exe	38
PID 2768 wrote to memory of 2932	2768	Unicorn-6912.exe	38
PID 2768 wrote to memory of 2932	2768	Unicorn-6912.exe	38
PID 3064 wrote to memory of 1432	3064	Unicorn-26778.exe	39
PID 3064 wrote to memory of 1432	3064	Unicorn-26778.exe	39
PID 3064 wrote to memory of 1432	3064	Unicorn-26778.exe	39
PID 3064 wrote to memory of 1432	3064	Unicorn-26778.exe	39
PID 1956 wrote to memory of 1688	1956	Unicorn-53337.exe	40
PID 1956 wrote to memory of 1688	1956	Unicorn-53337.exe	40
PID 1956 wrote to memory of 1688	1956	Unicorn-53337.exe	40
PID 1956 wrote to memory of 1688	1956	Unicorn-53337.exe	40
PID 2664 wrote to memory of 2184	2664	Unicorn-2745.exe	41
PID 2664 wrote to memory of 2184	2664	Unicorn-2745.exe	41
PID 2664 wrote to memory of 2184	2664	Unicorn-2745.exe	41
PID 2664 wrote to memory of 2184	2664	Unicorn-2745.exe	41
PID 1956 wrote to memory of 3044	1956	Unicorn-53337.exe	42
PID 1956 wrote to memory of 3044	1956	Unicorn-53337.exe	42
PID 1956 wrote to memory of 3044	1956	Unicorn-53337.exe	42
PID 1956 wrote to memory of 3044	1956	Unicorn-53337.exe	42
PID 2652 wrote to memory of 1124	2652	Unicorn-22694.exe	43
PID 2652 wrote to memory of 1124	2652	Unicorn-22694.exe	43
PID 2652 wrote to memory of 1124	2652	Unicorn-22694.exe	43
PID 2652 wrote to memory of 1124	2652	Unicorn-22694.exe	43

C:\Users\Admin\AppData\Local\Temp\836350094a84cfc3b3d7514f6bebfd60_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\836350094a84cfc3b3d7514f6bebfd60_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2052
- C:\Users\Admin\AppData\Local\Temp\Unicorn-26612.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-26612.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1028
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53337.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53337.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26778.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26778.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52434.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5418.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53332.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64598.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32393.exe
        9⤵
        
        PID:1576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55382.exe
        10⤵
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18984.exe
        11⤵
        
        PID:3740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18102.exe
        12⤵
        
        PID:5916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53182.exe
        13⤵
        
        PID:7868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63815.exe
        14⤵
        
        PID:10156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14996.exe
        15⤵
        
        PID:11424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10156 -s 216
        15⤵
        
        PID:11956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7868 -s 216
        14⤵
        
        PID:10720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5916 -s 216
        13⤵
        
        PID:8724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3740 -s 216
        12⤵
        
        PID:6976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1656 -s 216
        11⤵
        
        PID:5188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1576 -s 236
        10⤵
        Program crash
        
        PID:3616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4790.exe
        9⤵
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43680.exe
        10⤵
        
        PID:3672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3327.exe
        11⤵
        
        PID:5632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47645.exe
        12⤵
        
        PID:7524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45258.exe
        13⤵
        
        PID:9700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18889.exe
        14⤵
        
        PID:11488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9700 -s 220
        14⤵
        
        PID:12028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7524 -s 216
        13⤵
        
        PID:10320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5632 -s 216
        12⤵
        
        PID:8424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3672 -s 216
        11⤵
        
        PID:6648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2764 -s 216
        10⤵
        
        PID:4740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2924 -s 240
        9⤵
        Program crash
        
        PID:3992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47338.exe
        8⤵
        
        PID:1996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4235.exe
        9⤵
        
        PID:1756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2647.exe
        10⤵
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42030.exe
        11⤵
        
        PID:5808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14204.exe
        12⤵
        
        PID:5488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3265.exe
        13⤵
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39418.exe
        14⤵
        
        PID:5536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2612 -s 236
        14⤵
        
        PID:11624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5488 -s 216
        13⤵
        
        PID:9504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5808 -s 216
        12⤵
        
        PID:7280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2272 -s 216
        11⤵
        
        PID:6840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1756 -s 236
        10⤵
        
        PID:4276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1996 -s 236
        9⤵
        Program crash
        
        PID:3520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1976 -s 240
        8⤵
        Program crash
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14006.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42699.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47214.exe
        9⤵
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56617.exe
        10⤵
        
        PID:3768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23748.exe
        11⤵
        
        PID:5688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30240.exe
        12⤵
        
        PID:7492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45450.exe
        13⤵
        
        PID:9652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45723.exe
        14⤵
        
        PID:11372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9652 -s 216
        14⤵
        
        PID:7772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7492 -s 216
        13⤵
        
        PID:10272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5688 -s 216
        12⤵
        
        PID:8416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3768 -s 216
        11⤵
        
        PID:6696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2608 -s 236
        10⤵
        
        PID:4924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2776 -s 236
        9⤵
        Program crash
        
        PID:3548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62159.exe
        8⤵
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27920.exe
        9⤵
        
        PID:3332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38522.exe
        10⤵
        
        PID:5972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59788.exe
        11⤵
        
        PID:8036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23995.exe
        12⤵
        
        PID:9924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48821.exe
        13⤵
        
        PID:11836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9924 -s 216
        13⤵
        
        PID:11340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8036 -s 236
        12⤵
        
        PID:10952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5972 -s 216
        11⤵
        
        PID:8916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3332 -s 216
        10⤵
        
        PID:7056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2880 -s 236
        9⤵
        
        PID:5228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1528 -s 220
        8⤵
        Program crash
        
        PID:4060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2280 -s 240
        7⤵
        Program crash
        
        PID:2140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2740.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32563.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38122.exe
        8⤵
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45351.exe
        9⤵
        
        PID:3364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55797.exe
        10⤵
        
        PID:4100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54453.exe
        10⤵
        
        PID:4616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26457.exe
        11⤵
        
        PID:6680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6680 -s 220
        12⤵
        
        PID:8960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4616 -s 216
        11⤵
        
        PID:7656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3364 -s 240
        10⤵
        
        PID:6264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2508 -s 236
        9⤵
        
        PID:4536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28007.exe
        8⤵
        
        PID:3560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37515.exe
        9⤵
        
        PID:4324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19851.exe
        10⤵
        
        PID:6888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65403.exe
        11⤵
        
        PID:9156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55754.exe
        12⤵
        
        PID:6356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9156 -s 236
        12⤵
        
        PID:7204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6888 -s 216
        11⤵
        
        PID:10072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4324 -s 216
        10⤵
        
        PID:7620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3560 -s 216
        9⤵
        
        PID:5968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2268 -s 240
        8⤵
        
        PID:4748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1160 -s 236
        7⤵
        Program crash
        
        PID:1804
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1432 -s 240
        6⤵
        Program crash
        
        PID:2456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55942.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57416.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33872.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20141.exe
        8⤵
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20572.exe
        9⤵
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28688.exe
        10⤵
        
        PID:4332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5138.exe
        11⤵
        
        PID:5772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59269.exe
        12⤵
        
        PID:8260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49018.exe
        13⤵
        
        PID:4644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8260 -s 236
        13⤵
        
        PID:11584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5772 -s 236
        12⤵
        
        PID:9268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4332 -s 216
        11⤵
        
        PID:7536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2012 -s 216
        10⤵
        
        PID:6092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2876 -s 236
        9⤵
        
        PID:4092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35516.exe
        8⤵
        
        PID:2108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14214.exe
        9⤵
        
        PID:3204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12818.exe
        10⤵
        
        PID:5420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53291.exe
        11⤵
        
        PID:7284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11625.exe
        12⤵
        
        PID:9492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48053.exe
        13⤵
        
        PID:11604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9492 -s 220
        13⤵
        
        PID:8028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7284 -s 216
        12⤵
        
        PID:10152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5420 -s 216
        11⤵
        
        PID:8344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3204 -s 216
        10⤵
        
        PID:6688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2108 -s 216
        9⤵
        
        PID:4340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2336 -s 240
        8⤵
        Program crash
        
        PID:3808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39169.exe
        7⤵
        
        PID:640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37100.exe
        8⤵
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6046.exe
        9⤵
        
        PID:4072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13825.exe
        10⤵
        
        PID:6104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59212.exe
        11⤵
        
        PID:7908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44607.exe
        12⤵
        
        PID:9676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15957.exe
        13⤵
        
        PID:11896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9676 -s 236
        13⤵
        
        PID:6448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7908 -s 216
        12⤵
        
        PID:10888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6104 -s 216
        11⤵
        
        PID:8808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4072 -s 216
        10⤵
        
        PID:7140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2312 -s 216
        9⤵
        
        PID:4916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 640 -s 236
        8⤵
        Program crash
        
        PID:3296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2296 -s 240
        7⤵
        Program crash
        
        PID:1732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18090.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46783.exe
        7⤵
        Suspicious use of SetWindowsHookEx
        
        PID:2988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50758.exe
        8⤵
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3332.exe
        9⤵
        
        PID:3832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60696.exe
        10⤵
        
        PID:5592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19424.exe
        10⤵
        
        PID:5816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13109.exe
        11⤵
        
        PID:7304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14731.exe
        12⤵
        
        PID:10288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8831.exe
        13⤵
        
        PID:11672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10288 -s 216
        13⤵
        
        PID:8096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7304 -s 216
        12⤵
        
        PID:11244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5816 -s 216
        11⤵
        
        PID:9096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3832 -s 220
        10⤵
        
        PID:7008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2796 -s 236
        9⤵
        
        PID:4832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2988 -s 236
        8⤵
        Program crash
        
        PID:3196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34976.exe
        7⤵
        
        PID:3004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56892.exe
        8⤵
        
        PID:4260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1272.exe
        9⤵
        
        PID:5928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56264.exe
        9⤵
        
        PID:5708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2092.exe
        10⤵
        
        PID:7532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54664.exe
        11⤵
        
        PID:4300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7532 -s 216
        11⤵
        
        PID:11460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5708 -s 216
        10⤵
        
        PID:8980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4260 -s 220
        9⤵
        
        PID:7456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3004 -s 216
        8⤵
        
        PID:5892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1696 -s 240
        7⤵
        Program crash
        
        PID:3340
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 784 -s 240
        6⤵
        Program crash
        
        PID:592
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3064 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:1056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1842.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1842.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10270.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18522.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33872.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34531.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34962.exe
        9⤵
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46311.exe
        10⤵
        
        PID:3880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6835.exe
        11⤵
        
        PID:5356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7681.exe
        12⤵
        
        PID:7568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55372.exe
        13⤵
        
        PID:9780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58743.exe
        14⤵
        
        PID:11688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9780 -s 216
        14⤵
        
        PID:12204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7568 -s 216
        13⤵
        
        PID:10452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5356 -s 216
        12⤵
        
        PID:8432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3880 -s 216
        11⤵
        
        PID:6572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2964 -s 236
        10⤵
        
        PID:5000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1800 -s 216
        9⤵
        Program crash
        
        PID:3508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23264.exe
        8⤵
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58646.exe
        9⤵
        
        PID:4004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42606.exe
        10⤵
        
        PID:6000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40738.exe
        11⤵
        
        PID:7976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56859.exe
        12⤵
        
        PID:9636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9625.exe
        13⤵
        
        PID:12188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9636 -s 236
        13⤵
        
        PID:7240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7976 -s 220
        12⤵
        
        PID:10908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6000 -s 216
        11⤵
        
        PID:8836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4004 -s 216
        10⤵
        
        PID:7048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1612 -s 216
        9⤵
        
        PID:5216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1640 -s 240
        8⤵
        Program crash
        
        PID:4048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18749.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12403.exe
        8⤵
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8075.exe
        9⤵
        
        PID:4368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30904.exe
        10⤵
        
        PID:6204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44578.exe
        11⤵
        
        PID:8648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4176.exe
        12⤵
        
        PID:5576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8648 -s 236
        12⤵
        
        PID:11940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6204 -s 236
        11⤵
        
        PID:9688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4368 -s 216
        10⤵
        
        PID:8064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2640 -s 216
        9⤵
        
        PID:5304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2740 -s 236
        8⤵
        
        PID:3952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1660 -s 220
        7⤵
        Program crash
        
        PID:1200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18090.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59035.exe
        7⤵
        
        PID:3020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53436.exe
        8⤵
        
        PID:1536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22191.exe
        9⤵
        
        PID:3448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3327.exe
        10⤵
        
        PID:5640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26732.exe
        11⤵
        
        PID:7744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58086.exe
        12⤵
        
        PID:9832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50383.exe
        13⤵
        
        PID:11740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9832 -s 216
        13⤵
        
        PID:11276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7744 -s 216
        12⤵
        
        PID:10480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5640 -s 216
        11⤵
        
        PID:8548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3448 -s 216
        10⤵
        
        PID:6664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1536 -s 216
        9⤵
        
        PID:4492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3020 -s 236
        8⤵
        Program crash
        
        PID:3380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37654.exe
        7⤵
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13638.exe
        8⤵
        
        PID:3680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23556.exe
        9⤵
        
        PID:4392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47453.exe
        10⤵
        
        PID:6488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41968.exe
        11⤵
        
        PID:9324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35993.exe
        12⤵
        
        PID:11516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9324 -s 220
        12⤵
        
        PID:12036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6488 -s 216
        11⤵
        
        PID:9620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4392 -s 216
        10⤵
        
        PID:8284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3680 -s 236
        9⤵
        
        PID:6416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1964 -s 236
        8⤵
        
        PID:4416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1828 -s 240
        7⤵
        Program crash
        
        PID:3416
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 688 -s 240
        6⤵
        Program crash
        
        PID:2968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33466.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56430.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16057.exe
        7⤵
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28932.exe
        8⤵
        
        PID:340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34059.exe
        9⤵
        
        PID:3792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7219.exe
        10⤵
        
        PID:5780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28486.exe
        11⤵
        
        PID:7936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52199.exe
        12⤵
        
        PID:9516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35391.exe
        13⤵
        
        PID:12072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9516 -s 216
        13⤵
        
        PID:7016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7936 -s 216
        12⤵
        
        PID:10872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5780 -s 216
        11⤵
        
        PID:8816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3792 -s 216
        10⤵
        
        PID:6832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 340 -s 216
        9⤵
        
        PID:4968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2596 -s 236
        8⤵
        Program crash
        
        PID:3260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2624 -s 236
        7⤵
        Program crash
        
        PID:3132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39169.exe
        6⤵
        
        PID:1448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63010.exe
        7⤵
        
        PID:1712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9445.exe
        8⤵
        
        PID:3816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5657.exe
        9⤵
        
        PID:6064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28979.exe
        10⤵
        
        PID:6380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52850.exe
        11⤵
        
        PID:9376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43886.exe
        12⤵
        
        PID:6396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9376 -s 216
        12⤵
        
        PID:7348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6380 -s 216
        11⤵
        
        PID:9716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3816 -s 216
        9⤵
        
        PID:7112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1712 -s 216
        8⤵
        
        PID:5240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1448 -s 236
        7⤵
        Program crash
        
        PID:3232
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2112 -s 240
        6⤵
        Program crash
        
        PID:1520
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1688 -s 240
        5⤵
        Program crash
        
        PID:2176
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1956 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:3044
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6912.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6912.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48350.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48350.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27977.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45164.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52346.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7888.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59658.exe
        9⤵
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18299.exe
        10⤵
        
        PID:3372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37562.exe
        11⤵
        
        PID:5340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17111.exe
        12⤵
        
        PID:7364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44490.exe
        13⤵
        
        PID:9424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53844.exe
        14⤵
        
        PID:12016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9424 -s 220
        14⤵
        
        PID:7740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7364 -s 216
        13⤵
        
        PID:9940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5340 -s 216
        12⤵
        
        PID:8360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3372 -s 216
        11⤵
        
        PID:6564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1684 -s 236
        10⤵
        
        PID:4836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2748 -s 236
        9⤵
        Program crash
        
        PID:3216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47961.exe
        8⤵
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42118.exe
        9⤵
        
        PID:3888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55434.exe
        10⤵
        
        PID:5260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28870.exe
        11⤵
        
        PID:8164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53242.exe
        12⤵
        
        PID:10004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26154.exe
        13⤵
        
        PID:12104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10004 -s 216
        13⤵
        
        PID:7200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8164 -s 236
        12⤵
        
        PID:11220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5260 -s 216
        11⤵
        
        PID:9048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3888 -s 236
        10⤵
        
        PID:6272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2004 -s 236
        9⤵
        
        PID:5436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2708 -s 240
        8⤵
        Program crash
        
        PID:3148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31001.exe
        7⤵
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34962.exe
        8⤵
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31812.exe
        9⤵
        
        PID:3328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21266.exe
        9⤵
        
        PID:4572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20982.exe
        10⤵
        
        PID:6468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55808.exe
        11⤵
        
        PID:8984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44441.exe
        12⤵
        
        PID:4380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8984 -s 216
        12⤵
        
        PID:11648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6468 -s 216
        11⤵
        
        PID:9908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4572 -s 236
        10⤵
        
        PID:7512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1568 -s 240
        9⤵
        
        PID:5800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2124 -s 236
        8⤵
        Program crash
        
        PID:3536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 976 -s 240
        7⤵
        Program crash
        
        PID:1704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1754.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11972.exe
        7⤵
        Executes dropped EXE
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14541.exe
        8⤵
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11007.exe
        9⤵
        
        PID:3776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45730.exe
        10⤵
        
        PID:5396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19886.exe
        11⤵
        
        PID:7260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11524.exe
        12⤵
        
        PID:10340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59978.exe
        13⤵
        
        PID:7216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10340 -s 236
        13⤵
        
        PID:8176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7260 -s 216
        12⤵
        
        PID:10264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5396 -s 236
        11⤵
        
        PID:9088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3776 -s 216
        10⤵
        
        PID:6580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2732 -s 216
        9⤵
        
        PID:4876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2700 -s 236
        8⤵
        Program crash
        
        PID:3344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29486.exe
        7⤵
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13529.exe
        8⤵
        
        PID:3396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58942.exe
        9⤵
        
        PID:6032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14671.exe
        10⤵
        
        PID:8076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15141.exe
        11⤵
        
        PID:10172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18479.exe
        12⤵
        
        PID:11980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10172 -s 216
        12⤵
        
        PID:11352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8076 -s 216
        11⤵
        
        PID:11060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6032 -s 216
        10⤵
        
        PID:8924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3396 -s 216
        9⤵
        
        PID:7068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2552 -s 216
        8⤵
        
        PID:5252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2860 -s 220
        7⤵
        Program crash
        
        PID:3088
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1948 -s 240
        6⤵
        Program crash
        
        PID:2916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60109.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27842.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57089.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34614.exe
        8⤵
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6840.exe
        9⤵
        
        PID:3660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32025.exe
        10⤵
        
        PID:4796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12242.exe
        10⤵
        
        PID:5424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41423.exe
        11⤵
        
        PID:7608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30484.exe
        12⤵
        
        PID:9608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63128.exe
        13⤵
        
        PID:11356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9608 -s 216
        13⤵
        
        PID:7788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7608 -s 216
        12⤵
        
        PID:10252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5424 -s 216
        11⤵
        
        PID:8472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3660 -s 220
        10⤵
        
        PID:6588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2824 -s 236
        9⤵
        
        PID:4888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7395.exe
        8⤵
        
        PID:3732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44277.exe
        9⤵
        
        PID:4944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32440.exe
        10⤵
        
        PID:7088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43639.exe
        11⤵
        
        PID:9136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61052.exe
        12⤵
        
        PID:5364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9136 -s 236
        12⤵
        
        PID:11344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7088 -s 216
        11⤵
        
        PID:9416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4944 -s 236
        10⤵
        
        PID:7900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3732 -s 216
        9⤵
        
        PID:5828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 892 -s 240
        8⤵
        
        PID:4936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28946.exe
        7⤵
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21999.exe
        8⤵
        
        PID:3320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23364.exe
        9⤵
        
        PID:5152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36955.exe
        10⤵
        
        PID:7248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17848.exe
        11⤵
        
        PID:9452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60798.exe
        12⤵
        
        PID:7076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9452 -s 216
        12⤵
        
        PID:7428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7248 -s 216
        11⤵
        
        PID:9952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5152 -s 216
        10⤵
        
        PID:8328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3320 -s 216
        9⤵
        
        PID:6524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2712 -s 216
        8⤵
        
        PID:4452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2536 -s 240
        7⤵
        Program crash
        
        PID:3348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10581.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57520.exe
        7⤵
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18107.exe
        8⤵
        
        PID:3276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60696.exe
        9⤵
        
        PID:5600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53374.exe
        10⤵
        
        PID:7708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57401.exe
        11⤵
        
        PID:9944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26434.exe
        12⤵
        
        PID:5484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9944 -s 236
        12⤵
        
        PID:12244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7708 -s 216
        11⤵
        
        PID:10584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5600 -s 216
        10⤵
        
        PID:8508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3276 -s 216
        9⤵
        
        PID:6628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1648 -s 216
        8⤵
        
        PID:4356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1792 -s 236
        7⤵
        Program crash
        
        PID:3388
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1044 -s 240
        6⤵
        Program crash
        
        PID:112
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2932 -s 240
        5⤵
        Program crash
        
        PID:2188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8111.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8111.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32912.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46316.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53005.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54842.exe
        8⤵
        
        PID:1796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51848.exe
        9⤵
        
        PID:3844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15195.exe
        10⤵
        
        PID:5124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5124 -s 220
        11⤵
        
        PID:7836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3844 -s 216
        10⤵
        
        PID:6516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1796 -s 216
        9⤵
        
        PID:4312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39060.exe
        7⤵
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34059.exe
        8⤵
        
        PID:3804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5273.exe
        9⤵
        
        PID:5728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10203.exe
        10⤵
        
        PID:7820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13052.exe
        11⤵
        
        PID:9352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38048.exe
        12⤵
        
        PID:7156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9352 -s 216
        12⤵
        
        PID:7472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7820 -s 216
        11⤵
        
        PID:10784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5728 -s 216
        10⤵
        
        PID:8680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3804 -s 220
        9⤵
        
        PID:6728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2896 -s 216
        8⤵
        
        PID:4844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2116 -s 240
        7⤵
        Program crash
        
        PID:3500
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 356 -s 236
        6⤵
        Program crash
        
        PID:2496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61261.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31817.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27816.exe
        7⤵
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24931.exe
        8⤵
        
        PID:3308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30525.exe
        9⤵
        
        PID:5044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28548.exe
        10⤵
        
        PID:6932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9513.exe
        11⤵
        
        PID:8448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50061.exe
        12⤵
        
        PID:5552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8448 -s 236
        12⤵
        
        PID:12216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6932 -s 216
        11⤵
        
        PID:10144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5044 -s 236
        10⤵
        
        PID:7800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3308 -s 236
        9⤵
        
        PID:5144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2516 -s 236
        8⤵
        
        PID:4504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14987.exe
        7⤵
        
        PID:3524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2704.exe
        8⤵
        
        PID:4396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15767.exe
        9⤵
        
        PID:6500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23987.exe
        10⤵
        
        PID:9004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34758.exe
        11⤵
        
        PID:11252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9004 -s 236
        11⤵
        
        PID:11496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6500 -s 236
        10⤵
        
        PID:9852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4396 -s 216
        9⤵
        
        PID:7592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3524 -s 216
        8⤵
        
        PID:5940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1068 -s 240
        7⤵
        
        PID:4756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42760.exe
        6⤵
        
        PID:1784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22985.exe
        7⤵
        
        PID:3920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17443.exe
        8⤵
        
        PID:4256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46877.exe
        9⤵
        
        PID:7124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37007.exe
        10⤵
        
        PID:9236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14996.exe
        11⤵
        
        PID:11388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9236 -s 216
        11⤵
        
        PID:11948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7124 -s 216
        10⤵
        
        PID:9552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4256 -s 216
        9⤵
        
        PID:8208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3920 -s 236
        8⤵
        
        PID:6180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1784 -s 236
        7⤵
        
        PID:4124
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2212 -s 240
        6⤵
        Program crash
        
        PID:328
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1924 -s 240
        5⤵
        Program crash
        
        PID:1248
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:3048
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1028 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2088
- C:\Users\Admin\AppData\Local\Temp\Unicorn-2745.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-2745.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2664
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22694.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22694.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1287.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1287.exe
      4⤵
      Executes dropped EXE
      PID:2784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53228.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53228.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7639.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55854.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48537.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48620.exe
        8⤵
        
        PID:1340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61988.exe
        9⤵
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27344.exe
        10⤵
        
        PID:3940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13633.exe
        11⤵
        
        PID:5540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45206.exe
        12⤵
        
        PID:7680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44957.exe
        13⤵
        
        PID:10052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9459.exe
        14⤵
        
        PID:7080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10052 -s 216
        14⤵
        
        PID:7464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7680 -s 220
        13⤵
        
        PID:10628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5540 -s 216
        12⤵
        
        PID:8480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3940 -s 216
        11⤵
        
        PID:6620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2900 -s 216
        10⤵
        
        PID:4244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1340 -s 236
        9⤵
        Program crash
        
        PID:3700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15480.exe
        8⤵
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24220.exe
        9⤵
        
        PID:4200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29176.exe
        10⤵
        
        PID:5180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23416.exe
        11⤵
        
        PID:7188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5001.exe
        12⤵
        
        PID:10392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10392 -s 240
        13⤵
        
        PID:11364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7188 -s 216
        12⤵
        
        PID:10284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5180 -s 216
        11⤵
        
        PID:9072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4200 -s 236
        10⤵
        
        PID:6852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1972 -s 236
        9⤵
        
        PID:5832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2300 -s 240
        8⤵
        Program crash
        
        PID:3632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32838.exe
        7⤵
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16872.exe
        8⤵
        
        PID:1040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56892.exe
        9⤵
        
        PID:4236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9440.exe
        10⤵
        
        PID:5980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62502.exe
        11⤵
        
        PID:7628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50888.exe
        11⤵
        
        PID:7256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38136.exe
        12⤵
        
        PID:10744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7256 -s 236
        12⤵
        
        PID:6292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5980 -s 220
        11⤵
        
        PID:8292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4236 -s 236
        10⤵
        
        PID:6992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1040 -s 216
        9⤵
        
        PID:5872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1632 -s 236
        8⤵
        Program crash
        
        PID:3840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2236 -s 240
        7⤵
        Program crash
        
        PID:1060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32755.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34230.exe
        7⤵
        
        PID:952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43322.exe
        8⤵
        
        PID:1460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22274.exe
        9⤵
        
        PID:4404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54038.exe
        10⤵
        
        PID:6280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8361.exe
        11⤵
        
        PID:8736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44633.exe
        12⤵
        
        PID:5312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8736 -s 236
        12⤵
        
        PID:11796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6280 -s 236
        11⤵
        
        PID:9792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4404 -s 216
        10⤵
        
        PID:8136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1460 -s 236
        9⤵
        
        PID:5384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 952 -s 236
        8⤵
        
        PID:4108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30254.exe
        7⤵
        
        PID:3104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30826.exe
        8⤵
        
        PID:4620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43540.exe
        9⤵
        
        PID:6428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39472.exe
        10⤵
        
        PID:8936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35287.exe
        11⤵
        
        PID:10924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8936 -s 236
        11⤵
        
        PID:12056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6428 -s 216
        10⤵
        
        PID:9900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4620 -s 236
        9⤵
        
        PID:7340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3104 -s 216
        8⤵
        
        PID:5880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2304 -s 240
        7⤵
        
        PID:4268
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2504 -s 240
        6⤵
        Program crash
        
        PID:2632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40072.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44069.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40836.exe
        7⤵
        
        PID:492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45735.exe
        8⤵
        
        PID:3692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1298.exe
        9⤵
        
        PID:4848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48439.exe
        10⤵
        
        PID:6424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54905.exe
        11⤵
        
        PID:8532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58084.exe
        12⤵
        
        PID:1628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8532 -s 216
        12⤵
        
        PID:7408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6424 -s 236
        11⤵
        
        PID:9332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4848 -s 216
        10⤵
        
        PID:7700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3692 -s 216
        9⤵
        
        PID:5408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 492 -s 236
        8⤵
        
        PID:4904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42205.exe
        7⤵
        
        PID:3760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13550.exe
        8⤵
        
        PID:5012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34817.exe
        9⤵
        
        PID:6940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51013.exe
        10⤵
        
        PID:8580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45640.exe
        11⤵
        
        PID:6348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8580 -s 216
        11⤵
        
        PID:11556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6940 -s 216
        10⤵
        
        PID:10096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5012 -s 216
        9⤵
        
        PID:7924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3760 -s 216
        8⤵
        
        PID:5804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2252 -s 240
        7⤵
        
        PID:4952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59865.exe
        6⤵
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34469.exe
        7⤵
        
        PID:3236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55797.exe
        8⤵
        
        PID:4016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34578.exe
        9⤵
        
        PID:6996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-660.exe
        10⤵
        
        PID:8956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56968.exe
        11⤵
        
        PID:4088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8956 -s 216
        11⤵
        
        PID:11332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6996 -s 216
        10⤵
        
        PID:9388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4016 -s 216
        9⤵
        
        PID:7860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3236 -s 216
        8⤵
        
        PID:5172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1652 -s 216
        7⤵
        
        PID:4528
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1296 -s 240
        6⤵
        Program crash
        
        PID:1356
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1124 -s 240
        5⤵
        Program crash
        
        PID:2592
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2652 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:2384
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51043.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51043.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50535.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50535.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50618.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3337.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5366.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1365.exe
        8⤵
        
        PID:2316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39984.exe
        8⤵
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15283.exe
        9⤵
        
        PID:4168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12071.exe
        10⤵
        
        PID:5624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52004.exe
        11⤵
        
        PID:7388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32905.exe
        12⤵
        
        PID:10556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47010.exe
        13⤵
        
        PID:5548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10556 -s 236
        13⤵
        
        PID:11524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7388 -s 236
        12⤵
        
        PID:10364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5624 -s 216
        11⤵
        
        PID:9104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4168 -s 216
        10⤵
        
        PID:6808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2856 -s 216
        9⤵
        
        PID:5760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 576 -s 240
        8⤵
        Program crash
        
        PID:3480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16310.exe
        7⤵
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59933.exe
        8⤵
        
        PID:3824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21179.exe
        9⤵
        
        PID:4344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30349.exe
        10⤵
        
        PID:6972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6972 -s 200
        11⤵
        
        PID:9204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4344 -s 216
        10⤵
        
        PID:8132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3824 -s 236
        9⤵
        
        PID:5912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2836 -s 216
        8⤵
        
        PID:4724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2744 -s 240
        7⤵
        Program crash
        
        PID:2424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55122.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9533.exe
        7⤵
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49243.exe
        8⤵
        
        PID:3436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13202.exe
        9⤵
        
        PID:4228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58553.exe
        10⤵
        
        PID:6464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27111.exe
        11⤵
        
        PID:8336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30866.exe
        12⤵
        
        PID:5680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8336 -s 236
        12⤵
        
        PID:6636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6464 -s 236
        11⤵
        
        PID:9556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4228 -s 216
        10⤵
        
        PID:8000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2556 -s 216
        8⤵
        
        PID:4664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36175.exe
        7⤵
        
        PID:3592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62019.exe
        8⤵
        
        PID:4656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62829.exe
        9⤵
        
        PID:7012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60452.exe
        9⤵
        
        PID:7636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20453.exe
        10⤵
        
        PID:9988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26263.exe
        11⤵
        
        PID:11864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9988 -s 220
        11⤵
        
        PID:11412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7636 -s 220
        10⤵
        
        PID:10604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4656 -s 220
        9⤵
        
        PID:8488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3592 -s 216
        8⤵
        
        PID:5336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1148 -s 240
        7⤵
        
        PID:4812
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1912 -s 240
        6⤵
        Program crash
        
        PID:988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18282.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52429.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29954.exe
        7⤵
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52943.exe
        8⤵
        
        PID:3176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40831.exe
        9⤵
        
        PID:4988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64728.exe
        10⤵
        
        PID:6896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10390.exe
        11⤵
        
        PID:8756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26434.exe
        12⤵
        
        PID:10596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8756 -s 216
        12⤵
        
        PID:12228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6896 -s 216
        11⤵
        
        PID:10212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4988 -s 216
        10⤵
        
        PID:2320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3176 -s 236
        9⤵
        
        PID:6120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2884 -s 236
        8⤵
        
        PID:4484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14603.exe
        7⤵
        
        PID:3208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4074.exe
        8⤵
        
        PID:4824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42362.exe
        9⤵
        
        PID:6752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58714.exe
        10⤵
        
        PID:8312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20212.exe
        11⤵
        
        PID:5588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8312 -s 236
        11⤵
        
        PID:7160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6752 -s 216
        10⤵
        
        PID:10136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4824 -s 216
        9⤵
        
        PID:7692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3208 -s 216
        8⤵
        
        PID:6052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2264 -s 240
        7⤵
        
        PID:4436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44899.exe
        6⤵
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43405.exe
        7⤵
        
        PID:3268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8158.exe
        8⤵
        
        PID:4852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27972.exe
        9⤵
        
        PID:6796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3483.exe
        10⤵
        
        PID:8244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57653.exe
        11⤵
        
        PID:11200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8244 -s 236
        11⤵
        
        PID:12116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6796 -s 216
        10⤵
        
        PID:10112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4852 -s 216
        9⤵
        
        PID:7704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3268 -s 236
        8⤵
        
        PID:6060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2788 -s 236
        7⤵
        
        PID:4428
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2820 -s 240
        6⤵
        Program crash
        
        PID:1600
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1772 -s 240
        5⤵
        Program crash
        
        PID:1308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34836.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34836.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7421.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21703.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34038.exe
        7⤵
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22601.exe
        8⤵
        
        PID:3464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13010.exe
        9⤵
        
        PID:4288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40463.exe
        10⤵
        
        PID:6220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31963.exe
        11⤵
        
        PID:8992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21116.exe
        11⤵
        
        PID:9532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9267.exe
        12⤵
        
        PID:11304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9532 -s 220
        12⤵
        
        PID:11856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6220 -s 220
        11⤵
        
        PID:9368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4288 -s 216
        10⤵
        
        PID:7508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3464 -s 216
        9⤵
        
        PID:5900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2920 -s 236
        8⤵
        
        PID:4716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5449.exe
        7⤵
        
        PID:3620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14956.exe
        8⤵
        
        PID:4584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20043.exe
        9⤵
        
        PID:7084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42269.exe
        10⤵
        
        PID:8324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49724.exe
        11⤵
        
        PID:5612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8324 -s 216
        11⤵
        
        PID:11616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7084 -s 216
        10⤵
        
        PID:9960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4584 -s 216
        9⤵
        
        PID:7228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3620 -s 216
        8⤵
        
        PID:6040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1936 -s 240
        7⤵
        
        PID:4776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18256.exe
        6⤵
        
        PID:1224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64017.exe
        7⤵
        
        PID:3864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17635.exe
        8⤵
        
        PID:5064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20728.exe
        9⤵
        
        PID:6300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35471.exe
        10⤵
        
        PID:9008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37088.exe
        11⤵
        
        PID:5572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9008 -s 216
        11⤵
        
        PID:11400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6300 -s 216
        10⤵
        
        PID:9392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5064 -s 236
        9⤵
        
        PID:7968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3864 -s 216
        8⤵
        
        PID:5960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1224 -s 236
        7⤵
        
        PID:4980
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2680 -s 220
        6⤵
        Program crash
        
        PID:3008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61152.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11479.exe
        6⤵
        
        PID:1256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60509.exe
        7⤵
        
        PID:4008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36493.exe
        8⤵
        
        PID:4512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21413.exe
        9⤵
        
        PID:6892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19903.exe
        10⤵
        
        PID:8944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32812.exe
        11⤵
        
        PID:6388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8944 -s 216
        11⤵
        
        PID:11504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6892 -s 216
        10⤵
        
        PID:9984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4512 -s 216
        9⤵
        
        PID:7856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4008 -s 216
        8⤵
        
        PID:6236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1256 -s 236
        7⤵
        
        PID:4176
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1676 -s 236
        6⤵
        Program crash
        
        PID:3904
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2352 -s 240
        5⤵
        Program crash
        
        PID:1012
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2864 -s 240
      4⤵
      Program crash
      PID:2992
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2664 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2184
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2052 -s 240
  2⤵
  - Program crash
  PID:2684

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-37100.exe

Filesize
184KB

MD5
ea778080b901de8cddadbeb819a1bb08

SHA1
748d1bf54e914d0a7850d040a81471878fde7cd1

SHA256
62458e1404bf2618d96016e0fab4c1de8d5b6ca60e8e2ac7537f71a4325773d9

SHA512
655268304d9e7d776ee610324a8982afd8fbd66c955a241a8d3fde5745504a25aa9a2a427ea61d599a713fc5eb2bef960745a6efc69f0e7e2294d07f33a16fc9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39984.exe

Filesize
184KB

MD5
b80b789f0eb23f007efc875c377234ce

SHA1
20d0ecbc178b9693674eb3920441f7e01900be3d

SHA256
6dd6594eaf419d54648880f6e0a497817fa4f81d03e65aba998ac0beb2def0d9

SHA512
8310ede2c588ab9b968b35779d70388a2a474a2f8066e63cdd55a16dcb9ed69ee10ebb8e41e86edd89d2f37bef98b41186670c9dbe78fdac0984b39164388a98

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40072.exe

Filesize
184KB

MD5
c51325adde0e694ae4c22f32da991d5c

SHA1
5eddbda19e77a79c373b82882e29e163698d541e

SHA256
e16147a1491958a9b4ebc65d1925acee173410a886132cc143de0fbd183a7654

SHA512
b844b93c4f7c3c55e673b5ad35014c5a41a2cadaaf0bc42f8237e809a5d9f79b77333b6e7e0fe7bd6f01297a9ce8c7cc4e12c230d04f83a199487c896e8bb9ae

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50061.exe

Filesize
184KB

MD5
0a019544526d07490ff9f48158873b28

SHA1
95cef16f03395c21aca56b622ecd3cc60cad680a

SHA256
68ce799ab80b650b86062b51c23575002a6dfe0a7af9396ee871120e416eab15

SHA512
248b6296bfa9527c0641033fc516fafd24cc3aa2acef3885111c1ac1a6bdb0df0ab3d61c25f186a514eb4f4c33a32e0f839bfe2428a27738babb62ded1bef835

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55754.exe

Filesize
184KB

MD5
0ac15c450244c269d4e365aaeec91d64

SHA1
192ef4e1fdb0093a81ebcaf07b326a6a3ebfffb9

SHA256
aab916bb5bcece86434dceafb1238eb1a497466db5d3754454af0eeabb557ec9

SHA512
fffca24bbfc1225e3205b74de7ad48a8403654f42e5b57a10d28b0a670812bbbe10c8b4a0285905a69c8790daf8525de768971d67eec50745b1c165f6a3548b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6912.exe

Filesize
184KB

MD5
46c417e6fa63cf311bba46563aea8201

SHA1
d66c9c095d682baf487e5a6abee660c1c70b7111

SHA256
d2db9dbc5945abd526189b96c4eaf2c49d0bbe943844223421a71d3693aca92b

SHA512
81900770240f7e6f5421c7f635fd41face3a2d189cdc69d008ba4dd2eb1afa473977a8a03af6882fd70f711f8eec7e2ecde7c6fbbf7424fcbcd3a0ab5a4e4c4c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-1287.exe

Filesize
184KB

MD5
72c6f265d2198935f4b0897e08b2b479

SHA1
1e6520bac55efc6db2f8380ef4290c99d5c9ae35

SHA256
ac60cb1155c30ec3feb4d034717a788f015db50e8907883c22027fedd33edfe6

SHA512
b3608cf0385f058d61eb2ab8c1b6c051eee4c2e5e5a3a8cbe9fd7a571cd6b7816c136f0f505e7a4346cb323203d84ad7d2baf1a98fbf28c1fd888c1481de7056

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-1842.exe

Filesize
184KB

MD5
113d09b1226c53364f3b37987c2f89f8

SHA1
6fc0e1650929cc9dfa1895c9c2725f267e792ed2

SHA256
f3d5d38b248470319597e27d1e09f8d98269dec8aecd708fe43b16b1b2b57fc0

SHA512
1b93f19059821f979ff18fe53defa8cc7a59e783637fd5f215818fa8c824d6c8ed746c8175c832a95931160e597fd513551816e45fceae5a6158c62c488f9dd5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-22694.exe

Filesize
184KB

MD5
593380a7029600119814c9fb7c1699d4

SHA1
2e2da0c98e51a201b2afa6143b392fb2241a2eda

SHA256
d33d1c4c74c58842addf32d95dc1939a910595d9642235c8c3f02e4440d01f0a

SHA512
11de2be74b868ae1f6f4cb66003a180f39fb25c3300551190437ae04b582419d295c819457b8bb45f14cc72edb6146c2f3a7af7020c6cc0bda35d4417ce4e3a9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26612.exe

Filesize
184KB

MD5
dd59c1bf2b6fe360e5ae00110a1738bc

SHA1
3a7cba1a43034d3dbacc71716ed5b0dfc310e5e0

SHA256
ff355de100643df51bbea56ff985d3cdd8d052e0c9806519665bd8263d6cfb50

SHA512
f1a211e04080ef0cc146f0b324143cfc18e9b8cdde16ae93c10cb9ed82a3f1dd1eb6401708575c6db997e8a2b134b19acb2265c18d00085819374634eef02990

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26778.exe

Filesize
184KB

MD5
64757f02ec01321ccee2fdd28ffd8cab

SHA1
b2c95e8df0eaa7d59956ee83e44fe73b01f0fe9b

SHA256
334d0c5af0633ff6e2e8e4704c66114575a82e5c3266660b4286bfea5b786726

SHA512
d8ef8621bdf4f200a3de262c2ebb8a7a5eac9d6ad0f8916071eb7beb422dcbf76db59f8528939773601c4f7be7bfc4473318fdf3ecf6a9f3c686b4a7d5bf1b27

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-2745.exe

Filesize
184KB

MD5
0e757aaa6a36a6ba055d846608f01d75

SHA1
f2ddf3d8b841f3cb74883ae1822a54ca81b64e72

SHA256
b400bcee6444d8fcee04944dd85458bd7de20aac1fc2adde5739dc8a56826c0d

SHA512
cdf75e10deb64adaa166af13c8c77c7b8f5f0edb22904d62de41aa8d72c47a169ad87ce40f193f79c4cd19f6dde778512cbd4973344be862d24d2a18b4e47ffe

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-27977.exe

Filesize
184KB

MD5
5da9163e68b1d207dad76f0792bce361

SHA1
b6938d9ada91960773b4f92fd9983e3715a20dc0

SHA256
63b185a8ecb8f25973bdddbf2d950d458cd0a969e076dde92acbfba7e4bb276d

SHA512
785bdc422021b0c8e60925567901d5af22e7e16a565711dc8f58daaee28de19602807c4ccceead68244a5de184bdcbecc5b44cedc0d5ffcb627d9e4f4c31b47d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48350.exe

Filesize
184KB

MD5
1110611fb9ff86a6cbdaeb123d05bf92

SHA1
75b215b2aa5c41c50ef50ad273a4cdc73307158c

SHA256
17b6a49a7308827d0ff43c62c52099c49b65d826444bb28243a681d42d6414ab

SHA512
adda29007a951bcbf1ea86243cea5cc91eb05fe1e0c6ebf82460a4415832b5053f9a0c462854b6180b12a3b28abdadd8eb81613e1bc4c55783a5310115c3575d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-50535.exe

Filesize
184KB

MD5
fd75748a87058c89ac018c57ed904a10

SHA1
8a8b0ff719327fd153bd95fbccb4b1722f187faa

SHA256
1cde1babea4c37b8ff24f26c14b6c13bd4ef98b03613810d5f8491480f3b1970

SHA512
1e90179f3ad9a0c6795879c79b8f949408b0c4835e7fcd7eec61f48888c2af82712113367ae2a19346018e8f895414c92c8e897c1bc7057c4ce4dbf6271e949a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-51043.exe

Filesize
184KB

MD5
d6e137b7cd5a3e1becd8ee6d0980b089

SHA1
1eeb13662087a5f2b905c9b29ba0fba6eeffdddb

SHA256
82fa64abb0c1af593d701c09010cb7c990108214f2124c6aebf28e22adb650d2

SHA512
df3b878165f8984bfea31ea38a307573a139dfe19004a6dd6153b9970f458fcc77804703f3c3a176b8b3f3769cf8ff965ca1b0159ee98cc7346731fc33bb9c0e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-52434.exe

Filesize
184KB

MD5
e8858a7b5add6500fd400e5e4346674c

SHA1
60dc3001566bf9b523a484d04dfbd5cce6d26f99

SHA256
bc50cd46193b6a5a09cf003bc089e41def7ece8d39f9deb77f3a46024e037f6f

SHA512
b548d3af7315c1376094edba1d6c23ada3e1c69514c12845686e4a77dbc0bb9e301a87a28f37cbf19a463779eee581ca8de107c1c30d2801220f95a73fd6cdc7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-53228.exe

Filesize
184KB

MD5
1b6c4a96ff7d71fc38944e7e047db945

SHA1
b6209460081cbbe84dbdbe1486f86a1a5e03dc1c

SHA256
54330c081104158697e845514382390a3ce2e5b3658b48ff700b0a45462aed51

SHA512
4d70881e3fe1e325c38435c5d71a59a5c0b11fe32e2a54ee90a8400c418f832b4d58f84b83e585dc8165cc5302f1ce6471ac3093ff641e553406d7a90ec9f2da

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-53337.exe

Filesize
184KB

MD5
8bd7e142d05e7f7d5e2df7cd67fea2ce

SHA1
c1d4b7e5f83d908dc10942f3863ff839b00fc97c

SHA256
0ea123cdf029ce8714abff525bab00f47f9cb3d09325a6622421ee2dfb9a64d8

SHA512
5802ee8f787bda2db09a6f18765bb509004bc59c5222c2b61b7eda8e33741b57620090f7933767ed080fca3da3e57dd798cca515d80c22ea111676827d517b09

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads