685408d15f41c2030fb22d42f88d38a48d5ed60580c33e156773a8c2f1c9accb

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
30-05-2024 10:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b65b57738debb207c9241a379e93caa0_NeikiAnalytics.exe
Size

184KB
MD5

b65b57738debb207c9241a379e93caa0
SHA1

0c9a54d39d718e462185bd366f72af504ecea15d
SHA256

685408d15f41c2030fb22d42f88d38a48d5ed60580c33e156773a8c2f1c9accb
SHA512

e09720c8f925038d1aa69c496316dcd08ec9a7e1cad6b42ac1fcd21a4df83ab351ef7ad519a8f84b97d7c1f22e2327edf815695a4a89a4701da738ef05863f1e
SSDEEP

3072:FR5QCNoldlOzdpjYej7LpxNEIH4YIZg+uHwu55ClOGvhlnJOFznT:FRFosppjrLPNEIwQIPhlnJOFz

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2588	Unicorn-49884.exe
2600	Unicorn-18255.exe
2940	Unicorn-63926.exe
2696	Unicorn-48234.exe
2888	Unicorn-6879.exe
2444	Unicorn-56402.exe
1692	Unicorn-60652.exe
2432	Unicorn-53039.exe
768	Unicorn-48400.exe
1956	Unicorn-24450.exe
1272	Unicorn-44316.exe
1532	Unicorn-33299.exe
2256	Unicorn-9349.exe
2784	Unicorn-24939.exe
2688	Unicorn-49443.exe
324	Unicorn-45359.exe
1500	Unicorn-37745.exe
480	Unicorn-25493.exe
2224	Unicorn-57611.exe
2728	Unicorn-63086.exe
1544	Unicorn-18716.exe
780	Unicorn-50834.exe
2624	Unicorn-46750.exe
1820	Unicorn-6272.exe
568	Unicorn-30222.exe
2816	Unicorn-55473.exe
2968	Unicorn-42474.exe
2352	Unicorn-38390.exe
2272	Unicorn-30776.exe
1580	Unicorn-50642.exe
2596	Unicorn-15867.exe
2768	Unicorn-35733.exe
2964	Unicorn-14243.exe
2612	Unicorn-55084.exe
2496	Unicorn-31134.exe
2144	Unicorn-22220.exe
1456	Unicorn-47793.exe
1552	Unicorn-47793.exe
2820	Unicorn-30388.exe
1460	Unicorn-10522.exe
2628	Unicorn-10522.exe
1980	Unicorn-15675.exe
352	Unicorn-18136.exe
1740	Unicorn-59723.exe
1924	Unicorn-64596.exe
2540	Unicorn-24310.exe
2364	Unicorn-40092.exe
2264	Unicorn-32478.exe
2252	Unicorn-52344.exe
816	Unicorn-3094.exe
2412	Unicorn-32429.exe
2220	Unicorn-52295.exe
1032	Unicorn-15901.exe
2348	Unicorn-32835.exe
1512	Unicorn-21137.exe
1604	Unicorn-16499.exe
1612	Unicorn-4801.exe
2636	Unicorn-24667.exe
2584	Unicorn-65507.exe
2700	Unicorn-8138.exe
2104	Unicorn-53810.exe
2480	Unicorn-8138.exe
2520	Unicorn-4054.exe
2860	Unicorn-49171.exe

Loads dropped DLL 64 IoCs

pid	Process
1772	b65b57738debb207c9241a379e93caa0_NeikiAnalytics.exe
1772	b65b57738debb207c9241a379e93caa0_NeikiAnalytics.exe
2588	Unicorn-49884.exe
2588	Unicorn-49884.exe
1772	b65b57738debb207c9241a379e93caa0_NeikiAnalytics.exe
1772	b65b57738debb207c9241a379e93caa0_NeikiAnalytics.exe
2600	Unicorn-18255.exe
2600	Unicorn-18255.exe
2588	Unicorn-49884.exe
2588	Unicorn-49884.exe
2940	Unicorn-63926.exe
2940	Unicorn-63926.exe
3012	WerFault.exe
3012	WerFault.exe
3012	WerFault.exe
3012	WerFault.exe
3012	WerFault.exe
2696	Unicorn-48234.exe
2696	Unicorn-48234.exe
2600	Unicorn-18255.exe
2600	Unicorn-18255.exe
2444	Unicorn-56402.exe
2444	Unicorn-56402.exe
2940	Unicorn-63926.exe
2940	Unicorn-63926.exe
2888	Unicorn-6879.exe
2888	Unicorn-6879.exe
1968	WerFault.exe
1968	WerFault.exe
1968	WerFault.exe
1968	WerFault.exe
2332	WerFault.exe
2332	WerFault.exe
2332	WerFault.exe
2332	WerFault.exe
2332	WerFault.exe
1968	WerFault.exe
1692	Unicorn-60652.exe
1692	Unicorn-60652.exe
2696	Unicorn-48234.exe
2696	Unicorn-48234.exe
2432	Unicorn-53039.exe
2432	Unicorn-53039.exe
768	Unicorn-48400.exe
768	Unicorn-48400.exe
1956	Unicorn-24450.exe
1956	Unicorn-24450.exe
2444	Unicorn-56402.exe
2444	Unicorn-56402.exe
2888	Unicorn-6879.exe
2888	Unicorn-6879.exe
1272	Unicorn-44316.exe
1272	Unicorn-44316.exe
312	WerFault.exe
312	WerFault.exe
312	WerFault.exe
312	WerFault.exe
312	WerFault.exe
848	WerFault.exe
848	WerFault.exe
848	WerFault.exe
848	WerFault.exe
2044	WerFault.exe
2044	WerFault.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2712	1772	WerFault.exe	27
3012	2588	WerFault.exe	28
1968	2600	WerFault.exe	29
2332	2940	WerFault.exe	30
312	2696	WerFault.exe	32
2044	2888	WerFault.exe	33
848	2444	WerFault.exe	34
2592	1692	WerFault.exe	36
1196	2432	WerFault.exe	37
2548	768	WerFault.exe	38
2732	1956	WerFault.exe	39
2544	1272	WerFault.exe	40
2072	1532	WerFault.exe	43
336	2256	WerFault.exe	44
1328	2784	WerFault.exe	45
692	2688	WerFault.exe	46
916	1500	WerFault.exe	49
1048	2224	WerFault.exe	50
1036	324	WerFault.exe	47
3044	480	WerFault.exe	48
2008	2728	WerFault.exe	54
884	1544	WerFault.exe	55
2108	780	WerFault.exe	56
2908	2624	WerFault.exe	57
2684	2816	WerFault.exe	60
2740	568	WerFault.exe	59
2944	1820	WerFault.exe	58
1288	2968	WerFault.exe	61
1684	2352	WerFault.exe	62
2056	2272	WerFault.exe	63
1268	1580	WerFault.exe	64
1004	2768	WerFault.exe	68
1792	2596	WerFault.exe	67
3212	2964	WerFault.exe	70
3340	2252	WerFault.exe	88
3444	1980	WerFault.exe	81
3472	2612	WerFault.exe	73
3464	2496	WerFault.exe	74
3504	2364	WerFault.exe	86
3496	2820	WerFault.exe	78
3512	2628	WerFault.exe	80
3532	2144	WerFault.exe	75
3584	1460	WerFault.exe	79
3620	1740	WerFault.exe	83
3636	352	WerFault.exe	82
3628	2540	WerFault.exe	85
3648	1924	WerFault.exe	84
3664	1552	WerFault.exe	77
3684	2264	WerFault.exe	87
3568	816	WerFault.exe	93
3100	3364	WerFault.exe	239
3408	1604	WerFault.exe	103
3564	1948	WerFault.exe	123
3872	1300	WerFault.exe	115
4108	1612	WerFault.exe	104
4172	2584	WerFault.exe	106
4188	2184	WerFault.exe	120
4252	1240	WerFault.exe	128
4264	1720	WerFault.exe	127
4288	2700	WerFault.exe	108
4316	1512	WerFault.exe	102
4336	2220	WerFault.exe	95
4352	2348	WerFault.exe	101
4360	2748	WerFault.exe	133

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1772	b65b57738debb207c9241a379e93caa0_NeikiAnalytics.exe
2588	Unicorn-49884.exe
2600	Unicorn-18255.exe
2940	Unicorn-63926.exe
2696	Unicorn-48234.exe
2888	Unicorn-6879.exe
2444	Unicorn-56402.exe
1692	Unicorn-60652.exe
2432	Unicorn-53039.exe
768	Unicorn-48400.exe
1272	Unicorn-44316.exe
1956	Unicorn-24450.exe
1532	Unicorn-33299.exe
2256	Unicorn-9349.exe
2784	Unicorn-24939.exe
2688	Unicorn-49443.exe
324	Unicorn-45359.exe
480	Unicorn-25493.exe
2224	Unicorn-57611.exe
1500	Unicorn-37745.exe
2728	Unicorn-63086.exe
1544	Unicorn-18716.exe
780	Unicorn-50834.exe
2624	Unicorn-46750.exe
1820	Unicorn-6272.exe
568	Unicorn-30222.exe
2816	Unicorn-55473.exe
2968	Unicorn-42474.exe
2352	Unicorn-38390.exe
2272	Unicorn-30776.exe
1580	Unicorn-50642.exe
2596	Unicorn-15867.exe
2768	Unicorn-35733.exe
2964	Unicorn-14243.exe
2612	Unicorn-55084.exe
2496	Unicorn-31134.exe
2144	Unicorn-22220.exe
1552	Unicorn-47793.exe
2820	Unicorn-30388.exe
1460	Unicorn-10522.exe
2628	Unicorn-10522.exe
1980	Unicorn-15675.exe
1740	Unicorn-59723.exe
352	Unicorn-18136.exe
1924	Unicorn-64596.exe
2540	Unicorn-24310.exe
2364	Unicorn-40092.exe
2264	Unicorn-32478.exe
2252	Unicorn-52344.exe
816	Unicorn-3094.exe
2412	Unicorn-32429.exe
2220	Unicorn-52295.exe
1032	Unicorn-15901.exe
2348	Unicorn-32835.exe
1512	Unicorn-21137.exe
1604	Unicorn-16499.exe
1612	Unicorn-4801.exe
2636	Unicorn-24667.exe
2584	Unicorn-65507.exe
2700	Unicorn-8138.exe
2480	Unicorn-8138.exe
2860	Unicorn-49171.exe
2520	Unicorn-4054.exe
2104	Unicorn-53810.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1772 wrote to memory of 2588	1772	b65b57738debb207c9241a379e93caa0_NeikiAnalytics.exe	28
PID 1772 wrote to memory of 2588	1772	b65b57738debb207c9241a379e93caa0_NeikiAnalytics.exe	28
PID 1772 wrote to memory of 2588	1772	b65b57738debb207c9241a379e93caa0_NeikiAnalytics.exe	28
PID 1772 wrote to memory of 2588	1772	b65b57738debb207c9241a379e93caa0_NeikiAnalytics.exe	28
PID 2588 wrote to memory of 2600	2588	Unicorn-49884.exe	29
PID 2588 wrote to memory of 2600	2588	Unicorn-49884.exe	29
PID 2588 wrote to memory of 2600	2588	Unicorn-49884.exe	29
PID 2588 wrote to memory of 2600	2588	Unicorn-49884.exe	29
PID 1772 wrote to memory of 2940	1772	b65b57738debb207c9241a379e93caa0_NeikiAnalytics.exe	30
PID 1772 wrote to memory of 2940	1772	b65b57738debb207c9241a379e93caa0_NeikiAnalytics.exe	30
PID 1772 wrote to memory of 2940	1772	b65b57738debb207c9241a379e93caa0_NeikiAnalytics.exe	30
PID 1772 wrote to memory of 2940	1772	b65b57738debb207c9241a379e93caa0_NeikiAnalytics.exe	30
PID 1772 wrote to memory of 2712	1772	b65b57738debb207c9241a379e93caa0_NeikiAnalytics.exe	31
PID 1772 wrote to memory of 2712	1772	b65b57738debb207c9241a379e93caa0_NeikiAnalytics.exe	31
PID 1772 wrote to memory of 2712	1772	b65b57738debb207c9241a379e93caa0_NeikiAnalytics.exe	31
PID 1772 wrote to memory of 2712	1772	b65b57738debb207c9241a379e93caa0_NeikiAnalytics.exe	31
PID 2600 wrote to memory of 2696	2600	Unicorn-18255.exe	32
PID 2600 wrote to memory of 2696	2600	Unicorn-18255.exe	32
PID 2600 wrote to memory of 2696	2600	Unicorn-18255.exe	32
PID 2600 wrote to memory of 2696	2600	Unicorn-18255.exe	32
PID 2588 wrote to memory of 2888	2588	Unicorn-49884.exe	33
PID 2588 wrote to memory of 2888	2588	Unicorn-49884.exe	33
PID 2588 wrote to memory of 2888	2588	Unicorn-49884.exe	33
PID 2588 wrote to memory of 2888	2588	Unicorn-49884.exe	33
PID 2940 wrote to memory of 2444	2940	Unicorn-63926.exe	34
PID 2940 wrote to memory of 2444	2940	Unicorn-63926.exe	34
PID 2940 wrote to memory of 2444	2940	Unicorn-63926.exe	34
PID 2940 wrote to memory of 2444	2940	Unicorn-63926.exe	34
PID 2588 wrote to memory of 3012	2588	Unicorn-49884.exe	35
PID 2588 wrote to memory of 3012	2588	Unicorn-49884.exe	35
PID 2588 wrote to memory of 3012	2588	Unicorn-49884.exe	35
PID 2588 wrote to memory of 3012	2588	Unicorn-49884.exe	35
PID 2696 wrote to memory of 1692	2696	Unicorn-48234.exe	36
PID 2696 wrote to memory of 1692	2696	Unicorn-48234.exe	36
PID 2696 wrote to memory of 1692	2696	Unicorn-48234.exe	36
PID 2696 wrote to memory of 1692	2696	Unicorn-48234.exe	36
PID 2600 wrote to memory of 2432	2600	Unicorn-18255.exe	37
PID 2600 wrote to memory of 2432	2600	Unicorn-18255.exe	37
PID 2600 wrote to memory of 2432	2600	Unicorn-18255.exe	37
PID 2600 wrote to memory of 2432	2600	Unicorn-18255.exe	37
PID 2444 wrote to memory of 768	2444	Unicorn-56402.exe	38
PID 2444 wrote to memory of 768	2444	Unicorn-56402.exe	38
PID 2444 wrote to memory of 768	2444	Unicorn-56402.exe	38
PID 2444 wrote to memory of 768	2444	Unicorn-56402.exe	38
PID 2940 wrote to memory of 1956	2940	Unicorn-63926.exe	39
PID 2940 wrote to memory of 1956	2940	Unicorn-63926.exe	39
PID 2940 wrote to memory of 1956	2940	Unicorn-63926.exe	39
PID 2940 wrote to memory of 1956	2940	Unicorn-63926.exe	39
PID 2888 wrote to memory of 1272	2888	Unicorn-6879.exe	40
PID 2888 wrote to memory of 1272	2888	Unicorn-6879.exe	40
PID 2888 wrote to memory of 1272	2888	Unicorn-6879.exe	40
PID 2888 wrote to memory of 1272	2888	Unicorn-6879.exe	40
PID 2600 wrote to memory of 1968	2600	Unicorn-18255.exe	41
PID 2600 wrote to memory of 1968	2600	Unicorn-18255.exe	41
PID 2600 wrote to memory of 1968	2600	Unicorn-18255.exe	41
PID 2600 wrote to memory of 1968	2600	Unicorn-18255.exe	41
PID 2940 wrote to memory of 2332	2940	Unicorn-63926.exe	42
PID 2940 wrote to memory of 2332	2940	Unicorn-63926.exe	42
PID 2940 wrote to memory of 2332	2940	Unicorn-63926.exe	42
PID 2940 wrote to memory of 2332	2940	Unicorn-63926.exe	42
PID 1692 wrote to memory of 1532	1692	Unicorn-60652.exe	43
PID 1692 wrote to memory of 1532	1692	Unicorn-60652.exe	43
PID 1692 wrote to memory of 1532	1692	Unicorn-60652.exe	43
PID 1692 wrote to memory of 1532	1692	Unicorn-60652.exe	43

C:\Users\Admin\AppData\Local\Temp\b65b57738debb207c9241a379e93caa0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\b65b57738debb207c9241a379e93caa0_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1772
- C:\Users\Admin\AppData\Local\Temp\Unicorn-49884.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-49884.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2588
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18255.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18255.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48234.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48234.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60652.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33299.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63086.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35733.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3094.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41278.exe
        10⤵
        
        PID:1240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50681.exe
        11⤵
        
        PID:3104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2954.exe
        12⤵
        
        PID:3520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33437.exe
        13⤵
        
        PID:5076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6229.exe
        14⤵
        
        PID:7600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13352.exe
        15⤵
        
        PID:11536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29716.exe
        16⤵
        
        PID:8732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7600 -s 216
        15⤵
        
        PID:12496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5076 -s 216
        14⤵
        
        PID:9348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3520 -s 216
        13⤵
        
        PID:6612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5403.exe
        12⤵
        
        PID:4452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8455.exe
        13⤵
        
        PID:7268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14169.exe
        14⤵
        
        PID:11216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7268 -s 216
        14⤵
        
        PID:11800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4452 -s 216
        13⤵
        
        PID:8848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3104 -s 240
        12⤵
        
        PID:6244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32289.exe
        11⤵
        
        PID:3804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4656.exe
        12⤵
        
        PID:5000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58891.exe
        13⤵
        
        PID:8072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5184.exe
        14⤵
        
        PID:11564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27085.exe
        15⤵
        
        PID:9648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8072 -s 216
        14⤵
        
        PID:12608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5000 -s 216
        13⤵
        
        PID:8500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3804 -s 216
        12⤵
        
        PID:6708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1240 -s 240
        11⤵
        Program crash
        
        PID:4252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38983.exe
        10⤵
        
        PID:3160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56239.exe
        11⤵
        
        PID:3412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22746.exe
        12⤵
        
        PID:6132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49862.exe
        13⤵
        
        PID:8552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50545.exe
        14⤵
        
        PID:12344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8552 -s 216
        14⤵
        
        PID:13772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6132 -s 216
        13⤵
        
        PID:10260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3412 -s 216
        12⤵
        
        PID:7760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49944.exe
        11⤵
        
        PID:4892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36245.exe
        12⤵
        
        PID:8208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30348.exe
        13⤵
        
        PID:12084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23966.exe
        14⤵
        
        PID:9528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8208 -s 216
        13⤵
        
        PID:13132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4892 -s 220
        12⤵
        
        PID:10068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3160 -s 240
        11⤵
        
        PID:6904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 816 -s 240
        10⤵
        Program crash
        
        PID:3568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21412.exe
        9⤵
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62933.exe
        10⤵
        
        PID:3132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24636.exe
        11⤵
        
        PID:3808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21102.exe
        12⤵
        
        PID:4980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37812.exe
        13⤵
        
        PID:7656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34398.exe
        14⤵
        
        PID:10544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44111.exe
        15⤵
        
        PID:13576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7656 -s 216
        14⤵
        
        PID:2296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4980 -s 236
        13⤵
        
        PID:9072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3808 -s 236
        12⤵
        
        PID:6236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33908.exe
        11⤵
        
        PID:5088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5088 -s 200
        12⤵
        
        PID:5712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3132 -s 240
        11⤵
        
        PID:6268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36373.exe
        10⤵
        
        PID:3884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18170.exe
        11⤵
        
        PID:4944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47454.exe
        12⤵
        
        PID:7552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14312.exe
        13⤵
        
        PID:11748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47920.exe
        14⤵
        
        PID:7252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7552 -s 216
        13⤵
        
        PID:12728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4944 -s 216
        12⤵
        
        PID:9324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3884 -s 216
        11⤵
        
        PID:6488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1720 -s 240
        10⤵
        Program crash
        
        PID:4264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 240
        9⤵
        Program crash
        
        PID:1004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32429.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-245.exe
        9⤵
        
        PID:2484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55917.exe
        10⤵
        
        PID:3384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25378.exe
        11⤵
        
        PID:4792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34771.exe
        12⤵
        
        PID:7952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49473.exe
        13⤵
        
        PID:10800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7952 -s 216
        13⤵
        
        PID:11344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4792 -s 216
        12⤵
        
        PID:8396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3384 -s 236
        11⤵
        
        PID:5628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2484 -s 236
        10⤵
        
        PID:4388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18646.exe
        9⤵
        
        PID:3392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62949.exe
        10⤵
        
        PID:5292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16401.exe
        11⤵
        
        PID:8468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16207.exe
        12⤵
        
        PID:11960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8468 -s 220
        12⤵
        
        PID:13056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5292 -s 220
        11⤵
        
        PID:10192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3392 -s 216
        10⤵
        
        PID:7052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2412 -s 240
        9⤵
        
        PID:4456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2728 -s 240
        8⤵
        Program crash
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15867.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52295.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4329.exe
        9⤵
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2632.exe
        10⤵
        
        PID:3236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-380.exe
        11⤵
        
        PID:5024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16816.exe
        12⤵
        
        PID:7200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49966.exe
        13⤵
        
        PID:10476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32819.exe
        14⤵
        
        PID:8792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7200 -s 236
        13⤵
        
        PID:11588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5024 -s 216
        12⤵
        
        PID:8824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3236 -s 216
        11⤵
        
        PID:5364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2748 -s 236
        10⤵
        Program crash
        
        PID:4360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60556.exe
        9⤵
        
        PID:3276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26193.exe
        10⤵
        
        PID:5152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23993.exe
        11⤵
        
        PID:8124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31775.exe
        12⤵
        
        PID:11692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8124 -s 216
        12⤵
        
        PID:12692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5152 -s 220
        11⤵
        
        PID:10096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3276 -s 216
        10⤵
        
        PID:6936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2220 -s 240
        9⤵
        Program crash
        
        PID:4336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58169.exe
        8⤵
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14884.exe
        9⤵
        
        PID:3284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24885.exe
        10⤵
        
        PID:4908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36053.exe
        11⤵
        
        PID:8304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32735.exe
        12⤵
        
        PID:11912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8304 -s 220
        12⤵
        
        PID:13028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4908 -s 220
        11⤵
        
        PID:10028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3284 -s 216
        10⤵
        
        PID:6896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1932 -s 236
        9⤵
        
        PID:4380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2596 -s 240
        8⤵
        Program crash
        
        PID:1792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1532 -s 240
        7⤵
        Program crash
        
        PID:2072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18716.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14243.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32835.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5481.exe
        9⤵
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10608.exe
        10⤵
        
        PID:3712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40426.exe
        11⤵
        
        PID:5316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22810.exe
        12⤵
        
        PID:9248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11131.exe
        13⤵
        
        PID:13072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9248 -s 236
        13⤵
        
        PID:13988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5316 -s 216
        12⤵
        
        PID:10440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3712 -s 216
        11⤵
        
        PID:7864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2168 -s 236
        10⤵
        
        PID:4508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18454.exe
        9⤵
        
        PID:3760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1688.exe
        10⤵
        
        PID:5184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1631.exe
        11⤵
        
        PID:7364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34590.exe
        12⤵
        
        PID:11144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7364 -s 216
        12⤵
        
        PID:11936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5184 -s 216
        11⤵
        
        PID:8896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3760 -s 216
        10⤵
        
        PID:6444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2348 -s 240
        9⤵
        Program crash
        
        PID:4352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47069.exe
        8⤵
        
        PID:1332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23053.exe
        9⤵
        
        PID:3552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11864.exe
        10⤵
        
        PID:4180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38471.exe
        11⤵
        
        PID:8140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6528.exe
        12⤵
        
        PID:11656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8140 -s 220
        12⤵
        
        PID:12524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4180 -s 216
        11⤵
        
        PID:8540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3552 -s 236
        10⤵
        
        PID:6296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1332 -s 236
        9⤵
        
        PID:4468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2964 -s 240
        8⤵
        Program crash
        
        PID:3212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21137.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13649.exe
        8⤵
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46488.exe
        9⤵
        
        PID:3796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38253.exe
        10⤵
        
        PID:5404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41180.exe
        11⤵
        
        PID:8580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14312.exe
        12⤵
        
        PID:11740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3462.exe
        13⤵
        
        PID:8728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8580 -s 216
        12⤵
        
        PID:12744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5404 -s 220
        11⤵
        
        PID:9344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3796 -s 236
        10⤵
        
        PID:6468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2788 -s 236
        9⤵
        
        PID:4692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22538.exe
        8⤵
        
        PID:3812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45305.exe
        9⤵
        
        PID:4868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52498.exe
        10⤵
        
        PID:7684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32945.exe
        11⤵
        
        PID:11268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7684 -s 236
        11⤵
        
        PID:11636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4868 -s 216
        10⤵
        
        PID:9376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3812 -s 236
        9⤵
        
        PID:6920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1512 -s 240
        8⤵
        Program crash
        
        PID:4316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1544 -s 240
        7⤵
        Program crash
        
        PID:884
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1692 -s 240
        6⤵
        Program crash
        
        PID:2592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9349.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50834.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55084.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65507.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25985.exe
        9⤵
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23567.exe
        10⤵
        
        PID:3188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45606.exe
        11⤵
        
        PID:5052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21943.exe
        12⤵
        
        PID:7196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38241.exe
        13⤵
        
        PID:11440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7196 -s 216
        13⤵
        
        PID:12332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5052 -s 220
        12⤵
        
        PID:8424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3188 -s 236
        11⤵
        
        PID:6260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62497.exe
        10⤵
        
        PID:4248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3297.exe
        11⤵
        
        PID:7624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30649.exe
        12⤵
        
        PID:11824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7624 -s 216
        12⤵
        
        PID:12780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4248 -s 216
        11⤵
        
        PID:9364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2800 -s 220
        10⤵
        
        PID:6316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11869.exe
        9⤵
        
        PID:3264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25269.exe
        10⤵
        
        PID:4304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39623.exe
        11⤵
        
        PID:7416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54769.exe
        12⤵
        
        PID:11320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7416 -s 216
        12⤵
        
        PID:11996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4304 -s 216
        11⤵
        
        PID:8932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3264 -s 236
        10⤵
        
        PID:6664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2584 -s 240
        9⤵
        Program crash
        
        PID:4172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6996.exe
        8⤵
        
        PID:332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35544.exe
        9⤵
        
        PID:3740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29161.exe
        10⤵
        
        PID:5084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-754.exe
        11⤵
        
        PID:7852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30073.exe
        12⤵
        
        PID:11412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7852 -s 216
        12⤵
        
        PID:12296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5084 -s 216
        11⤵
        
        PID:8232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3740 -s 216
        10⤵
        
        PID:6720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25631.exe
        9⤵
        
        PID:5104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29229.exe
        10⤵
        
        PID:8400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2335.exe
        11⤵
        
        PID:12208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8400 -s 220
        11⤵
        
        PID:13236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5104 -s 216
        10⤵
        
        PID:10152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 332 -s 240
        9⤵
        
        PID:6816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2612 -s 220
        8⤵
        Program crash
        
        PID:3472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53810.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13348.exe
        8⤵
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64900.exe
        9⤵
        
        PID:3400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41413.exe
        10⤵
        
        PID:4240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7848.exe
        11⤵
        
        PID:7564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7763.exe
        12⤵
        
        PID:12252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7564 -s 216
        12⤵
        
        PID:13260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4240 -s 216
        11⤵
        
        PID:9988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3400 -s 236
        10⤵
        
        PID:6680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2140 -s 236
        9⤵
        
        PID:4900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32590.exe
        8⤵
        
        PID:3436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59524.exe
        9⤵
        
        PID:5948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37179.exe
        10⤵
        
        PID:9084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54245.exe
        11⤵
        
        PID:11908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9084 -s 216
        11⤵
        
        PID:13636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5948 -s 220
        10⤵
        
        PID:10176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3436 -s 216
        9⤵
        
        PID:7644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2104 -s 240
        8⤵
        
        PID:5620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 780 -s 240
        7⤵
        Program crash
        
        PID:2108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31134.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42792.exe
        7⤵
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43281.exe
        8⤵
        
        PID:3892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44729.exe
        9⤵
        
        PID:5012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8455.exe
        10⤵
        
        PID:7260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2506.exe
        11⤵
        
        PID:12048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7260 -s 216
        11⤵
        
        PID:12968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5012 -s 216
        10⤵
        
        PID:8856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3892 -s 236
        9⤵
        
        PID:6228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2312 -s 236
        8⤵
        
        PID:4588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2496 -s 236
        7⤵
        Program crash
        
        PID:3464
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2256 -s 240
        6⤵
        Program crash
        
        PID:336
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2696 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53039.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53039.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24939.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46750.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22220.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49171.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39306.exe
        9⤵
        
        PID:3068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52264.exe
        10⤵
        
        PID:3120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39763.exe
        11⤵
        
        PID:5932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42981.exe
        12⤵
        
        PID:10404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45896.exe
        13⤵
        
        PID:13632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10404 -s 216
        13⤵
        
        PID:8740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5932 -s 216
        12⤵
        
        PID:11708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3120 -s 216
        11⤵
        
        PID:7804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3068 -s 236
        10⤵
        
        PID:5544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11978.exe
        9⤵
        
        PID:3220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7090.exe
        10⤵
        
        PID:5576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2389.exe
        11⤵
        
        PID:9292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37800.exe
        12⤵
        
        PID:12616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9292 -s 220
        12⤵
        
        PID:13888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5576 -s 216
        11⤵
        
        PID:10456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3220 -s 216
        10⤵
        
        PID:7756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2860 -s 240
        9⤵
        
        PID:5456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2912.exe
        8⤵
        
        PID:3020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44179.exe
        9⤵
        
        PID:3912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11558.exe
        10⤵
        
        PID:5244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33671.exe
        11⤵
        
        PID:8956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3461.exe
        12⤵
        
        PID:12204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8956 -s 216
        12⤵
        
        PID:12708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5244 -s 216
        11⤵
        
        PID:9908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3912 -s 216
        10⤵
        
        PID:7900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3020 -s 236
        9⤵
        
        PID:5248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2144 -s 240
        8⤵
        Program crash
        
        PID:3532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33389.exe
        7⤵
        
        PID:1300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52051.exe
        8⤵
        
        PID:3336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17293.exe
        9⤵
        
        PID:4852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49182.exe
        10⤵
        
        PID:7996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59621.exe
        11⤵
        
        PID:11684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7996 -s 216
        11⤵
        
        PID:12540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4852 -s 220
        10⤵
        
        PID:9728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3336 -s 236
        9⤵
        
        PID:6436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1300 -s 216
        8⤵
        Program crash
        
        PID:3872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2624 -s 240
        7⤵
        Program crash
        
        PID:2908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10522.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57339.exe
        7⤵
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31630.exe
        8⤵
        
        PID:3296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58673.exe
        9⤵
        
        PID:5380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19333.exe
        10⤵
        
        PID:7304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59237.exe
        11⤵
        
        PID:11776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36436.exe
        12⤵
        
        PID:8620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7304 -s 216
        11⤵
        
        PID:12752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5380 -s 216
        10⤵
        
        PID:9748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3296 -s 216
        9⤵
        
        PID:6452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2724 -s 216
        8⤵
        
        PID:4636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46768.exe
        7⤵
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15123.exe
        8⤵
        
        PID:3312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8740.exe
        9⤵
        
        PID:4840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20101.exe
        10⤵
        
        PID:7704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30732.exe
        11⤵
        
        PID:11988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40411.exe
        12⤵
        
        PID:9240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7704 -s 220
        11⤵
        
        PID:12888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4840 -s 216
        10⤵
        
        PID:10000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3312 -s 236
        9⤵
        
        PID:6624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21547.exe
        8⤵
        
        PID:4280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3297.exe
        9⤵
        
        PID:7632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58277.exe
        10⤵
        
        PID:11596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22892.exe
        11⤵
        
        PID:8248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7632 -s 216
        10⤵
        
        PID:12448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4280 -s 216
        9⤵
        
        PID:9356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1628 -s 220
        8⤵
        
        PID:6688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1460 -s 240
        7⤵
        Program crash
        
        PID:3584
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2784 -s 240
        6⤵
        Program crash
        
        PID:1328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6272.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30388.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8138.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9264.exe
        8⤵
        
        PID:1260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36120.exe
        9⤵
        
        PID:3600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31787.exe
        10⤵
        
        PID:5356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47122.exe
        11⤵
        
        PID:8972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34401.exe
        12⤵
        
        PID:12196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8972 -s 216
        12⤵
        
        PID:13744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5356 -s 216
        11⤵
        
        PID:10308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3600 -s 216
        10⤵
        
        PID:7716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1260 -s 236
        9⤵
        
        PID:5336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61179.exe
        8⤵
        
        PID:3844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4272.exe
        9⤵
        
        PID:4552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16977.exe
        10⤵
        
        PID:8372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61131.exe
        11⤵
        
        PID:12004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8372 -s 220
        11⤵
        
        PID:13092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4552 -s 216
        10⤵
        
        PID:10056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3844 -s 236
        9⤵
        
        PID:6912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2700 -s 240
        8⤵
        Program crash
        
        PID:4288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42683.exe
        7⤵
        
        PID:956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56239.exe
        8⤵
        
        PID:3452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29545.exe
        9⤵
        
        PID:4716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63084.exe
        10⤵
        
        PID:7404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50734.exe
        11⤵
        
        PID:11212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14064.exe
        12⤵
        
        PID:7496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7404 -s 216
        11⤵
        
        PID:11804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4716 -s 236
        10⤵
        
        PID:8904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3452 -s 236
        9⤵
        
        PID:6412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50520.exe
        8⤵
        
        PID:5004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16816.exe
        9⤵
        
        PID:7216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25078.exe
        10⤵
        
        PID:11196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33058.exe
        11⤵
        
        PID:9740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7216 -s 216
        10⤵
        
        PID:11768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5004 -s 236
        9⤵
        
        PID:8832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 956 -s 240
        8⤵
        
        PID:5560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2820 -s 220
        7⤵
        Program crash
        
        PID:3496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25221.exe
        6⤵
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62549.exe
        7⤵
        
        PID:1028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36120.exe
        8⤵
        
        PID:3644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43166.exe
        9⤵
        
        PID:5212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34294.exe
        10⤵
        
        PID:8760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63648.exe
        11⤵
        
        PID:12792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8760 -s 216
        11⤵
        
        PID:13944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5212 -s 216
        10⤵
        
        PID:10376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3644 -s 216
        9⤵
        
        PID:7824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1028 -s 216
        8⤵
        
        PID:5048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65263.exe
        7⤵
        
        PID:3744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62949.exe
        8⤵
        
        PID:5284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15549.exe
        9⤵
        
        PID:7740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29689.exe
        10⤵
        
        PID:11620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7740 -s 216
        10⤵
        
        PID:12484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5284 -s 216
        9⤵
        
        PID:9384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3744 -s 236
        8⤵
        
        PID:7044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1640 -s 240
        7⤵
        
        PID:4444
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1820 -s 240
        6⤵
        Program crash
        
        PID:2944
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2432 -s 240
        5⤵
        Program crash
        
        PID:1196
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2600 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1968
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6879.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6879.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44316.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44316.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57611.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15675.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24667.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52051.exe
        8⤵
        
        PID:3352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62565.exe
        9⤵
        
        PID:5516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27501.exe
        10⤵
        
        PID:7440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58277.exe
        11⤵
        
        PID:11604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7219.exe
        12⤵
        
        PID:8700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7440 -s 216
        11⤵
        
        PID:12456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5516 -s 216
        10⤵
        
        PID:9780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3352 -s 216
        9⤵
        
        PID:6824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2636 -s 216
        8⤵
        
        PID:4740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38599.exe
        7⤵
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44096.exe
        8⤵
        
        PID:4008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52015.exe
        9⤵
        
        PID:5704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10365.exe
        10⤵
        
        PID:8796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10088.exe
        11⤵
        
        PID:11700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8796 -s 216
        11⤵
        
        PID:13728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5704 -s 216
        10⤵
        
        PID:10300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4008 -s 216
        9⤵
        
        PID:7800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2772 -s 216
        8⤵
        
        PID:5480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1980 -s 240
        7⤵
        Program crash
        
        PID:3444
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2224 -s 216
        6⤵
        Program crash
        
        PID:1048
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1272 -s 236
        5⤵
        Program crash
        
        PID:2544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37745.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37745.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42474.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18136.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32643.exe
        7⤵
        
        PID:1816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50489.exe
        8⤵
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47988.exe
        9⤵
        
        PID:3696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9856.exe
        10⤵
        
        PID:5216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53266.exe
        11⤵
        
        PID:3204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34249.exe
        12⤵
        
        PID:12104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3204 -s 220
        12⤵
        
        PID:13212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5216 -s 220
        11⤵
        
        PID:9712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3696 -s 216
        10⤵
        
        PID:6980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2884 -s 236
        9⤵
        
        PID:5064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15870.exe
        8⤵
        
        PID:3956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7941.exe
        9⤵
        
        PID:5956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56048.exe
        10⤵
        
        PID:11184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60940.exe
        11⤵
        
        PID:8672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5956 -s 236
        10⤵
        
        PID:11544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3956 -s 216
        9⤵
        
        PID:7500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1816 -s 240
        8⤵
        
        PID:5864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60281.exe
        7⤵
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60240.exe
        8⤵
        
        PID:3424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22851.exe
        9⤵
        
        PID:5940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14366.exe
        10⤵
        
        PID:8440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57561.exe
        11⤵
        
        PID:11612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8440 -s 216
        11⤵
        
        PID:13428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5940 -s 216
        10⤵
        
        PID:9596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3424 -s 216
        9⤵
        
        PID:7396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2508 -s 236
        8⤵
        
        PID:6068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 352 -s 240
        7⤵
        Program crash
        
        PID:3636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20945.exe
        6⤵
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17817.exe
        7⤵
        
        PID:1360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43904.exe
        8⤵
        
        PID:3524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53359.exe
        9⤵
        
        PID:5280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52109.exe
        10⤵
        
        PID:10524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63898.exe
        11⤵
        
        PID:7228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10524 -s 216
        11⤵
        
        PID:2096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5280 -s 216
        10⤵
        
        PID:12008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3524 -s 216
        9⤵
        
        PID:7876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1360 -s 236
        8⤵
        
        PID:5648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7702.exe
        7⤵
        
        PID:3732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59140.exe
        8⤵
        
        PID:6092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28876.exe
        9⤵
        
        PID:7288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50926.exe
        10⤵
        
        PID:10392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47536.exe
        11⤵
        
        PID:2756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7288 -s 216
        10⤵
        
        PID:11836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6092 -s 216
        9⤵
        
        PID:8868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3732 -s 216
        8⤵
        
        PID:6356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1764 -s 220
        7⤵
        
        PID:5848
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2968 -s 240
        6⤵
        Program crash
        
        PID:1288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59723.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53255.exe
        6⤵
        
        PID:548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1096.exe
        7⤵
        
        PID:2632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19592.exe
        8⤵
        
        PID:3772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23427.exe
        9⤵
        
        PID:5440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14366.exe
        10⤵
        
        PID:8448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17380.exe
        11⤵
        
        PID:12660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8448 -s 220
        11⤵
        
        PID:13900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5440 -s 216
        10⤵
        
        PID:9552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3772 -s 216
        9⤵
        
        PID:7724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2632 -s 236
        8⤵
        
        PID:5396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36674.exe
        7⤵
        
        PID:3908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5554.exe
        8⤵
        
        PID:5580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10074.exe
        9⤵
        
        PID:7984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21905.exe
        10⤵
        
        PID:11356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7984 -s 216
        10⤵
        
        PID:11812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5580 -s 216
        9⤵
        
        PID:8416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3908 -s 216
        8⤵
        
        PID:7768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 548 -s 240
        7⤵
        
        PID:5996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54936.exe
        6⤵
        
        PID:856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44096.exe
        7⤵
        
        PID:3968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64267.exe
        8⤵
        
        PID:5784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31061.exe
        9⤵
        
        PID:9500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24557.exe
        10⤵
        
        PID:13536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9500 -s 216
        10⤵
        
        PID:14104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5784 -s 216
        9⤵
        
        PID:10568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3968 -s 216
        8⤵
        
        PID:7840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 856 -s 216
        7⤵
        
        PID:5488
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1740 -s 220
        6⤵
        Program crash
        
        PID:3620
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1500 -s 240
        5⤵
        Program crash
        
        PID:916
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2888 -s 220
      4⤵
      Loads dropped DLL
      Program crash
      PID:2044
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2588 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:3012
- C:\Users\Admin\AppData\Local\Temp\Unicorn-63926.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-63926.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2940
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56402.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56402.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48400.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48400.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49443.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30222.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47793.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40811.exe
        8⤵
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17817.exe
        9⤵
        
        PID:348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27568.exe
        10⤵
        
        PID:3780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17148.exe
        11⤵
        
        PID:5908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41372.exe
        12⤵
        
        PID:8532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43067.exe
        13⤵
        
        PID:11348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8532 -s 204
        13⤵
        
        PID:12668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5908 -s 220
        12⤵
        
        PID:9220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3780 -s 216
        11⤵
        
        PID:7636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 348 -s 236
        10⤵
        
        PID:5300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47474.exe
        9⤵
        
        PID:3172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4656.exe
        10⤵
        
        PID:4988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29535.exe
        11⤵
        
        PID:7792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32945.exe
        12⤵
        
        PID:10532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7792 -s 216
        12⤵
        
        PID:2240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4988 -s 216
        11⤵
        
        PID:8204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3172 -s 236
        10⤵
        
        PID:6632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2184 -s 240
        9⤵
        Program crash
        
        PID:4188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59212.exe
        8⤵
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28288.exe
        9⤵
        
        PID:4220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62316.exe
        10⤵
        
        PID:7152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49582.exe
        11⤵
        
        PID:11152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12782.exe
        12⤵
        
        PID:9332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7152 -s 216
        11⤵
        
        PID:11732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4220 -s 216
        10⤵
        
        PID:8748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2680 -s 216
        9⤵
        
        PID:5496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1552 -s 240
        8⤵
        Program crash
        
        PID:3664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16861.exe
        7⤵
        
        PID:2428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26862.exe
        8⤵
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35544.exe
        9⤵
        
        PID:3792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5362.exe
        10⤵
        
        PID:5688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10256.exe
        11⤵
        
        PID:9576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53721.exe
        12⤵
        
        PID:13444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9576 -s 216
        12⤵
        
        PID:14084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5688 -s 216
        11⤵
        
        PID:10632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3792 -s 216
        10⤵
        
        PID:8040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1632 -s 236
        9⤵
        
        PID:6020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24313.exe
        8⤵
        
        PID:3868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44698.exe
        9⤵
        
        PID:5320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7039.exe
        10⤵
        
        PID:11128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14863.exe
        11⤵
        
        PID:6544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5320 -s 216
        10⤵
        
        PID:11452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3868 -s 236
        9⤵
        
        PID:7664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2428 -s 220
        8⤵
        
        PID:6112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 568 -s 220
        7⤵
        Program crash
        
        PID:2740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10522.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8138.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1096.exe
        8⤵
        
        PID:860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44096.exe
        9⤵
        
        PID:3948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43572.exe
        10⤵
        
        PID:5416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13873.exe
        11⤵
        
        PID:8384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53560.exe
        12⤵
        
        PID:12388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8384 -s 216
        12⤵
        
        PID:13780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3948 -s 216
        10⤵
        
        PID:7924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 860 -s 216
        9⤵
        
        PID:5972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11978.exe
        8⤵
        
        PID:3192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5087.exe
        9⤵
        
        PID:5820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17584.exe
        10⤵
        
        PID:7516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63178.exe
        11⤵
        
        PID:11176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26893.exe
        12⤵
        
        PID:9880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7516 -s 216
        11⤵
        
        PID:11968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5820 -s 216
        10⤵
        
        PID:9036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3192 -s 236
        9⤵
        
        PID:7012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2480 -s 240
        8⤵
        
        PID:4412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59020.exe
        7⤵
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11314.exe
        8⤵
        
        PID:3720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-380.exe
        9⤵
        
        PID:4996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51621.exe
        10⤵
        
        PID:7424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14779.exe
        11⤵
        
        PID:12184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7424 -s 216
        11⤵
        
        PID:13220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4996 -s 216
        10⤵
        
        PID:9900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3720 -s 236
        9⤵
        
        PID:6740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5019.exe
        8⤵
        
        PID:4376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2721.exe
        9⤵
        
        PID:7336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6528.exe
        10⤵
        
        PID:11664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7336 -s 216
        10⤵
        
        PID:12532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4376 -s 216
        9⤵
        
        PID:9616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2568 -s 220
        8⤵
        
        PID:6888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2628 -s 240
        7⤵
        Program crash
        
        PID:3512
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2688 -s 240
        6⤵
        Program crash
        
        PID:692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55473.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47793.exe
        6⤵
        Executes dropped EXE
        
        PID:1456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15901.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22010.exe
        7⤵
        
        PID:2988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10800.exe
        8⤵
        
        PID:3328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30085.exe
        9⤵
        
        PID:5324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20708.exe
        10⤵
        
        PID:7348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38290.exe
        11⤵
        
        PID:11140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37718.exe
        12⤵
        
        PID:7296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7348 -s 216
        11⤵
        
        PID:12148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5324 -s 216
        10⤵
        
        PID:8888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3328 -s 236
        9⤵
        
        PID:6428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2988 -s 236
        8⤵
        
        PID:4540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36051.exe
        7⤵
        
        PID:3372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54781.exe
        8⤵
        
        PID:5256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8040.exe
        9⤵
        
        PID:7976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34733.exe
        10⤵
        
        PID:11792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7976 -s 216
        10⤵
        
        PID:12760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5256 -s 216
        9⤵
        
        PID:9924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3372 -s 216
        8⤵
        
        PID:7028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1032 -s 240
        7⤵
        
        PID:4396
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2816 -s 220
        6⤵
        Program crash
        
        PID:2684
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 768 -s 240
        5⤵
        Program crash
        
        PID:2548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25493.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25493.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50642.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52344.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16499.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62658.exe
        8⤵
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42404.exe
        9⤵
        
        PID:3828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37630.exe
        10⤵
        
        PID:4936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49872.exe
        11⤵
        
        PID:6576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20994.exe
        12⤵
        
        PID:10732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17573.exe
        13⤵
        
        PID:8640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6576 -s 216
        12⤵
        
        PID:11724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4936 -s 236
        11⤵
        
        PID:8764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3828 -s 236
        10⤵
        
        PID:5164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1608 -s 236
        9⤵
        
        PID:4564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22538.exe
        8⤵
        
        PID:3852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9041.exe
        9⤵
        
        PID:4844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54807.exe
        10⤵
        
        PID:8108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54577.exe
        11⤵
        
        PID:11384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8108 -s 216
        11⤵
        
        PID:12176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4844 -s 216
        10⤵
        
        PID:8524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3852 -s 236
        9⤵
        
        PID:5376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1604 -s 240
        8⤵
        Program crash
        
        PID:3408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22372.exe
        7⤵
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43281.exe
        8⤵
        
        PID:3900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16717.exe
        9⤵
        
        PID:5100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8808.exe
        10⤵
        
        PID:8344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21905.exe
        11⤵
        
        PID:11364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5100 -s 216
        10⤵
        
        PID:10036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3900 -s 216
        9⤵
        
        PID:6872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2608 -s 236
        8⤵
        
        PID:4596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2252 -s 240
        7⤵
        Program crash
        
        PID:3340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4801.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55450.exe
        7⤵
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15123.exe
        8⤵
        
        PID:3368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20194.exe
        9⤵
        
        PID:6088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6847.exe
        10⤵
        
        PID:11156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27500.exe
        11⤵
        
        PID:7932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6088 -s 216
        10⤵
        
        PID:11492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3368 -s 216
        9⤵
        
        PID:7576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1660 -s 216
        8⤵
        
        PID:6008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15678.exe
        7⤵
        
        PID:3736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8932.exe
        8⤵
        
        PID:4960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14864.exe
        9⤵
        
        PID:7872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2335.exe
        10⤵
        
        PID:12216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7872 -s 220
        10⤵
        
        PID:13228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4960 -s 216
        9⤵
        
        PID:9832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3736 -s 216
        8⤵
        
        PID:6520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1612 -s 240
        7⤵
        Program crash
        
        PID:4108
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1580 -s 240
        6⤵
        Program crash
        
        PID:1268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32478.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36727.exe
        6⤵
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59726.exe
        7⤵
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2679.exe
        8⤵
        
        PID:3148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62565.exe
        9⤵
        
        PID:5524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41180.exe
        10⤵
        
        PID:8588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60363.exe
        11⤵
        
        PID:11616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8588 -s 220
        11⤵
        
        PID:12644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5524 -s 220
        10⤵
        
        PID:9312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3148 -s 216
        9⤵
        
        PID:6800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2260 -s 236
        8⤵
        
        PID:4756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48351.exe
        7⤵
        
        PID:3112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45798.exe
        8⤵
        
        PID:4880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58424.exe
        9⤵
        
        PID:7612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30506.exe
        10⤵
        
        PID:1340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50546.exe
        11⤵
        
        PID:10128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7612 -s 216
        10⤵
        
        PID:11888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4880 -s 216
        9⤵
        
        PID:9060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3112 -s 236
        8⤵
        
        PID:5564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1948 -s 240
        7⤵
        Program crash
        
        PID:3564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27608.exe
        6⤵
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23567.exe
        7⤵
        
        PID:3168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41221.exe
        8⤵
        
        PID:4652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36285.exe
        9⤵
        
        PID:7312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63321.exe
        10⤵
        
        PID:11868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47100.exe
        11⤵
        
        PID:9912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7312 -s 216
        10⤵
        
        PID:12980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4652 -s 216
        9⤵
        
        PID:8744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3168 -s 236
        8⤵
        
        PID:6384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10411.exe
        7⤵
        
        PID:4272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9223.exe
        8⤵
        
        PID:7584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41305.exe
        9⤵
        
        PID:10540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16722.exe
        10⤵
        
        PID:9844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7584 -s 216
        9⤵
        
        PID:11332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4272 -s 216
        8⤵
        
        PID:9052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1680 -s 240
        7⤵
        
        PID:6928
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2264 -s 240
        6⤵
        Program crash
        
        PID:3684
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 480 -s 240
        5⤵
        Program crash
        
        PID:3044
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2444 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:848
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24450.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24450.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45359.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45359.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38390.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64596.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28559.exe
        7⤵
        
        PID:840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39306.exe
        8⤵
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60432.exe
        9⤵
        
        PID:3304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62373.exe
        10⤵
        
        PID:5584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21668.exe
        11⤵
        
        PID:7556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31478.exe
        12⤵
        
        PID:11916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47204.exe
        13⤵
        
        PID:10160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7556 -s 216
        12⤵
        
        PID:12832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5584 -s 216
        11⤵
        
        PID:9044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3304 -s 216
        10⤵
        
        PID:7120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1744 -s 236
        9⤵
        
        PID:4676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24038.exe
        8⤵
        
        PID:3416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25892.exe
        9⤵
        
        PID:5656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15429.exe
        9⤵
        
        PID:5884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39613.exe
        10⤵
        
        PID:9860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9564.exe
        11⤵
        
        PID:13556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9860 -s 216
        11⤵
        
        PID:14112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5884 -s 216
        10⤵
        
        PID:10928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3416 -s 220
        9⤵
        
        PID:7392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 840 -s 220
        8⤵
        
        PID:4920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2912.exe
        7⤵
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3063.exe
        8⤵
        
        PID:3364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3364 -s 188
        9⤵
        Program crash
        
        PID:3100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2936 -s 236
        8⤵
        
        PID:5816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1924 -s 240
        7⤵
        Program crash
        
        PID:3648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16861.exe
        6⤵
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13540.exe
        7⤵
        
        PID:1456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35736.exe
        8⤵
        
        PID:3932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20495.exe
        9⤵
        
        PID:5428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65461.exe
        10⤵
        
        PID:9912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59232.exe
        11⤵
        
        PID:13804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5428 -s 216
        10⤵
        
        PID:11008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3932 -s 216
        9⤵
        
        PID:7888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1456 -s 236
        8⤵
        
        PID:5740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60795.exe
        7⤵
        
        PID:3308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58564.exe
        8⤵
        
        PID:5764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16624.exe
        9⤵
        
        PID:7320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41606.exe
        10⤵
        
        PID:10576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52087.exe
        11⤵
        
        PID:9016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7320 -s 216
        10⤵
        
        PID:11676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5764 -s 216
        9⤵
        
        PID:8880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3308 -s 236
        8⤵
        
        PID:6404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2084 -s 240
        7⤵
        
        PID:5036
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2352 -s 240
        6⤵
        Program crash
        
        PID:1684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24310.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63213.exe
        6⤵
        
        PID:1864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1371.exe
        7⤵
        
        PID:3916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48621.exe
        8⤵
        
        PID:4476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15549.exe
        9⤵
        
        PID:7752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59512.exe
        10⤵
        
        PID:11952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49155.exe
        11⤵
        
        PID:8980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7752 -s 220
        10⤵
        
        PID:12844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4476 -s 216
        9⤵
        
        PID:9392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3916 -s 236
        8⤵
        
        PID:6376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1864 -s 236
        7⤵
        
        PID:4624
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2540 -s 216
        6⤵
        Program crash
        
        PID:3628
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 324 -s 240
        5⤵
        Program crash
        
        PID:1036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30776.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30776.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40092.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4054.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26862.exe
        7⤵
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44096.exe
        8⤵
        
        PID:3992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18601.exe
        9⤵
        
        PID:5696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17444.exe
        10⤵
        
        PID:8784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54115.exe
        11⤵
        
        PID:12136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8784 -s 220
        11⤵
        
        PID:12356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3992 -s 216
        9⤵
        
        PID:7464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3000 -s 216
        8⤵
        
        PID:4808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11978.exe
        7⤵
        
        PID:3200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27319.exe
        8⤵
        
        PID:6032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34953.exe
        9⤵
        
        PID:9540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52294.exe
        10⤵
        
        PID:12804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9540 -s 236
        10⤵
        
        PID:14044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6032 -s 216
        9⤵
        
        PID:10608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2520 -s 240
        7⤵
        
        PID:5612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30623.exe
        6⤵
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11314.exe
        7⤵
        
        PID:3672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18170.exe
        8⤵
        
        PID:4928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23609.exe
        9⤵
        
        PID:7680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17629.exe
        10⤵
        
        PID:11468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7680 -s 216
        10⤵
        
        PID:12428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4928 -s 220
        9⤵
        
        PID:9672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3672 -s 216
        8⤵
        
        PID:6496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21739.exe
        7⤵
        
        PID:5112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39369.exe
        8⤵
        
        PID:8084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14312.exe
        9⤵
        
        PID:11756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8084 -s 216
        9⤵
        
        PID:12736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5112 -s 216
        8⤵
        
        PID:9892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2868 -s 240
        7⤵
        
        PID:6648
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2364 -s 240
        6⤵
        Program crash
        
        PID:3504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37473.exe
        5⤵
        
        PID:2952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58465.exe
        6⤵
        
        PID:1280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27952.exe
        7⤵
        
        PID:3540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15149.exe
        8⤵
        
        PID:5736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42929.exe
        9⤵
        
        PID:9636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50296.exe
        10⤵
        
        PID:13704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9636 -s 216
        10⤵
        
        PID:14124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5736 -s 216
        9⤵
        
        PID:10752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3540 -s 216
        8⤵
        
        PID:7912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1280 -s 236
        7⤵
        
        PID:5636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57095.exe
        6⤵
        
        PID:3692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13831.exe
        7⤵
        
        PID:5168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55290.exe
        8⤵
        
        PID:8812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54115.exe
        9⤵
        
        PID:12152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8812 -s 220
        9⤵
        
        PID:12576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5168 -s 216
        8⤵
        
        PID:10292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3692 -s 216
        7⤵
        
        PID:7776
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2952 -s 240
        6⤵
        
        PID:5868
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2272 -s 240
        5⤵
        Program crash
        
        PID:2056
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1956 -s 240
      4⤵
      Program crash
      PID:2732
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2940 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2332
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1772 -s 240
  2⤵
  - Program crash
  PID:2712

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-18601.exe

Filesize
184KB

MD5
58997d8b44814d17eec1f79fc19b3c57

SHA1
e51aa1e5e8652b8a782cc050f0ab00ac5de45a28

SHA256
ec0a3c3e0eeb936b4ec84f422aba060b6012db52f7c2ac17494491c0aeb90687

SHA512
a5537ee8f4d809820918426db6ecdf4874d27b142df904b72078aecb189736f394470f8cf5caa0416d2a5cca7e83740906476bb61300845bdcc321872b4ca3ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22810.exe

Filesize
184KB

MD5
5d23c5c7cf91ae98ac49aa4f19e77309

SHA1
48da0dd9dfc9793592d11aab5de6b3ee7ab0a2ef

SHA256
0813a127925ea48f571e5003fa885132540dccf25793c989101f86a9cf3c9b75

SHA512
e38ae75b136b57fa1319406958c0a6a5db8e278436612c35b93a768b51b135b295bcf2f43cbbdc2bec1f00697a201244492302a3e7626402cdb05537119556ba

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24450.exe

Filesize
184KB

MD5
32651ce4018d03bf09fd1407bbb18f61

SHA1
d44ead23ea4b7d2fbf68be20662aaabdcebf40fe

SHA256
ff31154ee93d21f7cead0c09c824ef481622318e5e3727777ef11ce34d224157

SHA512
86371db0785d6cf5ee6fd71017cda7624c6817c6152b4f961ee00dc32f0a95edb777c15928fe0368aae64c7f1a7ba4f2f4fddaa0c923c406964fd1079c5c38c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30649.exe

Filesize
184KB

MD5
1f7c21aa77f256ff37485ca8fb7cd459

SHA1
53785e4889d735ada65296f7f5e42007ad7de3ea

SHA256
a0860d5666233b7d6fc4de984facc74531d54c85cb591891ee4dcf6c13778b8e

SHA512
3f809eb50085b91cb045bce1b8c6b027f97209fc9bdc8727c04f059a2071e343a72138d130efe34da154464c6025f770abcff535d0ba9540b7ce1f7a254bc04a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47454.exe

Filesize
184KB

MD5
fc84f132ab8b44bda7c60546ed0b4be5

SHA1
9e3c96b94fd38f0acbe330d4a9e4323e925cd625

SHA256
3d991d3709ced4889fa18dee925f83db33a86c6d872602b484bbcb9241c0b8cc

SHA512
75295125154fe45b824e23a9477d83cfaa667f0f3dae6d417dc769e19ae0b89bc97b4aedfdf86efb1524ff9bb434be0ea7580f09b43d171685300ef5a981549c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48400.exe

Filesize
184KB

MD5
12b55b4849536354f4e95455a6ce7814

SHA1
a3c171ab95b3bec184dce979162e7f3e26dbb5f2

SHA256
98ef29c5d75f1e6678cedc8c5fee752a95e43af159058e02d16b277af3811308

SHA512
7fd880c28eecca6a6936323f0e2b69ccb5590eacd8fe959991b19d014af7d5f4e15afe20e1d43ccd7bf98b2d54d8796bf6cca0154850191c1604914c30159f74

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53039.exe

Filesize
184KB

MD5
ba22b358c672f43d37f6ebfa3e002106

SHA1
fcff3ec0869f329f973feeb3db99bbe1e2edfbdb

SHA256
bf7f00efd69b59d1e9fdc38423e04e6a2c1a5a6904b7d6ddb8d35da03a31fda9

SHA512
df13d091d05221b870d009a672db0bbbe3f3457d578154132c9992224fa3d15649702b59b117180f6dc787d0ace6012bfa95cb6ce91f6959d2d73801bfbbaa4a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5481.exe

Filesize
184KB

MD5
3b0fb76eedcc05f55d88b6e425222112

SHA1
fcc0d20e13e76dbb82e18f38eb22858a97b932b0

SHA256
bfd7c2d15b4471bf080617c7b2664cc5abf2e06d134c3e2d9d3a7d2dc02d66d3

SHA512
fb5e036dea85858735b8aaa1a34aa07c3ba3c31b737950305f1eb81ec1032129b64d0fc861f82e691168a89f51a86824b3df141fab6dc049498b684099d164ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63178.exe

Filesize
184KB

MD5
4e5faf5d85fd1348fabdc3a22477f5a0

SHA1
7f856ccb1ec85224761826573a591585a1af24de

SHA256
f49352b891e0ab962350d536fcd52660e4f2cd8cac13f2b810ad9f66534cb4ee

SHA512
9e34d28c4ce01da2781b34f630bb7b844b153f0dea240de15416bd81badb0b3117fb7b14ed7149c604105a10e70b7cfe6cecc1a8d77d1a894dea8c13bee3f24f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-18255.exe

Filesize
184KB

MD5
4f22b725fdf709ef821e719c45306ebe

SHA1
c2e59422d86126459dafae6c9621c03a2a51ad3f

SHA256
7db75c8d657aff87fd2455779f64eed8b1b695203efd4b8ff2c36d7a1e23da89

SHA512
6e1ed00db32d9796e59bfa5c73ad3e8d6fe4f2cbc160b87be10c93fb86a0b95cc7f04bd5ff0bf462ed79e39da3848ba210e859cec97024af71807e07bef4a5df

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-24939.exe

Filesize
184KB

MD5
7135b548a10e2cb83356d91e01ea2bca

SHA1
600cbd1f56e8f594361e55210979d866b06fd8f4

SHA256
eaf23c3bd4025eddc8ec7cd693e179855378a665cf5e516a8874e97489a80539

SHA512
b9542f2513592bb05792295f0de76ae7ec0cf88daaea16b3cec461e97def043d231d3ed5266fc313e0a779c74c1180acadeb525b7f5e9fe768b1e4800e7b4e8e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-33299.exe

Filesize
184KB

MD5
0079f6224afbf246d626106c0f9ee3ce

SHA1
52fa5d966a38a916005648ce36bc878c580f84b0

SHA256
6f07080847ce25e7605415d7994a6f0ba4a329dd6ea34f9b29eae00f47cdfcc9

SHA512
030fa9a437ad19e385a1f6139d75b10dbd924994d61c66a2caa6ce2717c815b3b73ea358fba3a274ab0d8082e612457dfaba3e163b3a15b758b2cabc56581a23

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-44316.exe

Filesize
184KB

MD5
2bb97b5f2f4df682b8aed4060cd4d034

SHA1
c92fad97bfa90144f0a36b75157b4e276c40a67c

SHA256
94cd4dd87ed4ab24b967068432c9d5e0f548312aa1866ed789bee37e293f154d

SHA512
e8b928db26efd0a88e4b79ea93c37b97d6015608746169ee73c1e88ffc308f5952b88c2fc4d55b900d035ab74efc57d41db4aef0eb388df3118929980ed6b97a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48234.exe

Filesize
184KB

MD5
e532b5ebc701f707da31dad56b7cb115

SHA1
54f6c26c0cc8b1b788fbd5ffdf580e6dbbf8590f

SHA256
76939de1668d3b40078a30aea18b1aa9e0c5d8cc4059edd90ff60bcc7b9cdacd

SHA512
47cacff449e5811e782e4cc9ae9681d838c12294cf5b0582534ca1b8ec0438e6551e1ba8818decd486c95b3139b9e3841df7c6cd73f87d608b5c85dfba91d793

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49884.exe

Filesize
184KB

MD5
9215edff00f6425d6beb5a8c0d1aa41c

SHA1
f979cf8cfbe00fe34b80e5b7f774dc6db25e596b

SHA256
f73231c35f416ef9d1951d01094a9653ba0eccf09f3505ca6a063f94667dce2e

SHA512
bd5be89919369ebb318cc8f497f612d34d5e7538ce888ddac94bdba7a4174b11cf48af387e822e47b8621092162ac4ecdfcff5ea393a43c24b3d6d770f973dd6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-56402.exe

Filesize
184KB

MD5
eb80eed5248b6d490a7c71ec12fe2dc4

SHA1
b02459c146355624797b3cebe793a322c1f6c037

SHA256
1d48ed31637855468cb81dacf070551ad82b7b75f549199a9e4170f9dcda00fe

SHA512
e61f1deccccc75492e15986ded765222e51f04d00297a9c7a4e333dd58d5393476b71b6d1e587823cc41686297d012efbe7b31b49111db334b6a59a964d22c62

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60652.exe

Filesize
184KB

MD5
d41dacaaa8548da41e8ba4b31bb85a99

SHA1
95e533e14b0315fd16b2bca9bfcfe7f985e4306f

SHA256
a5c52b8b2919fbee0fc06f9a0221e4d4a2088f43b5a02acc3ed1a97f0ccb808e

SHA512
038b7e39d146596997df3d3faf04eea920fe9abc90e39b08e1fe093b086d034b9427bd16abd11b5696ff0becc9aa59ccb14b6e7dc9bc409005a703c3555c3eb1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-63926.exe

Filesize
184KB

MD5
48f3f5c312c50d42d6d9645650bdd59b

SHA1
d4636cabdcec2dc27756f8e5dc8b97349bb829b2

SHA256
019e37a90956f4b6321e7d027f3fcb10d47d21c0c6f42fe2b0fb7e615f22abe7

SHA512
4e696be6ea00b2a22fb24b4f68d1c8a1446459cd7fbea36aa1eb6ec20ad9f9bddbabed6dad22d2c05e42049d069b3f1ff33a49212bda15ac3c3f8393f4fd02e6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-6879.exe

Filesize
184KB

MD5
4d10ce4deefb3baf775f6fec4644efb2

SHA1
8eb38c3c44981c53b95a31c04401049260fc3317

SHA256
85e6ee82c5dd0872f10c8e11d0a2e3889931379fc75a711b5b53ba996c2853b2

SHA512
de4ffeb286adcbe778e66abbb55c5b8efdf34faa3e950b812fd596086521c02759794cf0c740b1f97855ea5eada4f72be5f1d448b80836e8db4a32d50c0443f9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9349.exe

Filesize
184KB

MD5
bc16e649d5d6e08c1a7ffc1a15b3612e

SHA1
5fc3f6b04dbb28539d11c890b888e20f3e9fdcd8

SHA256
b58e4f4108c07225f3883e441ff967942d44265ffb6f588d0fe2f71cc3d1a955

SHA512
31af11c4bd9a7edc6e79465ee8e7941319666a6a68edcf4d756ff26bcfa1d6f79b11f496ecee5bd5a0f3f6b2060bcfc908e2505681e87d4826d19b06af5c8d79

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads