53280f194f6716e6b68dbfcfdbd172b08f5417c04a85de73044cb18476b4f0e1

Analysis

max time kernel
151s
max time network
126s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
25-05-2024 20:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

20180e9e7faa5e2ede9d289391dd8f50_NeikiAnalytics.exe
Size

184KB
MD5

20180e9e7faa5e2ede9d289391dd8f50
SHA1

cd9f00327b445a400eb3dce48c6f5b25b9a5bec7
SHA256

53280f194f6716e6b68dbfcfdbd172b08f5417c04a85de73044cb18476b4f0e1
SHA512

0c275ec9288f657f537ce6b70ec71fc189a1ab42233db29dda0da77f553dbc12d8d3c8b0bde4e2fd9d3942e2b2923318ea048ef569762cf8bad8caab6646f29e
SSDEEP

1536:R7S/6gZAu3yxoPx1tUOAlawMHLIyvZclzmd8xcL02Vzet6hl5hj5VizpLv:5dO3yxoZ7UOTdHEWelcL0Ks6hlnniFD

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2784	Unicorn-34054.exe
2148	Unicorn-11256.exe
2508	Unicorn-57764.exe
2636	Unicorn-24983.exe
2388	Unicorn-19507.exe
2364	Unicorn-49487.exe
1384	Unicorn-25066.exe
1068	Unicorn-63960.exe
2572	Unicorn-13368.exe
1936	Unicorn-52839.exe
2752	Unicorn-3083.exe
1784	Unicorn-57484.exe
1768	Unicorn-39010.exe
952	Unicorn-41702.exe
2548	Unicorn-8283.exe
776	Unicorn-13991.exe
2172	Unicorn-37941.exe
1544	Unicorn-30925.exe
2448	Unicorn-41785.exe
2804	Unicorn-30925.exe
1084	Unicorn-53291.exe
2140	Unicorn-28787.exe
2076	Unicorn-17089.exe
1764	Unicorn-36955.exe
2188	Unicorn-27971.exe
2056	Unicorn-21195.exe
892	Unicorn-38277.exe
3020	Unicorn-43260.exe
2644	Unicorn-27478.exe
2808	Unicorn-4941.exe
2792	Unicorn-54697.exe
2476	Unicorn-10971.exe
2528	Unicorn-49866.exe
2384	Unicorn-64811.exe
2880	Unicorn-3358.exe
1380	Unicorn-2611.exe
1928	Unicorn-6695.exe
2596	Unicorn-23778.exe
2540	Unicorn-51812.exe
2568	Unicorn-55896.exe
1968	Unicorn-1241.exe
1800	Unicorn-5325.exe
1980	Unicorn-26492.exe
2280	Unicorn-55294.exe
2156	Unicorn-18900.exe
1480	Unicorn-27583.exe
2080	Unicorn-27583.exe
2020	Unicorn-50696.exe
1624	Unicorn-26514.exe
2788	Unicorn-33997.exe
3000	Unicorn-18215.exe
2336	Unicorn-13384.exe
1648	Unicorn-56363.exe
2960	Unicorn-9300.exe
2624	Unicorn-20161.exe
2668	Unicorn-5216.exe
2716	Unicorn-57686.exe
2604	Unicorn-50909.exe
2420	Unicorn-61215.exe
2128	Unicorn-49518.exe
572	Unicorn-44687.exe
2744	Unicorn-52855.exe
1348	Unicorn-52855.exe
1072	Unicorn-6347.exe

Loads dropped DLL 64 IoCs

pid	Process
1688	20180e9e7faa5e2ede9d289391dd8f50_NeikiAnalytics.exe
1688	20180e9e7faa5e2ede9d289391dd8f50_NeikiAnalytics.exe
1688	20180e9e7faa5e2ede9d289391dd8f50_NeikiAnalytics.exe
2784	Unicorn-34054.exe
1688	20180e9e7faa5e2ede9d289391dd8f50_NeikiAnalytics.exe
2784	Unicorn-34054.exe
2508	Unicorn-57764.exe
2508	Unicorn-57764.exe
2784	Unicorn-34054.exe
2784	Unicorn-34054.exe
2148	Unicorn-11256.exe
2148	Unicorn-11256.exe
2884	WerFault.exe
2884	WerFault.exe
2884	WerFault.exe
2884	WerFault.exe
2884	WerFault.exe
2636	Unicorn-24983.exe
2636	Unicorn-24983.exe
2388	Unicorn-19507.exe
2388	Unicorn-19507.exe
2508	Unicorn-57764.exe
2508	Unicorn-57764.exe
2364	Unicorn-49487.exe
2148	Unicorn-11256.exe
2364	Unicorn-49487.exe
2148	Unicorn-11256.exe
1976	WerFault.exe
1976	WerFault.exe
1976	WerFault.exe
1976	WerFault.exe
1976	WerFault.exe
2204	WerFault.exe
2204	WerFault.exe
2204	WerFault.exe
2204	WerFault.exe
2204	WerFault.exe
1384	Unicorn-25066.exe
1384	Unicorn-25066.exe
2636	Unicorn-24983.exe
2572	Unicorn-13368.exe
2572	Unicorn-13368.exe
2636	Unicorn-24983.exe
2752	Unicorn-3083.exe
2752	Unicorn-3083.exe
2364	Unicorn-49487.exe
2364	Unicorn-49487.exe
1936	Unicorn-52839.exe
1936	Unicorn-52839.exe
1064	WerFault.exe
1064	WerFault.exe
1064	WerFault.exe
1064	WerFault.exe
1064	WerFault.exe
2196	WerFault.exe
2196	WerFault.exe
2196	WerFault.exe
2196	WerFault.exe
2196	WerFault.exe
1060	WerFault.exe
1060	WerFault.exe
1060	WerFault.exe
1060	WerFault.exe
1060	WerFault.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2672	1688	WerFault.exe	27
2884	2784	WerFault.exe	28
1976	2508	WerFault.exe	29
2204	2148	WerFault.exe	30
1064	2636	WerFault.exe	32
2196	2388	WerFault.exe	33
1060	2364	WerFault.exe	34
2224	1068	WerFault.exe	37
1580	1384	WerFault.exe	36
1744	2572	WerFault.exe	38
2944	2752	WerFault.exe	39
1956	1936	WerFault.exe	40
764	952	WerFault.exe	44
1452	1768	WerFault.exe	45
1116	2548	WerFault.exe	46
2908	776	WerFault.exe	47
1716	1784	WerFault.exe	43
3036	2172	WerFault.exe	48
1692	2804	WerFault.exe	54
1440	1544	WerFault.exe	55
2008	1084	WerFault.exe	57
1584	892	WerFault.exe	63
1904	2076	WerFault.exe	59
1948	2140	WerFault.exe	58
612	1764	WerFault.exe	60
1556	3020	WerFault.exe	69
1708	2448	WerFault.exe	56
1592	2056	WerFault.exe	62
548	2188	WerFault.exe	61
1944	1800	WerFault.exe	83
1128	2880	WerFault.exe	76
1888	2384	WerFault.exe	75
1608	2528	WerFault.exe	74
956	2540	WerFault.exe	80
2712	1968	WerFault.exe	82
364	2280	WerFault.exe	91
3120	2476	WerFault.exe	73
3300	3132	WerFault.exe	165
3336	1980	WerFault.exe	84
3352	2808	WerFault.exe	71
3508	2568	WerFault.exe	81
3536	1928	WerFault.exe	78
3596	2128	WerFault.exe	107
3612	2792	WerFault.exe	72
3688	2596	WerFault.exe	79
3716	1924	WerFault.exe	115
3724	2644	WerFault.exe	70
3748	2156	WerFault.exe	92
3764	2020	WerFault.exe	95
3772	1624	WerFault.exe	96
3780	1480	WerFault.exe	93
3872	2080	WerFault.exe	94
3956	2036	WerFault.exe	134
3968	2608	WerFault.exe	141
3992	2744	WerFault.exe	109
3100	1380	WerFault.exe	77
3360	572	WerFault.exe	108
3432	2168	WerFault.exe	113
3484	2668	WerFault.exe	103
3944	2604	WerFault.exe	105
4020	696	WerFault.exe	120
3204	1648	WerFault.exe	100
3480	3000	WerFault.exe	98
3428	2728	WerFault.exe	131

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1688	20180e9e7faa5e2ede9d289391dd8f50_NeikiAnalytics.exe
2784	Unicorn-34054.exe
2508	Unicorn-57764.exe
2148	Unicorn-11256.exe
2636	Unicorn-24983.exe
2388	Unicorn-19507.exe
2364	Unicorn-49487.exe
1384	Unicorn-25066.exe
1068	Unicorn-63960.exe
2572	Unicorn-13368.exe
2752	Unicorn-3083.exe
1936	Unicorn-52839.exe
1768	Unicorn-39010.exe
1784	Unicorn-57484.exe
952	Unicorn-41702.exe
2548	Unicorn-8283.exe
776	Unicorn-13991.exe
2172	Unicorn-37941.exe
2448	Unicorn-41785.exe
2804	Unicorn-30925.exe
1544	Unicorn-30925.exe
1084	Unicorn-53291.exe
2140	Unicorn-28787.exe
1764	Unicorn-36955.exe
2076	Unicorn-17089.exe
2188	Unicorn-27971.exe
2056	Unicorn-21195.exe
892	Unicorn-38277.exe
3020	Unicorn-43260.exe
2644	Unicorn-27478.exe
2792	Unicorn-54697.exe
2808	Unicorn-4941.exe
2476	Unicorn-10971.exe
2528	Unicorn-49866.exe
2384	Unicorn-64811.exe
2880	Unicorn-3358.exe
1380	Unicorn-2611.exe
2540	Unicorn-51812.exe
2596	Unicorn-23778.exe
1968	Unicorn-1241.exe
2568	Unicorn-55896.exe
1800	Unicorn-5325.exe
1928	Unicorn-6695.exe
1980	Unicorn-26492.exe
2280	Unicorn-55294.exe
2156	Unicorn-18900.exe
2080	Unicorn-27583.exe
1480	Unicorn-27583.exe
2020	Unicorn-50696.exe
1624	Unicorn-26514.exe
2788	Unicorn-33997.exe
3000	Unicorn-18215.exe
2336	Unicorn-13384.exe
1648	Unicorn-56363.exe
2960	Unicorn-9300.exe
2624	Unicorn-20161.exe
2716	Unicorn-57686.exe
2668	Unicorn-5216.exe
2604	Unicorn-50909.exe
2420	Unicorn-61215.exe
1072	Unicorn-6347.exe
2128	Unicorn-49518.exe
2744	Unicorn-52855.exe
1348	Unicorn-52855.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1688 wrote to memory of 2784	1688	20180e9e7faa5e2ede9d289391dd8f50_NeikiAnalytics.exe	28
PID 1688 wrote to memory of 2784	1688	20180e9e7faa5e2ede9d289391dd8f50_NeikiAnalytics.exe	28
PID 1688 wrote to memory of 2784	1688	20180e9e7faa5e2ede9d289391dd8f50_NeikiAnalytics.exe	28
PID 1688 wrote to memory of 2784	1688	20180e9e7faa5e2ede9d289391dd8f50_NeikiAnalytics.exe	28
PID 1688 wrote to memory of 2148	1688	20180e9e7faa5e2ede9d289391dd8f50_NeikiAnalytics.exe	30
PID 1688 wrote to memory of 2148	1688	20180e9e7faa5e2ede9d289391dd8f50_NeikiAnalytics.exe	30
PID 1688 wrote to memory of 2148	1688	20180e9e7faa5e2ede9d289391dd8f50_NeikiAnalytics.exe	30
PID 1688 wrote to memory of 2148	1688	20180e9e7faa5e2ede9d289391dd8f50_NeikiAnalytics.exe	30
PID 2784 wrote to memory of 2508	2784	Unicorn-34054.exe	29
PID 2784 wrote to memory of 2508	2784	Unicorn-34054.exe	29
PID 2784 wrote to memory of 2508	2784	Unicorn-34054.exe	29
PID 2784 wrote to memory of 2508	2784	Unicorn-34054.exe	29
PID 1688 wrote to memory of 2672	1688	20180e9e7faa5e2ede9d289391dd8f50_NeikiAnalytics.exe	31
PID 1688 wrote to memory of 2672	1688	20180e9e7faa5e2ede9d289391dd8f50_NeikiAnalytics.exe	31
PID 1688 wrote to memory of 2672	1688	20180e9e7faa5e2ede9d289391dd8f50_NeikiAnalytics.exe	31
PID 1688 wrote to memory of 2672	1688	20180e9e7faa5e2ede9d289391dd8f50_NeikiAnalytics.exe	31
PID 2508 wrote to memory of 2636	2508	Unicorn-57764.exe	32
PID 2508 wrote to memory of 2636	2508	Unicorn-57764.exe	32
PID 2508 wrote to memory of 2636	2508	Unicorn-57764.exe	32
PID 2508 wrote to memory of 2636	2508	Unicorn-57764.exe	32
PID 2784 wrote to memory of 2388	2784	Unicorn-34054.exe	33
PID 2784 wrote to memory of 2388	2784	Unicorn-34054.exe	33
PID 2784 wrote to memory of 2388	2784	Unicorn-34054.exe	33
PID 2784 wrote to memory of 2388	2784	Unicorn-34054.exe	33
PID 2148 wrote to memory of 2364	2148	Unicorn-11256.exe	34
PID 2148 wrote to memory of 2364	2148	Unicorn-11256.exe	34
PID 2148 wrote to memory of 2364	2148	Unicorn-11256.exe	34
PID 2148 wrote to memory of 2364	2148	Unicorn-11256.exe	34
PID 2784 wrote to memory of 2884	2784	Unicorn-34054.exe	35
PID 2784 wrote to memory of 2884	2784	Unicorn-34054.exe	35
PID 2784 wrote to memory of 2884	2784	Unicorn-34054.exe	35
PID 2784 wrote to memory of 2884	2784	Unicorn-34054.exe	35
PID 2636 wrote to memory of 1384	2636	Unicorn-24983.exe	36
PID 2636 wrote to memory of 1384	2636	Unicorn-24983.exe	36
PID 2636 wrote to memory of 1384	2636	Unicorn-24983.exe	36
PID 2636 wrote to memory of 1384	2636	Unicorn-24983.exe	36
PID 2388 wrote to memory of 1068	2388	Unicorn-19507.exe	37
PID 2388 wrote to memory of 1068	2388	Unicorn-19507.exe	37
PID 2388 wrote to memory of 1068	2388	Unicorn-19507.exe	37
PID 2388 wrote to memory of 1068	2388	Unicorn-19507.exe	37
PID 2508 wrote to memory of 2572	2508	Unicorn-57764.exe	38
PID 2508 wrote to memory of 2572	2508	Unicorn-57764.exe	38
PID 2508 wrote to memory of 2572	2508	Unicorn-57764.exe	38
PID 2508 wrote to memory of 2572	2508	Unicorn-57764.exe	38
PID 2148 wrote to memory of 1936	2148	Unicorn-11256.exe	40
PID 2148 wrote to memory of 1936	2148	Unicorn-11256.exe	40
PID 2148 wrote to memory of 1936	2148	Unicorn-11256.exe	40
PID 2148 wrote to memory of 1936	2148	Unicorn-11256.exe	40
PID 2364 wrote to memory of 2752	2364	Unicorn-49487.exe	39
PID 2364 wrote to memory of 2752	2364	Unicorn-49487.exe	39
PID 2364 wrote to memory of 2752	2364	Unicorn-49487.exe	39
PID 2364 wrote to memory of 2752	2364	Unicorn-49487.exe	39
PID 2508 wrote to memory of 1976	2508	Unicorn-57764.exe	41
PID 2508 wrote to memory of 1976	2508	Unicorn-57764.exe	41
PID 2508 wrote to memory of 1976	2508	Unicorn-57764.exe	41
PID 2508 wrote to memory of 1976	2508	Unicorn-57764.exe	41
PID 2148 wrote to memory of 2204	2148	Unicorn-11256.exe	42
PID 2148 wrote to memory of 2204	2148	Unicorn-11256.exe	42
PID 2148 wrote to memory of 2204	2148	Unicorn-11256.exe	42
PID 2148 wrote to memory of 2204	2148	Unicorn-11256.exe	42
PID 1384 wrote to memory of 1784	1384	Unicorn-25066.exe	43
PID 1384 wrote to memory of 1784	1384	Unicorn-25066.exe	43
PID 1384 wrote to memory of 1784	1384	Unicorn-25066.exe	43
PID 1384 wrote to memory of 1784	1384	Unicorn-25066.exe	43

C:\Users\Admin\AppData\Local\Temp\20180e9e7faa5e2ede9d289391dd8f50_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\20180e9e7faa5e2ede9d289391dd8f50_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1688
- C:\Users\Admin\AppData\Local\Temp\Unicorn-34054.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-34054.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2784
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57764.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57764.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24983.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24983.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25066.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57484.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36955.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5325.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33997.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49347.exe
        10⤵
        
        PID:1364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50546.exe
        11⤵
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42853.exe
        12⤵
        
        PID:4464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46693.exe
        13⤵
        
        PID:4364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64114.exe
        14⤵
        
        PID:6976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30399.exe
        15⤵
        
        PID:8224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48199.exe
        16⤵
        
        PID:5800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6976 -s 216
        15⤵
        
        PID:8928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4364 -s 216
        14⤵
        
        PID:7380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4464 -s 236
        13⤵
        
        PID:5732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2700 -s 216
        12⤵
        
        PID:5048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1364 -s 236
        11⤵
        
        PID:3812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32626.exe
        10⤵
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40523.exe
        11⤵
        
        PID:4244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55375.exe
        12⤵
        
        PID:5316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24400.exe
        13⤵
        
        PID:7268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14763.exe
        14⤵
        
        PID:4232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7268 -s 236
        14⤵
        
        PID:9096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5316 -s 236
        13⤵
        
        PID:8012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4244 -s 236
        12⤵
        
        PID:6872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2284 -s 216
        11⤵
        
        PID:4548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2788 -s 240
        10⤵
        
        PID:3940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9061.exe
        9⤵
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8937.exe
        10⤵
        
        PID:1456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44991.exe
        11⤵
        
        PID:4492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65250.exe
        12⤵
        
        PID:5484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54384.exe
        13⤵
        
        PID:6416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16995.exe
        14⤵
        
        PID:7600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-513.exe
        15⤵
        
        PID:5744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6416 -s 216
        14⤵
        
        PID:8756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5484 -s 216
        13⤵
        
        PID:7592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4492 -s 216
        12⤵
        
        PID:1160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1456 -s 216
        11⤵
        
        PID:4612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2728 -s 236
        10⤵
        Program crash
        
        PID:3428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1800 -s 240
        9⤵
        Program crash
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18215.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11075.exe
        9⤵
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36247.exe
        10⤵
        
        PID:4352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37674.exe
        11⤵
        
        PID:4368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56693.exe
        12⤵
        
        PID:6344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57923.exe
        13⤵
        
        PID:7776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46258.exe
        14⤵
        
        PID:8988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7776 -s 216
        14⤵
        
        PID:5632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6344 -s 236
        13⤵
        
        PID:7204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4368 -s 216
        12⤵
        
        PID:6384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4352 -s 216
        11⤵
        
        PID:5932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2764 -s 216
        10⤵
        
        PID:4336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3000 -s 236
        9⤵
        Program crash
        
        PID:3480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1764 -s 240
        8⤵
        Program crash
        
        PID:612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26492.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56363.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38185.exe
        9⤵
        
        PID:3548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51371.exe
        10⤵
        
        PID:3620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53154.exe
        11⤵
        
        PID:5688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48053.exe
        12⤵
        
        PID:7148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30970.exe
        13⤵
        
        PID:9176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7148 -s 216
        13⤵
        
        PID:4508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5688 -s 236
        12⤵
        
        PID:7948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3620 -s 216
        11⤵
        
        PID:6476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3548 -s 216
        10⤵
        
        PID:4644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1648 -s 216
        9⤵
        Program crash
        
        PID:3204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1980 -s 236
        8⤵
        Program crash
        
        PID:3336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1784 -s 240
        7⤵
        Program crash
        
        PID:1716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27971.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1241.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5216.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45969.exe
        9⤵
        
        PID:3448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6555.exe
        10⤵
        
        PID:3316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61685.exe
        11⤵
        
        PID:4848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1270.exe
        12⤵
        
        PID:6392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4939.exe
        13⤵
        
        PID:7688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62677.exe
        14⤵
        
        PID:5836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7688 -s 236
        14⤵
        
        PID:1836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6392 -s 216
        13⤵
        
        PID:8420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4848 -s 216
        12⤵
        
        PID:6524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3316 -s 236
        11⤵
        
        PID:6092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3448 -s 216
        10⤵
        
        PID:4952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2668 -s 236
        9⤵
        Program crash
        
        PID:3484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1968 -s 236
        8⤵
        Program crash
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20161.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24288.exe
        8⤵
        
        PID:3228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54913.exe
        9⤵
        
        PID:4272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56890.exe
        10⤵
        
        PID:5528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54960.exe
        11⤵
        
        PID:6588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18208.exe
        12⤵
        
        PID:8364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57711.exe
        13⤵
        
        PID:6784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6588 -s 216
        12⤵
        
        PID:9008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5528 -s 216
        11⤵
        
        PID:7716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4272 -s 216
        10⤵
        
        PID:6164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3228 -s 236
        9⤵
        
        PID:4624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2624 -s 236
        8⤵
        
        PID:3240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2188 -s 240
        7⤵
        Program crash
        
        PID:548
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1384 -s 240
        6⤵
        Program crash
        
        PID:1580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41702.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30925.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43260.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55294.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36903.exe
        9⤵
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60468.exe
        10⤵
        
        PID:3132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3132 -s 188
        11⤵
        Program crash
        
        PID:3300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1724 -s 216
        10⤵
        
        PID:3208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2280 -s 236
        9⤵
        Program crash
        
        PID:364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10815.exe
        8⤵
        
        PID:696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6607.exe
        9⤵
        
        PID:280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54085.exe
        10⤵
        
        PID:3392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24566.exe
        11⤵
        
        PID:5716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31826.exe
        12⤵
        
        PID:6500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25355.exe
        13⤵
        
        PID:7432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34146.exe
        14⤵
        
        PID:5708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6500 -s 216
        13⤵
        
        PID:8860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5716 -s 216
        12⤵
        
        PID:7608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3392 -s 216
        11⤵
        
        PID:6484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 280 -s 236
        10⤵
        
        PID:4676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 696 -s 216
        9⤵
        Program crash
        
        PID:4020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3020 -s 240
        8⤵
        Program crash
        
        PID:1556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18900.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12782.exe
        8⤵
        
        PID:904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26976.exe
        9⤵
        
        PID:3224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21037.exe
        10⤵
        
        PID:4424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19745.exe
        11⤵
        
        PID:6432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14690.exe
        12⤵
        
        PID:7628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53056.exe
        13⤵
        
        PID:5464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7628 -s 216
        13⤵
        
        PID:5704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6432 -s 236
        12⤵
        
        PID:8352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4424 -s 236
        11⤵
        
        PID:6572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3224 -s 216
        10⤵
        
        PID:5424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 904 -s 216
        9⤵
        
        PID:4960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2156 -s 216
        8⤵
        Program crash
        
        PID:3748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2804 -s 240
        7⤵
        Program crash
        
        PID:1692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27478.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27583.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31257.exe
        8⤵
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43696.exe
        9⤵
        
        PID:4012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11773.exe
        10⤵
        
        PID:5308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46408.exe
        11⤵
        
        PID:6212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54187.exe
        12⤵
        
        PID:8020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21562.exe
        13⤵
        
        PID:9072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8020 -s 216
        13⤵
        
        PID:5468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6212 -s 216
        12⤵
        
        PID:7372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5308 -s 236
        11⤵
        
        PID:7516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4012 -s 216
        10⤵
        
        PID:6104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2380 -s 236
        9⤵
        
        PID:4252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2080 -s 236
        8⤵
        Program crash
        
        PID:3872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46202.exe
        7⤵
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46820.exe
        8⤵
        
        PID:3180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15473.exe
        9⤵
        
        PID:5156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26974.exe
        10⤵
        
        PID:7032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17623.exe
        11⤵
        
        PID:7828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13969.exe
        12⤵
        
        PID:4584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7828 -s 236
        12⤵
        
        PID:5496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7032 -s 216
        11⤵
        
        PID:7740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5156 -s 216
        10⤵
        
        PID:7420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3180 -s 216
        9⤵
        
        PID:292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2592 -s 216
        8⤵
        
        PID:4928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2644 -s 240
        7⤵
        Program crash
        
        PID:3724
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 952 -s 240
        6⤵
        Program crash
        
        PID:764
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2636 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:1064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13368.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13368.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39010.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30925.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4941.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27583.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32627.exe
        9⤵
        
        PID:1368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31444.exe
        10⤵
        
        PID:3732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33480.exe
        11⤵
        
        PID:5648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17519.exe
        12⤵
        
        PID:6808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16388.exe
        13⤵
        
        PID:9052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6808 -s 216
        13⤵
        
        PID:5152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5648 -s 236
        12⤵
        
        PID:7840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3732 -s 216
        11⤵
        
        PID:6404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1368 -s 216
        10⤵
        
        PID:5040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1480 -s 236
        9⤵
        Program crash
        
        PID:3780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16845.exe
        8⤵
        
        PID:3060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5896.exe
        9⤵
        
        PID:3640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59464.exe
        10⤵
        
        PID:4868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21608.exe
        11⤵
        
        PID:5684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42983.exe
        12⤵
        
        PID:1488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31385.exe
        13⤵
        
        PID:7676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6543.exe
        14⤵
        
        PID:5576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1488 -s 216
        13⤵
        
        PID:8768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5684 -s 216
        12⤵
        
        PID:7788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4868 -s 216
        11⤵
        
        PID:6244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3640 -s 236
        10⤵
        
        PID:5516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3060 -s 236
        9⤵
        
        PID:4428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2808 -s 220
        8⤵
        Program crash
        
        PID:3352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50696.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16867.exe
        8⤵
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6555.exe
        9⤵
        
        PID:3324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17420.exe
        10⤵
        
        PID:5188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23466.exe
        11⤵
        
        PID:7076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17016.exe
        12⤵
        
        PID:8576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12594.exe
        13⤵
        
        PID:1004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7076 -s 216
        12⤵
        
        PID:8376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5188 -s 236
        11⤵
        
        PID:7448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3324 -s 216
        10⤵
        
        PID:2208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2496 -s 216
        9⤵
        
        PID:4984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2020 -s 236
        8⤵
        Program crash
        
        PID:3764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1544 -s 240
        7⤵
        Program crash
        
        PID:1440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54697.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26514.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26405.exe
        8⤵
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54002.exe
        9⤵
        
        PID:3896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23751.exe
        10⤵
        
        PID:4448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18614.exe
        11⤵
        
        PID:6940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7373.exe
        12⤵
        
        PID:7360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19564.exe
        13⤵
        
        PID:5440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6940 -s 216
        12⤵
        
        PID:8744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4448 -s 216
        11⤵
        
        PID:7304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3896 -s 216
        10⤵
        
        PID:5656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1748 -s 236
        9⤵
        
        PID:5116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1624 -s 236
        8⤵
        Program crash
        
        PID:3772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47572.exe
        7⤵
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7541.exe
        8⤵
        
        PID:4004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35235.exe
        9⤵
        
        PID:4500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39973.exe
        10⤵
        
        PID:6532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49563.exe
        11⤵
        
        PID:7568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60456.exe
        12⤵
        
        PID:9100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7568 -s 236
        12⤵
        
        PID:6024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6532 -s 236
        11⤵
        
        PID:1056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4500 -s 216
        10⤵
        
        PID:6716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4004 -s 236
        9⤵
        
        PID:5448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3012 -s 236
        8⤵
        
        PID:4776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2792 -s 240
        7⤵
        Program crash
        
        PID:3612
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1768 -s 240
        6⤵
        Program crash
        
        PID:1452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41785.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2611.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52855.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6607.exe
        8⤵
        
        PID:1224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-525.exe
        9⤵
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64290.exe
        10⤵
        
        PID:5264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6937.exe
        11⤵
        
        PID:7136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2049.exe
        12⤵
        
        PID:8508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43321.exe
        13⤵
        
        PID:6928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7136 -s 216
        12⤵
        
        PID:8272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5264 -s 216
        11⤵
        
        PID:7464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2736 -s 236
        10⤵
        
        PID:6016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1224 -s 236
        9⤵
        
        PID:4312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2744 -s 216
        8⤵
        Program crash
        
        PID:3992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11822.exe
        7⤵
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7323.exe
        8⤵
        
        PID:3388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27918.exe
        9⤵
        
        PID:5372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6937.exe
        10⤵
        
        PID:7128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7347.exe
        11⤵
        
        PID:8400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17125.exe
        12⤵
        
        PID:9152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7128 -s 236
        11⤵
        
        PID:9024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5372 -s 216
        10⤵
        
        PID:7456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3388 -s 216
        9⤵
        
        PID:5208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2748 -s 216
        8⤵
        
        PID:4588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1380 -s 240
        7⤵
        Program crash
        
        PID:3100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6347.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3483.exe
        7⤵
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58120.exe
        8⤵
        
        PID:4528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13527.exe
        9⤵
        
        PID:5428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38240.exe
        10⤵
        
        PID:5476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48297.exe
        11⤵
        
        PID:7488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54758.exe
        12⤵
        
        PID:5664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5476 -s 216
        11⤵
        
        PID:8900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5428 -s 216
        10⤵
        
        PID:7508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4528 -s 216
        9⤵
        
        PID:5420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2164 -s 216
        8⤵
        
        PID:4476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1072 -s 236
        7⤵
        
        PID:3656
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2448 -s 240
        6⤵
        Program crash
        
        PID:1708
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2572 -s 240
        5⤵
        Program crash
        
        PID:1744
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2508 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1976
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19507.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19507.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63960.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63960.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1068
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1068 -s 376
        5⤵
        Program crash
        
        PID:2224
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2388 -s 236
      4⤵
      Loads dropped DLL
      Program crash
      PID:2196
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2784 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2884
- C:\Users\Admin\AppData\Local\Temp\Unicorn-11256.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-11256.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2148
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49487.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49487.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3083.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3083.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8283.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28787.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6695.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52855.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24070.exe
        9⤵
        
        PID:3920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22599.exe
        10⤵
        
        PID:3704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61270.exe
        11⤵
        
        PID:6176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57285.exe
        12⤵
        
        PID:7180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65007.exe
        13⤵
        
        PID:5588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7180 -s 216
        13⤵
        
        PID:6496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6176 -s 216
        12⤵
        
        PID:8300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3704 -s 216
        11⤵
        
        PID:6984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3920 -s 236
        10⤵
        
        PID:6140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1348 -s 236
        9⤵
        
        PID:4668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1928 -s 236
        8⤵
        Program crash
        
        PID:3536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8485.exe
        7⤵
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27665.exe
        8⤵
        
        PID:3380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48390.exe
        9⤵
        
        PID:4604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53429.exe
        10⤵
        
        PID:5272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4363.exe
        11⤵
        
        PID:7344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60264.exe
        12⤵
        
        PID:8872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7344 -s 236
        12⤵
        
        PID:5560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5272 -s 236
        11⤵
        
        PID:8096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4604 -s 216
        10⤵
        
        PID:6864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3380 -s 216
        9⤵
        
        PID:5296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1652 -s 236
        8⤵
        
        PID:4100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2140 -s 240
        7⤵
        Program crash
        
        PID:1948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23778.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44687.exe
        7⤵
        Executes dropped EXE
        
        PID:572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8361.exe
        8⤵
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53509.exe
        9⤵
        
        PID:3284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59952.exe
        10⤵
        
        PID:5788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45531.exe
        11⤵
        
        PID:6732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20472.exe
        12⤵
        
        PID:9080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6732 -s 216
        12⤵
        
        PID:8340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5788 -s 216
        11⤵
        
        PID:7808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3284 -s 216
        10⤵
        
        PID:6640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2836 -s 216
        9⤵
        
        PID:4408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 572 -s 236
        8⤵
        Program crash
        
        PID:3360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62201.exe
        7⤵
        
        PID:2328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18424.exe
        8⤵
        
        PID:4064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2863.exe
        9⤵
        
        PID:4396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48634.exe
        10⤵
        
        PID:5284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36481.exe
        11⤵
        
        PID:8072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48588.exe
        12⤵
        
        PID:9200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8072 -s 236
        12⤵
        
        PID:5444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5284 -s 216
        11⤵
        
        PID:8212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4396 -s 216
        10⤵
        
        PID:6400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4064 -s 236
        9⤵
        
        PID:5940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2328 -s 236
        8⤵
        
        PID:4832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2596 -s 240
        7⤵
        Program crash
        
        PID:3688
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2548 -s 240
        6⤵
        Program crash
        
        PID:1116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17089.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51812.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36519.exe
        7⤵
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45969.exe
        8⤵
        
        PID:3440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34952.exe
        9⤵
        
        PID:3516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10455.exe
        10⤵
        
        PID:4188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63408.exe
        11⤵
        
        PID:5304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39833.exe
        12⤵
        
        PID:7680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21562.exe
        13⤵
        
        PID:9000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7680 -s 216
        13⤵
        
        PID:8992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5304 -s 236
        12⤵
        
        PID:7956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4188 -s 216
        11⤵
        
        PID:6880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3516 -s 236
        10⤵
        
        PID:5856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3440 -s 236
        9⤵
        
        PID:4700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2168 -s 216
        8⤵
        Program crash
        
        PID:3432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2540 -s 236
        7⤵
        Program crash
        
        PID:956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30851.exe
        6⤵
        
        PID:1924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20806.exe
        7⤵
        
        PID:2240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42736.exe
        8⤵
        
        PID:3140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49350.exe
        9⤵
        
        PID:5084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59324.exe
        10⤵
        
        PID:5740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46787.exe
        11⤵
        
        PID:7388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23700.exe
        12⤵
        
        PID:4804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7388 -s 236
        12⤵
        
        PID:5848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5740 -s 216
        11⤵
        
        PID:8332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5084 -s 216
        10⤵
        
        PID:6856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3140 -s 236
        9⤵
        
        PID:5840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2240 -s 216
        8⤵
        
        PID:4680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1924 -s 216
        7⤵
        Program crash
        
        PID:3716
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2076 -s 240
        6⤵
        Program crash
        
        PID:1904
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2752 -s 240
        5⤵
        Program crash
        
        PID:2944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13991.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13991.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53291.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49866.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61215.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43748.exe
        8⤵
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46553.exe
        9⤵
        
        PID:4380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43320.exe
        10⤵
        
        PID:5052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53102.exe
        11⤵
        
        PID:980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10476.exe
        12⤵
        
        PID:7640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53248.exe
        13⤵
        
        PID:4212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7640 -s 216
        13⤵
        
        PID:5608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 980 -s 236
        12⤵
        
        PID:7928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5052 -s 216
        11⤵
        
        PID:6692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4380 -s 216
        10⤵
        
        PID:5780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17232.exe
        9⤵
        
        PID:4132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40850.exe
        10⤵
        
        PID:5364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36097.exe
        11⤵
        
        PID:7892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9008.exe
        12⤵
        
        PID:4736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7892 -s 216
        12⤵
        
        PID:6456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5364 -s 236
        11⤵
        
        PID:7872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4132 -s 216
        10⤵
        
        PID:6960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1720 -s 220
        9⤵
        
        PID:5812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2420 -s 236
        8⤵
        
        PID:3560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2528 -s 236
        7⤵
        Program crash
        
        PID:1608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49518.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26644.exe
        7⤵
        
        PID:2608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2608 -s 224
        8⤵
        Program crash
        
        PID:3968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2128 -s 236
        7⤵
        Program crash
        
        PID:3596
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1084 -s 240
        6⤵
        Program crash
        
        PID:2008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3358.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13384.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-914.exe
        7⤵
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19628.exe
        8⤵
        
        PID:1704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31444.exe
        9⤵
        
        PID:3800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31452.exe
        10⤵
        
        PID:4480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14015.exe
        11⤵
        
        PID:6264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46403.exe
        12⤵
        
        PID:8156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6185.exe
        13⤵
        
        PID:8596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8156 -s 236
        13⤵
        
        PID:5404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6264 -s 216
        12⤵
        
        PID:8312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4480 -s 216
        11⤵
        
        PID:7104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3800 -s 236
        10⤵
        
        PID:5984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1704 -s 236
        9⤵
        
        PID:4840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2036 -s 236
        8⤵
        Program crash
        
        PID:3956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20182.exe
        7⤵
        
        PID:3192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7658.exe
        8⤵
        
        PID:4320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55271.exe
        9⤵
        
        PID:4216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28297.exe
        10⤵
        
        PID:6652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36673.exe
        11⤵
        
        PID:7340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5500.exe
        12⤵
        
        PID:9064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7340 -s 236
        12⤵
        
        PID:6688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6652 -s 216
        11⤵
        
        PID:8324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4216 -s 236
        10⤵
        
        PID:6196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4320 -s 216
        9⤵
        
        PID:5248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3192 -s 236
        8⤵
        
        PID:4260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2336 -s 240
        7⤵
        
        PID:3424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14598.exe
        6⤵
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23712.exe
        7⤵
        
        PID:3080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38276.exe
        8⤵
        
        PID:4576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63735.exe
        9⤵
        
        PID:5164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2718.exe
        10⤵
        
        PID:7196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5334.exe
        11⤵
        
        PID:8464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7196 -s 216
        11⤵
        
        PID:6076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5164 -s 236
        10⤵
        
        PID:7836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4576 -s 216
        9⤵
        
        PID:6848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3080 -s 216
        8⤵
        
        PID:5236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2152 -s 236
        7⤵
        
        PID:4088
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2880 -s 240
        6⤵
        Program crash
        
        PID:1128
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 776 -s 240
        5⤵
        Program crash
        
        PID:2908
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2364 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1060
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52839.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52839.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37941.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37941.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21195.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10971.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9300.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47915.exe
        8⤵
        
        PID:3468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-333.exe
        9⤵
        
        PID:3248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12484.exe
        10⤵
        
        PID:4636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20814.exe
        11⤵
        
        PID:6316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45417.exe
        12⤵
        
        PID:7532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63554.exe
        13⤵
        
        PID:8248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7532 -s 236
        13⤵
        
        PID:6380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6316 -s 216
        12⤵
        
        PID:8468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4636 -s 216
        11⤵
        
        PID:6248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3248 -s 236
        10⤵
        
        PID:6056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3468 -s 216
        9⤵
        
        PID:4916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-888.exe
        8⤵
        
        PID:3464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39812.exe
        9⤵
        
        PID:4280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9931.exe
        10⤵
        
        PID:6224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27737.exe
        11⤵
        
        PID:7960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52755.exe
        12⤵
        
        PID:8972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7960 -s 216
        12⤵
        
        PID:9148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6224 -s 216
        11⤵
        
        PID:7900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4280 -s 216
        10⤵
        
        PID:7096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3464 -s 236
        9⤵
        
        PID:5884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2960 -s 240
        8⤵
        
        PID:4768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2476 -s 236
        7⤵
        Program crash
        
        PID:3120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57686.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33826.exe
        7⤵
        
        PID:3160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64451.exe
        8⤵
        
        PID:4196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22812.exe
        9⤵
        
        PID:5600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17519.exe
        10⤵
        
        PID:6800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40700.exe
        11⤵
        
        PID:9140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6800 -s 216
        11⤵
        
        PID:8752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5600 -s 216
        10⤵
        
        PID:7876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4196 -s 216
        9⤵
        
        PID:6304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3160 -s 236
        8⤵
        
        PID:4184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2716 -s 236
        7⤵
        
        PID:3148
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2056 -s 240
        6⤵
        Program crash
        
        PID:1592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64811.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50909.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16914.exe
        7⤵
        
        PID:2560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58613.exe
        8⤵
        
        PID:4156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47015.exe
        9⤵
        
        PID:6000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32485.exe
        10⤵
        
        PID:972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7835.exe
        11⤵
        
        PID:8976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10456.exe
        12⤵
        
        PID:9240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 972 -s 216
        11⤵
        
        PID:4552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6000 -s 236
        10⤵
        
        PID:7212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4156 -s 216
        9⤵
        
        PID:6772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2560 -s 216
        8⤵
        
        PID:4176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2604 -s 216
        7⤵
        Program crash
        
        PID:3944
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2384 -s 236
        6⤵
        Program crash
        
        PID:1888
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2172 -s 240
        5⤵
        Program crash
        
        PID:3036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38277.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38277.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55896.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36519.exe
        6⤵
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13379.exe
        7⤵
        
        PID:3804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18515.exe
        8⤵
        
        PID:5080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11384.exe
        9⤵
        
        PID:6556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12251.exe
        10⤵
        
        PID:8056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57498.exe
        11⤵
        
        PID:4756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6556 -s 216
        10⤵
        
        PID:8536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5080 -s 236
        9⤵
        
        PID:3040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3804 -s 216
        8⤵
        
        PID:6132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 236
        7⤵
        
        PID:4628
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2568 -s 216
        6⤵
        Program crash
        
        PID:3508
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 892 -s 236
        5⤵
        Program crash
        
        PID:1584
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1936 -s 240
      4⤵
      Program crash
      PID:1956
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2148 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2204
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1688 -s 240
  2⤵
  - Program crash
  PID:2672

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-11256.exe

Filesize
184KB

MD5
b7f3565e6df8253a0754364e064dcc15

SHA1
961ebef769807db9d71b1a4a86ff342498ae3d44

SHA256
d3a52dd6ddbf04b19c753216d69604b05ee38f21e4d758fadb456aa535d47a5e

SHA512
bd9fa036581eaafd197a254035a0f7e8fa63a74289c0e8453c95182ecdacd570f155b825ac5a97c5771085b7e825b09deaca995a2f3512c4ef5536eec3332b62

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19507.exe

Filesize
184KB

MD5
d4daeb17c88a1f7c7b99fa3f114dfcdf

SHA1
280def50631108506e0cdebcf63f04282e31abe9

SHA256
6c74db9b5a0b2d310d144ac9e3dff5c28b61b99e2e5e805598b6764965d62c58

SHA512
b6c917e92d3a47809a686208982ceb037601acb5db419e3d3240a556e0fd774ccdae78c43dc8e4605c07f43f00aaec674db9bbc0283c67295fc7187c00a6d3ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34146.exe

Filesize
184KB

MD5
ee157c178d5ba38a94d0ffa22e60d6b2

SHA1
eacb936ac414345163198826a081deec5c277959

SHA256
1f3728bae9371a06f192ac696647dc53a585bb5673f3d2ebe0fad3aa46fe3863

SHA512
d9eac84469740109a9c8a2a6b95ab4ad0e89aafb62f58914a0d084552790fcb49daebf8d4db842d0cda9bbf39e4c25c8d397463f2f664b1a9d48d747226b90c5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36481.exe

Filesize
184KB

MD5
1e48edc259fa19af09e9d059e76db07f

SHA1
bb77f81203b1fff9d80c9f7be1506978651ca4d8

SHA256
c49f0ecae6506ba079e196e71b073a208e21337c842d9629b079a237dd12eec3

SHA512
1937b2bb4d455543faead56879699df7c1fd3ce1b584fc81e7621440990a0fb0ad0f6d75ca5c6af84b9440088003a006591fda5af1c374a7db23bcf7df3fa351

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36673.exe

Filesize
184KB

MD5
74f9efe0f7ce853889bcc214b59136e7

SHA1
588d8b999238941ee314e26dc91ae4b69d0eb953

SHA256
f6a82d50e2978194580891e3e089b5d412c6dfbd5a24b5420634df4f5117e029

SHA512
76e90602e5da760e31b29ed4137db0cdd8f134282e2db0a40951862cb0600a2feab3f253820efad62cd4f93319f8a611d515dccad19f4600cf3984b6d2dedcc4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39010.exe

Filesize
184KB

MD5
49b8f5bbcccdf7521736d9ea4718c96d

SHA1
b8c8f0457c029f02c593927aadf7c67bfc0890e9

SHA256
1ce13daf78b527e7486f4d4ab492c211db9e5b9e79cd61a910b053377ce30d7e

SHA512
48d3b8bb98e78ff5bebb8c8610cbaac8fc992fc4292ed56ada67d084da12c83956943396a877db1b0f223e4e737332233864d98f576822a1ecf19cf08fafec49

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41702.exe

Filesize
184KB

MD5
cb19f608ab9b3c7ccb0d6cc44a2e53f0

SHA1
5bb125a2d3303b100bbcf0987860a640cacdac50

SHA256
f934d0dd90ffa471c427c0af73954b6bf7cc10ac9205f51b6b2b01ae26cbbf6b

SHA512
955e0ef432d0c39090ae0ebb89dde49b797c08a622bb4873d981bfce98716cb055862c031141295d759606e250dbaad5727fc75d01843c353d612534b7aea12b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52755.exe

Filesize
184KB

MD5
f35f70f256475915bb62cb40ad515aaa

SHA1
1d32ce0305491ddc7e1977a6f768340d7a679c38

SHA256
0025b7cdbde1b889dc3cb5b0ae470337930a8215f36c5775316ab5da09ab9ea2

SHA512
13f7c8b11ae4b5eecb5d016b46cc37371d31f5a8fb429d318df91572c54239227854b2661176e1e4e083ee2fcb887b5f23d3f4dfbabad175a3a71401522b5c62

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5896.exe

Filesize
184KB

MD5
4540ebb6f86a399dd68e59611a50b0a8

SHA1
c916f469ffa55fba005abee41d28d5be1e891c25

SHA256
f0c4f59439e1047fd881745e27e363b2542feb6811c8ac925d4ca24c2e92955c

SHA512
4eab24ce293c7bac1a132680f921218dcf5bccc3b0175febe535b211736e4f1154d327241e9edcef271e57d5c16dbb8fad68e0b0dcaf14020fc8d0d731ff5a14

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6543.exe

Filesize
184KB

MD5
a6cee357028b727d2bb0a25664a154f3

SHA1
9de3064c82c57871686f8fd185305b0d61cd10b4

SHA256
fd5bdd1adf270ae341c9cdd1694ba1e85108973df1a0b7b60b94f491ea16db41

SHA512
449245b1a30377c7ed49f7918fb9fc525e1047311aee77330a92bbae679485ba2c92ac51b1914b47020f8c34bfdc14ad674fcfc6adf21acbacf08fbefedb74a7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6695.exe

Filesize
184KB

MD5
0b58a7e1f3acc9717cb6aae9594acf80

SHA1
e568ba7171eb26624d1947ba8d4a2542fce39eba

SHA256
c6d92551ea25edfe8bb3ffbdb4bcabcb43a774cb753474879da7151a7e871410

SHA512
751182d7cbae13743e1f30d77366677ff9bdc337b60df7f5cddc83f2fca5e507ef805221b339db4879899f0fdc4f1c4aeba09c7be5eba8901175829225ac0d9e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-13368.exe

Filesize
184KB

MD5
16501b4fd1c5d525289d56d384d53a8d

SHA1
143a050160d8555b449e8c6952994fc8dff3cce1

SHA256
54e4c2e5f7b9229eb9f4605c0fc29e17f8262331cefbe583db8cb10e8e38df7e

SHA512
ab53d1eaa2f02f511c811c6bcddcd2e98ac6b0fe323b0b83a47be99abd782bddd58989bfbc5f0fbdff8d3a2c865b34125bc59070e7ccb936d4786f21c90b1307

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-24983.exe

Filesize
184KB

MD5
5b1569833ff836fd7a99f94bf8a78dbe

SHA1
bb11caf1b0b5634861dfa14aa6e27b5e82d1be21

SHA256
310a275acc14890c4f4a46c44e9881772cb9fd8d352c7b64081e0d1db9ad18f8

SHA512
bcddda4d4129964796e5ae44103d6f48976e1551778395c17d3aa06f8610b29c2ad84b81d9f1aa377caf619c5780cf8fa8f13f39b54edb53c7c7e27bd4d397bf

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-25066.exe

Filesize
184KB

MD5
102ef4c4624826dbe747e359a15b6b9f

SHA1
d2b5016316f0d1a595b9affebcb38d1b23e5bd6d

SHA256
fc428a108527fbd68f257e5923c0d9ea1df4b2174426a6b08afe0be2a03b6d4f

SHA512
d4d232a4080cb1a4abc206b0891b4a37ca4065093462a9f78d38c50a327f3500cf83f77adcb83f892e69acfc77b41962e1a6daa543791ce3093687985675b1f3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3083.exe

Filesize
184KB

MD5
a9e496b759b584e52929144cec8a97ad

SHA1
fb1b281a6f99d6166c64b13fed301120217d363e

SHA256
2dee25f97a31641a021fc01435a748e2e070a8075cf123b389b094de0089b9f6

SHA512
bd487a7f540aac48e87c6f1bf00817f05519250c9c0ec91f9ae9f2a3f29db571da6923f3960583d7db7ac5e873bfdabfdeebc6e5959ec109c4ec1e7f84364c03

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-34054.exe

Filesize
184KB

MD5
e1dac4bcbff68ffd199976721d269f1e

SHA1
6503e0ece67ca66b3639f987de139a6f44fcebec

SHA256
0fd41ca3f34606bfcb3f8ac307a182cd70ccac85a363f89910d44d09aaf0305d

SHA512
9feb9a8d6af84ca18dd9523b25018e158c0469d3c5087cbfd7e645731bbb8b308c64b7871f6e9ae3a16659d9c28a4f617e3e018dc6a08ceb3ad8a753bdf38d86

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49487.exe

Filesize
184KB

MD5
41720aea42e56c83ca82db78b6de27e4

SHA1
1fbd1acd1d2bfb3a58d079f7711172f91ea84515

SHA256
9511b1ca5b7485dd721336d0cb7de09c94a55ca58f97c7f33e41f5b306a0d9d0

SHA512
1aeac0a1379790415ef537433805d2d5d49352cb0222b3d6fd1a7551c0eb6a09a35151d1b981654cfc43cbf9e30b964604e2b56fde363952c073da173e86f0be

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-52839.exe

Filesize
184KB

MD5
d3f30e54400bbee1161fc855b0718a6f

SHA1
2fccc73ae45f5b2bf695bba312a7e5307a58051a

SHA256
3d7801d5e54e5dffe80b725955f92f7367603e0f76ffcfc96f334f9e929cd564

SHA512
1dfae166d84e52ad1e3bbfcd6dbaeec392297c769113434d26a93d26e2631219948929c9bf314ee64f765d9c8596f7e3d87bc98d903930aebbc93e4d86362a7c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-57484.exe

Filesize
184KB

MD5
a296b11aa1a954032d3c26b354779456

SHA1
76403726e09b2fc8b0f78e7cc64e4f1abddbbbd1

SHA256
c7ab3a8b0ee8c48971aa4354f599fa1cc071cda5550a9c824e5eb56468bdc1ff

SHA512
7b3639be6c8e20f2932e185598de3f7bc3a1ff5bf4aeca44f5d366ba070b81e9459ef1dd6291cb476b89d6baa04e8e565886eee631cdb8ab1595fe8a92098d89

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-57764.exe

Filesize
184KB

MD5
9e1238cb09b43c9b265d45ee0aed747b

SHA1
094900e44b29151350ff13e0030da2170c0af74d

SHA256
8b4c8e2e4b08cc539869b25d302aa87a499819a51c6452ae275a3af5a2fac1c1

SHA512
8f123bb95c5c2fa78233bf7f0741fe628cb9792fce064752d24972ad0cf24d4ce17909e17afb15e5a0fab14b8b5bb946d82d31209f07fcec3aff4146d5d3c6d3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-63960.exe

Filesize
184KB

MD5
593f8e076d3cb35408bb93955a3e1aad

SHA1
72b39ca70f5b8dc24cf3aab3e46ccd96da9a6da9

SHA256
d587947587ff9c793c2a9cdb199aa71696b93d6a087408a4ca535c0d02b723b3

SHA512
94fd554ce20c157095d3e937bf259844598353d18815277e65629397349d28b1451789abdd9895a979957490b7368baadd7050fccc5708470d006c097f916e9e

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads