e39914052f4e98ec55870c2ce7558d60826b5641f6cd2017c12cd564800ec0af

Analysis

max time kernel
151s
max time network
126s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
27/05/2024, 22:26

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

207f8c5a451393dc4ab784c60b470740_NeikiAnalytics.exe
Size

184KB
MD5

207f8c5a451393dc4ab784c60b470740
SHA1

b32a4501a9d0d0c365d6267f3389b6273a14415a
SHA256

e39914052f4e98ec55870c2ce7558d60826b5641f6cd2017c12cd564800ec0af
SHA512

c9105de204f7d0708117c8fcd8390627221e241e3173d425ea5a680c4f9b515df68a27b08d21f0d9ef664c2d3c2a318c539d60e2dbab0afc7f77df73c1f4d81b
SSDEEP

3072:BsiyI8of8RTKJqtnt2LR7suhlnViFRn4:Bs3oWqqGLJsuhlnViFR

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2984	Unicorn-64133.exe
2548	Unicorn-59281.exe
3020	Unicorn-52504.exe
2900	Unicorn-32529.exe
2684	Unicorn-52395.exe
3028	Unicorn-64408.exe
2392	Unicorn-5114.exe
1788	Unicorn-11891.exe
1980	Unicorn-12789.exe
1040	Unicorn-30448.exe
1032	Unicorn-31648.exe
1272	Unicorn-921.exe
2760	Unicorn-60983.exe
3032	Unicorn-13412.exe
2256	Unicorn-55000.exe
944	Unicorn-58529.exe
2020	Unicorn-19997.exe
1544	Unicorn-9136.exe
2128	Unicorn-19443.exe
1856	Unicorn-30303.exe
2024	Unicorn-15358.exe
1816	Unicorn-16703.exe
1476	Unicorn-23287.exe
2196	Unicorn-26817.exe
2092	Unicorn-18649.exe
1568	Unicorn-55960.exe
1612	Unicorn-5903.exe
1860	Unicorn-25809.exe
3016	Unicorn-54912.exe
2680	Unicorn-11933.exe
2560	Unicorn-53521.exe
2748	Unicorn-47621.exe
2552	Unicorn-51897.exe
2600	Unicorn-27755.exe
1104	Unicorn-50034.exe
580	Unicorn-22000.exe
840	Unicorn-2971.exe
1396	Unicorn-27284.exe
1768	Unicorn-46889.exe
1116	Unicorn-58010.exe
752	Unicorn-31944.exe
2496	Unicorn-38720.exe
532	Unicorn-61279.exe
2076	Unicorn-54502.exe
2064	Unicorn-7439.exe
744	Unicorn-59141.exe
2292	Unicorn-13469.exe
372	Unicorn-44751.exe
2188	Unicorn-52364.exe
1704	Unicorn-56448.exe
948	Unicorn-3718.exe
1128	Unicorn-31752.exe
2236	Unicorn-15415.exe
2544	Unicorn-50501.exe
2464	Unicorn-50501.exe
2424	Unicorn-22467.exe
2304	Unicorn-20329.exe
2732	Unicorn-54585.exe
2636	Unicorn-11798.exe
488	Unicorn-3630.exe
2844	Unicorn-59416.exe
1564	Unicorn-36303.exe
2152	Unicorn-54777.exe
1352	Unicorn-10983.exe

Loads dropped DLL 64 IoCs

pid	Process
2344	207f8c5a451393dc4ab784c60b470740_NeikiAnalytics.exe
2344	207f8c5a451393dc4ab784c60b470740_NeikiAnalytics.exe
2984	Unicorn-64133.exe
2344	207f8c5a451393dc4ab784c60b470740_NeikiAnalytics.exe
2344	207f8c5a451393dc4ab784c60b470740_NeikiAnalytics.exe
2984	Unicorn-64133.exe
2548	Unicorn-59281.exe
2984	Unicorn-64133.exe
2984	Unicorn-64133.exe
2548	Unicorn-59281.exe
2484	WerFault.exe
2484	WerFault.exe
2484	WerFault.exe
2484	WerFault.exe
2484	WerFault.exe
3020	Unicorn-52504.exe
3020	Unicorn-52504.exe
2900	Unicorn-32529.exe
2548	Unicorn-59281.exe
2900	Unicorn-32529.exe
2548	Unicorn-59281.exe
2508	WerFault.exe
2508	WerFault.exe
2508	WerFault.exe
2508	WerFault.exe
2648	WerFault.exe
2648	WerFault.exe
2648	WerFault.exe
2648	WerFault.exe
2648	WerFault.exe
3028	Unicorn-64408.exe
3028	Unicorn-64408.exe
2508	WerFault.exe
2684	Unicorn-52395.exe
2684	Unicorn-52395.exe
2392	Unicorn-5114.exe
1788	Unicorn-11891.exe
1788	Unicorn-11891.exe
2392	Unicorn-5114.exe
2900	Unicorn-32529.exe
2900	Unicorn-32529.exe
1512	WerFault.exe
1512	WerFault.exe
2988	WerFault.exe
2988	WerFault.exe
1512	WerFault.exe
2988	WerFault.exe
1512	WerFault.exe
2988	WerFault.exe
2988	WerFault.exe
1512	WerFault.exe
1980	Unicorn-12789.exe
1980	Unicorn-12789.exe
3028	Unicorn-64408.exe
3028	Unicorn-64408.exe
1040	Unicorn-30448.exe
1040	Unicorn-30448.exe
1788	Unicorn-11891.exe
1032	Unicorn-31648.exe
1788	Unicorn-11891.exe
1032	Unicorn-31648.exe
2392	Unicorn-5114.exe
2392	Unicorn-5114.exe
1272	Unicorn-921.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2512	2344	WerFault.exe	27
2484	2984	WerFault.exe	28
2508	3020	WerFault.exe	29
2648	2548	WerFault.exe	30
2988	2900	WerFault.exe	33
1512	2684	WerFault.exe	32
1524	3028	WerFault.exe	35
2880	2392	WerFault.exe	36
692	1788	WerFault.exe	37
2460	1980	WerFault.exe	40
2700	1040	WerFault.exe	42
2356	1032	WerFault.exe	45
864	1272	WerFault.exe	44
1800	2760	WerFault.exe	46
940	3032	WerFault.exe	49
1248	2256	WerFault.exe	50
1532	1544	WerFault.exe	53
2556	2128	WerFault.exe	55
1152	2024	WerFault.exe	56
2676	944	WerFault.exe	51
2788	1856	WerFault.exe	54
1620	2020	WerFault.exe	52
1196	1816	WerFault.exe	58
2584	1476	WerFault.exe	60
2960	1860	WerFault.exe	66
2000	1612	WerFault.exe	65
2668	2092	WerFault.exe	63
1948	2552	WerFault.exe	70
1500	2748	WerFault.exe	71
1736	2560	WerFault.exe	69
2768	2600	WerFault.exe	72
108	1704	WerFault.exe	90
1936	580	WerFault.exe	79
3036	372	WerFault.exe	89
1160	948	WerFault.exe	95
2156	2196	WerFault.exe	62
2952	2076	WerFault.exe	86
3080	2292	WerFault.exe	92
3104	744	WerFault.exe	91
3188	2496	WerFault.exe	85
3240	2464	WerFault.exe	105
3296	2188	WerFault.exe	93
3304	752	WerFault.exe	84
3340	1396	WerFault.exe	82
3556	2064	WerFault.exe	88
3840	1568	WerFault.exe	64
3920	2236	WerFault.exe	96
4008	532	WerFault.exe	87
4052	1116	WerFault.exe	81
4076	3016	WerFault.exe	67
3224	2424	WerFault.exe	106
3236	1128	WerFault.exe	94
3336	2544	WerFault.exe	104
3440	1768	WerFault.exe	83
3448	2304	WerFault.exe	108
3480	2680	WerFault.exe	68
3492	1104	WerFault.exe	78
3516	840	WerFault.exe	80
3508	2732	WerFault.exe	109
3596	2636	WerFault.exe	110
3776	488	WerFault.exe	111
3284	1352	WerFault.exe	116
3964	2032	WerFault.exe	118
3996	1028	WerFault.exe	144

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2344	207f8c5a451393dc4ab784c60b470740_NeikiAnalytics.exe
2984	Unicorn-64133.exe
2548	Unicorn-59281.exe
3020	Unicorn-52504.exe
2684	Unicorn-52395.exe
2900	Unicorn-32529.exe
3028	Unicorn-64408.exe
2392	Unicorn-5114.exe
1788	Unicorn-11891.exe
1980	Unicorn-12789.exe
1040	Unicorn-30448.exe
1032	Unicorn-31648.exe
1272	Unicorn-921.exe
2760	Unicorn-60983.exe
3032	Unicorn-13412.exe
2256	Unicorn-55000.exe
944	Unicorn-58529.exe
2020	Unicorn-19997.exe
1544	Unicorn-9136.exe
2128	Unicorn-19443.exe
2024	Unicorn-15358.exe
1856	Unicorn-30303.exe
1816	Unicorn-16703.exe
1476	Unicorn-23287.exe
2196	Unicorn-26817.exe
2092	Unicorn-18649.exe
1568	Unicorn-55960.exe
1612	Unicorn-5903.exe
1860	Unicorn-25809.exe
3016	Unicorn-54912.exe
2748	Unicorn-47621.exe
2560	Unicorn-53521.exe
2680	Unicorn-11933.exe
2552	Unicorn-51897.exe
2600	Unicorn-27755.exe
1104	Unicorn-50034.exe
840	Unicorn-2971.exe
580	Unicorn-22000.exe
1768	Unicorn-46889.exe
1116	Unicorn-58010.exe
1396	Unicorn-27284.exe
752	Unicorn-31944.exe
2496	Unicorn-38720.exe
532	Unicorn-61279.exe
2076	Unicorn-54502.exe
744	Unicorn-59141.exe
2292	Unicorn-13469.exe
1704	Unicorn-56448.exe
372	Unicorn-44751.exe
2188	Unicorn-52364.exe
2064	Unicorn-7439.exe
948	Unicorn-3718.exe
1128	Unicorn-31752.exe
2236	Unicorn-15415.exe
2464	Unicorn-50501.exe
2544	Unicorn-50501.exe
2424	Unicorn-22467.exe
2304	Unicorn-20329.exe
2732	Unicorn-54585.exe
2636	Unicorn-11798.exe
488	Unicorn-3630.exe
2844	Unicorn-59416.exe
1564	Unicorn-36303.exe
2152	Unicorn-54777.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2344 wrote to memory of 2984	2344	207f8c5a451393dc4ab784c60b470740_NeikiAnalytics.exe	28
PID 2344 wrote to memory of 2984	2344	207f8c5a451393dc4ab784c60b470740_NeikiAnalytics.exe	28
PID 2344 wrote to memory of 2984	2344	207f8c5a451393dc4ab784c60b470740_NeikiAnalytics.exe	28
PID 2344 wrote to memory of 2984	2344	207f8c5a451393dc4ab784c60b470740_NeikiAnalytics.exe	28
PID 2344 wrote to memory of 2548	2344	207f8c5a451393dc4ab784c60b470740_NeikiAnalytics.exe	30
PID 2344 wrote to memory of 2548	2344	207f8c5a451393dc4ab784c60b470740_NeikiAnalytics.exe	30
PID 2344 wrote to memory of 2548	2344	207f8c5a451393dc4ab784c60b470740_NeikiAnalytics.exe	30
PID 2344 wrote to memory of 2548	2344	207f8c5a451393dc4ab784c60b470740_NeikiAnalytics.exe	30
PID 2984 wrote to memory of 3020	2984	Unicorn-64133.exe	29
PID 2984 wrote to memory of 3020	2984	Unicorn-64133.exe	29
PID 2984 wrote to memory of 3020	2984	Unicorn-64133.exe	29
PID 2984 wrote to memory of 3020	2984	Unicorn-64133.exe	29
PID 2344 wrote to memory of 2512	2344	207f8c5a451393dc4ab784c60b470740_NeikiAnalytics.exe	31
PID 2344 wrote to memory of 2512	2344	207f8c5a451393dc4ab784c60b470740_NeikiAnalytics.exe	31
PID 2344 wrote to memory of 2512	2344	207f8c5a451393dc4ab784c60b470740_NeikiAnalytics.exe	31
PID 2344 wrote to memory of 2512	2344	207f8c5a451393dc4ab784c60b470740_NeikiAnalytics.exe	31
PID 2984 wrote to memory of 2900	2984	Unicorn-64133.exe	33
PID 2984 wrote to memory of 2900	2984	Unicorn-64133.exe	33
PID 2984 wrote to memory of 2900	2984	Unicorn-64133.exe	33
PID 2984 wrote to memory of 2900	2984	Unicorn-64133.exe	33
PID 2548 wrote to memory of 2684	2548	Unicorn-59281.exe	32
PID 2548 wrote to memory of 2684	2548	Unicorn-59281.exe	32
PID 2548 wrote to memory of 2684	2548	Unicorn-59281.exe	32
PID 2548 wrote to memory of 2684	2548	Unicorn-59281.exe	32
PID 2984 wrote to memory of 2484	2984	Unicorn-64133.exe	34
PID 2984 wrote to memory of 2484	2984	Unicorn-64133.exe	34
PID 2984 wrote to memory of 2484	2984	Unicorn-64133.exe	34
PID 2984 wrote to memory of 2484	2984	Unicorn-64133.exe	34
PID 3020 wrote to memory of 3028	3020	Unicorn-52504.exe	35
PID 3020 wrote to memory of 3028	3020	Unicorn-52504.exe	35
PID 3020 wrote to memory of 3028	3020	Unicorn-52504.exe	35
PID 3020 wrote to memory of 3028	3020	Unicorn-52504.exe	35
PID 2900 wrote to memory of 2392	2900	Unicorn-32529.exe	36
PID 2900 wrote to memory of 2392	2900	Unicorn-32529.exe	36
PID 2900 wrote to memory of 2392	2900	Unicorn-32529.exe	36
PID 2900 wrote to memory of 2392	2900	Unicorn-32529.exe	36
PID 2548 wrote to memory of 1788	2548	Unicorn-59281.exe	37
PID 2548 wrote to memory of 1788	2548	Unicorn-59281.exe	37
PID 2548 wrote to memory of 1788	2548	Unicorn-59281.exe	37
PID 2548 wrote to memory of 1788	2548	Unicorn-59281.exe	37
PID 2548 wrote to memory of 2648	2548	Unicorn-59281.exe	38
PID 2548 wrote to memory of 2648	2548	Unicorn-59281.exe	38
PID 2548 wrote to memory of 2648	2548	Unicorn-59281.exe	38
PID 3020 wrote to memory of 2508	3020	Unicorn-52504.exe	39
PID 2548 wrote to memory of 2648	2548	Unicorn-59281.exe	38
PID 3020 wrote to memory of 2508	3020	Unicorn-52504.exe	39
PID 3020 wrote to memory of 2508	3020	Unicorn-52504.exe	39
PID 3020 wrote to memory of 2508	3020	Unicorn-52504.exe	39
PID 3028 wrote to memory of 1980	3028	Unicorn-64408.exe	40
PID 3028 wrote to memory of 1980	3028	Unicorn-64408.exe	40
PID 3028 wrote to memory of 1980	3028	Unicorn-64408.exe	40
PID 3028 wrote to memory of 1980	3028	Unicorn-64408.exe	40
PID 2684 wrote to memory of 1040	2684	Unicorn-52395.exe	42
PID 2684 wrote to memory of 1040	2684	Unicorn-52395.exe	42
PID 2684 wrote to memory of 1040	2684	Unicorn-52395.exe	42
PID 2684 wrote to memory of 1040	2684	Unicorn-52395.exe	42
PID 1788 wrote to memory of 1032	1788	Unicorn-11891.exe	45
PID 1788 wrote to memory of 1032	1788	Unicorn-11891.exe	45
PID 1788 wrote to memory of 1032	1788	Unicorn-11891.exe	45
PID 1788 wrote to memory of 1032	1788	Unicorn-11891.exe	45
PID 2392 wrote to memory of 1272	2392	Unicorn-5114.exe	44
PID 2392 wrote to memory of 1272	2392	Unicorn-5114.exe	44
PID 2392 wrote to memory of 1272	2392	Unicorn-5114.exe	44
PID 2392 wrote to memory of 1272	2392	Unicorn-5114.exe	44

C:\Users\Admin\AppData\Local\Temp\207f8c5a451393dc4ab784c60b470740_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\207f8c5a451393dc4ab784c60b470740_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2344
- C:\Users\Admin\AppData\Local\Temp\Unicorn-64133.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-64133.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2984
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52504.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52504.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64408.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64408.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12789.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13412.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16703.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50034.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50501.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25888.exe
        10⤵
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56827.exe
        11⤵
        
        PID:3752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3153.exe
        12⤵
        
        PID:4340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12935.exe
        13⤵
        
        PID:5768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44145.exe
        14⤵
        
        PID:8184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62549.exe
        15⤵
        
        PID:4568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8184 -s 216
        15⤵
        
        PID:9276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5768 -s 216
        14⤵
        
        PID:8304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4340 -s 216
        13⤵
        
        PID:6472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3752 -s 236
        12⤵
        
        PID:5752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2672 -s 236
        11⤵
        
        PID:4284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2464 -s 236
        10⤵
        Program crash
        
        PID:3240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28580.exe
        9⤵
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31420.exe
        10⤵
        
        PID:3664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50408.exe
        11⤵
        
        PID:5076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48960.exe
        12⤵
        
        PID:6632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17176.exe
        13⤵
        
        PID:7704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57967.exe
        14⤵
        
        PID:9436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6632 -s 216
        13⤵
        
        PID:8936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5076 -s 216
        12⤵
        
        PID:6404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3664 -s 216
        11⤵
        
        PID:5616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2776 -s 236
        10⤵
        
        PID:4768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1104 -s 220
        9⤵
        Program crash
        
        PID:3492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22467.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46308.exe
        9⤵
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26952.exe
        10⤵
        
        PID:3868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25629.exe
        11⤵
        
        PID:4228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61752.exe
        12⤵
        
        PID:5740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58296.exe
        13⤵
        
        PID:7768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19872.exe
        14⤵
        
        PID:8556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7768 -s 236
        14⤵
        
        PID:8888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5740 -s 216
        13⤵
        
        PID:8012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4228 -s 216
        12⤵
        
        PID:6188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3868 -s 216
        11⤵
        
        PID:4148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2644 -s 216
        10⤵
        
        PID:4316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2424 -s 236
        9⤵
        Program crash
        
        PID:3224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1816 -s 240
        8⤵
        Program crash
        
        PID:1196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22000.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58430.exe
        8⤵
        
        PID:2132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21441.exe
        9⤵
        
        PID:3608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8991.exe
        10⤵
        
        PID:4852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54160.exe
        11⤵
        
        PID:5388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50019.exe
        12⤵
        
        PID:8020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40759.exe
        13⤵
        
        PID:9080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8020 -s 220
        13⤵
        
        PID:9488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5388 -s 216
        12⤵
        
        PID:8196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4852 -s 216
        11⤵
        
        PID:6356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3608 -s 236
        10⤵
        
        PID:5500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2132 -s 216
        9⤵
        
        PID:4116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 580 -s 236
        8⤵
        Program crash
        
        PID:1936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3032 -s 240
        7⤵
        Program crash
        
        PID:940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23287.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2971.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50501.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5467.exe
        9⤵
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32982.exe
        10⤵
        
        PID:3112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23138.exe
        11⤵
        
        PID:5244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21099.exe
        12⤵
        
        PID:6804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57723.exe
        13⤵
        
        PID:9068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6804 -s 216
        13⤵
        
        PID:4364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5244 -s 236
        12⤵
        
        PID:8048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3112 -s 236
        11⤵
        
        PID:5904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2348 -s 236
        10⤵
        
        PID:4900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2544 -s 236
        9⤵
        Program crash
        
        PID:3336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38694.exe
        8⤵
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20429.exe
        9⤵
        
        PID:4036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26236.exe
        10⤵
        
        PID:5892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59583.exe
        11⤵
        
        PID:7204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39524.exe
        12⤵
        
        PID:1780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7204 -s 236
        12⤵
        
        PID:8668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5892 -s 216
        11⤵
        
        PID:8036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4036 -s 236
        10⤵
        
        PID:6580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2968 -s 216
        9⤵
        
        PID:4216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 840 -s 220
        8⤵
        Program crash
        
        PID:3516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1476 -s 236
        7⤵
        Program crash
        
        PID:2584
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1980 -s 240
        6⤵
        Program crash
        
        PID:2460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55000.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26817.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52364.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61575.exe
        8⤵
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32515.exe
        9⤵
        
        PID:3908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27767.exe
        10⤵
        
        PID:4176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65452.exe
        11⤵
        
        PID:2192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57611.exe
        12⤵
        
        PID:7928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13540.exe
        13⤵
        
        PID:9148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7928 -s 216
        13⤵
        
        PID:5104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2192 -s 216
        12⤵
        
        PID:7644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4176 -s 216
        11⤵
        
        PID:7012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3908 -s 236
        10⤵
        
        PID:5068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2032 -s 216
        9⤵
        Program crash
        
        PID:3964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2188 -s 236
        8⤵
        Program crash
        
        PID:3296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2815.exe
        7⤵
        
        PID:1516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7626.exe
        8⤵
        
        PID:3708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19106.exe
        9⤵
        
        PID:4928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31794.exe
        10⤵
        
        PID:6248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65525.exe
        11⤵
        
        PID:7804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50764.exe
        12⤵
        
        PID:9084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7804 -s 236
        12⤵
        
        PID:9608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6248 -s 216
        11⤵
        
        PID:8516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4928 -s 216
        10⤵
        
        PID:6332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3708 -s 216
        9⤵
        
        PID:5484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1516 -s 236
        8⤵
        
        PID:4136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2196 -s 240
        7⤵
        Program crash
        
        PID:2156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59141.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11798.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32302.exe
        8⤵
        
        PID:1464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53786.exe
        9⤵
        
        PID:3740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48187.exe
        10⤵
        
        PID:4260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1861.exe
        11⤵
        
        PID:5440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59282.exe
        12⤵
        
        PID:7748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24999.exe
        13⤵
        
        PID:4420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7748 -s 216
        13⤵
        
        PID:9480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5440 -s 216
        12⤵
        
        PID:8424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4260 -s 216
        11⤵
        
        PID:7028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3740 -s 236
        10⤵
        
        PID:4272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52826.exe
        9⤵
        
        PID:4356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1861.exe
        10⤵
        
        PID:5428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55665.exe
        11⤵
        
        PID:7864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36208.exe
        12⤵
        
        PID:8796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7864 -s 216
        12⤵
        
        PID:4548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5428 -s 216
        11⤵
        
        PID:7272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4356 -s 236
        10⤵
        
        PID:7036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1464 -s 220
        9⤵
        
        PID:4620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2636 -s 236
        8⤵
        Program crash
        
        PID:3596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30910.exe
        7⤵
        
        PID:856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19879.exe
        8⤵
        
        PID:3808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5675.exe
        9⤵
        
        PID:4592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-382.exe
        10⤵
        
        PID:6492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21286.exe
        11⤵
        
        PID:7916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3701.exe
        12⤵
        
        PID:4384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7916 -s 236
        12⤵
        
        PID:9628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6492 -s 216
        11⤵
        
        PID:8524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4592 -s 216
        10⤵
        
        PID:6716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3808 -s 236
        9⤵
        
        PID:5828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 856 -s 236
        8⤵
        
        PID:4436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 744 -s 240
        7⤵
        Program crash
        
        PID:3104
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2256 -s 240
        6⤵
        Program crash
        
        PID:1248
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3028 -s 240
        5⤵
        Program crash
        
        PID:1524
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3020 -s 216
      4⤵
      Loads dropped DLL
      Program crash
      PID:2508
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32529.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32529.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5114.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5114.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-921.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19443.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11933.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31752.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11689.exe
        9⤵
        
        PID:2208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49510.exe
        10⤵
        
        PID:3928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27414.exe
        11⤵
        
        PID:5200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37435.exe
        12⤵
        
        PID:7044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57531.exe
        13⤵
        
        PID:9132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7044 -s 236
        13⤵
        
        PID:4348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5200 -s 236
        12⤵
        
        PID:7176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3928 -s 216
        11⤵
        
        PID:5876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2208 -s 236
        10⤵
        
        PID:4840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1128 -s 236
        9⤵
        Program crash
        
        PID:3236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44917.exe
        8⤵
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26075.exe
        9⤵
        
        PID:3848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38156.exe
        10⤵
        
        PID:5112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12935.exe
        11⤵
        
        PID:5748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33792.exe
        12⤵
        
        PID:7728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54573.exe
        13⤵
        
        PID:9184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7728 -s 216
        13⤵
        
        PID:9236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5748 -s 216
        12⤵
        
        PID:7900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5112 -s 216
        11⤵
        
        PID:6480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3848 -s 236
        10⤵
        
        PID:5624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1596 -s 216
        9⤵
        
        PID:4920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2680 -s 240
        8⤵
        Program crash
        
        PID:3480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3718.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54777.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12888.exe
        9⤵
        
        PID:3272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50024.exe
        10⤵
        
        PID:4740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12935.exe
        11⤵
        
        PID:5792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57611.exe
        12⤵
        
        PID:7920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52544.exe
        13⤵
        
        PID:8604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7920 -s 216
        13⤵
        
        PID:4200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5792 -s 216
        12⤵
        
        PID:7700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4740 -s 216
        11⤵
        
        PID:6484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3272 -s 216
        10⤵
        
        PID:5420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2152 -s 236
        9⤵
        
        PID:3828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 948 -s 236
        8⤵
        Program crash
        
        PID:1160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2128 -s 240
        7⤵
        Program crash
        
        PID:2556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53521.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56448.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3630.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50776.exe
        9⤵
        
        PID:1364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51731.exe
        10⤵
        
        PID:3552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55670.exe
        11⤵
        
        PID:4624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4959.exe
        12⤵
        
        PID:6044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56973.exe
        13⤵
        
        PID:7576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61096.exe
        14⤵
        
        PID:9036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7576 -s 216
        14⤵
        
        PID:6004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6044 -s 216
        13⤵
        
        PID:8388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4624 -s 216
        12⤵
        
        PID:5912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3552 -s 216
        11⤵
        
        PID:5336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13822.exe
        10⤵
        
        PID:4780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42380.exe
        11⤵
        
        PID:5700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17124.exe
        12⤵
        
        PID:916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61423.exe
        13⤵
        
        PID:8944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 916 -s 236
        13⤵
        
        PID:8900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5700 -s 236
        12⤵
        
        PID:7816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4780 -s 216
        11⤵
        
        PID:6360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1364 -s 240
        10⤵
        
        PID:5088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 488 -s 236
        9⤵
        Program crash
        
        PID:3776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33588.exe
        8⤵
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60335.exe
        9⤵
        
        PID:3576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23958.exe
        10⤵
        
        PID:5040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29656.exe
        11⤵
        
        PID:6312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44145.exe
        12⤵
        
        PID:8172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61096.exe
        13⤵
        
        PID:9064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8172 -s 216
        13⤵
        
        PID:5996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6312 -s 216
        12⤵
        
        PID:8296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5040 -s 236
        11⤵
        
        PID:6588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3576 -s 216
        10⤵
        
        PID:5584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2084 -s 236
        9⤵
        
        PID:4124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1704 -s 240
        8⤵
        Program crash
        
        PID:108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59416.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51316.exe
        8⤵
        
        PID:624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-444.exe
        9⤵
        
        PID:3316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29412.exe
        10⤵
        
        PID:4956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3013.exe
        11⤵
        
        PID:6284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14549.exe
        12⤵
        
        PID:7488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40292.exe
        13⤵
        
        PID:8680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7488 -s 216
        13⤵
        
        PID:4280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6284 -s 216
        12⤵
        
        PID:7512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4956 -s 216
        11⤵
        
        PID:6508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3316 -s 216
        10⤵
        
        PID:5528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 624 -s 236
        9⤵
        
        PID:3948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33863.exe
        8⤵
        
        PID:3380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50024.exe
        9⤵
        
        PID:4748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4959.exe
        10⤵
        
        PID:6056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-543.exe
        11⤵
        
        PID:7624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19872.exe
        12⤵
        
        PID:3600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7624 -s 216
        12⤵
        
        PID:4196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6056 -s 216
        11⤵
        
        PID:7632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4748 -s 216
        10⤵
        
        PID:6304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3380 -s 236
        9⤵
        
        PID:5412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2844 -s 240
        8⤵
        
        PID:3856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2560 -s 240
        7⤵
        Program crash
        
        PID:1736
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1272 -s 240
        6⤵
        Program crash
        
        PID:864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30303.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47621.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7439.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9852.exe
        8⤵
        
        PID:872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24155.exe
        9⤵
        
        PID:4028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4388.exe
        10⤵
        
        PID:4716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45136.exe
        11⤵
        
        PID:7068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3719.exe
        12⤵
        
        PID:8672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7068 -s 216
        12⤵
        
        PID:8932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4716 -s 236
        11⤵
        
        PID:7468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4028 -s 216
        10⤵
        
        PID:5228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 872 -s 216
        9⤵
        
        PID:4880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2064 -s 236
        8⤵
        Program crash
        
        PID:3556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2748 -s 216
        7⤵
        Program crash
        
        PID:1500
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1856 -s 236
        6⤵
        Program crash
        
        PID:2788
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2392 -s 220
        5⤵
        Program crash
        
        PID:2880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60983.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60983.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15358.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51897.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20329.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57190.exe
        8⤵
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20429.exe
        9⤵
        
        PID:4048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38296.exe
        10⤵
        
        PID:5728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23346.exe
        11⤵
        
        PID:6664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1916.exe
        12⤵
        
        PID:9028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6664 -s 236
        12⤵
        
        PID:8988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5728 -s 236
        11⤵
        
        PID:7752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4048 -s 236
        10⤵
        
        PID:6380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2908 -s 216
        9⤵
        
        PID:4252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2304 -s 236
        8⤵
        Program crash
        
        PID:3448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2552 -s 236
        7⤵
        Program crash
        
        PID:1948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44751.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36303.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63760.exe
        8⤵
        
        PID:2148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49645.exe
        9⤵
        
        PID:3408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47886.exe
        10⤵
        
        PID:4816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27518.exe
        11⤵
        
        PID:6096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57995.exe
        12⤵
        
        PID:8084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8003.exe
        13⤵
        
        PID:8996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8084 -s 216
        13⤵
        
        PID:5984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6096 -s 216
        12⤵
        
        PID:8228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4816 -s 216
        11⤵
        
        PID:6308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3408 -s 216
        10⤵
        
        PID:5460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2148 -s 236
        9⤵
        
        PID:3400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5851.exe
        8⤵
        
        PID:3456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43994.exe
        9⤵
        
        PID:4684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6905.exe
        10⤵
        
        PID:5296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64025.exe
        11⤵
        
        PID:7836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10141.exe
        12⤵
        
        PID:8876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7836 -s 216
        12⤵
        
        PID:8488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5296 -s 216
        11⤵
        
        PID:8100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4684 -s 216
        10⤵
        
        PID:6396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3456 -s 236
        9⤵
        
        PID:5352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1564 -s 240
        8⤵
        
        PID:3936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58093.exe
        7⤵
        
        PID:240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35831.exe
        8⤵
        
        PID:3496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26354.exe
        8⤵
        
        PID:3156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60387.exe
        9⤵
        
        PID:4972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1918.exe
        10⤵
        
        PID:6780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35354.exe
        11⤵
        
        PID:7608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20448.exe
        12⤵
        
        PID:8848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7608 -s 216
        12⤵
        
        PID:8476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6780 -s 216
        11⤵
        
        PID:7636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4972 -s 216
        10⤵
        
        PID:7232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3156 -s 236
        9⤵
        
        PID:5256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 240 -s 240
        8⤵
        
        PID:5052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 372 -s 220
        7⤵
        Program crash
        
        PID:3036
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2024 -s 240
        6⤵
        Program crash
        
        PID:1152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27755.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15415.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4206.exe
        7⤵
        
        PID:892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61378.exe
        8⤵
        
        PID:3728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21000.exe
        9⤵
        
        PID:5312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57471.exe
        10⤵
        
        PID:6640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59669.exe
        11⤵
        
        PID:9124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6640 -s 236
        11⤵
        
        PID:8324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5312 -s 236
        10⤵
        
        PID:7964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3728 -s 236
        9⤵
        
        PID:5712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 892 -s 236
        8⤵
        
        PID:4704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2236 -s 236
        7⤵
        Program crash
        
        PID:3920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10983.exe
        6⤵
        Executes dropped EXE
        
        PID:1352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53345.exe
        7⤵
        
        PID:3148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51731.exe
        8⤵
        
        PID:3632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24233.exe
        9⤵
        
        PID:5036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43335.exe
        10⤵
        
        PID:6860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10735.exe
        11⤵
        
        PID:8452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6860 -s 216
        11⤵
        
        PID:2180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5036 -s 216
        10⤵
        
        PID:7280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3632 -s 236
        9⤵
        
        PID:6068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3148 -s 216
        8⤵
        
        PID:4760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1352 -s 236
        7⤵
        Program crash
        
        PID:3284
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2600 -s 240
        6⤵
        Program crash
        
        PID:2768
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2760 -s 240
        5⤵
        Program crash
        
        PID:1800
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2900 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:2988
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2984 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2484
- C:\Users\Admin\AppData\Local\Temp\Unicorn-59281.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-59281.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2548
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52395.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52395.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30448.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30448.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58529.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18649.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31944.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23750.exe
        8⤵
        
        PID:992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21441.exe
        9⤵
        
        PID:3620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36210.exe
        10⤵
        
        PID:5012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42572.exe
        11⤵
        
        PID:5856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48042.exe
        12⤵
        
        PID:6504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28175.exe
        13⤵
        
        PID:8880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6504 -s 236
        13⤵
        
        PID:8472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5856 -s 216
        12⤵
        
        PID:7888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5012 -s 216
        11⤵
        
        PID:6560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3620 -s 216
        10⤵
        
        PID:5560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 992 -s 236
        9⤵
        
        PID:4168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 752 -s 236
        8⤵
        Program crash
        
        PID:3304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2092 -s 236
        7⤵
        Program crash
        
        PID:2668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38720.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32795.exe
        7⤵
        
        PID:1588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38737.exe
        8⤵
        
        PID:3872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8581.exe
        9⤵
        
        PID:4896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17788.exe
        10⤵
        
        PID:6460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10932.exe
        11⤵
        
        PID:8112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58849.exe
        12⤵
        
        PID:8692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8112 -s 216
        12⤵
        
        PID:9344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6460 -s 216
        11⤵
        
        PID:8236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4896 -s 216
        10⤵
        
        PID:6900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3872 -s 216
        9⤵
        
        PID:5968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1588 -s 216
        8⤵
        
        PID:4584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2496 -s 236
        7⤵
        Program crash
        
        PID:3188
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 944 -s 240
        6⤵
        Program crash
        
        PID:2676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55960.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13469.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45649.exe
        7⤵
        
        PID:1388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62089.exe
        8⤵
        
        PID:3208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9868.exe
        9⤵
        
        PID:4448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43278.exe
        10⤵
        
        PID:5708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46921.exe
        11⤵
        
        PID:7780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24039.exe
        12⤵
        
        PID:8788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7780 -s 216
        12⤵
        
        PID:9332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5708 -s 216
        11⤵
        
        PID:8028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4448 -s 216
        10⤵
        
        PID:6152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3208 -s 236
        9⤵
        
        PID:5084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1388 -s 236
        8⤵
        
        PID:3760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2292 -s 216
        7⤵
        Program crash
        
        PID:3080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2623.exe
        6⤵
        
        PID:1644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50688.exe
        7⤵
        
        PID:3392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29277.exe
        8⤵
        
        PID:4516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6049.exe
        9⤵
        
        PID:7104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30554.exe
        10⤵
        
        PID:8640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7104 -s 216
        10⤵
        
        PID:8632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4516 -s 236
        9⤵
        
        PID:7480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3392 -s 216
        8⤵
        
        PID:5156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1644 -s 236
        7⤵
        
        PID:4464
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1568 -s 240
        6⤵
        Program crash
        
        PID:3840
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1040 -s 240
        5⤵
        Program crash
        
        PID:2700
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2684 -s 216
      4⤵
      Loads dropped DLL
      Program crash
      PID:1512
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11891.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11891.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31648.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31648.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9136.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5903.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58010.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46993.exe
        8⤵
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14123.exe
        9⤵
        
        PID:3816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56002.exe
        10⤵
        
        PID:5136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52510.exe
        11⤵
        
        PID:676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1916.exe
        12⤵
        
        PID:9000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 676 -s 216
        12⤵
        
        PID:5096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5136 -s 236
        11⤵
        
        PID:7904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3816 -s 216
        10⤵
        
        PID:5844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2856 -s 216
        9⤵
        
        PID:4776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1116 -s 216
        8⤵
        Program crash
        
        PID:4052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1612 -s 236
        7⤵
        Program crash
        
        PID:2000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46889.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54585.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65358.exe
        8⤵
        
        PID:1028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1028 -s 220
        9⤵
        Program crash
        
        PID:3996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2732 -s 236
        8⤵
        Program crash
        
        PID:3508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6598.exe
        7⤵
        
        PID:2300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33558.exe
        8⤵
        
        PID:3464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30289.exe
        9⤵
        
        PID:4404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36205.exe
        10⤵
        
        PID:6032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1721.exe
        11⤵
        
        PID:7384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54874.exe
        12⤵
        
        PID:8464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7384 -s 236
        12⤵
        
        PID:3388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6032 -s 216
        11⤵
        
        PID:8180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4404 -s 236
        10⤵
        
        PID:6692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3464 -s 236
        9⤵
        
        PID:4792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12369.exe
        8⤵
        
        PID:4476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54160.exe
        9⤵
        
        PID:5380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26247.exe
        10⤵
        
        PID:7516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54573.exe
        11⤵
        
        PID:4368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7516 -s 216
        11⤵
        
        PID:9228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5380 -s 220
        10⤵
        
        PID:8356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4476 -s 216
        9⤵
        
        PID:6348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2300 -s 240
        8⤵
        
        PID:4980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1768 -s 240
        7⤵
        Program crash
        
        PID:3440
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1544 -s 240
        6⤵
        Program crash
        
        PID:1532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25809.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27284.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55161.exe
        7⤵
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16179.exe
        8⤵
        
        PID:3952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51451.exe
        9⤵
        
        PID:5108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26506.exe
        10⤵
        
        PID:6936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48260.exe
        11⤵
        
        PID:8480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6936 -s 236
        11⤵
        
        PID:7956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5108 -s 236
        10⤵
        
        PID:7328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3952 -s 216
        9⤵
        
        PID:6100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3048 -s 236
        8⤵
        
        PID:4804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1396 -s 236
        7⤵
        Program crash
        
        PID:3340
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1860 -s 236
        6⤵
        Program crash
        
        PID:2960
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1032 -s 240
        5⤵
        Program crash
        
        PID:2356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19997.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19997.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54912.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54502.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45047.exe
        7⤵
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31088.exe
        8⤵
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58197.exe
        9⤵
        
        PID:3644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19106.exe
        10⤵
        
        PID:4936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23242.exe
        11⤵
        
        PID:5928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26247.exe
        12⤵
        
        PID:7476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7702.exe
        13⤵
        
        PID:4692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7476 -s 220
        13⤵
        
        PID:9308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5928 -s 220
        12⤵
        
        PID:8348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4936 -s 216
        11⤵
        
        PID:6568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3644 -s 216
        10⤵
        
        PID:5512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2312 -s 236
        9⤵
        
        PID:4156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26079.exe
        8⤵
        
        PID:3680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20860.exe
        9⤵
        
        PID:4652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58628.exe
        10⤵
        
        PID:6168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37160.exe
        11⤵
        
        PID:6256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49280.exe
        12⤵
        
        PID:8776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6256 -s 216
        12⤵
        
        PID:9160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6168 -s 236
        11⤵
        
        PID:7660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4652 -s 216
        10⤵
        
        PID:6924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3680 -s 216
        9⤵
        
        PID:5344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2260 -s 240
        8⤵
        
        PID:3824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2076 -s 236
        7⤵
        Program crash
        
        PID:2952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51824.exe
        6⤵
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49318.exe
        7⤵
        
        PID:4040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27658.exe
        8⤵
        
        PID:4720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52406.exe
        9⤵
        
        PID:6208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28193.exe
        10⤵
        
        PID:7648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19353.exe
        11⤵
        
        PID:8660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7648 -s 216
        11⤵
        
        PID:9600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6208 -s 216
        10⤵
        
        PID:8380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4720 -s 216
        9⤵
        
        PID:6264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4040 -s 236
        8⤵
        
        PID:5396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2836 -s 236
        7⤵
        
        PID:4524
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3016 -s 240
        6⤵
        Program crash
        
        PID:4076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61279.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16843.exe
        6⤵
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51072.exe
        7⤵
        
        PID:3700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21000.exe
        8⤵
        
        PID:5320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1363.exe
        9⤵
        
        PID:6944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38974.exe
        10⤵
        
        PID:8836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6944 -s 216
        10⤵
        
        PID:4456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5320 -s 236
        9⤵
        
        PID:7828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3700 -s 216
        8⤵
        
        PID:5872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2964 -s 236
        7⤵
        
        PID:4680
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 532 -s 236
        6⤵
        Program crash
        
        PID:4008
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2020 -s 240
        5⤵
        Program crash
        
        PID:1620
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1788 -s 240
      4⤵
      Program crash
      PID:692
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2548 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2648
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2344 -s 240
  2⤵
  - Program crash
  PID:2512

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-11891.exe

Filesize
184KB

MD5
30d4a7de27d27141f2554c10807b8862

SHA1
079ed258be67fc1bdadbc52be1e42f0da491c577

SHA256
4cfca341b2493b97ed9a01ff80ed47987f43f58bd094731592ba50431ff788a3

SHA512
3f6ac0091ecf830d85825c1e6143ec9682d9ce2a4aad818fdf818e8620feb216a7d76000114850c96720d88c3961b9c1af611f54cd8a2c7bf871602211b6c423

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31648.exe

Filesize
184KB

MD5
cdb7c5acd23c98a2c8fe9a000ac94ae1

SHA1
96f8ca3310017b2f59330e47fbcd7d4e05a2fadc

SHA256
6a1dd59c3da83532e58c0e3378e286b6caaec1547c0e60d29e1c42ed65c697cf

SHA512
ee1821ce4b5a494ef83a2b7ca2f26168065fbbf1e377e6eb0a81b6e6e5cec4d74ae2fe40d318501e34f18abe8abaf4efbe63406658818e3f042552fcee779ad5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52395.exe

Filesize
184KB

MD5
5b50123d5526806cfc55c0245b901c39

SHA1
7ebd6fd79368759b0627b0ed375ed7cd15b0f892

SHA256
54d2029bfc9608defd1119d362c0c730e9ccc0a9852c48d0ac8b1c82364426a0

SHA512
8201cbf2e388f4468ad2f453b4e7c87f9ec42b98c2e8c0e2382b5e0073495b43ddc7e1038ce86530fc6ab80cd1b4b713c388446c885c9db36a72a448b5316a2e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5467.exe

Filesize
184KB

MD5
336e41cd01c13160ead2874127c05420

SHA1
ca87429d7781929366078ffa9d99e6f3836ae241

SHA256
57a1d8174b52e63e390a95e3451592e9a38b07b1807519aa0ab1011508321177

SHA512
73bfe36cd5f6d54c272bc9563980e934470b6039e73113d7bf7e77f3841e151d7524d698fa8ca08e2bee159cf442a008bb09238ed2daaf56354b48ac0ae4c4e9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5675.exe

Filesize
184KB

MD5
d00a61a9517c92cf562be0ed9f934cda

SHA1
1dc30d5434b32376989b88e88c4fa6a4a47c1894

SHA256
3782a8e91fb32de8b24f3456f95b8bc53ff01dc002b7a444d354396b51178bf9

SHA512
453bf76e89083bba07a58e1f1828978bcea48a917acd6bd17938d8a422a3e80865942df7a635dbf1ced3cc303d95dd0d7bcccd0f509f50f29df3ac77bfb157ce

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5903.exe

Filesize
184KB

MD5
775f1c0a20f5b95c07af7fb073a4b739

SHA1
fa2dfc0ba012d849a61d0839d15a340cc1c8a3e0

SHA256
ee1875763fc88b608a5b7f2a574af35f5e5f2445dd74602447aea09e4d6063a1

SHA512
59441acc70b57da7ea7b4461c7df7ffbd7b5783ebd09a9844c7aaa14821ee2609f6ce2d1dab4726bef8784b58dce5874b4ad3c433e13ccbcd2f8e34168aa6685

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-921.exe

Filesize
184KB

MD5
2d9ef1965799cd130c3e998d2dd876cd

SHA1
aedb7b7f6893f64baa259587a9523bcb074cc586

SHA256
a4b15d72dbe7d5f67f65c60c3de887f445c108ec6879450038d55a644f925b18

SHA512
9327ca349c8ef1cca2e612961f6632a7791c1be83de0cd0bfa60e53b900fdf344605804da49daca9b4b96b0d35c2a786d23f024c6c78ce4920fdd7558184a664

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-12789.exe

Filesize
184KB

MD5
df6d68484c6a2cdcddf5ae7f9db7c2bc

SHA1
d0be3d14128ccacd0d6f26e2bef9060c089b17cf

SHA256
3244f26f7ce841ce66f7c004cc4b21358fe07e4da60fc0a55c0a408b545cd1d8

SHA512
2012db9713d537a01cf9bd9e1d7c7c50a4a8e9e8e4abb0cfb22295533240e8660177555e28479cc99e6bb9fe334fe32359e5a3c8558624c18fa58ee05caf78d7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-30448.exe

Filesize
184KB

MD5
7fb899e6a842ca90c5fd4aea6939c209

SHA1
8eec395daed1876d4694e45797c0e535cd8fb07b

SHA256
edde2a2e3351367ba356b47de36348c252019b9517293e63a7338ee95505844d

SHA512
b7ad0bb13e774d7fd8e8c79be02840fc9a6b4f03fb028a0e923160a555bc116936fd04b742399e13f004ae9b27add3b214406e642c8e9c1ab9d3c408df79a3bc

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-32529.exe

Filesize
184KB

MD5
e79be66c9cca9638fe9b6f7d5fbf2fd4

SHA1
7b219a1653dd775eeb464427adcf5cd57ad3130f

SHA256
a2a35f463058687f414ebf32e262f3176499dc04c077c18f34df0c8370f5d89c

SHA512
e6e4d7cbd5c29586a8555a0e2fec483eb746c8a4656d0559213f0a02b503f576b15d1d0676ec42d73a4529a461c30b9534edf249ed40619e5f522aee8b6eceb4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-5114.exe

Filesize
184KB

MD5
c60f10ab4bd8ac2f74c2aa982b5f750e

SHA1
452b34944d9ec234a4c5578dc9bb69b16763fcc1

SHA256
08f671d11cd0859289cd4b1061e67cd6c7525ae11dd439f4de5016a5a9c47f08

SHA512
8e03958a7346bfafad6627898cd6e17fb161b84d816911d6777074eaf04702b0efc838ce9a61605761aeafe07b02fc5f840ef93c360e82bd42c818e31d22bb66

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-52504.exe

Filesize
184KB

MD5
878bbb8e4a3a1875340c09815af79e75

SHA1
1ae96a28cc46f16b6cd38ac0b5e581433394b755

SHA256
a876f18bca785028d80cf4db5fdc7300ff614e92f8b7ed164288855005645adc

SHA512
4324732722d167d054d678c7824bdb10a29d38df3be69bfe4114b082ecca4d212543c2da388af26ef1da7de8916b74713f9dc1ebc2098fa4021a2df2c0a774c6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-59281.exe

Filesize
184KB

MD5
a9b6b61601508259ef3b30ef79a1a0aa

SHA1
c0fdce796c5f0dad6c8b06947182ea30763dbaf8

SHA256
e8235c6768fc45584396b98b03fb2b0586095f997e5f9a7488c42bc8269c3d27

SHA512
bde2613cf63c215ce18e4552331b04624e10d4f8491e3bbdcd206fa02ef990f170417da44446655db9020ebbd9fae14b128e3ac8b382ce5560e82ab52a6de084

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60983.exe

Filesize
184KB

MD5
6932a1cdde1619fc435217db186f8b40

SHA1
c7342950aea44c812b375c7d9ddb3a96e3d643c2

SHA256
2d9d088e6ffa801a15c243adef5bada7314b4546eaf4383b07e13125c2b016fa

SHA512
37e022c3110af7f1676002521b4e456839f84b1d75f13966f6c07d233b4172b20ce96f3385eda3481cddcc91a345f30113fa317859deba048d507df01d25aa51

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-64133.exe

Filesize
184KB

MD5
4e7a9e124f33da34b1993463678c7fcc

SHA1
d1fef5f5a0425a4957dbae5807a041754151af39

SHA256
9547d52a241c44e0c7a7af4e1824e31310ec90d30484848f1cf85b0f8baa86a1

SHA512
bbe1e44c083d3bd2a58c6503b5485b7661919e19f69d47471e483bb5c56d67fd1129559a437ef0c96405a69badf0b3b073c39dcaa07ec7dbaddcecdb37fd8f25

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-64408.exe

Filesize
184KB

MD5
db27363c82bdb46e1f3c22d9c790e4c6

SHA1
1cc40120f8664b3b3536d3b2f37c03890483eb6c

SHA256
722ce51d560a4e1b90750266546242b58a1bbef3ffa14938829eaece5a0282ad

SHA512
4d033e3bfa632b90b741c341eaca79ef4aa7641e21090dd0f6a14589a1efb19c44a9ef8089f4ab3f8af34322a3ef0dd8f620cf33e4599a836a4708d55c91a689

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads