ef43b6581bb8c001f201dfb7f25956d649efcab0831de36aa8cbe4d4c4ff73fa

Analysis

max time kernel
150s
max time network
119s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
03-06-2024 01:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9550d51ad8acab30c35706ea7d29ece0_NeikiAnalytics.exe
Size

184KB
MD5

9550d51ad8acab30c35706ea7d29ece0
SHA1

3893235e57f5f5b2096f3e9aa0f23f34922aa147
SHA256

ef43b6581bb8c001f201dfb7f25956d649efcab0831de36aa8cbe4d4c4ff73fa
SHA512

d0977868f6b9530f30d752b53be5e7ac1fb3d02e920ca9a1f012bda42100733ef7027efa786a026572c0f1bc0458aa0338edf42f57534376638d5dc187ed0fbb
SSDEEP

1536:rBZW6jzLx1P+o/x16CRAqHwhZm9yCZc81md3dWZR2V3Ltfhl5hj5Yizpvg:Nj11P+oJoCRvAZILejWZROhfhlnWiFY

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
3040	Unicorn-41051.exe
3020	Unicorn-15275.exe
3032	Unicorn-49572.exe
2868	Unicorn-40590.exe
2724	Unicorn-53397.exe
2576	Unicorn-51223.exe
780	Unicorn-38808.exe
1924	Unicorn-54651.exe
2720	Unicorn-21595.exe
2232	Unicorn-1729.exe
2412	Unicorn-37693.exe
608	Unicorn-35616.exe
2856	Unicorn-38653.exe
644	Unicorn-29970.exe
1780	Unicorn-49836.exe
2328	Unicorn-3292.exe
1084	Unicorn-48772.exe
1828	Unicorn-52439.exe
444	Unicorn-19636.exe
3024	Unicorn-7213.exe
2924	Unicorn-58801.exe
2244	Unicorn-59377.exe
968	Unicorn-59377.exe
1364	Unicorn-39511.exe
2072	Unicorn-56725.exe
1644	Unicorn-11053.exe
576	Unicorn-11629.exe
1412	Unicorn-2070.exe
1596	Unicorn-51775.exe
1808	Unicorn-6103.exe
2496	Unicorn-39352.exe
3044	Unicorn-26171.exe
2668	Unicorn-56383.exe
2848	Unicorn-43960.exe
2988	Unicorn-57343.exe
2544	Unicorn-11697.exe
2516	Unicorn-23134.exe
2640	Unicorn-44946.exe
1580	Unicorn-24888.exe
1684	Unicorn-25979.exe
2772	Unicorn-58651.exe
1284	Unicorn-58137.exe
2728	Unicorn-51957.exe
1032	Unicorn-16955.exe
1232	Unicorn-36306.exe
1972	Unicorn-63202.exe
2560	Unicorn-64666.exe
2880	Unicorn-45123.exe
1520	Unicorn-31043.exe
3028	Unicorn-35450.exe
1440	Unicorn-61578.exe
1372	Unicorn-3929.exe
1628	Unicorn-64676.exe
2212	Unicorn-19005.exe
2096	Unicorn-13856.exe
1728	Unicorn-49181.exe
1456	Unicorn-28268.exe
2256	Unicorn-41501.exe
2624	Unicorn-55460.exe
2844	Unicorn-18860.exe
2776	Unicorn-940.exe
2816	Unicorn-2030.exe
2520	Unicorn-52108.exe
2540	Unicorn-47510.exe

Loads dropped DLL 64 IoCs

pid	Process
1712	9550d51ad8acab30c35706ea7d29ece0_NeikiAnalytics.exe
1712	9550d51ad8acab30c35706ea7d29ece0_NeikiAnalytics.exe
3040	Unicorn-41051.exe
3040	Unicorn-41051.exe
1712	9550d51ad8acab30c35706ea7d29ece0_NeikiAnalytics.exe
1712	9550d51ad8acab30c35706ea7d29ece0_NeikiAnalytics.exe
3020	Unicorn-15275.exe
3020	Unicorn-15275.exe
3040	Unicorn-41051.exe
3040	Unicorn-41051.exe
3032	Unicorn-49572.exe
3032	Unicorn-49572.exe
2992	WerFault.exe
2992	WerFault.exe
2992	WerFault.exe
2992	WerFault.exe
2992	WerFault.exe
2724	Unicorn-53397.exe
2724	Unicorn-53397.exe
2868	Unicorn-40590.exe
2868	Unicorn-40590.exe
2576	Unicorn-51223.exe
3032	Unicorn-49572.exe
2576	Unicorn-51223.exe
3032	Unicorn-49572.exe
316	WerFault.exe
316	WerFault.exe
316	WerFault.exe
316	WerFault.exe
316	WerFault.exe
1964	WerFault.exe
1964	WerFault.exe
1964	WerFault.exe
1964	WerFault.exe
1964	WerFault.exe
780	Unicorn-38808.exe
780	Unicorn-38808.exe
2724	Unicorn-53397.exe
2724	Unicorn-53397.exe
1924	Unicorn-54651.exe
1924	Unicorn-54651.exe
2868	Unicorn-40590.exe
2232	Unicorn-1729.exe
2868	Unicorn-40590.exe
2232	Unicorn-1729.exe
2720	Unicorn-21595.exe
2720	Unicorn-21595.exe
2576	Unicorn-51223.exe
2576	Unicorn-51223.exe
1632	WerFault.exe
1632	WerFault.exe
1632	WerFault.exe
1632	WerFault.exe
1632	WerFault.exe
572	WerFault.exe
572	WerFault.exe
572	WerFault.exe
572	WerFault.exe
572	WerFault.exe
540	WerFault.exe
540	WerFault.exe
540	WerFault.exe
540	WerFault.exe
540	WerFault.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2908	1712	WerFault.exe	27
2992	3040	WerFault.exe	28
316	3020	WerFault.exe	29
1964	3032	WerFault.exe	30
1632	2724	WerFault.exe	33
572	2868	WerFault.exe	32
540	2576	WerFault.exe	34
1280	780	WerFault.exe	36
908	1924	WerFault.exe	37
2376	2232	WerFault.exe	39
2160	2720	WerFault.exe	38
1260	2412	WerFault.exe	42
1604	644	WerFault.exe	45
2052	2328	WerFault.exe	47
588	608	WerFault.exe	43
2744	1780	WerFault.exe	46
2132	1084	WerFault.exe	48
2392	2856	WerFault.exe	44
1264	1828	WerFault.exe	52
972	444	WerFault.exe	53
1348	3024	WerFault.exe	54
376	2924	WerFault.exe	55
2600	576	WerFault.exe	61
2248	968	WerFault.exe	57
2664	2072	WerFault.exe	59
2884	1364	WerFault.exe	58
2828	1412	WerFault.exe	62
2548	1644	WerFault.exe	60
2444	2204	WerFault.exe	111
2800	1808	WerFault.exe	67
1548	1188	WerFault.exe	125
1120	1580	WerFault.exe	77
1948	1032	WerFault.exe	82
2712	2496	WerFault.exe	69
3116	2988	WerFault.exe	73
3140	1596	WerFault.exe	68
3272	2516	WerFault.exe	75
3332	2668	WerFault.exe	71
3360	3044	WerFault.exe	70
3368	2544	WerFault.exe	74
3428	2848	WerFault.exe	72
3468	2640	WerFault.exe	76
3476	2560	WerFault.exe	87
3652	2772	WerFault.exe	79
3660	1684	WerFault.exe	78
3684	2728	WerFault.exe	81
3728	1232	WerFault.exe	83
3768	1972	WerFault.exe	84
3800	1284	WerFault.exe	80
3220	2880	WerFault.exe	88
3720	2624	WerFault.exe	104
3752	1728	WerFault.exe	100
3860	2256	WerFault.exe	103
3876	1628	WerFault.exe	98
3908	1440	WerFault.exe	92
3912	2212	WerFault.exe	99
3180	2540	WerFault.exe	109
3560	1076	WerFault.exe	114
3580	2196	WerFault.exe	112
3556	2520	WerFault.exe	108
3716	2844	WerFault.exe	105
3896	2172	WerFault.exe	119
3960	688	WerFault.exe	117
4004	2452	WerFault.exe	113

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1712	9550d51ad8acab30c35706ea7d29ece0_NeikiAnalytics.exe
3040	Unicorn-41051.exe
3020	Unicorn-15275.exe
3032	Unicorn-49572.exe
2868	Unicorn-40590.exe
2724	Unicorn-53397.exe
2576	Unicorn-51223.exe
780	Unicorn-38808.exe
1924	Unicorn-54651.exe
2232	Unicorn-1729.exe
2720	Unicorn-21595.exe
2412	Unicorn-37693.exe
608	Unicorn-35616.exe
644	Unicorn-29970.exe
1780	Unicorn-49836.exe
2856	Unicorn-38653.exe
2328	Unicorn-3292.exe
1084	Unicorn-48772.exe
1828	Unicorn-52439.exe
444	Unicorn-19636.exe
3024	Unicorn-7213.exe
2924	Unicorn-58801.exe
2244	Unicorn-59377.exe
1644	Unicorn-11053.exe
968	Unicorn-59377.exe
2072	Unicorn-56725.exe
1364	Unicorn-39511.exe
576	Unicorn-11629.exe
1412	Unicorn-2070.exe
1596	Unicorn-51775.exe
1808	Unicorn-6103.exe
2496	Unicorn-39352.exe
3044	Unicorn-26171.exe
2668	Unicorn-56383.exe
2848	Unicorn-43960.exe
2988	Unicorn-57343.exe
2544	Unicorn-11697.exe
2516	Unicorn-23134.exe
2640	Unicorn-44946.exe
1580	Unicorn-24888.exe
2772	Unicorn-58651.exe
1684	Unicorn-25979.exe
2728	Unicorn-51957.exe
1284	Unicorn-58137.exe
1232	Unicorn-36306.exe
1032	Unicorn-16955.exe
1972	Unicorn-63202.exe
2560	Unicorn-64666.exe
2880	Unicorn-45123.exe
1520	Unicorn-31043.exe
3028	Unicorn-35450.exe
1440	Unicorn-61578.exe
1372	Unicorn-3929.exe
2212	Unicorn-19005.exe
1628	Unicorn-64676.exe
2096	Unicorn-13856.exe
1728	Unicorn-49181.exe
1456	Unicorn-28268.exe
2256	Unicorn-41501.exe
2624	Unicorn-55460.exe
2776	Unicorn-940.exe
2844	Unicorn-18860.exe
2816	Unicorn-2030.exe
2540	Unicorn-47510.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1712 wrote to memory of 3040	1712	9550d51ad8acab30c35706ea7d29ece0_NeikiAnalytics.exe	28
PID 1712 wrote to memory of 3040	1712	9550d51ad8acab30c35706ea7d29ece0_NeikiAnalytics.exe	28
PID 1712 wrote to memory of 3040	1712	9550d51ad8acab30c35706ea7d29ece0_NeikiAnalytics.exe	28
PID 1712 wrote to memory of 3040	1712	9550d51ad8acab30c35706ea7d29ece0_NeikiAnalytics.exe	28
PID 3040 wrote to memory of 3020	3040	Unicorn-41051.exe	29
PID 3040 wrote to memory of 3020	3040	Unicorn-41051.exe	29
PID 3040 wrote to memory of 3020	3040	Unicorn-41051.exe	29
PID 3040 wrote to memory of 3020	3040	Unicorn-41051.exe	29
PID 1712 wrote to memory of 3032	1712	9550d51ad8acab30c35706ea7d29ece0_NeikiAnalytics.exe	30
PID 1712 wrote to memory of 3032	1712	9550d51ad8acab30c35706ea7d29ece0_NeikiAnalytics.exe	30
PID 1712 wrote to memory of 3032	1712	9550d51ad8acab30c35706ea7d29ece0_NeikiAnalytics.exe	30
PID 1712 wrote to memory of 3032	1712	9550d51ad8acab30c35706ea7d29ece0_NeikiAnalytics.exe	30
PID 1712 wrote to memory of 2908	1712	9550d51ad8acab30c35706ea7d29ece0_NeikiAnalytics.exe	31
PID 1712 wrote to memory of 2908	1712	9550d51ad8acab30c35706ea7d29ece0_NeikiAnalytics.exe	31
PID 1712 wrote to memory of 2908	1712	9550d51ad8acab30c35706ea7d29ece0_NeikiAnalytics.exe	31
PID 1712 wrote to memory of 2908	1712	9550d51ad8acab30c35706ea7d29ece0_NeikiAnalytics.exe	31
PID 3020 wrote to memory of 2868	3020	Unicorn-15275.exe	32
PID 3020 wrote to memory of 2868	3020	Unicorn-15275.exe	32
PID 3020 wrote to memory of 2868	3020	Unicorn-15275.exe	32
PID 3020 wrote to memory of 2868	3020	Unicorn-15275.exe	32
PID 3040 wrote to memory of 2724	3040	Unicorn-41051.exe	33
PID 3040 wrote to memory of 2724	3040	Unicorn-41051.exe	33
PID 3040 wrote to memory of 2724	3040	Unicorn-41051.exe	33
PID 3040 wrote to memory of 2724	3040	Unicorn-41051.exe	33
PID 3032 wrote to memory of 2576	3032	Unicorn-49572.exe	34
PID 3032 wrote to memory of 2576	3032	Unicorn-49572.exe	34
PID 3032 wrote to memory of 2576	3032	Unicorn-49572.exe	34
PID 3032 wrote to memory of 2576	3032	Unicorn-49572.exe	34
PID 3040 wrote to memory of 2992	3040	Unicorn-41051.exe	35
PID 3040 wrote to memory of 2992	3040	Unicorn-41051.exe	35
PID 3040 wrote to memory of 2992	3040	Unicorn-41051.exe	35
PID 3040 wrote to memory of 2992	3040	Unicorn-41051.exe	35
PID 2724 wrote to memory of 780	2724	Unicorn-53397.exe	36
PID 2724 wrote to memory of 780	2724	Unicorn-53397.exe	36
PID 2724 wrote to memory of 780	2724	Unicorn-53397.exe	36
PID 2724 wrote to memory of 780	2724	Unicorn-53397.exe	36
PID 2868 wrote to memory of 1924	2868	Unicorn-40590.exe	37
PID 2868 wrote to memory of 1924	2868	Unicorn-40590.exe	37
PID 2868 wrote to memory of 1924	2868	Unicorn-40590.exe	37
PID 2868 wrote to memory of 1924	2868	Unicorn-40590.exe	37
PID 2576 wrote to memory of 2720	2576	Unicorn-51223.exe	38
PID 2576 wrote to memory of 2720	2576	Unicorn-51223.exe	38
PID 2576 wrote to memory of 2720	2576	Unicorn-51223.exe	38
PID 2576 wrote to memory of 2720	2576	Unicorn-51223.exe	38
PID 3032 wrote to memory of 2232	3032	Unicorn-49572.exe	39
PID 3032 wrote to memory of 2232	3032	Unicorn-49572.exe	39
PID 3032 wrote to memory of 2232	3032	Unicorn-49572.exe	39
PID 3032 wrote to memory of 2232	3032	Unicorn-49572.exe	39
PID 3020 wrote to memory of 316	3020	Unicorn-15275.exe	40
PID 3020 wrote to memory of 316	3020	Unicorn-15275.exe	40
PID 3020 wrote to memory of 316	3020	Unicorn-15275.exe	40
PID 3020 wrote to memory of 316	3020	Unicorn-15275.exe	40
PID 3032 wrote to memory of 1964	3032	Unicorn-49572.exe	41
PID 3032 wrote to memory of 1964	3032	Unicorn-49572.exe	41
PID 3032 wrote to memory of 1964	3032	Unicorn-49572.exe	41
PID 3032 wrote to memory of 1964	3032	Unicorn-49572.exe	41
PID 780 wrote to memory of 2412	780	Unicorn-38808.exe	42
PID 780 wrote to memory of 2412	780	Unicorn-38808.exe	42
PID 780 wrote to memory of 2412	780	Unicorn-38808.exe	42
PID 780 wrote to memory of 2412	780	Unicorn-38808.exe	42
PID 2724 wrote to memory of 608	2724	Unicorn-53397.exe	43
PID 2724 wrote to memory of 608	2724	Unicorn-53397.exe	43
PID 2724 wrote to memory of 608	2724	Unicorn-53397.exe	43
PID 2724 wrote to memory of 608	2724	Unicorn-53397.exe	43

C:\Users\Admin\AppData\Local\Temp\9550d51ad8acab30c35706ea7d29ece0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\9550d51ad8acab30c35706ea7d29ece0_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1712
- C:\Users\Admin\AppData\Local\Temp\Unicorn-41051.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-41051.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3040
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15275.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15275.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40590.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40590.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54651.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38653.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11629.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44946.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18860.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14363.exe
        10⤵
        
        PID:2200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3158.exe
        11⤵
        
        PID:4348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17003.exe
        12⤵
        
        PID:6080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13697.exe
        13⤵
        
        PID:8052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21170.exe
        14⤵
        
        PID:10596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8052 -s 216
        14⤵
        
        PID:11832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6080 -s 220
        13⤵
        
        PID:9160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4348 -s 216
        12⤵
        
        PID:6808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2200 -s 236
        11⤵
        
        PID:4200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2844 -s 236
        10⤵
        Program crash
        
        PID:3716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10149.exe
        9⤵
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52037.exe
        10⤵
        
        PID:4112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52600.exe
        11⤵
        
        PID:5400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28250.exe
        12⤵
        
        PID:8308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16750.exe
        13⤵
        
        PID:12184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8308 -s 216
        13⤵
        
        PID:8204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5400 -s 236
        12⤵
        
        PID:9836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4112 -s 216
        11⤵
        
        PID:7288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2904 -s 236
        10⤵
        
        PID:5588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2640 -s 240
        9⤵
        Program crash
        
        PID:3468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-940.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4908.exe
        9⤵
        
        PID:108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-267.exe
        10⤵
        
        PID:3088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3088 -s 220
        11⤵
        
        PID:5984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 108 -s 236
        10⤵
        
        PID:4576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37490.exe
        9⤵
        
        PID:3312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39898.exe
        10⤵
        
        PID:5132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37701.exe
        11⤵
        
        PID:7956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1857.exe
        12⤵
        
        PID:10500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2392.exe
        13⤵
        
        PID:8368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7956 -s 216
        12⤵
        
        PID:9448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5132 -s 216
        11⤵
        
        PID:8828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3312 -s 236
        10⤵
        
        PID:6292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2776 -s 240
        9⤵
        
        PID:4984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 576 -s 240
        8⤵
        Program crash
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24888.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6638.exe
        8⤵
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35661.exe
        9⤵
        
        PID:920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16677.exe
        10⤵
        
        PID:4236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33510.exe
        11⤵
        
        PID:5816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5816 -s 212
        12⤵
        
        PID:8032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4236 -s 216
        11⤵
        
        PID:6568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 920 -s 216
        10⤵
        
        PID:4632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2172 -s 236
        9⤵
        Program crash
        
        PID:3896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48852.exe
        8⤵
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35898.exe
        9⤵
        
        PID:3704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16297.exe
        10⤵
        
        PID:5872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52200.exe
        11⤵
        
        PID:7880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64820.exe
        12⤵
        
        PID:10328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44335.exe
        13⤵
        
        PID:7844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7880 -s 216
        12⤵
        
        PID:11068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5872 -s 216
        11⤵
        
        PID:8788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3704 -s 216
        10⤵
        
        PID:6632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2288 -s 236
        9⤵
        
        PID:5104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1580 -s 240
        8⤵
        Program crash
        
        PID:1120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2856 -s 240
        7⤵
        Program crash
        
        PID:2392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2070.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16955.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38927.exe
        8⤵
        
        PID:2192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2412.exe
        9⤵
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9878.exe
        10⤵
        
        PID:4688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39518.exe
        11⤵
        
        PID:5648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32721.exe
        12⤵
        
        PID:8600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42012.exe
        13⤵
        
        PID:11796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8600 -s 216
        13⤵
        
        PID:7340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5648 -s 236
        12⤵
        
        PID:10028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4688 -s 216
        11⤵
        
        PID:7500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10028.exe
        9⤵
        
        PID:3212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20391.exe
        10⤵
        
        PID:4180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56943.exe
        11⤵
        
        PID:7532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27540.exe
        12⤵
        
        PID:10484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7532 -s 216
        12⤵
        
        PID:10276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4180 -s 216
        11⤵
        
        PID:8624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3212 -s 236
        10⤵
        
        PID:5608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2192 -s 240
        9⤵
        
        PID:4764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26978.exe
        8⤵
        
        PID:2480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17263.exe
        9⤵
        
        PID:3824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7417.exe
        10⤵
        
        PID:5184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2340.exe
        11⤵
        
        PID:8012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4670.exe
        12⤵
        
        PID:10880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38207.exe
        13⤵
        
        PID:8260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8012 -s 216
        12⤵
        
        PID:2948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5184 -s 216
        11⤵
        
        PID:8812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3824 -s 236
        10⤵
        
        PID:6308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2480 -s 216
        9⤵
        
        PID:5052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1032 -s 240
        8⤵
        Program crash
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5548.exe
        7⤵
        
        PID:688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53855.exe
        8⤵
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35639.exe
        9⤵
        
        PID:4380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50251.exe
        10⤵
        
        PID:5148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4455.exe
        11⤵
        
        PID:8176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-724.exe
        12⤵
        
        PID:10312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8176 -s 220
        12⤵
        
        PID:11724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5148 -s 216
        11⤵
        
        PID:9208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4380 -s 216
        10⤵
        
        PID:6844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2360 -s 216
        9⤵
        
        PID:4648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 688 -s 216
        8⤵
        Program crash
        
        PID:3960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1412 -s 240
        7⤵
        Program crash
        
        PID:2828
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1924 -s 240
        6⤵
        Program crash
        
        PID:908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29970.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7213.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26171.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3929.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18858.exe
        9⤵
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47247.exe
        10⤵
        
        PID:3948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15648.exe
        11⤵
        
        PID:4176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14597.exe
        12⤵
        
        PID:7700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36409.exe
        13⤵
        
        PID:10760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7700 -s 216
        13⤵
        
        PID:10700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4176 -s 216
        12⤵
        
        PID:8680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3948 -s 236
        11⤵
        
        PID:6164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2448 -s 236
        10⤵
        
        PID:4840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60438.exe
        9⤵
        
        PID:4008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44937.exe
        10⤵
        
        PID:5740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19479.exe
        11⤵
        
        PID:7552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4512.exe
        12⤵
        
        PID:11088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54075.exe
        13⤵
        
        PID:7248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7552 -s 216
        12⤵
        
        PID:11504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5740 -s 216
        11⤵
        
        PID:8960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4008 -s 216
        10⤵
        
        PID:6500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1372 -s 240
        9⤵
        
        PID:4640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45562.exe
        8⤵
        
        PID:1192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20486.exe
        9⤵
        
        PID:3080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33318.exe
        10⤵
        
        PID:5844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53495.exe
        11⤵
        
        PID:7688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54152.exe
        12⤵
        
        PID:10140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32114.exe
        13⤵
        
        PID:7452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7688 -s 216
        12⤵
        
        PID:10860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5844 -s 220
        11⤵
        
        PID:8992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3080 -s 216
        10⤵
        
        PID:6612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1192 -s 236
        9⤵
        
        PID:4620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3044 -s 240
        8⤵
        Program crash
        
        PID:3360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64676.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33133.exe
        8⤵
        
        PID:3236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45867.exe
        9⤵
        
        PID:3424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44361.exe
        10⤵
        
        PID:5696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2916.exe
        11⤵
        
        PID:8040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40239.exe
        12⤵
        
        PID:9688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31922.exe
        13⤵
        
        PID:7584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8040 -s 216
        12⤵
        
        PID:9608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5696 -s 216
        11⤵
        
        PID:8844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3424 -s 216
        10⤵
        
        PID:6524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3236 -s 216
        9⤵
        
        PID:4524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1628 -s 216
        8⤵
        Program crash
        
        PID:3876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3024 -s 240
        7⤵
        Program crash
        
        PID:1348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56383.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19005.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20970.exe
        8⤵
        
        PID:1940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59074.exe
        9⤵
        
        PID:4304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8547.exe
        10⤵
        
        PID:5492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34781.exe
        11⤵
        
        PID:8436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16994.exe
        12⤵
        
        PID:8084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8436 -s 216
        12⤵
        
        PID:7600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5492 -s 216
        11⤵
        
        PID:9920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4304 -s 216
        10⤵
        
        PID:7408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1940 -s 236
        9⤵
        
        PID:5416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2212 -s 236
        8⤵
        Program crash
        
        PID:3912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34928.exe
        7⤵
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27590.exe
        8⤵
        
        PID:3616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28752.exe
        9⤵
        
        PID:5460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37512.exe
        10⤵
        
        PID:848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30423.exe
        11⤵
        
        PID:10692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 848 -s 216
        11⤵
        
        PID:11936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5460 -s 216
        10⤵
        
        PID:8228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3616 -s 216
        9⤵
        
        PID:6656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2352 -s 236
        8⤵
        
        PID:5680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2668 -s 240
        7⤵
        Program crash
        
        PID:3332
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 644 -s 240
        6⤵
        Program crash
        
        PID:1604
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2868 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:572
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3020 -s 236
      4⤵
      Loads dropped DLL
      Program crash
      PID:316
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53397.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53397.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38808.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38808.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37693.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52439.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6103.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64666.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-502.exe
        9⤵
        
        PID:1188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1188 -s 240
        10⤵
        Program crash
        
        PID:1548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5567.exe
        9⤵
        
        PID:1880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35322.exe
        10⤵
        
        PID:3624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33598.exe
        11⤵
        
        PID:4668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47078.exe
        12⤵
        
        PID:7640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31723.exe
        13⤵
        
        PID:10712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7640 -s 220
        13⤵
        
        PID:10924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4668 -s 216
        12⤵
        
        PID:8644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3624 -s 236
        11⤵
        
        PID:5264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1880 -s 236
        10⤵
        
        PID:4816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2560 -s 240
        9⤵
        Program crash
        
        PID:3476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24788.exe
        8⤵
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18329.exe
        9⤵
        
        PID:2408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39738.exe
        10⤵
        
        PID:3780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26649.exe
        11⤵
        
        PID:5244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61020.exe
        12⤵
        
        PID:8108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33220.exe
        13⤵
        
        PID:9396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48263.exe
        14⤵
        
        PID:6224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8108 -s 236
        13⤵
        
        PID:10096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5244 -s 220
        12⤵
        
        PID:2104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3780 -s 216
        11⤵
        
        PID:6640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2408 -s 236
        10⤵
        
        PID:4296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27381.exe
        9⤵
        
        PID:3936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27179.exe
        10⤵
        
        PID:5960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12981.exe
        11⤵
        
        PID:7752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52722.exe
        12⤵
        
        PID:11224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27743.exe
        13⤵
        
        PID:7472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7752 -s 216
        12⤵
        
        PID:11684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5960 -s 216
        11⤵
        
        PID:9268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3936 -s 216
        10⤵
        
        PID:6672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2876 -s 240
        9⤵
        
        PID:4396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1808 -s 240
        8⤵
        Program crash
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31043.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18090.exe
        8⤵
        
        PID:1704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61406.exe
        9⤵
        
        PID:3404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32443.exe
        10⤵
        
        PID:4884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48126.exe
        11⤵
        
        PID:7328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5209.exe
        12⤵
        
        PID:9764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7328 -s 216
        12⤵
        
        PID:10740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4884 -s 216
        11⤵
        
        PID:8196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3404 -s 216
        10⤵
        
        PID:5784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1704 -s 236
        9⤵
        
        PID:4724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38281.exe
        8⤵
        
        PID:3524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24221.exe
        9⤵
        
        PID:4480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19912.exe
        10⤵
        
        PID:7920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54346.exe
        11⤵
        
        PID:11008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7920 -s 220
        11⤵
        
        PID:11328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4480 -s 216
        10⤵
        
        PID:8796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1520 -s 240
        8⤵
        
        PID:4944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1828 -s 240
        7⤵
        Program crash
        
        PID:1264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51775.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45123.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16144.exe
        8⤵
        
        PID:352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-643.exe
        9⤵
        
        PID:3168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18789.exe
        10⤵
        
        PID:3636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1543.exe
        11⤵
        
        PID:6116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46946.exe
        12⤵
        
        PID:8132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4670.exe
        13⤵
        
        PID:10888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8132 -s 216
        13⤵
        
        PID:11180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6116 -s 220
        12⤵
        
        PID:9172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3636 -s 216
        11⤵
        
        PID:6828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3168 -s 216
        10⤵
        
        PID:4292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47439.exe
        9⤵
        
        PID:4140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18861.exe
        10⤵
        
        PID:5868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34762.exe
        11⤵
        
        PID:7972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4670.exe
        12⤵
        
        PID:10896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27219.exe
        13⤵
        
        PID:8512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7972 -s 216
        12⤵
        
        PID:10324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5868 -s 204
        11⤵
        
        PID:9428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4140 -s 216
        10⤵
        
        PID:6932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 352 -s 240
        9⤵
        
        PID:5644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13642.exe
        8⤵
        
        PID:3204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46443.exe
        9⤵
        
        PID:3632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57739.exe
        10⤵
        
        PID:6012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24855.exe
        11⤵
        
        PID:7952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2016.exe
        12⤵
        
        PID:11136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7952 -s 216
        12⤵
        
        PID:11532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6012 -s 220
        11⤵
        
        PID:9136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3632 -s 216
        10⤵
        
        PID:6696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3204 -s 236
        9⤵
        
        PID:4272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2880 -s 240
        8⤵
        Program crash
        
        PID:3220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11929.exe
        7⤵
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25068.exe
        8⤵
        
        PID:3520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20869.exe
        9⤵
        
        PID:5836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18379.exe
        10⤵
        
        PID:7516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63656.exe
        10⤵
        
        PID:8156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64212.exe
        11⤵
        
        PID:10968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56653.exe
        12⤵
        
        PID:900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8156 -s 216
        11⤵
        
        PID:12016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5836 -s 220
        10⤵
        
        PID:9572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3520 -s 216
        9⤵
        
        PID:7124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2976 -s 236
        8⤵
        
        PID:6064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1596 -s 240
        7⤵
        Program crash
        
        PID:3140
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2412 -s 240
        6⤵
        Program crash
        
        PID:1260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19636.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39352.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35450.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32371.exe
        8⤵
        
        PID:1352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39738.exe
        9⤵
        
        PID:3788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24413.exe
        10⤵
        
        PID:4704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52200.exe
        11⤵
        
        PID:7872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34458.exe
        12⤵
        
        PID:9740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-209.exe
        13⤵
        
        PID:12136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7872 -s 236
        12⤵
        
        PID:10288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4704 -s 216
        11⤵
        
        PID:8820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3788 -s 216
        10⤵
        
        PID:6268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1352 -s 216
        9⤵
        
        PID:4928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62742.exe
        8⤵
        
        PID:3888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37324.exe
        9⤵
        
        PID:5256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3876.exe
        10⤵
        
        PID:7892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25480.exe
        11⤵
        
        PID:10644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7892 -s 216
        11⤵
        
        PID:10804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5256 -s 216
        10⤵
        
        PID:8804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3888 -s 236
        9⤵
        
        PID:6328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3028 -s 240
        8⤵
        
        PID:5112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42681.exe
        7⤵
        
        PID:2396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40698.exe
        8⤵
        
        PID:3840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13992.exe
        9⤵
        
        PID:5568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24279.exe
        10⤵
        
        PID:7800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56284.exe
        11⤵
        
        PID:10824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31635.exe
        12⤵
        
        PID:12228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7800 -s 216
        11⤵
        
        PID:10964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5568 -s 220
        10⤵
        
        PID:9008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3840 -s 216
        9⤵
        
        PID:6476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2396 -s 236
        8⤵
        
        PID:4408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2496 -s 240
        7⤵
        Program crash
        
        PID:2712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61578.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54026.exe
        7⤵
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1793.exe
        8⤵
        
        PID:4248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41028.exe
        9⤵
        
        PID:5604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3810.exe
        10⤵
        
        PID:8464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64933.exe
        11⤵
        
        PID:5376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8464 -s 216
        11⤵
        
        PID:8340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5604 -s 216
        10⤵
        
        PID:9928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4248 -s 216
        9⤵
        
        PID:7392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2764 -s 236
        8⤵
        
        PID:5308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1440 -s 236
        7⤵
        Program crash
        
        PID:3908
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 444 -s 240
        6⤵
        Program crash
        
        PID:972
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 780 -s 240
        5⤵
        Program crash
        
        PID:1280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35616.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35616.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59377.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11697.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41501.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-108.exe
        8⤵
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49733.exe
        9⤵
        
        PID:4192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51149.exe
        10⤵
        
        PID:5812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48493.exe
        11⤵
        
        PID:8096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4747.exe
        12⤵
        
        PID:9328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35057.exe
        13⤵
        
        PID:2420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8096 -s 216
        12⤵
        
        PID:10656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5812 -s 220
        11⤵
        
        PID:9376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4192 -s 216
        10⤵
        
        PID:6904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2596 -s 236
        9⤵
        
        PID:5200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2256 -s 236
        8⤵
        Program crash
        
        PID:3860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34352.exe
        7⤵
        
        PID:1764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1764 -s 220
        8⤵
        
        PID:4108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2544 -s 240
        7⤵
        Program crash
        
        PID:3368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55460.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16362.exe
        7⤵
        
        PID:1000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47429.exe
        8⤵
        
        PID:3812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36757.exe
        9⤵
        
        PID:5940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3068.exe
        10⤵
        
        PID:8396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47502.exe
        11⤵
        
        PID:12216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8396 -s 216
        11⤵
        
        PID:8232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5940 -s 216
        10⤵
        
        PID:9912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3812 -s 216
        9⤵
        
        PID:7280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1000 -s 236
        8⤵
        
        PID:5976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2624 -s 236
        7⤵
        Program crash
        
        PID:3720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23134.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34511.exe
        6⤵
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30015.exe
        7⤵
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38970.exe
        8⤵
        
        PID:3232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7329.exe
        9⤵
        
        PID:5788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2011.exe
        10⤵
        
        PID:8164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8529.exe
        11⤵
        
        PID:10436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8164 -s 216
        11⤵
        
        PID:11764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5788 -s 216
        10⤵
        
        PID:9232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3232 -s 220
        9⤵
        
        PID:7056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2604 -s 236
        8⤵
        
        PID:5728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5202.exe
        7⤵
        
        PID:3416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34086.exe
        8⤵
        
        PID:5908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11393.exe
        9⤵
        
        PID:7728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4670.exe
        10⤵
        
        PID:10872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7728 -s 216
        10⤵
        
        PID:10352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5908 -s 220
        9⤵
        
        PID:9000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3416 -s 216
        8⤵
        
        PID:6648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2784 -s 240
        7⤵
        
        PID:4908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51587.exe
        6⤵
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27180.exe
        7⤵
        
        PID:3976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41242.exe
        8⤵
        
        PID:4260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46886.exe
        9⤵
        
        PID:7672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41681.exe
        10⤵
        
        PID:10364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5648.exe
        11⤵
        
        PID:7388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7672 -s 216
        10⤵
        
        PID:11100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4260 -s 216
        9⤵
        
        PID:8688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3976 -s 216
        8⤵
        
        PID:6260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2416 -s 216
        7⤵
        
        PID:4936
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2516 -s 240
        6⤵
        Program crash
        
        PID:3272
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 608 -s 240
        5⤵
        Program crash
        
        PID:588
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2724 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1632
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3040 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2992
- C:\Users\Admin\AppData\Local\Temp\Unicorn-49572.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-49572.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3032
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51223.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51223.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21595.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21595.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3292.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58801.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43960.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49181.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30067.exe
        9⤵
        
        PID:2080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60646.exe
        10⤵
        
        PID:3500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3883.exe
        11⤵
        
        PID:5404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63051.exe
        12⤵
        
        PID:7772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7908.exe
        13⤵
        
        PID:10552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7772 -s 216
        13⤵
        
        PID:10572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5404 -s 216
        12⤵
        
        PID:8740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3500 -s 216
        11⤵
        
        PID:6368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2080 -s 236
        10⤵
        
        PID:4220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1728 -s 236
        9⤵
        Program crash
        
        PID:3752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12723.exe
        8⤵
        
        PID:1860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28680.exe
        9⤵
        
        PID:4076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27854.exe
        10⤵
        
        PID:6088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9385.exe
        11⤵
        
        PID:7780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-724.exe
        12⤵
        
        PID:10296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7780 -s 220
        12⤵
        
        PID:11664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6088 -s 220
        11⤵
        
        PID:9288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4076 -s 216
        10⤵
        
        PID:6576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1860 -s 236
        9⤵
        
        PID:5676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2848 -s 240
        8⤵
        Program crash
        
        PID:3428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13856.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54794.exe
        8⤵
        
        PID:1316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42857.exe
        9⤵
        
        PID:3584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47936.exe
        10⤵
        
        PID:4872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64587.exe
        11⤵
        
        PID:7732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23700.exe
        12⤵
        
        PID:10456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39883.exe
        13⤵
        
        PID:7572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7732 -s 216
        12⤵
        
        PID:10248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4872 -s 216
        11⤵
        
        PID:8696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3584 -s 216
        10⤵
        
        PID:6148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1316 -s 216
        9⤵
        
        PID:4860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52976.exe
        8⤵
        
        PID:3676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61164.exe
        9⤵
        
        PID:5468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21207.exe
        10⤵
        
        PID:8112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26675.exe
        11⤵
        
        PID:9752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58528.exe
        12⤵
        
        PID:12276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8112 -s 216
        11⤵
        
        PID:11256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5468 -s 216
        10⤵
        
        PID:8896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3676 -s 216
        9⤵
        
        PID:6408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 240
        8⤵
        
        PID:4328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2924 -s 240
        7⤵
        Program crash
        
        PID:376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57343.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28268.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48624.exe
        8⤵
        
        PID:1832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53085.exe
        9⤵
        
        PID:3564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54345.exe
        10⤵
        
        PID:5432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35973.exe
        11⤵
        
        PID:8088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1613.exe
        12⤵
        
        PID:10300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3292.exe
        13⤵
        
        PID:7908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8088 -s 216
        12⤵
        
        PID:11052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5432 -s 216
        11⤵
        
        PID:8868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3564 -s 216
        10⤵
        
        PID:6384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1832 -s 236
        9⤵
        
        PID:4356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12934.exe
        8⤵
        
        PID:3596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60972.exe
        9⤵
        
        PID:5508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38996.exe
        10⤵
        
        PID:8140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8650.exe
        11⤵
        
        PID:10676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9123.exe
        12⤵
        
        PID:8768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8140 -s 216
        11⤵
        
        PID:10904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5508 -s 216
        10⤵
        
        PID:8924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3596 -s 216
        9⤵
        
        PID:6432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1456 -s 240
        8⤵
        
        PID:4388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62583.exe
        7⤵
        
        PID:1296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14766.exe
        8⤵
        
        PID:3996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52005.exe
        9⤵
        
        PID:5220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37512.exe
        10⤵
        
        PID:7348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5028.exe
        11⤵
        
        PID:10580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46596.exe
        12⤵
        
        PID:8984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7348 -s 216
        11⤵
        
        PID:10608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5220 -s 216
        10⤵
        
        PID:8404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3996 -s 216
        9⤵
        
        PID:6860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1296 -s 236
        8⤵
        
        PID:5268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2988 -s 240
        7⤵
        Program crash
        
        PID:3116
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2328 -s 240
        6⤵
        Program crash
        
        PID:2052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39511.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51957.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2030.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47036.exe
        8⤵
        
        PID:928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44969.exe
        9⤵
        
        PID:4084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18757.exe
        10⤵
        
        PID:5496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13557.exe
        11⤵
        
        PID:7932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43314.exe
        12⤵
        
        PID:10384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6416.exe
        13⤵
        
        PID:7456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7932 -s 216
        12⤵
        
        PID:11700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5496 -s 216
        11⤵
        
        PID:9224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4084 -s 216
        10⤵
        
        PID:6972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 928 -s 236
        9⤵
        
        PID:5444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25871.exe
        8⤵
        
        PID:3324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60972.exe
        9⤵
        
        PID:5516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35973.exe
        10⤵
        
        PID:8080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54346.exe
        11⤵
        
        PID:10992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59488.exe
        12⤵
        
        PID:7312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5516 -s 216
        10⤵
        
        PID:9024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3324 -s 216
        9⤵
        
        PID:6424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2816 -s 240
        8⤵
        
        PID:4336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10149.exe
        7⤵
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27362.exe
        8⤵
        
        PID:4444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50251.exe
        9⤵
        
        PID:5176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20439.exe
        10⤵
        
        PID:7576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22932.exe
        11⤵
        
        PID:10400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60275.exe
        12⤵
        
        PID:8544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7576 -s 216
        11⤵
        
        PID:11124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5176 -s 220
        10⤵
        
        PID:8968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4444 -s 216
        9⤵
        
        PID:6836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2180 -s 216
        8⤵
        
        PID:4896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2728 -s 240
        7⤵
        Program crash
        
        PID:3684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47510.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37197.exe
        7⤵
        
        PID:3060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45161.exe
        8⤵
        
        PID:4040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61958.exe
        9⤵
        
        PID:5664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49463.exe
        10⤵
        
        PID:7568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61140.exe
        11⤵
        
        PID:10784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8450.exe
        12⤵
        
        PID:12240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7568 -s 220
        11⤵
        
        PID:11948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5664 -s 220
        10⤵
        
        PID:9452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4040 -s 216
        9⤵
        
        PID:6548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3060 -s 216
        8⤵
        
        PID:4492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2540 -s 216
        7⤵
        Program crash
        
        PID:3180
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1364 -s 240
        6⤵
        Program crash
        
        PID:2884
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2720 -s 240
        5⤵
        Program crash
        
        PID:2160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48772.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48772.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11053.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36306.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52108.exe
        7⤵
        Executes dropped EXE
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15946.exe
        8⤵
        
        PID:3304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51077.exe
        9⤵
        
        PID:3648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27242.exe
        10⤵
        
        PID:5488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3791.exe
        11⤵
        
        PID:7648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20175.exe
        12⤵
        
        PID:10524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7648 -s 220
        12⤵
        
        PID:11800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5488 -s 220
        11⤵
        
        PID:9468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3648 -s 216
        10⤵
        
        PID:7080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3304 -s 236
        9⤵
        
        PID:6028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2520 -s 216
        8⤵
        Program crash
        
        PID:3556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48084.exe
        7⤵
        
        PID:1576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57538.exe
        8⤵
        
        PID:4472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55077.exe
        9⤵
        
        PID:5708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50859.exe
        10⤵
        
        PID:7580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36531.exe
        11⤵
        
        PID:10944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49441.exe
        12⤵
        
        PID:7028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7580 -s 216
        11⤵
        
        PID:11416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5708 -s 216
        10⤵
        
        PID:9240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4472 -s 216
        9⤵
        
        PID:7016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1576 -s 216
        8⤵
        
        PID:5480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1232 -s 240
        7⤵
        Program crash
        
        PID:3728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34764.exe
        6⤵
        
        PID:2204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2204 -s 240
        7⤵
        Program crash
        
        PID:2444
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1644 -s 240
        6⤵
        Program crash
        
        PID:2548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63202.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25414.exe
        6⤵
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6107.exe
        7⤵
        
        PID:2156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15534.exe
        8⤵
        
        PID:3188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51237.exe
        9⤵
        
        PID:5612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19033.exe
        10⤵
        
        PID:8128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19998.exe
        11⤵
        
        PID:11152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2768.exe
        12⤵
        
        PID:7656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8128 -s 216
        11⤵
        
        PID:11620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5612 -s 216
        10⤵
        
        PID:9248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3188 -s 216
        9⤵
        
        PID:6980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2156 -s 216
        8⤵
        
        PID:5552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37490.exe
        7⤵
        
        PID:3340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38180.exe
        8⤵
        
        PID:4256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58697.exe
        9⤵
        
        PID:7560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57472.exe
        10⤵
        
        PID:10256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60256.exe
        11⤵
        
        PID:12196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7560 -s 216
        10⤵
        
        PID:10848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4256 -s 216
        9⤵
        
        PID:8552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3340 -s 236
        8⤵
        
        PID:5796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1616 -s 240
        7⤵
        
        PID:4780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1509.exe
        6⤵
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1622.exe
        7⤵
        
        PID:4516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44169.exe
        8⤵
        
        PID:5628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4211.exe
        9⤵
        
        PID:7432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38885.exe
        10⤵
        
        PID:10088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29094.exe
        11⤵
        
        PID:7860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7432 -s 216
        10⤵
        
        PID:10852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5628 -s 216
        9⤵
        
        PID:8952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4516 -s 216
        8⤵
        
        PID:6464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2692 -s 216
        7⤵
        
        PID:4580
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1972 -s 240
        6⤵
        Program crash
        
        PID:3768
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1084 -s 240
        5⤵
        Program crash
        
        PID:2132
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2576 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:540
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1729.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1729.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49836.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49836.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59377.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25979.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58470.exe
        7⤵
        
        PID:1076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46268.exe
        8⤵
        
        PID:1508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27362.exe
        9⤵
        
        PID:4452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35560.exe
        10⤵
        
        PID:5284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22219.exe
        11⤵
        
        PID:7664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19901.exe
        12⤵
        
        PID:10104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44335.exe
        13⤵
        
        PID:7852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7664 -s 216
        12⤵
        
        PID:10672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5284 -s 204
        11⤵
        
        PID:9200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4452 -s 216
        10⤵
        
        PID:6884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1508 -s 216
        9⤵
        
        PID:5156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1076 -s 216
        8⤵
        Program crash
        
        PID:3560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59459.exe
        7⤵
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36215.exe
        8⤵
        
        PID:4428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44937.exe
        9⤵
        
        PID:5748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47906.exe
        10⤵
        
        PID:7912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8344.exe
        11⤵
        
        PID:10792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47480.exe
        12⤵
        
        PID:7864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7912 -s 216
        11⤵
        
        PID:10732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5748 -s 220
        10⤵
        
        PID:9016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4428 -s 216
        9⤵
        
        PID:6492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2964 -s 216
        8⤵
        
        PID:4556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1684 -s 220
        7⤵
        Program crash
        
        PID:3660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38412.exe
        6⤵
        
        PID:604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38588.exe
        7⤵
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50309.exe
        8⤵
        
        PID:4276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59722.exe
        9⤵
        
        PID:5276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50003.exe
        10⤵
        
        PID:7904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49189.exe
        11⤵
        
        PID:10928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44335.exe
        12⤵
        
        PID:7816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7904 -s 216
        11⤵
        
        PID:12008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5276 -s 220
        10⤵
        
        PID:9556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4276 -s 216
        9⤵
        
        PID:7180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1672 -s 236
        8⤵
        
        PID:5380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 604 -s 216
        7⤵
        
        PID:4036
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 968 -s 240
        6⤵
        Program crash
        
        PID:2248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58137.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8392.exe
        6⤵
        
        PID:3064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53855.exe
        7⤵
        
        PID:2304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36215.exe
        8⤵
        
        PID:4420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50277.exe
        9⤵
        
        PID:5384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18379.exe
        10⤵
        
        PID:7540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18514.exe
        11⤵
        
        PID:10336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7540 -s 216
        11⤵
        
        PID:11676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5384 -s 216
        10⤵
        
        PID:8432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4420 -s 220
        9⤵
        
        PID:6920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2304 -s 216
        8⤵
        
        PID:5332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3064 -s 216
        7⤵
        
        PID:4024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1701.exe
        6⤵
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34103.exe
        7⤵
        
        PID:4536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10183.exe
        8⤵
        
        PID:6036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12789.exe
        9⤵
        
        PID:7868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5910.exe
        10⤵
        
        PID:10428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2968.exe
        11⤵
        
        PID:7820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7868 -s 216
        10⤵
        
        PID:11216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6036 -s 216
        9⤵
        
        PID:9036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4536 -s 216
        8⤵
        
        PID:6756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2116 -s 236
        7⤵
        
        PID:4316
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1284 -s 240
        6⤵
        Program crash
        
        PID:3800
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1780 -s 220
        5⤵
        Program crash
        
        PID:2744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56725.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56725.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58651.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25222.exe
        6⤵
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34893.exe
        7⤵
        
        PID:2428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16677.exe
        8⤵
        
        PID:4228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10851.exe
        9⤵
        
        PID:5852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34781.exe
        10⤵
        
        PID:8444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20808.exe
        11⤵
        
        PID:12264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8444 -s 216
        11⤵
        
        PID:7420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5852 -s 216
        10⤵
        
        PID:9856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4228 -s 216
        9⤵
        
        PID:7400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2428 -s 236
        8⤵
        
        PID:5280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2196 -s 216
        7⤵
        Program crash
        
        PID:3580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48084.exe
        6⤵
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36215.exe
        7⤵
        
        PID:4412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29478.exe
        8⤵
        
        PID:5764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38804.exe
        9⤵
        
        PID:8168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54346.exe
        10⤵
        
        PID:11000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8168 -s 220
        10⤵
        
        PID:11336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5764 -s 216
        9⤵
        
        PID:8940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4412 -s 216
        8⤵
        
        PID:6512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2824 -s 216
        7⤵
        
        PID:4532
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2772 -s 240
        6⤵
        Program crash
        
        PID:3652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18485.exe
        5⤵
        
        PID:2452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53855.exe
        6⤵
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1622.exe
        7⤵
        
        PID:4504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57739.exe
        8⤵
        
        PID:6004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6759.exe
        9⤵
        
        PID:7696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3552.exe
        10⤵
        
        PID:11060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7696 -s 216
        10⤵
        
        PID:11548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6004 -s 216
        9⤵
        
        PID:9256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4504 -s 216
        8⤵
        
        PID:6704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1512 -s 216
        7⤵
        
        PID:4364
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2452 -s 236
        6⤵
        Program crash
        
        PID:4004
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2072 -s 240
        5⤵
        Program crash
        
        PID:2664
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2232 -s 240
      4⤵
      Program crash
      PID:2376
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3032 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:1964
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1712 -s 240
  2⤵
  - Program crash
  PID:2908

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-1613.exe

Filesize
184KB

MD5
357b980dedeaa64a7077edbac94f3f41

SHA1
670bdc83282ebaf2e374ed3e4c6aed02fd669715

SHA256
3c2f02a103314b04e5a15293aaa4d490478c9d294d8ab6c507dd5f75ef55f677

SHA512
54fa92e4edc561a31b5d6a1665bac38de2b7dcca7be518b320aee96e2b4b9fb6c13a5367d48e1310e4aa39a8577e0b340e4610277dbbe2998fb98325049c7c17

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-1729.exe

Filesize
184KB

MD5
f41cee415789d074dce2e5cf0753d9b3

SHA1
8306d1b9f47b8e756bbcf160077816d3cb09051a

SHA256
d50f3cf15f4114fbfb47ecb50abeea2bc7dec0917cd27db34b8a90211f05c62f

SHA512
469a57baf213ac8a4ab06da5ec46f8b2b1e96b635b8c42e289dc33b8db11c3d649f680020778613fa5f21931622c150e35a57801aafef8812950b08d6fbd58d5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21595.exe

Filesize
184KB

MD5
a7453125c6eef30a07342330df0c219f

SHA1
964b669cdbcf99dfa54e9115fa4d9d63820f024c

SHA256
04f05365edb0c2a41a264e3adbbca1ce404ec3ae7b4c67084f9db374cbe5a665

SHA512
2888ab72739ff92f8fa73f26b507dc7089539b1deb7f3fd4432f84911cd9413b2d7906848b9eb2f36123695f376371f93da1e5477437d54adc134bf697f35116

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31723.exe

Filesize
184KB

MD5
fc931f15578819449289cbbba40952ac

SHA1
026a9be8bcef0a4226940029f5fa0a47b7c24e00

SHA256
0653b158bf1d54666e80580169e7a61bb4f3495fb0edf9b7fa5a875b80978e2c

SHA512
232cf09c3b4e9d29d6d9a1f74ef599d54419bbcf15ee766c9f7f70957d75ccdfdfa0bdd5a0eb42b6e9f42d49cb3190b302f17304bdd61b6add9640bfa6295a0e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35616.exe

Filesize
184KB

MD5
e73e7dd0775838cbcb1cdd4a32d3a2fd

SHA1
d6646cefa905cfccc6bdf299d5e8edd2eca485c5

SHA256
9d405627bcd1ecf62fb31f978d9354e7172cc6ab1d823863dbc30ef304a20bbf

SHA512
802e30162786482d337dfe4d6a9d3eec77abd54a550089d88fed44554bdfee824f95f97e647995fe5fd08696e0168d6da40c0de7d0864116714093d9d31ce49d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38804.exe

Filesize
184KB

MD5
fd8a7da47430d7e04ed805faed095c67

SHA1
37b82575ba1f76558327db3b548939f10b2b24e3

SHA256
9a0d5418a688dd875f2e8a89997894d53b1eb336e301d81ed519d37d4943b778

SHA512
7396ac279f64b4d7a75ffb14ec8f57a59233b7cc70c2f3847728c7ce3a884d991c782a940c97f06f8e80a5263dad8e10cb8d8a0298e7d5645172e360663a81b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43314.exe

Filesize
184KB

MD5
6482e8a746af4d8f3214ee0c24b4acfc

SHA1
9d7f6930e3d85dc4c3edcc17e477234c0d58b807

SHA256
d62edf0549e634b43b85fd18db4460b754b092056f3ed1469af8c07b36ebe660

SHA512
fede04826f27729e9e0cc8b0009b772d9c5be89267eaab4c890310294498b9fc484d970de22f376f8acce0933c220b9576371e72d34d30c049f7be6dc4670ce0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54152.exe

Filesize
184KB

MD5
924118a945de2bac526e7c249eee3718

SHA1
8ac3f71d30bed61994fe77f4d59c393a600cea82

SHA256
0f5d761398a649a8ecc290bfeeaac8b549c952daccc6426323b65f0c9d188cdf

SHA512
72ce5cfc4aaa706403441d523dad90e74c1d9ddebd29b8a1f764f6c120d413728bb7e47dafd2efe575d57285266a474df273f775c08c2ccef5997b8c56ac281a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54651.exe

Filesize
184KB

MD5
4f840ff5c787632b201e21d5901ff45d

SHA1
7c68d0d3c658d3f857c109d2936a745382b9c7a8

SHA256
5e816636590a52a70651bd91ded7116646ceda81355429610c00d1426c13254e

SHA512
6936eacebcb870f8a2254abf9e8acce06813315257c9e0c193e89aa6cbda9e96547c9a1594a806836fd5f60925c006ff73ad60e39406672010be2a229fbc7b33

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6103.exe

Filesize
184KB

MD5
45f9fd93af218b28e2dccb10dfef0077

SHA1
a62c94bc12e7c6ed35686bde68e50c82b6e81b3d

SHA256
a6ba47b37f6041fcf201c244555f07b136740d3c1c93c0f0ee91bc884927a9bb

SHA512
6ec50e1d4b4adcc750d8d4ecb25a7e6c374e9a6103910cea1473fa80751cf29b49e75204f366e42302a62fed0b71ee90bf9ec48f53f70f137f98927088dff457

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6107.exe

Filesize
184KB

MD5
2939532bf4ad3b297338c3f6f1b50677

SHA1
25bb07cb42317213bffd92c9342d320762574053

SHA256
2d7d3aeda912a7773fd12722cb1b2251b4b216607374cb12ba47356a4b426ebf

SHA512
39b4a648afcc93169f6264670545c9c8543ae7f742c366edc9c92e5c144d3408c585d79fa78703651ae506f80aeb245a126e69ac240e04f4664101ce19b4ea77

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6638.exe

Filesize
184KB

MD5
21d9c14eb7aebe0b178a2213e4ecc291

SHA1
29114a4838a18745ff38c333f44170f448c4e7ab

SHA256
a3ce8108974b8ddfbb2756b5cf8d215eac1f341bb7b602226d07f35f20b0b661

SHA512
b491e3450068697b57b74a229891407c595900294edace6b8043fb6e5c4be33424ddd06a6237f38485e65e815a7dbb7eff5d2737c15329ca30c249ed363951a3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-15275.exe

Filesize
184KB

MD5
19df94d91fff33aaff656c699ab58b86

SHA1
d55a4e245ea4a4a47616e536c1ece04cd1c5b6ad

SHA256
af22ec364bcc3b385d5ddee198c9e37563208b607b1320ac6ed843728394a4ef

SHA512
aa42aec324ce37c9e957e52f6a7959fb219b46885a699f9b2e6d9c1bdd50de5747706040e54576ee239802145855fe781a5a133e9d5f3613aff317f8ff531478

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-29970.exe

Filesize
184KB

MD5
c6afb702730469ea9ee7460468dc63e9

SHA1
aba59ead6ce4c2fb0615d1aa84d5edd40354336c

SHA256
1ab57bbc8912052d7035a471dfbd7089c3b003fce327b408c5e7fcff66d40111

SHA512
5f55efd04e0c27ef45df780dd6a60a44b5fd4fb4d07a6c030a70007b2c3323f6deb18557e8674ed8ab3e92cf5230a5c1fd249a8ae0d850ae72bf71cbf5380f12

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-37693.exe

Filesize
184KB

MD5
ebf8eeffd1b2e07fb6dc91a6e0cd6f4f

SHA1
c05d85320c84df2c88bf0817f5dcaf7b0427f1f4

SHA256
a0d899eb9f3d4e3e8cd97693b3c0e6b825aca1226c6a6bd7ec7380be07149814

SHA512
37362082044f907f9acbd6a1c413a48619a6ec5bd37bfe56d9d9e775edd5597e83f0d4b69bfdf50a3ed7bc2a8b18a2ef493b0f438c9cc91070488eac3d1fafc1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-38653.exe

Filesize
184KB

MD5
cfc54d459606c18697836440e8499c76

SHA1
811ed9d475f72776c589df94b43484f1e7e96058

SHA256
59af75694bb42aaf01baa4256198ece0906ec9f889c5ce9f0b39a334b90588e5

SHA512
23f0bdae08e4c4931def87734ea02d78bff1bc484a0437f5db3db0fab378107182be51fbde7a3197642cfcb535837dd212965e410aba6349d812566626b59847

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-38808.exe

Filesize
184KB

MD5
43b9785439f5216ddb5a4027bacc1bae

SHA1
338bb6b822547b98f57cc929ff3f185e84264a10

SHA256
142d410a5c809668eb8db4db0cc8215fd0e7e2e0630dd1dd02678872dbd15b35

SHA512
604716a8899e398ae368e8e7a0e8fd6655b5f72b162d1f1f11a8879c2e49c65b9204b3820a0121781b731c2d84748a1ffd1f26ee01071fc97f81c60c3b846a50

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-40590.exe

Filesize
184KB

MD5
f0714c2f876c35c8c5dcbcaac7aa6612

SHA1
99f8e1ca31b12d6be4aea30b4229793de1999dc1

SHA256
e14f74d03f854df147f756fd390f61d42a2ba4b2d8016518d40c212a9dd28feb

SHA512
204b30c83da0fea181166d607315d26dc611eacfe45427e0279e6084c8f99c5ed15d0e11f71f116c3210b6a092385c51c49c6a5cb2a60a5887c6592bdaeb551b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-41051.exe

Filesize
184KB

MD5
4d49b46c3deac31800be4b1ca36e6cac

SHA1
1b8a8c2a8c7fd9612142612400749b9498d8c6c2

SHA256
8bf0c1182080a7f6ce469a35f5119bd003120ca7a33b917184dcd136c9d30b7d

SHA512
16699378d27bdbc8330af3dbd2862fde6420f5ad64713667d361838ae94fa68c2f43ab876d801727a97012d6b400e6f7bc84b3c561935b4c785ec65460ce1a7b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49572.exe

Filesize
184KB

MD5
f14deab9ebcef57ede93b3e5c8a1cfab

SHA1
b8a572db50a5707c731f648119c2b982b9b09ef1

SHA256
e8de389d12b988dcf3ecc62ee2fc37f26864076cac7bbad899daef6602fee9e4

SHA512
ac5e723db1ce300317eacc5a44a17d806f99d2ab83949f3421fb000e9607e316f8824163834e3add7fa8df5e18ee98fd9e47a732921ccd33d436634c86fb5724

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-51223.exe

Filesize
184KB

MD5
c4885567ebab11f8ab499f259db0c8c6

SHA1
d7c96237351ae5bf1be446a7cbb2a69f1374a044

SHA256
75340e6e45282fe0f13f3949e15875172a368ef39b9582ec0766ce2175ce4387

SHA512
c1acff458a333fb77bdffa14307c4c75097cb23aa2b9f02c2ffc3b473ce896943925cd27a5eb899654f6fa0145ae27b68e3ee90d0f6a6d07e35fbc0bc47952f8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-53397.exe

Filesize
184KB

MD5
915b0999844f7809df77cfac95c6a6db

SHA1
675bfb1c203904799a768adde42c303aa8d8fdc4

SHA256
a110957fb3a26e219c6947791e5952d9cf24a7fb97bafef1ce408bfcec88b3c0

SHA512
224b92b1b671a5bf9503c9ede48f5bb5396de751df386f597c787a35df488bd664afdb7313ab328bf36c136d91192448b2f8ba5948ad249ff50c680a1d31eb58

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads