00fdae173a6787285c188ff9c5b7e2ef09ed74af4fbd3c9d5d78da35e45bff69

Analysis

max time kernel
150s
max time network
126s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
29/05/2024, 05:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

44762606f4468bf254d6c1e42ea6c950_NeikiAnalytics.exe
Size

184KB
MD5

44762606f4468bf254d6c1e42ea6c950
SHA1

40020765cf45d06dab82a420a8b5a8c8bdc45ed9
SHA256

00fdae173a6787285c188ff9c5b7e2ef09ed74af4fbd3c9d5d78da35e45bff69
SHA512

428fd3f42e7eb8510ae1f1a41de9ebe630ef0f9480b077f16c2f9be37e424a412ce41a0d45626287cfeb1afaccf9ee03e36ed5ccd414c4e23d8e4b63895639b1
SSDEEP

3072:eV63OxoPqQv4dDDAenyLRWirPlowiFHM:eVJoNkDD2LUirPlowiFH

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2912	Unicorn-45719.exe
2664	Unicorn-51277.exe
2552	Unicorn-14883.exe
2748	Unicorn-32798.exe
2444	Unicorn-55885.exe
2524	Unicorn-48942.exe
1200	Unicorn-8947.exe
1428	Unicorn-61718.exe
2080	Unicorn-16047.exe
2604	Unicorn-7878.exe
2248	Unicorn-53550.exe
1620	Unicorn-4199.exe
1760	Unicorn-50940.exe
1724	Unicorn-47536.exe
804	Unicorn-39176.exe
1656	Unicorn-39176.exe
2928	Unicorn-35838.exe
2980	Unicorn-55704.exe
2204	Unicorn-19886.exe
1468	Unicorn-23582.exe
844	Unicorn-48086.exe
1628	Unicorn-28220.exe
1080	Unicorn-61537.exe
1144	Unicorn-3208.exe
2400	Unicorn-44049.exe
2296	Unicorn-48688.exe
1700	Unicorn-56856.exe
2176	Unicorn-44625.exe
2988	Unicorn-8423.exe
2232	Unicorn-3592.exe
2832	Unicorn-60961.exe
2752	Unicorn-24567.exe
2772	Unicorn-63815.exe
2872	Unicorn-2917.exe
2456	Unicorn-11085.exe
2468	Unicorn-22783.exe
2340	Unicorn-39695.exe
1492	Unicorn-6254.exe
1384	Unicorn-60094.exe
1416	Unicorn-52090.exe
1852	Unicorn-3958.exe
1360	Unicorn-7912.exe
1944	Unicorn-35946.exe
2276	Unicorn-51322.exe
1476	Unicorn-23288.exe
2000	Unicorn-26626.exe
1128	Unicorn-31264.exe
944	Unicorn-64705.exe
1092	Unicorn-34794.exe
1740	Unicorn-2697.exe
3040	Unicorn-51706.exe
2976	Unicorn-15504.exe
1044	Unicorn-18842.exe
2744	Unicorn-11607.exe
2796	Unicorn-46392.exe
2700	Unicorn-46968.exe
2612	Unicorn-46776.exe
2840	Unicorn-17782.exe
1956	Unicorn-62536.exe
2480	Unicorn-42739.exe
2420	Unicorn-23449.exe
2256	Unicorn-34955.exe
952	Unicorn-17659.exe
1936	Unicorn-17467.exe

Loads dropped DLL 64 IoCs

pid	Process
2656	44762606f4468bf254d6c1e42ea6c950_NeikiAnalytics.exe
2656	44762606f4468bf254d6c1e42ea6c950_NeikiAnalytics.exe
2912	Unicorn-45719.exe
2912	Unicorn-45719.exe
2656	44762606f4468bf254d6c1e42ea6c950_NeikiAnalytics.exe
2656	44762606f4468bf254d6c1e42ea6c950_NeikiAnalytics.exe
2552	Unicorn-14883.exe
2552	Unicorn-14883.exe
2664	Unicorn-51277.exe
2664	Unicorn-51277.exe
2912	Unicorn-45719.exe
2912	Unicorn-45719.exe
588	WerFault.exe
588	WerFault.exe
588	WerFault.exe
588	WerFault.exe
588	WerFault.exe
2748	Unicorn-32798.exe
2748	Unicorn-32798.exe
2552	Unicorn-14883.exe
2552	Unicorn-14883.exe
2524	Unicorn-48942.exe
2524	Unicorn-48942.exe
2444	Unicorn-55885.exe
2444	Unicorn-55885.exe
2664	Unicorn-51277.exe
2664	Unicorn-51277.exe
1964	WerFault.exe
1964	WerFault.exe
1964	WerFault.exe
1964	WerFault.exe
1916	WerFault.exe
1916	WerFault.exe
1916	WerFault.exe
1916	WerFault.exe
1964	WerFault.exe
1916	WerFault.exe
1200	Unicorn-8947.exe
1200	Unicorn-8947.exe
2748	Unicorn-32798.exe
2748	Unicorn-32798.exe
2080	Unicorn-16047.exe
2080	Unicorn-16047.exe
1428	Unicorn-61718.exe
2248	Unicorn-53550.exe
1428	Unicorn-61718.exe
2248	Unicorn-53550.exe
2524	Unicorn-48942.exe
2524	Unicorn-48942.exe
2604	Unicorn-7878.exe
2604	Unicorn-7878.exe
2444	Unicorn-55885.exe
2444	Unicorn-55885.exe
2996	WerFault.exe
2996	WerFault.exe
2996	WerFault.exe
2996	WerFault.exe
2996	WerFault.exe
3016	WerFault.exe
3016	WerFault.exe
3016	WerFault.exe
3016	WerFault.exe
3016	WerFault.exe
1252	WerFault.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2760	2656	WerFault.exe	27
588	2912	WerFault.exe	28
1964	2552	WerFault.exe	30
1916	2664	WerFault.exe	29
2996	2748	WerFault.exe	32
3016	2524	WerFault.exe	33
1252	2444	WerFault.exe	34
2496	1200	WerFault.exe	36
2688	2604	WerFault.exe	39
2324	2080	WerFault.exe	38
2644	2248	WerFault.exe	40
2692	1428	WerFault.exe	37
616	1620	WerFault.exe	43
1776	1760	WerFault.exe	44
1780	1724	WerFault.exe	45
948	2980	WerFault.exe	49
564	804	WerFault.exe	46
1748	2928	WerFault.exe	48
1968	1656	WerFault.exe	47
2828	2204	WerFault.exe	50
1812	1468	WerFault.exe	54
908	1628	WerFault.exe	56
2948	1144	WerFault.exe	58
1120	1700	WerFault.exe	61
1592	2832	WerFault.exe	65
1648	1384	WerFault.exe	78
1988	2296	WerFault.exe	60
580	1944	WerFault.exe	82
1580	2772	WerFault.exe	72
2152	1360	WerFault.exe	81
3036	1476	WerFault.exe	84
3076	2232	WerFault.exe	64
3104	844	WerFault.exe	55
3140	1492	WerFault.exe	77
3132	1740	WerFault.exe	89
3428	1128	WerFault.exe	86
3492	1092	WerFault.exe	87
3504	1416	WerFault.exe	79
3656	2096	WerFault.exe	118
3672	2700	WerFault.exe	105
3788	2612	WerFault.exe	106
3924	1956	WerFault.exe	108
3952	2988	WerFault.exe	63
3968	2176	WerFault.exe	62
3976	1044	WerFault.exe	92
3992	2752	WerFault.exe	66
4000	2976	WerFault.exe	91
4024	2276	WerFault.exe	83
4060	2340	WerFault.exe	76
4072	1852	WerFault.exe	80
3112	944	WerFault.exe	88
3176	2400	WerFault.exe	59
3156	1080	WerFault.exe	57
3188	2468	WerFault.exe	74
3296	2456	WerFault.exe	75
3396	2744	WerFault.exe	103
3512	2256	WerFault.exe	111
3532	2796	WerFault.exe	104
3540	2872	WerFault.exe	73
3576	2840	WerFault.exe	107
3744	2480	WerFault.exe	109
1652	2280	WerFault.exe	116
3888	2188	WerFault.exe	119
3192	2000	WerFault.exe	85

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2656	44762606f4468bf254d6c1e42ea6c950_NeikiAnalytics.exe
2912	Unicorn-45719.exe
2664	Unicorn-51277.exe
2552	Unicorn-14883.exe
2748	Unicorn-32798.exe
2524	Unicorn-48942.exe
2444	Unicorn-55885.exe
1200	Unicorn-8947.exe
2080	Unicorn-16047.exe
1428	Unicorn-61718.exe
2604	Unicorn-7878.exe
2248	Unicorn-53550.exe
1620	Unicorn-4199.exe
1760	Unicorn-50940.exe
804	Unicorn-39176.exe
1724	Unicorn-47536.exe
2980	Unicorn-55704.exe
2928	Unicorn-35838.exe
2204	Unicorn-19886.exe
1656	Unicorn-39176.exe
1468	Unicorn-23582.exe
844	Unicorn-48086.exe
1628	Unicorn-28220.exe
1080	Unicorn-61537.exe
1144	Unicorn-3208.exe
2400	Unicorn-44049.exe
1700	Unicorn-56856.exe
2296	Unicorn-48688.exe
2176	Unicorn-44625.exe
2988	Unicorn-8423.exe
2832	Unicorn-60961.exe
2232	Unicorn-3592.exe
2752	Unicorn-24567.exe
2456	Unicorn-11085.exe
2872	Unicorn-2917.exe
2772	Unicorn-63815.exe
2468	Unicorn-22783.exe
2340	Unicorn-39695.exe
1384	Unicorn-60094.exe
1492	Unicorn-6254.exe
1416	Unicorn-52090.exe
1852	Unicorn-3958.exe
1360	Unicorn-7912.exe
1476	Unicorn-23288.exe
1944	Unicorn-35946.exe
2276	Unicorn-51322.exe
2000	Unicorn-26626.exe
1128	Unicorn-31264.exe
1740	Unicorn-2697.exe
2976	Unicorn-15504.exe
1092	Unicorn-34794.exe
944	Unicorn-64705.exe
3040	Unicorn-51706.exe
1044	Unicorn-18842.exe
2744	Unicorn-11607.exe
2796	Unicorn-46392.exe
2700	Unicorn-46968.exe
2612	Unicorn-46776.exe
2840	Unicorn-17782.exe
1956	Unicorn-62536.exe
2480	Unicorn-42739.exe
2420	Unicorn-23449.exe
2256	Unicorn-34955.exe
952	Unicorn-17659.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2656 wrote to memory of 2912	2656	44762606f4468bf254d6c1e42ea6c950_NeikiAnalytics.exe	28
PID 2656 wrote to memory of 2912	2656	44762606f4468bf254d6c1e42ea6c950_NeikiAnalytics.exe	28
PID 2656 wrote to memory of 2912	2656	44762606f4468bf254d6c1e42ea6c950_NeikiAnalytics.exe	28
PID 2656 wrote to memory of 2912	2656	44762606f4468bf254d6c1e42ea6c950_NeikiAnalytics.exe	28
PID 2912 wrote to memory of 2664	2912	Unicorn-45719.exe	29
PID 2912 wrote to memory of 2664	2912	Unicorn-45719.exe	29
PID 2912 wrote to memory of 2664	2912	Unicorn-45719.exe	29
PID 2912 wrote to memory of 2664	2912	Unicorn-45719.exe	29
PID 2656 wrote to memory of 2552	2656	44762606f4468bf254d6c1e42ea6c950_NeikiAnalytics.exe	30
PID 2656 wrote to memory of 2552	2656	44762606f4468bf254d6c1e42ea6c950_NeikiAnalytics.exe	30
PID 2656 wrote to memory of 2552	2656	44762606f4468bf254d6c1e42ea6c950_NeikiAnalytics.exe	30
PID 2656 wrote to memory of 2552	2656	44762606f4468bf254d6c1e42ea6c950_NeikiAnalytics.exe	30
PID 2656 wrote to memory of 2760	2656	44762606f4468bf254d6c1e42ea6c950_NeikiAnalytics.exe	31
PID 2656 wrote to memory of 2760	2656	44762606f4468bf254d6c1e42ea6c950_NeikiAnalytics.exe	31
PID 2656 wrote to memory of 2760	2656	44762606f4468bf254d6c1e42ea6c950_NeikiAnalytics.exe	31
PID 2656 wrote to memory of 2760	2656	44762606f4468bf254d6c1e42ea6c950_NeikiAnalytics.exe	31
PID 2552 wrote to memory of 2748	2552	Unicorn-14883.exe	32
PID 2552 wrote to memory of 2748	2552	Unicorn-14883.exe	32
PID 2552 wrote to memory of 2748	2552	Unicorn-14883.exe	32
PID 2552 wrote to memory of 2748	2552	Unicorn-14883.exe	32
PID 2664 wrote to memory of 2524	2664	Unicorn-51277.exe	33
PID 2664 wrote to memory of 2524	2664	Unicorn-51277.exe	33
PID 2664 wrote to memory of 2524	2664	Unicorn-51277.exe	33
PID 2664 wrote to memory of 2524	2664	Unicorn-51277.exe	33
PID 2912 wrote to memory of 2444	2912	Unicorn-45719.exe	34
PID 2912 wrote to memory of 2444	2912	Unicorn-45719.exe	34
PID 2912 wrote to memory of 2444	2912	Unicorn-45719.exe	34
PID 2912 wrote to memory of 2444	2912	Unicorn-45719.exe	34
PID 2912 wrote to memory of 588	2912	Unicorn-45719.exe	35
PID 2912 wrote to memory of 588	2912	Unicorn-45719.exe	35
PID 2912 wrote to memory of 588	2912	Unicorn-45719.exe	35
PID 2912 wrote to memory of 588	2912	Unicorn-45719.exe	35
PID 2748 wrote to memory of 1200	2748	Unicorn-32798.exe	36
PID 2748 wrote to memory of 1200	2748	Unicorn-32798.exe	36
PID 2748 wrote to memory of 1200	2748	Unicorn-32798.exe	36
PID 2748 wrote to memory of 1200	2748	Unicorn-32798.exe	36
PID 2552 wrote to memory of 1428	2552	Unicorn-14883.exe	37
PID 2552 wrote to memory of 1428	2552	Unicorn-14883.exe	37
PID 2552 wrote to memory of 1428	2552	Unicorn-14883.exe	37
PID 2552 wrote to memory of 1428	2552	Unicorn-14883.exe	37
PID 2524 wrote to memory of 2080	2524	Unicorn-48942.exe	38
PID 2524 wrote to memory of 2080	2524	Unicorn-48942.exe	38
PID 2524 wrote to memory of 2080	2524	Unicorn-48942.exe	38
PID 2524 wrote to memory of 2080	2524	Unicorn-48942.exe	38
PID 2444 wrote to memory of 2604	2444	Unicorn-55885.exe	39
PID 2444 wrote to memory of 2604	2444	Unicorn-55885.exe	39
PID 2444 wrote to memory of 2604	2444	Unicorn-55885.exe	39
PID 2444 wrote to memory of 2604	2444	Unicorn-55885.exe	39
PID 2664 wrote to memory of 2248	2664	Unicorn-51277.exe	40
PID 2664 wrote to memory of 2248	2664	Unicorn-51277.exe	40
PID 2664 wrote to memory of 2248	2664	Unicorn-51277.exe	40
PID 2664 wrote to memory of 2248	2664	Unicorn-51277.exe	40
PID 2552 wrote to memory of 1964	2552	Unicorn-14883.exe	41
PID 2552 wrote to memory of 1964	2552	Unicorn-14883.exe	41
PID 2552 wrote to memory of 1964	2552	Unicorn-14883.exe	41
PID 2552 wrote to memory of 1964	2552	Unicorn-14883.exe	41
PID 2664 wrote to memory of 1916	2664	Unicorn-51277.exe	42
PID 2664 wrote to memory of 1916	2664	Unicorn-51277.exe	42
PID 2664 wrote to memory of 1916	2664	Unicorn-51277.exe	42
PID 2664 wrote to memory of 1916	2664	Unicorn-51277.exe	42
PID 1200 wrote to memory of 1620	1200	Unicorn-8947.exe	43
PID 1200 wrote to memory of 1620	1200	Unicorn-8947.exe	43
PID 1200 wrote to memory of 1620	1200	Unicorn-8947.exe	43
PID 1200 wrote to memory of 1620	1200	Unicorn-8947.exe	43

C:\Users\Admin\AppData\Local\Temp\44762606f4468bf254d6c1e42ea6c950_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\44762606f4468bf254d6c1e42ea6c950_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2656
- C:\Users\Admin\AppData\Local\Temp\Unicorn-45719.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-45719.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2912
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51277.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51277.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48942.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48942.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16047.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47536.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3208.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6254.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46776.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10808.exe
        10⤵
        
        PID:2344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63092.exe
        11⤵
        
        PID:3464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42198.exe
        12⤵
        
        PID:5420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23891.exe
        13⤵
        
        PID:6776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22255.exe
        14⤵
        
        PID:9088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6776 -s 216
        14⤵
        
        PID:9668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5420 -s 216
        13⤵
        
        PID:7352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3464 -s 216
        12⤵
        
        PID:6152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2344 -s 216
        11⤵
        
        PID:4900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2612 -s 236
        10⤵
        Program crash
        
        PID:3788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15255.exe
        9⤵
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7757.exe
        10⤵
        
        PID:3728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56235.exe
        11⤵
        
        PID:4896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2733.exe
        12⤵
        
        PID:6624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6624 -s 200
        13⤵
        
        PID:8672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4896 -s 236
        12⤵
        
        PID:8096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3728 -s 216
        11⤵
        
        PID:5744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1600 -s 236
        10⤵
        
        PID:4564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1492 -s 240
        9⤵
        Program crash
        
        PID:3140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17782.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29065.exe
        9⤵
        
        PID:1236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2013.exe
        10⤵
        
        PID:4476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57294.exe
        11⤵
        
        PID:5888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51657.exe
        12⤵
        
        PID:7444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9087.exe
        13⤵
        
        PID:10080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7444 -s 236
        13⤵
        
        PID:9628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5888 -s 216
        12⤵
        
        PID:8768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4476 -s 236
        11⤵
        
        PID:6916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1236 -s 216
        10⤵
        
        PID:5288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2840 -s 236
        9⤵
        Program crash
        
        PID:3576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1144 -s 240
        8⤵
        Program crash
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60094.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46392.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26569.exe
        9⤵
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30555.exe
        10⤵
        
        PID:4324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62945.exe
        11⤵
        
        PID:5844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6218.exe
        12⤵
        
        PID:7532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59554.exe
        13⤵
        
        PID:9816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7532 -s 236
        13⤵
        
        PID:9560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5844 -s 216
        12⤵
        
        PID:8596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4324 -s 216
        11⤵
        
        PID:7060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2464 -s 216
        10⤵
        
        PID:5212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2796 -s 236
        9⤵
        Program crash
        
        PID:3532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1384 -s 236
        8⤵
        Program crash
        
        PID:1648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1724 -s 240
        7⤵
        Program crash
        
        PID:1780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48688.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52090.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17467.exe
        8⤵
        Executes dropped EXE
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1893.exe
        9⤵
        
        PID:3876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2239.exe
        10⤵
        
        PID:4536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40367.exe
        11⤵
        
        PID:6920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20044.exe
        12⤵
        
        PID:9196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6920 -s 236
        12⤵
        
        PID:9192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4536 -s 216
        11⤵
        
        PID:7188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3876 -s 236
        10⤵
        
        PID:5900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1936 -s 216
        9⤵
        
        PID:4740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1416 -s 236
        8⤵
        Program crash
        
        PID:3504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62453.exe
        7⤵
        
        PID:1104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8084.exe
        8⤵
        
        PID:3196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35231.exe
        9⤵
        
        PID:4876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37938.exe
        10⤵
        
        PID:6600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12399.exe
        11⤵
        
        PID:8572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6600 -s 216
        11⤵
        
        PID:8756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4876 -s 236
        10⤵
        
        PID:6976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3196 -s 216
        9⤵
        
        PID:5928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1104 -s 236
        8⤵
        
        PID:3616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2296 -s 220
        7⤵
        Program crash
        
        PID:1988
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2080 -s 240
        6⤵
        Program crash
        
        PID:2324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35838.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3592.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51322.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11109.exe
        8⤵
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13834.exe
        9⤵
        
        PID:4240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9359.exe
        10⤵
        
        PID:5868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6986.exe
        11⤵
        
        PID:7428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9258.exe
        12⤵
        
        PID:9920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7428 -s 236
        12⤵
        
        PID:9608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5868 -s 216
        11⤵
        
        PID:8532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4240 -s 216
        10⤵
        
        PID:7052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2580 -s 216
        9⤵
        
        PID:5192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2276 -s 236
        8⤵
        Program crash
        
        PID:4024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23724.exe
        7⤵
        
        PID:2440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32480.exe
        8⤵
        
        PID:3568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20405.exe
        9⤵
        
        PID:4320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21270.exe
        10⤵
        
        PID:7132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56167.exe
        11⤵
        
        PID:9020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7132 -s 236
        11⤵
        
        PID:8724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4320 -s 236
        10⤵
        
        PID:8048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3568 -s 236
        9⤵
        
        PID:5652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2440 -s 236
        8⤵
        
        PID:4356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2232 -s 240
        7⤵
        Program crash
        
        PID:3076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23288.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17659.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60284.exe
        8⤵
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47280.exe
        9⤵
        
        PID:3316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45485.exe
        10⤵
        
        PID:4680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42017.exe
        11⤵
        
        PID:6892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42825.exe
        12⤵
        
        PID:8712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6892 -s 236
        12⤵
        
        PID:8340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4680 -s 216
        11⤵
        
        PID:7776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3316 -s 216
        10⤵
        
        PID:5444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3052 -s 216
        9⤵
        
        PID:4164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5214.exe
        8⤵
        
        PID:3448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18869.exe
        9⤵
        
        PID:4420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43169.exe
        10⤵
        
        PID:7028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57646.exe
        11⤵
        
        PID:8844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7028 -s 216
        11⤵
        
        PID:8240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4420 -s 216
        10⤵
        
        PID:7936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3448 -s 216
        9⤵
        
        PID:5412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 952 -s 240
        8⤵
        
        PID:4272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38410.exe
        7⤵
        
        PID:1892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64000.exe
        8⤵
        
        PID:3368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2532.exe
        9⤵
        
        PID:4496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42017.exe
        10⤵
        
        PID:6884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57646.exe
        11⤵
        
        PID:8828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6884 -s 216
        11⤵
        
        PID:8252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4496 -s 216
        10⤵
        
        PID:7768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3368 -s 216
        9⤵
        
        PID:4236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1892 -s 216
        8⤵
        
        PID:4196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1476 -s 240
        7⤵
        Program crash
        
        PID:3036
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2928 -s 240
        6⤵
        Program crash
        
        PID:1748
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2524 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:3016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53550.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53550.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39176.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60961.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26626.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42355.exe
        8⤵
        
        PID:2280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42791.exe
        9⤵
        
        PID:1136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44089.exe
        10⤵
        
        PID:4688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52193.exe
        11⤵
        
        PID:5144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28824.exe
        12⤵
        
        PID:7724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49523.exe
        13⤵
        
        PID:9984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7724 -s 216
        13⤵
        
        PID:5940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5144 -s 236
        12⤵
        
        PID:8632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4688 -s 216
        11⤵
        
        PID:6160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1136 -s 216
        10⤵
        
        PID:5496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2280 -s 236
        9⤵
        Program crash
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5821.exe
        8⤵
        
        PID:960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61110.exe
        9⤵
        
        PID:4608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36791.exe
        10⤵
        
        PID:5968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64734.exe
        11⤵
        
        PID:8224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9118.exe
        12⤵
        
        PID:9268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8224 -s 216
        12⤵
        
        PID:9844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5968 -s 236
        11⤵
        
        PID:9048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4608 -s 236
        10⤵
        
        PID:7012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 960 -s 216
        9⤵
        
        PID:5372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2000 -s 240
        8⤵
        Program crash
        
        PID:3192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-97.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-97.exe
        7⤵
        
        PID:3060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34898.exe
        8⤵
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4016.exe
        9⤵
        
        PID:4824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49406.exe
        10⤵
        
        PID:5464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7938.exe
        11⤵
        
        PID:6648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65342.exe
        12⤵
        
        PID:8792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6648 -s 216
        12⤵
        
        PID:9524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5464 -s 216
        11⤵
        
        PID:7612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4824 -s 236
        10⤵
        
        PID:6172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2100 -s 236
        9⤵
        
        PID:5240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3060 -s 216
        8⤵
        
        PID:3960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2832 -s 240
        7⤵
        Program crash
        
        PID:1592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31264.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19963.exe
        7⤵
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1099.exe
        8⤵
        
        PID:108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7565.exe
        9⤵
        
        PID:3760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2623.exe
        10⤵
        
        PID:4520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42671.exe
        11⤵
        
        PID:7036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24429.exe
        12⤵
        
        PID:8368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7036 -s 236
        12⤵
        
        PID:8960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4520 -s 216
        11⤵
        
        PID:7236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3760 -s 236
        10⤵
        
        PID:5980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 108 -s 236
        9⤵
        
        PID:4588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 236
        8⤵
        Program crash
        
        PID:3656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44742.exe
        7⤵
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1317.exe
        8⤵
        
        PID:3820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1855.exe
        9⤵
        
        PID:5156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33133.exe
        10⤵
        
        PID:6928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28020.exe
        11⤵
        
        PID:9104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6928 -s 216
        11⤵
        
        PID:5036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5156 -s 236
        10⤵
        
        PID:7376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3820 -s 216
        9⤵
        
        PID:6048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2128 -s 216
        8⤵
        
        PID:4644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1128 -s 240
        7⤵
        Program crash
        
        PID:3428
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1656 -s 240
        6⤵
        Program crash
        
        PID:1968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24567.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2697.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35038.exe
        7⤵
        
        PID:648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23518.exe
        8⤵
        
        PID:3692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48643.exe
        9⤵
        
        PID:4252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64679.exe
        10⤵
        
        PID:6820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19660.exe
        11⤵
        
        PID:9156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6820 -s 216
        11⤵
        
        PID:8788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4252 -s 216
        10⤵
        
        PID:8160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3692 -s 236
        9⤵
        
        PID:5800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 648 -s 236
        8⤵
        
        PID:4548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1740 -s 236
        7⤵
        Program crash
        
        PID:3132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56781.exe
        6⤵
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11172.exe
        7⤵
        
        PID:3500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24165.exe
        8⤵
        
        PID:5960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15889.exe
        9⤵
        
        PID:7644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22756.exe
        10⤵
        
        PID:8588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7644 -s 216
        10⤵
        
        PID:9728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5960 -s 216
        9⤵
        
        PID:7424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3500 -s 236
        8⤵
        
        PID:6564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2880 -s 216
        7⤵
        
        PID:4832
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2752 -s 240
        6⤵
        Program crash
        
        PID:3992
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2248 -s 220
        5⤵
        Program crash
        
        PID:2644
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2664 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1916
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55885.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55885.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7878.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7878.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55704.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44049.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3958.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26102.exe
        8⤵
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38557.exe
        9⤵
        
        PID:3600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33812.exe
        10⤵
        
        PID:5792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35048.exe
        11⤵
        
        PID:7400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12340.exe
        12⤵
        
        PID:8936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7400 -s 216
        12⤵
        
        PID:9888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5792 -s 216
        11⤵
        
        PID:932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3600 -s 216
        10⤵
        
        PID:6448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2140 -s 216
        9⤵
        
        PID:4416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1852 -s 236
        8⤵
        Program crash
        
        PID:4072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64181.exe
        7⤵
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4540.exe
        8⤵
        
        PID:3440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58316.exe
        9⤵
        
        PID:5832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18520.exe
        10⤵
        
        PID:7472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36845.exe
        11⤵
        
        PID:4932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7472 -s 216
        11⤵
        
        PID:9900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5832 -s 216
        10⤵
        
        PID:2336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3440 -s 216
        9⤵
        
        PID:6456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2732 -s 216
        8⤵
        
        PID:4632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2400 -s 240
        7⤵
        Program crash
        
        PID:3176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7912.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62536.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4368.exe
        8⤵
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47140.exe
        9⤵
        
        PID:3612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24191.exe
        10⤵
        
        PID:5596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40035.exe
        11⤵
        
        PID:7224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39092.exe
        12⤵
        
        PID:3896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7224 -s 216
        12⤵
        
        PID:9736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5596 -s 216
        11⤵
        
        PID:7828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3612 -s 216
        10⤵
        
        PID:6280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2916 -s 236
        9⤵
        
        PID:4936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1956 -s 236
        8⤵
        Program crash
        
        PID:3924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33703.exe
        7⤵
        
        PID:2952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14799.exe
        8⤵
        
        PID:3404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10700.exe
        9⤵
        
        PID:4516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29464.exe
        10⤵
        
        PID:6780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16614.exe
        11⤵
        
        PID:8780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6780 -s 236
        11⤵
        
        PID:8800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4516 -s 216
        10⤵
        
        PID:7704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3404 -s 216
        9⤵
        
        PID:5428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2952 -s 236
        8⤵
        
        PID:4216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1360 -s 240
        7⤵
        Program crash
        
        PID:2152
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2980 -s 240
        6⤵
        Program crash
        
        PID:948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56856.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35946.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42739.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35588.exe
        8⤵
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45957.exe
        9⤵
        
        PID:3400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49053.exe
        10⤵
        
        PID:6012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52536.exe
        11⤵
        
        PID:7596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29829.exe
        12⤵
        
        PID:8680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7596 -s 220
        12⤵
        
        PID:9856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6012 -s 236
        11⤵
        
        PID:7692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3400 -s 216
        10⤵
        
        PID:6588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1684 -s 236
        9⤵
        
        PID:4760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2480 -s 236
        8⤵
        Program crash
        
        PID:3744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56371.exe
        7⤵
        
        PID:1264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55448.exe
        8⤵
        
        PID:3324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2532.exe
        9⤵
        
        PID:4484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51337.exe
        10⤵
        
        PID:6984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48767.exe
        11⤵
        
        PID:8940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6984 -s 236
        11⤵
        
        PID:8388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4484 -s 216
        10⤵
        
        PID:7884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3324 -s 216
        9⤵
        
        PID:5184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1264 -s 236
        8⤵
        
        PID:4180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1944 -s 240
        7⤵
        Program crash
        
        PID:580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23449.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51732.exe
        7⤵
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16253.exe
        8⤵
        
        PID:3168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51349.exe
        9⤵
        
        PID:4384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27601.exe
        10⤵
        
        PID:6908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57646.exe
        11⤵
        
        PID:8836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6908 -s 216
        11⤵
        
        PID:8220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4384 -s 216
        10⤵
        
        PID:7788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3168 -s 216
        9⤵
        
        PID:5148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2844 -s 236
        8⤵
        
        PID:3716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61732.exe
        7⤵
        
        PID:3248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2532.exe
        8⤵
        
        PID:4504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10496.exe
        9⤵
        
        PID:6968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59566.exe
        10⤵
        
        PID:8876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6968 -s 216
        10⤵
        
        PID:8348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4504 -s 216
        9⤵
        
        PID:7900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3248 -s 216
        8⤵
        
        PID:5204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2420 -s 240
        7⤵
        
        PID:4120
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1700 -s 240
        6⤵
        Program crash
        
        PID:1120
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2604 -s 240
        5⤵
        Program crash
        
        PID:2688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19886.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19886.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61537.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34794.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42438.exe
        7⤵
        
        PID:2716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1893.exe
        8⤵
        
        PID:3848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10983.exe
        9⤵
        
        PID:4888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61228.exe
        10⤵
        
        PID:6360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43972.exe
        11⤵
        
        PID:8324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6360 -s 216
        11⤵
        
        PID:8736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4888 -s 216
        10⤵
        
        PID:7296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3848 -s 216
        9⤵
        
        PID:5924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2716 -s 216
        8⤵
        
        PID:4728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1092 -s 236
        7⤵
        Program crash
        
        PID:3492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56013.exe
        6⤵
        
        PID:1920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55775.exe
        7⤵
        
        PID:3936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47543.exe
        8⤵
        
        PID:5664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42256.exe
        9⤵
        
        PID:7508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48028.exe
        10⤵
        
        PID:8608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7508 -s 216
        10⤵
        
        PID:9744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5664 -s 216
        9⤵
        
        PID:7216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3936 -s 216
        8⤵
        
        PID:6336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1920 -s 216
        7⤵
        
        PID:5072
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1080 -s 240
        6⤵
        Program crash
        
        PID:3156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64705.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61462.exe
        6⤵
        
        PID:1804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23103.exe
        7⤵
        
        PID:3908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19504.exe
        8⤵
        
        PID:6132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42788.exe
        9⤵
        
        PID:8120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41879.exe
        10⤵
        
        PID:9600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8120 -s 236
        10⤵
        
        PID:9372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6132 -s 236
        9⤵
        
        PID:8416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3908 -s 216
        8⤵
        
        PID:6696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1804 -s 236
        7⤵
        
        PID:5064
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 944 -s 236
        6⤵
        Program crash
        
        PID:3112
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2204 -s 240
        5⤵
        Program crash
        
        PID:2828
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2444 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1252
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2912 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:588
- C:\Users\Admin\AppData\Local\Temp\Unicorn-14883.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-14883.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2552
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32798.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32798.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8947.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8947.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4199.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23582.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22783.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26678.exe
        8⤵
        
        PID:1132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-326.exe
        9⤵
        
        PID:3208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7771.exe
        10⤵
        
        PID:5624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18712.exe
        11⤵
        
        PID:7416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38809.exe
        12⤵
        
        PID:8708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7416 -s 216
        12⤵
        
        PID:9496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5624 -s 216
        11⤵
        
        PID:968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3208 -s 216
        10⤵
        
        PID:6292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1132 -s 216
        9⤵
        
        PID:5112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2468 -s 236
        8⤵
        Program crash
        
        PID:3188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1468 -s 236
        7⤵
        Program crash
        
        PID:1812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11085.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11607.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51265.exe
        8⤵
        
        PID:3064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21178.exe
        9⤵
        
        PID:3832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28140.exe
        10⤵
        
        PID:5848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9583.exe
        11⤵
        
        PID:7556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6777.exe
        12⤵
        
        PID:9152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7556 -s 236
        12⤵
        
        PID:9968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5848 -s 216
        11⤵
        
        PID:7412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3832 -s 216
        10⤵
        
        PID:6508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3064 -s 236
        9⤵
        
        PID:4656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2744 -s 236
        8⤵
        Program crash
        
        PID:3396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48312.exe
        7⤵
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55775.exe
        8⤵
        
        PID:4008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47543.exe
        9⤵
        
        PID:5672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5076.exe
        10⤵
        
        PID:7840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30976.exe
        11⤵
        
        PID:9352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7840 -s 216
        11⤵
        
        PID:10184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5672 -s 216
        10⤵
        
        PID:8264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4008 -s 216
        9⤵
        
        PID:6324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2488 -s 236
        8⤵
        
        PID:5080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2456 -s 220
        7⤵
        Program crash
        
        PID:3296
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1620 -s 240
        6⤵
        Program crash
        
        PID:616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28220.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39695.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34462.exe
        7⤵
        
        PID:372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41743.exe
        8⤵
        
        PID:3460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47543.exe
        9⤵
        
        PID:5656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64731.exe
        10⤵
        
        PID:6688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57558.exe
        11⤵
        
        PID:8856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6688 -s 216
        11⤵
        
        PID:9532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5656 -s 216
        10⤵
        
        PID:7588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3460 -s 216
        9⤵
        
        PID:6352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 372 -s 236
        8⤵
        
        PID:4188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2340 -s 236
        7⤵
        Program crash
        
        PID:4060
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1628 -s 236
        6⤵
        Program crash
        
        PID:908
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1200 -s 240
        5⤵
        Program crash
        
        PID:2496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50940.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50940.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48086.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63815.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34955.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27804.exe
        8⤵
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39714.exe
        9⤵
        
        PID:3708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43132.exe
        10⤵
        
        PID:5764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23699.exe
        11⤵
        
        PID:7284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31902.exe
        12⤵
        
        PID:8928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7284 -s 216
        12⤵
        
        PID:9572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5764 -s 216
        11⤵
        
        PID:7944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3708 -s 216
        10⤵
        
        PID:6432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2004 -s 236
        9⤵
        
        PID:4440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2256 -s 236
        8⤵
        Program crash
        
        PID:3512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32250.exe
        7⤵
        
        PID:1052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41141.exe
        8⤵
        
        PID:3284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11468.exe
        9⤵
        
        PID:4288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53968.exe
        10⤵
        
        PID:6788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2176.exe
        11⤵
        
        PID:8684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6788 -s 236
        11⤵
        
        PID:8528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4288 -s 216
        10⤵
        
        PID:7712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3284 -s 236
        9⤵
        
        PID:5132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1052 -s 236
        8⤵
        
        PID:4156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2772 -s 240
        7⤵
        Program crash
        
        PID:1580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12868.exe
        6⤵
        
        PID:896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58219.exe
        7⤵
        
        PID:3620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52200.exe
        8⤵
        
        PID:4908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51337.exe
        9⤵
        
        PID:6996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2965.exe
        10⤵
        
        PID:8904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6996 -s 216
        10⤵
        
        PID:8276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4908 -s 216
        9⤵
        
        PID:7916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3620 -s 216
        8⤵
        
        PID:5616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 896 -s 216
        7⤵
        
        PID:4444
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 844 -s 240
        6⤵
        Program crash
        
        PID:3104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2917.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46968.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53761.exe
        7⤵
        
        PID:1960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24281.exe
        8⤵
        
        PID:3412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25862.exe
        9⤵
        
        PID:5392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65115.exe
        10⤵
        
        PID:7180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11380.exe
        11⤵
        
        PID:8824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5392 -s 216
        10⤵
        
        PID:7664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3412 -s 216
        9⤵
        
        PID:5740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1960 -s 216
        8⤵
        
        PID:4864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2700 -s 236
        7⤵
        Program crash
        
        PID:3672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33895.exe
        6⤵
        
        PID:2020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46917.exe
        7⤵
        
        PID:4048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58316.exe
        8⤵
        
        PID:5824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15146.exe
        9⤵
        
        PID:7320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21661.exe
        10⤵
        
        PID:3900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7320 -s 220
        10⤵
        
        PID:9848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5824 -s 216
        9⤵
        
        PID:7924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4048 -s 216
        8⤵
        
        PID:6472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2020 -s 216
        7⤵
        
        PID:4408
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2872 -s 240
        6⤵
        Program crash
        
        PID:3540
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1760 -s 240
        5⤵
        Program crash
        
        PID:1776
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2748 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:2996
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61718.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61718.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39176.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39176.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44625.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51706.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27062.exe
        7⤵
        
        PID:2188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49807.exe
        8⤵
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45459.exe
        9⤵
        
        PID:4396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60361.exe
        10⤵
        
        PID:6116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46312.exe
        11⤵
        
        PID:7684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50120.exe
        12⤵
        
        PID:10052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7684 -s 216
        12⤵
        
        PID:9700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6116 -s 216
        11⤵
        
        PID:8624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4396 -s 216
        10⤵
        
        PID:7164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2320 -s 216
        9⤵
        
        PID:5232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2188 -s 236
        8⤵
        Program crash
        
        PID:3888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38493.exe
        7⤵
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60425.exe
        8⤵
        
        PID:4660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32982.exe
        9⤵
        
        PID:5400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61553.exe
        10⤵
        
        PID:7540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49025.exe
        11⤵
        
        PID:10160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7540 -s 216
        11⤵
        
        PID:6080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5400 -s 216
        10⤵
        
        PID:8964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4660 -s 236
        9⤵
        
        PID:6980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2348 -s 216
        8⤵
        
        PID:5452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3040 -s 240
        7⤵
        
        PID:3280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65442.exe
        6⤵
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53658.exe
        7⤵
        
        PID:3644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39562.exe
        8⤵
        
        PID:6096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8771.exe
        9⤵
        
        PID:8184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34427.exe
        10⤵
        
        PID:9220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8184 -s 216
        10⤵
        
        PID:10032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6096 -s 216
        9⤵
        
        PID:8424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3644 -s 216
        8⤵
        
        PID:6676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1540 -s 216
        7⤵
        
        PID:4840
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2176 -s 240
        6⤵
        Program crash
        
        PID:3968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15504.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43206.exe
        6⤵
        
        PID:2504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47685.exe
        7⤵
        
        PID:4468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47206.exe
        8⤵
        
        PID:5784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32938.exe
        9⤵
        
        PID:8328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12066.exe
        10⤵
        
        PID:5476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5784 -s 236
        9⤵
        
        PID:8580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4468 -s 236
        8⤵
        
        PID:6804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2504 -s 216
        7⤵
        
        PID:5280
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2976 -s 236
        6⤵
        Program crash
        
        PID:4000
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 804 -s 240
        5⤵
        Program crash
        
        PID:564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8423.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8423.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18842.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34462.exe
        6⤵
        
        PID:884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56543.exe
        7⤵
        
        PID:3784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8046.exe
        8⤵
        
        PID:5568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50507.exe
        9⤵
        
        PID:7368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57558.exe
        10⤵
        
        PID:8872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7368 -s 216
        10⤵
        
        PID:9540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5568 -s 216
        9⤵
        
        PID:8128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3784 -s 216
        8⤵
        
        PID:6272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 884 -s 236
        7⤵
        
        PID:4988
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1044 -s 216
        6⤵
        Program crash
        
        PID:3976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14596.exe
        5⤵
        
        PID:2676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8219.exe
        6⤵
        
        PID:3664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7662.exe
        7⤵
        
        PID:5540
        
        C:\Users\Admin\AppData\Local\Temp\UnicornÑ23315.exe
        
        C:\Users\Admin\AppData\Local\Temp\UnicornÑ23315.exe
        8⤵
        
        PID:7208
        
        C:\Users\Admin\AppData\Local\Temp\UnicornÑ22255.exe
        
        C:\Users\Admin\AppData\Local\Temp\UnicornÑ22255.exe
        9⤵
        
        PID:9100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7208 -s 216
        9⤵
        
        PID:9680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5540 -s 216
        8⤵
        
        PID:7808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3664 -s 216
        7⤵
        
        PID:6208
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2676 -s 236
        6⤵
        
        PID:4948
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2988 -s 240
        5⤵
        Program crash
        
        PID:3952
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1428 -s 240
      4⤵
      Program crash
      PID:2692
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2552 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:1964
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2656 -s 240
  2⤵
  - Program crash
  PID:2760

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-24429.exe

Filesize
184KB

MD5
865446678d4c662790faefe3bb76d4f3

SHA1
b2e3a505831bc42c0cd422753db5deefe618a4f6

SHA256
d23fec49430c70b18f9729cb0c48363b03061a4b666d11515ea6c24f785aa9f2

SHA512
29301023970f2e91142bb16a0ab8e32c29252b60a3ee22c3ff38ca7da0208c3f22c00768be87aaaf52fb67eabd2231e06d5fef4bc7e15f162ace9f83ed0df0c5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47140.exe

Filesize
184KB

MD5
6b63b479aac557508e41173ebee60bc5

SHA1
84ed003688af02564d232efa93632c63c2713332

SHA256
8ccf0521ad8a2e60281d964cb62aaae04527c1f6e547842598c3d8ac541ae03a

SHA512
f92a2edaf905ebb2888faf928d569515d538b2c30e897473a4dea91add4ee0949afedced6618704c77cf7f2a98585f42684e9cc5d0b6efc5432b288a7c171ce8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50940.exe

Filesize
184KB

MD5
e04c43a6a57fbc58f5c4416bf00d0079

SHA1
82960ff7efeaa925cb5f63f48d22f9c0949f422d

SHA256
8f823c3a71d88321fc32e2589c80dfebf25d6a864db6cf201d628aafa5a83abe

SHA512
89f0595c538cf6e196cf94e4e3e9fafffd3c43aee523aee6322ba2b25132c5b2d06a919a53fa9c80731a2527c643161e4a5a5241bb973eebe86cbd2fcb523af9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6254.exe

Filesize
184KB

MD5
a9e6cfe074888ff1835d95f66a5e9b1a

SHA1
c7e0f268525d3040b9fac28e055100b1ba01ec8b

SHA256
dd8f453ca2e0a5ce649be3ab2b48b41fa42c08789b9c6b06e6ebc53535798ea9

SHA512
50c9acf13ab186ed7a9e87c845ff39bc2730559c19507f34c64a928b6e480f35d63fbc9ea9dbe61febe833bec790cf83112781b5283ccc58ad82d9f588708b0a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64000.exe

Filesize
184KB

MD5
e1fce4a05a439feca5b38c3334a551e7

SHA1
ca27a4a6cb7d9849b30f430f9b9c117c8a774888

SHA256
51b526058911cd378b1ef9af057936bf586ad8a347d710b3067bc8e522c2b7fa

SHA512
eaa55f95be227fe17731d5a673c97bfa56f32fd953b5d79b3925db7ef58e319728fbe7febdfec0311b67fc1b7e1df06f726c4fe8caaa0d89c05855e50ed1a54d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64181.exe

Filesize
184KB

MD5
025a6eac20f21ef764339388b2f36502

SHA1
93f63aed9ec864097ee15b492a0289fc7105fdd9

SHA256
feb9d2e36767ea44bac518d7bb7f3093c22a42d1f8f9c754bcb3008c3884437f

SHA512
193fc0a500a1d5067f213e2d3b3117459101e321554aa08382e8b0809e7609edf620429e63198cb9157ada16d77f3f6937f587a82dfca8ed15acc6bf20e4339b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-14883.exe

Filesize
184KB

MD5
cdb1e66ff8df5f6aef018f4f5f42eabf

SHA1
b6dabcfe7a69ff9bcb8487a3c61649f47d554603

SHA256
a2587e4a340b6c62a9055cbbaae39587357a3be2e119ce253f628ba9b924a364

SHA512
30ff4d4819b2c9bcdbf4f0cd3a4abd464212d30af88bdf45a37defa5c36dedb56e195594adc5a8e59abbe4d54a8fe6f60c38121d9d0e0a3f61f0c3fa8e2a441f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-16047.exe

Filesize
184KB

MD5
35d37c93f4b72e9d489beca5904f8835

SHA1
ea5713d073e471f11f482c04cf3cbdfae16a295f

SHA256
f2d59ec672c45dd515e106fda7854622e021798c9c8140c67f4fe3f50c01ccd9

SHA512
a3e573b46c75571d424be419df0f4f48f174d2918f48bcce80498814f311ee79b67695bcf3ca7b3a6e18543a5e80a598a7276f719ff85a03c90f0b83994b9862

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-32798.exe

Filesize
184KB

MD5
28a68d17023125fa873108520b5a0466

SHA1
95f8c72559a8d2cb9715118c828a88136a52c2ef

SHA256
3d086380abde90d9851fa58357b07e3f75c0181045bd8523d79d186a4e9abbd5

SHA512
199893dd21206cba2ceca15bbcd78982f90e58eed7fe5e3b111d115e7deb49343758ded5beca9e6e1e4c70eb0b886b418e48da782d9dd82edb10253d5c1fdadf

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-4199.exe

Filesize
184KB

MD5
67011f26b1f672614605aa1b41a0d3a5

SHA1
b6f93e3f15af1ed2e5bda925122968a71bfa8cff

SHA256
c246bc7823e89303b6fe147f0a2585054be50252bb162f047b7e409bf2dc4d6d

SHA512
b2de4630eef2ee9f3c495e5529ce99f6859e5c09608702f92489262f2ae0bb39590e09c7d65a576d258953b86cb05c57a3419a04264598e357d42d4eb8e9e3f3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-45719.exe

Filesize
184KB

MD5
ee034370fac4ec56f11a1990a41b625d

SHA1
750d717872ec83434e9e39c634afd09e224206e4

SHA256
d7db613818fbdbfd63c70c7f1c6ebf0f932cbeb09781936e520431550349ae0e

SHA512
320c3be3c42a73a600e1db1ee0797e4b83eaa9a0fa81f4de7460c0ee817c930c94f93caeaf6f0cf0846297dcc81bdbec244412670f6809c6082907d34dc4de90

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48942.exe

Filesize
184KB

MD5
34eff2a3805fba9dba05ea7a7ba39bc2

SHA1
d8864e3014a06a40b5441ac6e1b5d7f9c1db45d8

SHA256
864cce7663e09c72d2936973bcf74d2377f4d1d8d4f516976972531009bb3298

SHA512
b86edbe81f98a1b28cf4bdfd2d7833035326c4254786462ee6314d4156efc2ef3d6be49f48bfacb339a312cfb6bcdc5da785685de8e94aa343f57d14c5f39221

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-51277.exe

Filesize
184KB

MD5
60c3cc42edf2285a8296dcbe0e4bf685

SHA1
2a520a8820c3eaa5e93fae402e44d1a356bf9757

SHA256
0fa470083d5b5d3fcd1e2eee3812caa10ad3bda4dd10c9d3c07161dd3d96b442

SHA512
bae4725d9dbab0dd32241205a30f3d3cff1844f8441d551a9c4480aa68629375ed8c0d4195f0d0718a9e79b0bf9db07cb1e3b5f722096178f7b032d008ffcaac

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-53550.exe

Filesize
184KB

MD5
9e5f7d1a848fa0ce026937cb7fb47f27

SHA1
5481e26833fe093ab39926b85e094b2195b353e8

SHA256
6e31428a12e494588f8c2c929f5970454ea9de99d291aac45fa995a9a7a41570

SHA512
f898424472bc47d1ea3b4cf45ab718302d0d119a90ae6615676e2cf52fbf833558f498f9e1a94ef7febbfc67441d317d665485bf198ee2232b5191279c62d317

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55885.exe

Filesize
184KB

MD5
d74d4b1609f210af371a9e69fdb13453

SHA1
c4aee77a9c1fcc64b96908367527dd673d85e4bc

SHA256
8d323d648ae860da1fe40ee5d51a36b9ddc33b59afbcb10d5802f0992cc118df

SHA512
4eaac53b8d2316b2ff5dffd288cdd0f3394f6f9dd58152be395e90a4a552fc21c6427dac26a21cf9bd553b8e1c7450648fc88cdf4f1e95ea9fb888178f7c31c4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-61718.exe

Filesize
184KB

MD5
378faab8fec06579dc3ec9c636b08f8b

SHA1
684f3d042876449c46fef5582de58e4bf4a386b9

SHA256
04e4acb0600f1b340b21892fca5bc11feeafb19f496fdeb5e29867e44b4e98ed

SHA512
1caa3e1f6e341da50e91693ae57af283960f77dbdf99d83eac1ee0ce04993a0508c5e27341b6e9cf6e80a381c946fee33e3f8f86798fd667ebba3ae16eba2478

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-7878.exe

Filesize
184KB

MD5
92969d0a5a70f9f3ab871de3f178671d

SHA1
88c11be59859916086b75edff9e0564c7be1533f

SHA256
69ee30ba8e149656b65bac35b1f0124d4ae975c90b457159ecefab708abbf583

SHA512
9c44b08c4be3732e52049257e76a47e0b4339ccc9ba6740094e3b07814d39c245848412ec3a2ff25eabd851f0ebd07ee926fbf6f0a9f7638ca17dea74a4568e1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-8947.exe

Filesize
184KB

MD5
8b99ceb3ff856c65122110d73fe1a637

SHA1
3e20ae5f5940811264332782ad3e52f998219d50

SHA256
9f66032ce1feceb6bf99cc8a601cf7f220453f7e67ca272bdd1a48b51198a563

SHA512
7cc255d2bd4971732fc476094514335738daab1c026187087c8547f26ea00ffad78a26ddf83a4519c3b945abd7501261cc7d6f0748e6ae14be54fed6e1ad7cba

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads