f11d0be87932e3417b4429d393e8863dcd2e794d374613370ff59d8cc85d46cd

Analysis

max time kernel
150s
max time network
121s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
09/06/2024, 05:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

10621a40a5020015eed5f754acfb8550_NeikiAnalytics.exe
Size

184KB
MD5

10621a40a5020015eed5f754acfb8550
SHA1

1c8a2451852ad68afec3e2dbcb991110147c2431
SHA256

f11d0be87932e3417b4429d393e8863dcd2e794d374613370ff59d8cc85d46cd
SHA512

7e621a8cc766274f470c8f506732d103a3bbae5bbbcd53750fd8b017aaea7adee96593ae4baf971ef6690c4dee291018fb8f92b3030cc13f49dbd83cb2a57c62
SSDEEP

1536:oBLO6jZln3Hxotx1tZQAlzwSGe9yvZc8smddcOLRCk29tEhl5hj5nizpvL:MNL3HxoT7ZQ6jGQWe1OLR+jEhlnViFz

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2948	Unicorn-63809.exe
2564	Unicorn-50483.exe
2608	Unicorn-14089.exe
2492	Unicorn-13939.exe
2636	Unicorn-26746.exe
2480	Unicorn-13747.exe
324	Unicorn-32217.exe
776	Unicorn-45024.exe
2856	Unicorn-42497.exe
1500	Unicorn-50473.exe
2076	Unicorn-30607.exe
2676	Unicorn-28403.exe
2344	Unicorn-12450.exe
1100	Unicorn-36632.exe
932	Unicorn-6337.exe
936	Unicorn-19144.exe
2920	Unicorn-39010.exe
2124	Unicorn-38818.exe
1016	Unicorn-2616.exe
1332	Unicorn-14043.exe
1520	Unicorn-43186.exe
1324	Unicorn-37396.exe
1076	Unicorn-53239.exe
616	Unicorn-26535.exe
3052	Unicorn-31173.exe
1996	Unicorn-56254.exe
884	Unicorn-18175.exe
536	Unicorn-59783.exe
2220	Unicorn-64422.exe
2240	Unicorn-2222.exe
1624	Unicorn-39725.exe
2624	Unicorn-47121.exe
2584	Unicorn-47121.exe
2972	Unicorn-51760.exe
2576	Unicorn-6664.exe
2448	Unicorn-35999.exe
2456	Unicorn-55673.exe
2880	Unicorn-43976.exe
1128	Unicorn-25305.exe
1592	Unicorn-5439.exe
276	Unicorn-60416.exe
1660	Unicorn-7686.exe
2956	Unicorn-58312.exe
2464	Unicorn-41976.exe
1084	Unicorn-943.exe
2168	Unicorn-9111.exe
2664	Unicorn-21918.exe
2644	Unicorn-41784.exe
1776	Unicorn-46423.exe
320	Unicorn-25256.exe
1580	Unicorn-5390.exe
1340	Unicorn-33699.exe
980	Unicorn-33184.exe
1800	Unicorn-54970.exe
704	Unicorn-30850.exe
1764	Unicorn-19152.exe
2692	Unicorn-46226.exe
2996	Unicorn-9832.exe
2628	Unicorn-37866.exe
2884	Unicorn-22106.exe
2468	Unicorn-21914.exe
2108	Unicorn-59417.exe
1652	Unicorn-13745.exe
564	Unicorn-20496.exe

Loads dropped DLL 64 IoCs

pid	Process
1524	10621a40a5020015eed5f754acfb8550_NeikiAnalytics.exe
1524	10621a40a5020015eed5f754acfb8550_NeikiAnalytics.exe
2948	Unicorn-63809.exe
1524	10621a40a5020015eed5f754acfb8550_NeikiAnalytics.exe
2948	Unicorn-63809.exe
1524	10621a40a5020015eed5f754acfb8550_NeikiAnalytics.exe
2564	Unicorn-50483.exe
2564	Unicorn-50483.exe
2948	Unicorn-63809.exe
2948	Unicorn-63809.exe
2608	Unicorn-14089.exe
2608	Unicorn-14089.exe
1204	WerFault.exe
1204	WerFault.exe
1204	WerFault.exe
1204	WerFault.exe
1204	WerFault.exe
2492	Unicorn-13939.exe
2492	Unicorn-13939.exe
2564	Unicorn-50483.exe
2564	Unicorn-50483.exe
2636	Unicorn-26746.exe
2636	Unicorn-26746.exe
2480	Unicorn-13747.exe
2608	Unicorn-14089.exe
2480	Unicorn-13747.exe
2608	Unicorn-14089.exe
1796	WerFault.exe
1796	WerFault.exe
1796	WerFault.exe
1796	WerFault.exe
1832	WerFault.exe
1832	WerFault.exe
1832	WerFault.exe
1832	WerFault.exe
1832	WerFault.exe
1796	WerFault.exe
776	Unicorn-45024.exe
776	Unicorn-45024.exe
324	Unicorn-32217.exe
324	Unicorn-32217.exe
2492	Unicorn-13939.exe
2492	Unicorn-13939.exe
1500	Unicorn-50473.exe
1500	Unicorn-50473.exe
2480	Unicorn-13747.exe
2480	Unicorn-13747.exe
2076	Unicorn-30607.exe
2076	Unicorn-30607.exe
2856	Unicorn-42497.exe
2856	Unicorn-42497.exe
2636	Unicorn-26746.exe
2636	Unicorn-26746.exe
400	WerFault.exe
400	WerFault.exe
400	WerFault.exe
400	WerFault.exe
400	WerFault.exe
2284	WerFault.exe
2284	WerFault.exe
2284	WerFault.exe
2284	WerFault.exe
1916	WerFault.exe
1916	WerFault.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2752	1524	WerFault.exe	27
1204	2948	WerFault.exe	28
1796	2564	WerFault.exe	29
1832	2608	WerFault.exe	30
400	2492	WerFault.exe	32
2284	2636	WerFault.exe	33
1916	2480	WerFault.exe	34
2516	776	WerFault.exe	37
852	324	WerFault.exe	36
2536	1500	WerFault.exe	39
2560	2076	WerFault.exe	40
2728	2856	WerFault.exe	38
2776	2676	WerFault.exe	43
2300	1100	WerFault.exe	45
1548	936	WerFault.exe	47
2808	2344	WerFault.exe	44
1224	2920	WerFault.exe	48
2792	2124	WerFault.exe	49
2064	932	WerFault.exe	46
2820	1016	WerFault.exe	50
2164	1332	WerFault.exe	54
1228	1520	WerFault.exe	55
2860	1076	WerFault.exe	57
2324	3052	WerFault.exe	59
2532	1324	WerFault.exe	56
2648	2108	WerFault.exe	109
972	1624	WerFault.exe	65
1040	2240	WerFault.exe	64
1948	2972	WerFault.exe	72
1568	2624	WerFault.exe	70
1788	2880	WerFault.exe	77
2988	2448	WerFault.exe	75
584	2644	WerFault.exe	87
2508	1776	WerFault.exe	89
300	2220	WerFault.exe	63
1616	2168	WerFault.exe	85
1740	320	WerFault.exe	88
2416	276	WerFault.exe	80
2716	2464	WerFault.exe	83
3076	1084	WerFault.exe	84
3488	2664	WerFault.exe	86
3496	2956	WerFault.exe	82
3504	2584	WerFault.exe	71
3544	2456	WerFault.exe	76
3644	1996	WerFault.exe	60
3672	1128	WerFault.exe	79
3696	884	WerFault.exe	61
3712	616	WerFault.exe	58
3740	1580	WerFault.exe	90
3976	1660	WerFault.exe	81
4008	536	WerFault.exe	62
4028	1764	WerFault.exe	103
3096	1800	WerFault.exe	98
3132	564	WerFault.exe	111
3436	2884	WerFault.exe	107
3468	980	WerFault.exe	95
3912	2576	WerFault.exe	74
3124	2772	WerFault.exe	121
3176	704	WerFault.exe	102
3276	1452	WerFault.exe	112
3280	2996	WerFault.exe	105
4088	1604	WerFault.exe	142
3188	1592	WerFault.exe	78
3484	1400	WerFault.exe	127

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1524	10621a40a5020015eed5f754acfb8550_NeikiAnalytics.exe
2948	Unicorn-63809.exe
2564	Unicorn-50483.exe
2608	Unicorn-14089.exe
2492	Unicorn-13939.exe
2636	Unicorn-26746.exe
2480	Unicorn-13747.exe
324	Unicorn-32217.exe
776	Unicorn-45024.exe
1500	Unicorn-50473.exe
2076	Unicorn-30607.exe
2856	Unicorn-42497.exe
2676	Unicorn-28403.exe
1100	Unicorn-36632.exe
2344	Unicorn-12450.exe
932	Unicorn-6337.exe
936	Unicorn-19144.exe
2920	Unicorn-39010.exe
2124	Unicorn-38818.exe
1016	Unicorn-2616.exe
1332	Unicorn-14043.exe
1520	Unicorn-43186.exe
1324	Unicorn-37396.exe
1076	Unicorn-53239.exe
616	Unicorn-26535.exe
3052	Unicorn-31173.exe
1996	Unicorn-56254.exe
884	Unicorn-18175.exe
536	Unicorn-59783.exe
2220	Unicorn-64422.exe
2240	Unicorn-2222.exe
1624	Unicorn-39725.exe
2584	Unicorn-47121.exe
2624	Unicorn-47121.exe
2972	Unicorn-51760.exe
2448	Unicorn-35999.exe
2576	Unicorn-6664.exe
2880	Unicorn-43976.exe
2456	Unicorn-55673.exe
1592	Unicorn-5439.exe
1128	Unicorn-25305.exe
1660	Unicorn-7686.exe
276	Unicorn-60416.exe
2464	Unicorn-41976.exe
2168	Unicorn-9111.exe
2956	Unicorn-58312.exe
1084	Unicorn-943.exe
1776	Unicorn-46423.exe
2644	Unicorn-41784.exe
2664	Unicorn-21918.exe
1580	Unicorn-5390.exe
320	Unicorn-25256.exe
1340	Unicorn-33699.exe
980	Unicorn-33184.exe
1800	Unicorn-54970.exe
704	Unicorn-30850.exe
1764	Unicorn-19152.exe
2996	Unicorn-9832.exe
2692	Unicorn-46226.exe
2884	Unicorn-22106.exe
2628	Unicorn-37866.exe
564	Unicorn-20496.exe
1652	Unicorn-13745.exe
2468	Unicorn-21914.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1524 wrote to memory of 2948	1524	10621a40a5020015eed5f754acfb8550_NeikiAnalytics.exe	28
PID 1524 wrote to memory of 2948	1524	10621a40a5020015eed5f754acfb8550_NeikiAnalytics.exe	28
PID 1524 wrote to memory of 2948	1524	10621a40a5020015eed5f754acfb8550_NeikiAnalytics.exe	28
PID 1524 wrote to memory of 2948	1524	10621a40a5020015eed5f754acfb8550_NeikiAnalytics.exe	28
PID 2948 wrote to memory of 2564	2948	Unicorn-63809.exe	29
PID 2948 wrote to memory of 2564	2948	Unicorn-63809.exe	29
PID 2948 wrote to memory of 2564	2948	Unicorn-63809.exe	29
PID 2948 wrote to memory of 2564	2948	Unicorn-63809.exe	29
PID 1524 wrote to memory of 2608	1524	10621a40a5020015eed5f754acfb8550_NeikiAnalytics.exe	30
PID 1524 wrote to memory of 2608	1524	10621a40a5020015eed5f754acfb8550_NeikiAnalytics.exe	30
PID 1524 wrote to memory of 2608	1524	10621a40a5020015eed5f754acfb8550_NeikiAnalytics.exe	30
PID 1524 wrote to memory of 2608	1524	10621a40a5020015eed5f754acfb8550_NeikiAnalytics.exe	30
PID 1524 wrote to memory of 2752	1524	10621a40a5020015eed5f754acfb8550_NeikiAnalytics.exe	31
PID 1524 wrote to memory of 2752	1524	10621a40a5020015eed5f754acfb8550_NeikiAnalytics.exe	31
PID 1524 wrote to memory of 2752	1524	10621a40a5020015eed5f754acfb8550_NeikiAnalytics.exe	31
PID 1524 wrote to memory of 2752	1524	10621a40a5020015eed5f754acfb8550_NeikiAnalytics.exe	31
PID 2564 wrote to memory of 2492	2564	Unicorn-50483.exe	32
PID 2564 wrote to memory of 2492	2564	Unicorn-50483.exe	32
PID 2564 wrote to memory of 2492	2564	Unicorn-50483.exe	32
PID 2564 wrote to memory of 2492	2564	Unicorn-50483.exe	32
PID 2948 wrote to memory of 2636	2948	Unicorn-63809.exe	33
PID 2948 wrote to memory of 2636	2948	Unicorn-63809.exe	33
PID 2948 wrote to memory of 2636	2948	Unicorn-63809.exe	33
PID 2948 wrote to memory of 2636	2948	Unicorn-63809.exe	33
PID 2608 wrote to memory of 2480	2608	Unicorn-14089.exe	34
PID 2608 wrote to memory of 2480	2608	Unicorn-14089.exe	34
PID 2608 wrote to memory of 2480	2608	Unicorn-14089.exe	34
PID 2608 wrote to memory of 2480	2608	Unicorn-14089.exe	34
PID 2948 wrote to memory of 1204	2948	Unicorn-63809.exe	35
PID 2948 wrote to memory of 1204	2948	Unicorn-63809.exe	35
PID 2948 wrote to memory of 1204	2948	Unicorn-63809.exe	35
PID 2948 wrote to memory of 1204	2948	Unicorn-63809.exe	35
PID 2492 wrote to memory of 324	2492	Unicorn-13939.exe	36
PID 2492 wrote to memory of 324	2492	Unicorn-13939.exe	36
PID 2492 wrote to memory of 324	2492	Unicorn-13939.exe	36
PID 2492 wrote to memory of 324	2492	Unicorn-13939.exe	36
PID 2564 wrote to memory of 776	2564	Unicorn-50483.exe	37
PID 2564 wrote to memory of 776	2564	Unicorn-50483.exe	37
PID 2564 wrote to memory of 776	2564	Unicorn-50483.exe	37
PID 2564 wrote to memory of 776	2564	Unicorn-50483.exe	37
PID 2636 wrote to memory of 2856	2636	Unicorn-26746.exe	38
PID 2636 wrote to memory of 2856	2636	Unicorn-26746.exe	38
PID 2636 wrote to memory of 2856	2636	Unicorn-26746.exe	38
PID 2636 wrote to memory of 2856	2636	Unicorn-26746.exe	38
PID 2480 wrote to memory of 1500	2480	Unicorn-13747.exe	39
PID 2480 wrote to memory of 1500	2480	Unicorn-13747.exe	39
PID 2480 wrote to memory of 1500	2480	Unicorn-13747.exe	39
PID 2480 wrote to memory of 1500	2480	Unicorn-13747.exe	39
PID 2608 wrote to memory of 2076	2608	Unicorn-14089.exe	40
PID 2608 wrote to memory of 2076	2608	Unicorn-14089.exe	40
PID 2608 wrote to memory of 2076	2608	Unicorn-14089.exe	40
PID 2608 wrote to memory of 2076	2608	Unicorn-14089.exe	40
PID 2564 wrote to memory of 1796	2564	Unicorn-50483.exe	41
PID 2564 wrote to memory of 1796	2564	Unicorn-50483.exe	41
PID 2564 wrote to memory of 1796	2564	Unicorn-50483.exe	41
PID 2564 wrote to memory of 1796	2564	Unicorn-50483.exe	41
PID 2608 wrote to memory of 1832	2608	Unicorn-14089.exe	42
PID 2608 wrote to memory of 1832	2608	Unicorn-14089.exe	42
PID 2608 wrote to memory of 1832	2608	Unicorn-14089.exe	42
PID 2608 wrote to memory of 1832	2608	Unicorn-14089.exe	42
PID 776 wrote to memory of 2676	776	Unicorn-45024.exe	43
PID 776 wrote to memory of 2676	776	Unicorn-45024.exe	43
PID 776 wrote to memory of 2676	776	Unicorn-45024.exe	43
PID 776 wrote to memory of 2676	776	Unicorn-45024.exe	43

C:\Users\Admin\AppData\Local\Temp\10621a40a5020015eed5f754acfb8550_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\10621a40a5020015eed5f754acfb8550_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1524
- C:\Users\Admin\AppData\Local\Temp\Unicorn-63809.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-63809.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2948
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50483.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50483.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13939.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13939.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32217.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12450.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26535.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60416.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61597.exe
        9⤵
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23824.exe
        10⤵
        
        PID:3112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31157.exe
        11⤵
        
        PID:4404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28851.exe
        12⤵
        
        PID:5768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-434.exe
        13⤵
        
        PID:7144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-806.exe
        14⤵
        
        PID:8956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7144 -s 216
        14⤵
        
        PID:8924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5768 -s 216
        13⤵
        
        PID:7408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4404 -s 216
        12⤵
        
        PID:6536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3112 -s 216
        11⤵
        
        PID:4380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2904 -s 236
        10⤵
        
        PID:3904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 276 -s 236
        9⤵
        Program crash
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3906.exe
        8⤵
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56548.exe
        9⤵
        
        PID:3296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10046.exe
        10⤵
        
        PID:4804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28156.exe
        11⤵
        
        PID:5976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18715.exe
        12⤵
        
        PID:8112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11536.exe
        13⤵
        
        PID:9508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8112 -s 236
        13⤵
        
        PID:10028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5976 -s 216
        12⤵
        
        PID:8460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4804 -s 236
        11⤵
        
        PID:6604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3296 -s 236
        10⤵
        
        PID:5340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2380 -s 236
        9⤵
        
        PID:4508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 616 -s 240
        8⤵
        Program crash
        
        PID:3712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7686.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53045.exe
        8⤵
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38951.exe
        9⤵
        
        PID:3520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52426.exe
        10⤵
        
        PID:4924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53096.exe
        11⤵
        
        PID:6760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26468.exe
        12⤵
        
        PID:8076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44007.exe
        13⤵
        
        PID:9928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8076 -s 216
        13⤵
        
        PID:9672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6760 -s 236
        12⤵
        
        PID:2236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4924 -s 236
        11⤵
        
        PID:7328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3520 -s 216
        10⤵
        
        PID:5472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2260 -s 216
        9⤵
        
        PID:4960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1660 -s 236
        8⤵
        Program crash
        
        PID:3976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2344 -s 240
        7⤵
        Program crash
        
        PID:2808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31173.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25305.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21914.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46076.exe
        9⤵
        
        PID:3140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10482.exe
        10⤵
        
        PID:4216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50465.exe
        11⤵
        
        PID:7080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31014.exe
        12⤵
        
        PID:8332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22160.exe
        13⤵
        
        PID:10176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23861.exe
        13⤵
        
        PID:5620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7080 -s 216
        12⤵
        
        PID:8792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4216 -s 216
        11⤵
        
        PID:7636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3140 -s 216
        10⤵
        
        PID:5864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2468 -s 236
        9⤵
        
        PID:4828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1128 -s 236
        8⤵
        Program crash
        
        PID:3672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59417.exe
        7⤵
        Executes dropped EXE
        
        PID:2108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2108 -s 240
        8⤵
        Program crash
        
        PID:2648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3052 -s 240
        7⤵
        Program crash
        
        PID:2324
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 324 -s 240
        6⤵
        Program crash
        
        PID:852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36632.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37396.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6664.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46226.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49319.exe
        9⤵
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49563.exe
        10⤵
        
        PID:3308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13912.exe
        11⤵
        
        PID:4260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-885.exe
        12⤵
        
        PID:6288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59363.exe
        13⤵
        
        PID:8036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6219.exe
        14⤵
        
        PID:8732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8036 -s 216
        14⤵
        
        PID:9540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6288 -s 216
        13⤵
        
        PID:8436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4260 -s 216
        12⤵
        
        PID:6508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3308 -s 236
        11⤵
        
        PID:5740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2764 -s 216
        10⤵
        
        PID:4128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30081.exe
        9⤵
        
        PID:3388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16933.exe
        10⤵
        
        PID:4476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17445.exe
        11⤵
        
        PID:5996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49635.exe
        12⤵
        
        PID:6532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56660.exe
        13⤵
        
        PID:9112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6532 -s 216
        13⤵
        
        PID:4544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5996 -s 216
        12⤵
        
        PID:7404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4476 -s 216
        11⤵
        
        PID:6164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3388 -s 216
        10⤵
        
        PID:5156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2692 -s 240
        9⤵
        
        PID:3852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62126.exe
        8⤵
        
        PID:1784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19232.exe
        9⤵
        
        PID:3748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45270.exe
        10⤵
        
        PID:5704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4248.exe
        11⤵
        
        PID:6392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61626.exe
        12⤵
        
        PID:8628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6392 -s 216
        12⤵
        
        PID:8228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5704 -s 236
        11⤵
        
        PID:7888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3748 -s 216
        10⤵
        
        PID:6520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1784 -s 236
        9⤵
        
        PID:5104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2576 -s 240
        8⤵
        Program crash
        
        PID:3912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9832.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54960.exe
        8⤵
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47218.exe
        9⤵
        
        PID:3984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57470.exe
        10⤵
        
        PID:5712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48185.exe
        11⤵
        
        PID:7836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42727.exe
        12⤵
        
        PID:9212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7836 -s 216
        12⤵
        
        PID:9436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5712 -s 236
        11⤵
        
        PID:8272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3984 -s 236
        10⤵
        
        PID:6300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1608 -s 236
        9⤵
        
        PID:4844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2996 -s 236
        8⤵
        Program crash
        
        PID:3280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1324 -s 240
        7⤵
        Program crash
        
        PID:2532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35999.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37866.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61073.exe
        8⤵
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22605.exe
        9⤵
        
        PID:4340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4340 -s 224
        10⤵
        
        PID:5792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2424 -s 216
        9⤵
        
        PID:4460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2628 -s 236
        8⤵
        
        PID:3616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2448 -s 236
        7⤵
        Program crash
        
        PID:2988
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1100 -s 240
        6⤵
        Program crash
        
        PID:2300
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2492 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45024.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45024.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28403.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14043.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47121.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33699.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-227.exe
        9⤵
        
        PID:1376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24208.exe
        10⤵
        
        PID:3204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24333.exe
        11⤵
        
        PID:4520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10345.exe
        12⤵
        
        PID:6104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47383.exe
        13⤵
        
        PID:7664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28.exe
        14⤵
        
        PID:9088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7664 -s 236
        14⤵
        
        PID:9304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6104 -s 216
        13⤵
        
        PID:7472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4520 -s 236
        12⤵
        
        PID:6168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3204 -s 236
        11⤵
        
        PID:5172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1376 -s 236
        10⤵
        
        PID:4072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19417.exe
        9⤵
        
        PID:3264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14981.exe
        10⤵
        
        PID:4196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24897.exe
        11⤵
        
        PID:5760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36888.exe
        12⤵
        
        PID:7436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46814.exe
        13⤵
        
        PID:9580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7436 -s 236
        13⤵
        
        PID:10072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5760 -s 236
        12⤵
        
        PID:8600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4196 -s 216
        11⤵
        
        PID:6440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3264 -s 216
        10⤵
        
        PID:5728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1340 -s 240
        9⤵
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30138.exe
        8⤵
        
        PID:2268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51037.exe
        9⤵
        
        PID:3868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7389.exe
        10⤵
        
        PID:5088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57870.exe
        11⤵
        
        PID:6220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55336.exe
        12⤵
        
        PID:7556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6658.exe
        13⤵
        
        PID:9616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7556 -s 216
        13⤵
        
        PID:10092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6220 -s 236
        12⤵
        
        PID:8692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5088 -s 216
        11⤵
        
        PID:7092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3868 -s 216
        10⤵
        
        PID:5600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2268 -s 216
        9⤵
        
        PID:4608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2584 -s 240
        8⤵
        Program crash
        
        PID:3504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33184.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24924.exe
        8⤵
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59174.exe
        9⤵
        
        PID:4016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10482.exe
        10⤵
        
        PID:4192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53376.exe
        11⤵
        
        PID:5164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28390.exe
        12⤵
        
        PID:7076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61626.exe
        13⤵
        
        PID:8620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7852.exe
        14⤵
        
        PID:5240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7076 -s 216
        13⤵
        
        PID:8252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5164 -s 216
        12⤵
        
        PID:8092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4192 -s 216
        11⤵
        
        PID:6884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4016 -s 216
        10⤵
        
        PID:5752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2872 -s 216
        9⤵
        
        PID:4596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 980 -s 236
        8⤵
        Program crash
        
        PID:3468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1332 -s 240
        7⤵
        Program crash
        
        PID:2164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51760.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54970.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9376.exe
        8⤵
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22854.exe
        9⤵
        
        PID:3804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12929.exe
        10⤵
        
        PID:4604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39194.exe
        11⤵
        
        PID:7156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34003.exe
        12⤵
        
        PID:8380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16618.exe
        13⤵
        
        PID:5464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7156 -s 216
        12⤵
        
        PID:8888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4604 -s 216
        11⤵
        
        PID:7752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3804 -s 216
        10⤵
        
        PID:5944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2052 -s 216
        9⤵
        
        PID:4236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1800 -s 236
        8⤵
        Program crash
        
        PID:3096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2972 -s 236
        7⤵
        Program crash
        
        PID:1948
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2676 -s 240
        6⤵
        Program crash
        
        PID:2776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43186.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47121.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30850.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38624.exe
        8⤵
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22138.exe
        9⤵
        
        PID:3776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46168.exe
        10⤵
        
        PID:6108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40253.exe
        11⤵
        
        PID:7360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31004.exe
        12⤵
        
        PID:9184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7360 -s 216
        12⤵
        
        PID:8760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6108 -s 216
        11⤵
        
        PID:8124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3776 -s 216
        10⤵
        
        PID:6868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2116 -s 216
        9⤵
        
        PID:4496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 704 -s 236
        8⤵
        Program crash
        
        PID:3176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2624 -s 216
        7⤵
        Program crash
        
        PID:1568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19152.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33367.exe
        7⤵
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53663.exe
        8⤵
        
        PID:3732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58531.exe
        9⤵
        
        PID:5036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41534.exe
        10⤵
        
        PID:6252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42129.exe
        11⤵
        
        PID:7900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22556.exe
        12⤵
        
        PID:8608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7900 -s 236
        12⤵
        
        PID:9532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6252 -s 216
        11⤵
        
        PID:8304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5036 -s 216
        10⤵
        
        PID:6548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3732 -s 216
        9⤵
        
        PID:5452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2024 -s 216
        8⤵
        
        PID:5044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1764 -s 236
        7⤵
        Program crash
        
        PID:4028
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1520 -s 220
        6⤵
        Program crash
        
        PID:1228
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 776 -s 240
        5⤵
        Program crash
        
        PID:2516
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2564 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1796
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26746.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26746.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42497.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42497.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38818.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59783.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25256.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28925.exe
        8⤵
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33611.exe
        9⤵
        
        PID:3340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52947.exe
        10⤵
        
        PID:3284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28358.exe
        11⤵
        
        PID:5628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28555.exe
        12⤵
        
        PID:7376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44766.exe
        13⤵
        
        PID:8424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7376 -s 216
        13⤵
        
        PID:4440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5628 -s 216
        12⤵
        
        PID:8088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3284 -s 216
        11⤵
        
        PID:6484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3340 -s 236
        10⤵
        
        PID:4464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2772 -s 216
        9⤵
        Program crash
        
        PID:3124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 320 -s 236
        8⤵
        Program crash
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17227.exe
        7⤵
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55095.exe
        8⤵
        
        PID:3580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33560.exe
        9⤵
        
        PID:4684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40403.exe
        10⤵
        
        PID:6420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55466.exe
        11⤵
        
        PID:7296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13617.exe
        12⤵
        
        PID:9872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7296 -s 216
        12⤵
        
        PID:5816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6420 -s 236
        11⤵
        
        PID:8944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4684 -s 236
        10⤵
        
        PID:7228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3580 -s 216
        9⤵
        
        PID:5228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1512 -s 236
        8⤵
        
        PID:4968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 536 -s 240
        7⤵
        Program crash
        
        PID:4008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46423.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36709.exe
        7⤵
        
        PID:240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37995.exe
        8⤵
        
        PID:3952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36601.exe
        9⤵
        
        PID:4424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-138.exe
        10⤵
        
        PID:6364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6364 -s 244
        11⤵
        
        PID:8052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4424 -s 236
        10⤵
        
        PID:6612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3952 -s 236
        9⤵
        
        PID:5984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 240 -s 216
        8⤵
        
        PID:4700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1776 -s 236
        7⤵
        Program crash
        
        PID:2508
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2124 -s 240
        6⤵
        Program crash
        
        PID:2792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64422.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-943.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36901.exe
        7⤵
        
        PID:1400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50570.exe
        8⤵
        
        PID:3620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41162.exe
        9⤵
        
        PID:4252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12727.exe
        10⤵
        
        PID:5380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6490.exe
        11⤵
        
        PID:6200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40132.exe
        12⤵
        
        PID:9172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6200 -s 216
        12⤵
        
        PID:8516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5380 -s 216
        11⤵
        
        PID:7388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4252 -s 216
        10⤵
        
        PID:6940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3620 -s 236
        9⤵
        
        PID:4872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1400 -s 236
        8⤵
        Program crash
        
        PID:3484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1084 -s 236
        7⤵
        Program crash
        
        PID:3076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40771.exe
        6⤵
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15677.exe
        7⤵
        
        PID:3760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43876.exe
        8⤵
        
        PID:4620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39323.exe
        9⤵
        
        PID:5912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22910.exe
        10⤵
        
        PID:6464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9083.exe
        11⤵
        
        PID:9068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6464 -s 216
        11⤵
        
        PID:2588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5912 -s 216
        10⤵
        
        PID:7264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4620 -s 216
        9⤵
        
        PID:6648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3760 -s 236
        8⤵
        
        PID:5220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2736 -s 236
        7⤵
        
        PID:4120
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2220 -s 220
        6⤵
        Program crash
        
        PID:300
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2856 -s 240
        5⤵
        Program crash
        
        PID:2728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2616.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2616.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2222.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41784.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63413.exe
        7⤵
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17083.exe
        8⤵
        
        PID:3424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49029.exe
        9⤵
        
        PID:4584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36718.exe
        10⤵
        
        PID:5572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52894.exe
        11⤵
        
        PID:7124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-806.exe
        12⤵
        
        PID:8964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47240.exe
        13⤵
        
        PID:10136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7124 -s 216
        12⤵
        
        PID:3708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5572 -s 216
        11⤵
        
        PID:8136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4584 -s 236
        10⤵
        
        PID:6468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3424 -s 216
        9⤵
        
        PID:5204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2244 -s 236
        8⤵
        
        PID:3796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2644 -s 236
        7⤵
        Program crash
        
        PID:584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41539.exe
        6⤵
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39475.exe
        7⤵
        
        PID:3232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48370.exe
        8⤵
        
        PID:4320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6479.exe
        9⤵
        
        PID:5676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50341.exe
        10⤵
        
        PID:7456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19494.exe
        11⤵
        
        PID:8588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7456 -s 216
        11⤵
        
        PID:4540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5676 -s 216
        10⤵
        
        PID:7464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4320 -s 216
        9⤵
        
        PID:7004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3232 -s 236
        8⤵
        
        PID:4300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1972 -s 236
        7⤵
        
        PID:3632
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2240 -s 240
        6⤵
        Program crash
        
        PID:1040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5390.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53237.exe
        6⤵
        
        PID:836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48764.exe
        7⤵
        
        PID:3396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10015.exe
        8⤵
        
        PID:4948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58659.exe
        9⤵
        
        PID:6492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34335.exe
        10⤵
        
        PID:2208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14162.exe
        11⤵
        
        PID:9720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2208 -s 216
        11⤵
        
        PID:5304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6492 -s 236
        10⤵
        
        PID:9044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4948 -s 216
        9⤵
        
        PID:6704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3396 -s 236
        8⤵
        
        PID:5416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 836 -s 236
        7⤵
        
        PID:4916
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1580 -s 236
        6⤵
        Program crash
        
        PID:3740
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1016 -s 240
        5⤵
        Program crash
        
        PID:2820
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2636 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:2284
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2948 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:1204
- C:\Users\Admin\AppData\Local\Temp\Unicorn-14089.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-14089.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2608
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13747.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13747.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50473.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50473.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6337.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5439.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6236.exe
        7⤵
        
        PID:1452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3320.exe
        8⤵
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46642.exe
        9⤵
        
        PID:3148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53376.exe
        10⤵
        
        PID:4456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17861.exe
        11⤵
        
        PID:7416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40132.exe
        12⤵
        
        PID:9164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7416 -s 216
        12⤵
        
        PID:4628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4456 -s 216
        11⤵
        
        PID:8144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3148 -s 216
        10⤵
        
        PID:6876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2796 -s 236
        9⤵
        
        PID:4488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1452 -s 236
        8⤵
        Program crash
        
        PID:3276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25063.exe
        7⤵
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7145.exe
        8⤵
        
        PID:4372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56749.exe
        9⤵
        
        PID:5584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41597.exe
        10⤵
        
        PID:7524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47210.exe
        11⤵
        
        PID:8804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7524 -s 236
        11⤵
        
        PID:8396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5584 -s 236
        10⤵
        
        PID:7856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4372 -s 216
        9⤵
        
        PID:6972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2696 -s 236
        8⤵
        
        PID:4984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1592 -s 240
        7⤵
        Program crash
        
        PID:3188
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 932 -s 236
        6⤵
        Program crash
        
        PID:2064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39725.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41976.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64804.exe
        7⤵
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49563.exe
        8⤵
        
        PID:3300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43871.exe
        9⤵
        
        PID:4892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39697.exe
        10⤵
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9970.exe
        11⤵
        
        PID:8064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42289.exe
        12⤵
        
        PID:9480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8064 -s 216
        12⤵
        
        PID:10020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 216
        11⤵
        
        PID:8468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4892 -s 216
        10⤵
        
        PID:6812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3300 -s 216
        9⤵
        
        PID:5428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2748 -s 236
        8⤵
        
        PID:3420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2464 -s 236
        7⤵
        Program crash
        
        PID:2716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49900.exe
        6⤵
        
        PID:1408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24208.exe
        7⤵
        
        PID:3212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15942.exe
        8⤵
        
        PID:4140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45462.exe
        9⤵
        
        PID:5656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57912.exe
        10⤵
        
        PID:6748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23905.exe
        11⤵
        
        PID:8224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6748 -s 216
        11⤵
        
        PID:8200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5656 -s 216
        10⤵
        
        PID:7540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4140 -s 216
        9⤵
        
        PID:6476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3212 -s 216
        8⤵
        
        PID:5364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1408 -s 216
        7⤵
        
        PID:3948
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1624 -s 240
        6⤵
        Program crash
        
        PID:972
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1500 -s 240
        5⤵
        Program crash
        
        PID:2536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19144.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19144.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53239.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55673.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13745.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10004.exe
        8⤵
        
        PID:3896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48936.exe
        9⤵
        
        PID:4900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58083.exe
        10⤵
        
        PID:6592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48450.exe
        11⤵
        
        PID:7760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52045.exe
        12⤵
        
        PID:9832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7760 -s 236
        12⤵
        
        PID:9488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6592 -s 236
        11⤵
        
        PID:8864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4900 -s 216
        10⤵
        
        PID:7240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3896 -s 236
        9⤵
        
        PID:5668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1652 -s 216
        8⤵
        
        PID:4692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2456 -s 236
        7⤵
        Program crash
        
        PID:3544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20496.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16647.exe
        7⤵
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-269.exe
        8⤵
        
        PID:3876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31295.exe
        9⤵
        
        PID:5260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25785.exe
        10⤵
        
        PID:6632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11849.exe
        11⤵
        
        PID:8716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6632 -s 236
        11⤵
        
        PID:8328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5260 -s 236
        10⤵
        
        PID:7980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3876 -s 236
        9⤵
        
        PID:1188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1728 -s 216
        8⤵
        
        PID:4348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 564 -s 236
        7⤵
        Program crash
        
        PID:3132
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1076 -s 240
        6⤵
        Program crash
        
        PID:2860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43976.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22106.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57295.exe
        7⤵
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6984.exe
        8⤵
        
        PID:3960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4753.exe
        9⤵
        
        PID:4308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26417.exe
        10⤵
        
        PID:5328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26553.exe
        11⤵
        
        PID:6500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3956.exe
        12⤵
        
        PID:8652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6500 -s 236
        12⤵
        
        PID:920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5328 -s 236
        11⤵
        
        PID:7936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4308 -s 216
        10⤵
        
        PID:5700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4050.exe
        9⤵
        
        PID:5396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12245.exe
        10⤵
        
        PID:6228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8398.exe
        11⤵
        
        PID:8912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6228 -s 216
        11⤵
        
        PID:2668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5396 -s 216
        10⤵
        
        PID:8172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3960 -s 220
        9⤵
        
        PID:6136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2032 -s 236
        8⤵
        
        PID:4580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2884 -s 236
        7⤵
        Program crash
        
        PID:3436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29261.exe
        6⤵
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55427.exe
        7⤵
        
        PID:3164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40778.exe
        8⤵
        
        PID:4204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45571.exe
        9⤵
        
        PID:5840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15426.exe
        10⤵
        
        PID:6624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16759.exe
        11⤵
        
        PID:8876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6624 -s 216
        11⤵
        
        PID:3352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5840 -s 216
        10⤵
        
        PID:7308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4204 -s 216
        9⤵
        
        PID:6616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3164 -s 236
        8⤵
        
        PID:5068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1604 -s 236
        7⤵
        Program crash
        
        PID:4088
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2880 -s 240
        6⤵
        Program crash
        
        PID:1788
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 936 -s 240
        5⤵
        Program crash
        
        PID:1548
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2480 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1916
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30607.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30607.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39010.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39010.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18175.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9111.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12012.exe
        7⤵
        
        PID:2188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56387.exe
        8⤵
        
        PID:3084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30166.exe
        9⤵
        
        PID:5020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34134.exe
        10⤵
        
        PID:5888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31133.exe
        11⤵
        
        PID:1348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49419.exe
        12⤵
        
        PID:9652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1348 -s 216
        12⤵
        
        PID:10124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5888 -s 236
        11⤵
        
        PID:8780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5020 -s 216
        10⤵
        
        PID:6388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3084 -s 236
        9⤵
        
        PID:5524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2188 -s 236
        8⤵
        
        PID:4036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2168 -s 236
        7⤵
        Program crash
        
        PID:1616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9059.exe
        6⤵
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32044.exe
        7⤵
        
        PID:3260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41536.exe
        8⤵
        
        PID:4812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56054.exe
        9⤵
        
        PID:6328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-873.exe
        10⤵
        
        PID:7320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50016.exe
        11⤵
        
        PID:9776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7320 -s 236
        11⤵
        
        PID:9496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6328 -s 236
        10⤵
        
        PID:8836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4812 -s 216
        9⤵
        
        PID:6324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3260 -s 236
        8⤵
        
        PID:5360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2984 -s 236
        7⤵
        
        PID:4852
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 884 -s 240
        6⤵
        Program crash
        
        PID:3696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21918.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38717.exe
        6⤵
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17597.exe
        7⤵
        
        PID:3808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48370.exe
        8⤵
        
        PID:4312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61907.exe
        9⤵
        
        PID:5868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29106.exe
        10⤵
        
        PID:7128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25560.exe
        11⤵
        
        PID:8412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26815.exe
        12⤵
        
        PID:9568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7128 -s 216
        11⤵
        
        PID:8932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5868 -s 216
        10⤵
        
        PID:7732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4312 -s 216
        9⤵
        
        PID:6640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3808 -s 216
        8⤵
        
        PID:4368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2104 -s 216
        7⤵
        
        PID:3576
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2664 -s 236
        6⤵
        Program crash
        
        PID:3488
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2920 -s 240
        5⤵
        Program crash
        
        PID:1224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56254.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56254.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58312.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60637.exe
        6⤵
        
        PID:2428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9428.exe
        7⤵
        
        PID:3840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19689.exe
        8⤵
        
        PID:4492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7034.exe
        9⤵
        
        PID:5952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48504.exe
        10⤵
        
        PID:7248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32073.exe
        11⤵
        
        PID:8204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7248 -s 216
        11⤵
        
        PID:9096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5952 -s 236
        10⤵
        
        PID:7828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4492 -s 216
        9⤵
        
        PID:6716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3840 -s 216
        8⤵
        
        PID:5516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2428 -s 216
        7⤵
        
        PID:4564
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2956 -s 236
        6⤵
        Program crash
        
        PID:3496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27450.exe
        5⤵
        
        PID:2888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38100.exe
        6⤵
        
        PID:4076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19367.exe
        7⤵
        
        PID:4864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28327.exe
        8⤵
        
        PID:5648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31592.exe
        9⤵
        
        PID:7176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33396.exe
        10⤵
        
        PID:9000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29752.exe
        11⤵
        
        PID:10188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9000 -s 216
        11⤵
        
        PID:5284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7176 -s 236
        10⤵
        
        PID:8896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5648 -s 236
        9⤵
        
        PID:7704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4864 -s 236
        8⤵
        
        PID:6308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4076 -s 216
        7⤵
        
        PID:5420
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2888 -s 216
        6⤵
        
        PID:4572
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1996 -s 240
        5⤵
        Program crash
        
        PID:3644
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2076 -s 240
      4⤵
      Program crash
      PID:2560
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2608 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:1832
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1524 -s 240
  2⤵
  - Program crash
  PID:2752

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-15942.exe

Filesize
184KB

MD5
c05500bb2b5153a2d082231392d2b258

SHA1
5d69f36c1e7f7e3a9e7bc1ba2dd9fa5bae16a607

SHA256
4c14b1e18019bbd2b6fdf281730e16a22454d1b5d7f13b77f39e57c7bc91e793

SHA512
32e459366fa2d80138c3d084b5268357a4b1e1fb2650079d6aaef814d53c3f262344e1efe352c33149c4fcdee33442b41973b7be5f6eea807c0a714805f392ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22160.exe

Filesize
184KB

MD5
4a8acc0f4eba61933005e79dd0856dc2

SHA1
2000ce679d09e6426d1c7cee97b3226eb3954ee8

SHA256
e6184fcedc277cc2c4e7e535e53e248af62042533117acc7af950a26414b2105

SHA512
c92926f3b57c22cd23b61071e67616075ef735e2d13b84d13645afee8801dd96f575ae65d8f20c6a6b57f9e8e72cec6e0f9604da682df49554d13141731d97b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31157.exe

Filesize
184KB

MD5
c9cf24ca193363a4cb5326c3aa2a1b47

SHA1
9516028191e5046eb0b70f300b51d933d76608b5

SHA256
de07132e6545c3ebd20993ead8aad483afe7680abcaa47b56bc85405eb2996cc

SHA512
75847b86d06cddd3d28cae4c2c0e79804d2aa30c9a88a7a4ed2e48075cd0ad52d69947e0f2ca90aec85cfaa9cc5bd95574f38c77723254c2d00de2dc87b4b767

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39725.exe

Filesize
184KB

MD5
2855dc70fd4808bdb1dd22a29e8aed35

SHA1
25f346ecab793c19dee70cdea83c556f26481a20

SHA256
3e828f1897a3d418887c20ff1ae0a578aa3b3755b32657f908c1a51338478ae0

SHA512
3bcd622db7e7ce33733b370c8366b1e01f6baa3a676c750e3ee47dea7730fcd465bd82a662531a018af9abe2dac2893ee3f957f407b856332a60a802336aea8e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6236.exe

Filesize
184KB

MD5
73fae2080321ff301dddc2892ccb14a8

SHA1
f51d2016f3865546cadc355c6e6477c7af94ba49

SHA256
974ab2202c37fbf6ffe420079830409c4f7491434ebd6e94cd1461e8336e8dd2

SHA512
1465f67a2802cc5cbbcab5292255670be28df9a0a3d7fd48881d8e7665915afd9d72d5ec0090ee5cb4b1997ae80ad872c8ab53a6b36d1acda983aab7c64030f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6337.exe

Filesize
184KB

MD5
cc5bf888f2d435dc9ebfd5e41aae4616

SHA1
e6fcd060126f9543ea3285722d8d42e3222dc096

SHA256
7df28871feb9830a6a27c972169273d41b4730e7678d03f72d17fddb4c510bdd

SHA512
fdf9ad7cfc068468bc35b337dacefc46b7bd15c64a5bdac47d7bd8a4e3f2ef257f734209d82004920a03c415820f804317d62e627ee5353c71f82d0e604d49d1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6664.exe

Filesize
184KB

MD5
d69a4de303fb23ece46aa9630915ae7e

SHA1
d98fd4c8f6f67e2a1390349c2e156a73c320ec3f

SHA256
dc8b0fd7c359309fb4644d3763e4f1eeb24da3c437584bd72e65a3940de87fc6

SHA512
667cb8e1681bb7a89be4c04f048c26af468012eff4c7abcd29670e6fb619e180eda00931640e4c5e9d9175927ca7ee9c356b2d2332fe06e75aedbf3d1d7fcecc

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-12450.exe

Filesize
184KB

MD5
6e664fc132c2b3ec17c79da8e676943d

SHA1
eb06c20ed2bcf24322b1c4d1b80e5d4d8d80c72b

SHA256
08a9aa30aaead712aad96cc03f68223793130d6f76c4642aee58797c548ca7c1

SHA512
47e1d3cfe2bbccdd524d553dedc4bf8375fe0e7ab5880e0f7321112a8d277a397aaa1278f51c6dea966d861fa016107eb729b63cce2039d06cf87ea710839c73

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-13747.exe

Filesize
184KB

MD5
d5257f2a165220845622782b70680772

SHA1
a2cf2032b8789ea882b5a81d0586015e1f72f1dd

SHA256
a4f844cee181d1eb89cc790cab9519fb30a8a3ccb4f6e530c63a4f5eb1baa5d6

SHA512
0d9599e02cbfaf5406438ce7807c8e006dccb65713b952bd3d8f75997386606538fc495022d20c309df6179fef796abf00265425beb25826360dc9285b9f5867

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-13939.exe

Filesize
184KB

MD5
ca8b9ebc3050307dc6a9fa56c1c075dd

SHA1
57bf997617adf80c347e774ca8b22a0876538440

SHA256
fbcabea8f325c8bc23db79e260869e3b4a67a42f92934d51d0d800a2ab851c97

SHA512
ead4b61f380c8eae47a70249a4ee9e2a61cb08fdbd7ddfa67c658e493a4fbea68ee5351b1fa137dd9c1a108bab703fe3dc7f03922ac20c3ca826ac93afd39d31

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-14089.exe

Filesize
184KB

MD5
6828a4925f7f1966199113735e1445bd

SHA1
a5d9aef215ecda5d598939444766d4d81b8213c2

SHA256
e33f95d9682763ad4184a256e61abdd6733ed2bf39b70d0c59734c0cd80340c9

SHA512
6de41e120053bb74614151378c4d433d96f7a6357c4d586c16a407097c68435472299d34b8350a45a109f5d1d1ecfcfac2a25e17c8aee9c68758543442858ce4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26746.exe

Filesize
184KB

MD5
9b48843124adb2b910118dcfc52364a5

SHA1
eb134f097686c6c4089053e688f1583d56d85cc3

SHA256
a27619ed2ba92ebe7a11224b229048ea94c6caa876f0fe9c4a92db02384bf223

SHA512
df8e2333effeedda0f621b9be61e0ae2dd7cd648550b5198decc1c7962f3ee5491f499a5c6a5bcb159551925d8c43e0996fa17eefd9a3d5852ccba30884472db

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-28403.exe

Filesize
184KB

MD5
de42cd4eeb1a1ef99a1782e826b7f203

SHA1
d074d2e27933d383ebfd242052cf204be4321df6

SHA256
db5d77b4a9b0517df5fcfcf8154f28a3811f33bc7ed4daafa8d1f48d871b65e6

SHA512
c31f36c5001fd894aec59c3e3ae9837053a301a8ed42a381cbf47b38ba45053a2016146967c6910f67a7842b9f6b551ace913abdb28775d3751b28479e969c1f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-30607.exe

Filesize
184KB

MD5
74e738d890ad63ab82cf8995c5e79947

SHA1
980808d4919dfce34042ac83424f0fc62b5adceb

SHA256
5358d6b96c56ee79e56c0068e28fa3a7f03182f3ccca65bfdfba18500f1f8755

SHA512
55022d05d9d36e168942f61f378dab318d5ba3c9734f17c95013848fb4c7e136c0137a7ba9d330ac354e9e3ff89deb3cb8f535fb2a30607f839abada3d3e7fe3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-32217.exe

Filesize
184KB

MD5
43b573ab2f4bbd2981a0640b1771abc9

SHA1
04ef708f82b08af8aa8782dd6a866c888a593baf

SHA256
cd9efb6042f411c2e0dff690b7ce7554d0668097ac67096400450e65c6d41348

SHA512
b19502d694c8f94d21e6764da1eb6645ddb2143598a749018694953b876e81a38ba01e1e2184e92cf7a8b8275dbd1a5bf30136e32aff22cf9b878e38cad44364

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-36632.exe

Filesize
184KB

MD5
525c38c4b3e1f3c6dca0545dbbf17d6c

SHA1
8444ecd840e3b460afd24e1fb1ba26519a7510dc

SHA256
e24a30e13d5a2da6ec5295d7a3a40460ac7dd4fe11ad6d549c26defab8919ec8

SHA512
fe8e34e0123c946d5d449920b6e6dded82e1324c86999497d3a9d7bc94b0c37f8206a5fa7392711117ffb0806798168097bcbf6cc1a3e79850528e1b561cf7fd

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-42497.exe

Filesize
184KB

MD5
888159d54f93dd455062c67b4c79031d

SHA1
5d4082740f1b0e6fd5772b60a3edb4b1d8a80540

SHA256
d908b5bb5dcf20afbaac291c3a977c0ed7e541c28b3570d18922cf5e78edad06

SHA512
bbfac2e0c12cf616b8f083098c27bea683af8c3f95746b69bbb5d5a3936911843f3666c49b877abbfa487daf4338a440e7126db965b95fc788ef5b634ae53c25

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-45024.exe

Filesize
184KB

MD5
0653dd4cd8ca51e8a563c394c3bec102

SHA1
d65004f5f9d6e3c5a0a749676a0db3cdd5c58a7e

SHA256
566e95348e045293415150c4bf2a205bcb88a1712242f3a983119a493da8b64b

SHA512
6214e29f1f60a55d07901df8ce7cb686410c08b28bd308ec833fa08943d65f9b868aec091fd65514bf747f945cc88ec7db878bbca908d07164d586ae78a51faa

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-50473.exe

Filesize
184KB

MD5
3309c49e0b709badd6c695c145d228e1

SHA1
e79c0061dfb9390efd210bd168b504cac5682472

SHA256
fcbbf3752f0f3e3a8ab008099a0a713b788622005888c6462119f75348d50a75

SHA512
7d42c62aacec1577cff6e30dec862229c94d735084c3c3511d83c0c6d42d443a7737906bbf0f880629f034c37ec14f7aa9889ec87f06342dcb80dd9f25a18641

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-50483.exe

Filesize
184KB

MD5
2c1063ac259b2d2cd67b3568e6aaa901

SHA1
011f66ff8849deb55f86d2f3953de30dd5bb63aa

SHA256
7e0572cc8c764b72d76851651a41ab4a826c5686ebdc28d6a26fd6eb8c9abf19

SHA512
2ef002712f271f0461f0852bb2e6addb650a3338c6264981c9e72f85a82bce9e9ec0f8f90f8880ec2ca9f585e769cd52f77361c840f0367934b567bd15bd022e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-63809.exe

Filesize
184KB

MD5
734347e1609f19b6c58dc524671311ff

SHA1
6fa2dec9fbb1cb03208735e9ce03378efb1a1353

SHA256
b879fd50337160e8e27b16208129f31d570557f85b57580b97f33dd0b5ed7e05

SHA512
49a3c04d06cc38352db5b33838a6de7e1a9407a1d899c789fbd68c850dce4a3411fb9b4383318789019a80495cb9af9518c9c06b563992d42633842d6fcfc840

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads