57c4f296dd66092d1a43d75187b4baaed749e157513484a055af202a6aa26250

Analysis

max time kernel
150s
max time network
125s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
28/05/2024, 23:56

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

1b13fb3066e41359ea33a60e0a3d5830_NeikiAnalytics.exe
Size

184KB
MD5

1b13fb3066e41359ea33a60e0a3d5830
SHA1

5eec926e9cc9e0abfb11e995cd273e9bf8283e83
SHA256

57c4f296dd66092d1a43d75187b4baaed749e157513484a055af202a6aa26250
SHA512

1e868d0327a855aa608877c0715618be5c86fe9fb14db32b8d70e20723185dbd271b6e6e26ccf91df1987609449ba60b50ace39301b0844cdecaada3aff8cfd9
SSDEEP

3072:3RdjSEoRQKH9ICMW5gxe2gtxhlnVir4n9:3RnofyCMBeztxhlnVir4

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2748	Unicorn-52892.exe
2932	Unicorn-11750.exe
2896	Unicorn-26695.exe
2644	Unicorn-46644.exe
2120	Unicorn-18610.exe
2452	Unicorn-36530.exe
392	Unicorn-6919.exe
2316	Unicorn-60204.exe
1652	Unicorn-65419.exe
1592	Unicorn-28985.exe
2572	Unicorn-16218.exe
2024	Unicorn-58725.exe
1744	Unicorn-30691.exe
1656	Unicorn-13800.exe
1308	Unicorn-17885.exe
2728	Unicorn-53058.exe
2260	Unicorn-34029.exe
792	Unicorn-38667.exe
380	Unicorn-50365.exe
2332	Unicorn-5715.exe
1684	Unicorn-24744.exe
1824	Unicorn-30028.exe
1664	Unicorn-65414.exe
896	Unicorn-34688.exe
972	Unicorn-39518.exe
2804	Unicorn-16406.exe
1760	Unicorn-624.exe
1212	Unicorn-2015.exe
880	Unicorn-2015.exe
1512	Unicorn-2015.exe
2480	Unicorn-59747.exe
2540	Unicorn-8621.exe
2536	Unicorn-43432.exe
2504	Unicorn-50209.exe
2424	UnicoÍn-46639.exe
2872	Unicorn-48263.exe
2192	Unicorn-20381.exe
2292	Unicorn-33209.exe
576	Unicorn-57713.exe
1480	Unicorn-14734.exe
2636	Unicorn-23649.exe
848	Unicorn-31263.exe
292	Unicorn-15481.exe
1092	Unicorn-35347.exe
2008	Unicorn-55767.exe
2336	Unicorn-39985.exe
2708	Unicorn-9259.exe
1748	Unicorn-16873.exe
2200	Unicorn-1091.exe
1624	Unicorn-1268.exe
1648	Unicorn-23827.exe
1668	Unicorn-3961.exe
2264	Unicorn-24381.exe
2136	UnicoÍn-36079.exe
1388	UnicoÍn-55108.exe
1944	Unicorn-60391.exe
2084	Unicorn-60391.exe
2576	Unicorn-18543.exe
1616	Unicorn-7682.exe
2676	Unicorn-43239.exe
2904	Unicorn-32248.exe
1960	Unicorn-48030.exe
2412	Unicorn-39862.exe
2688	Unicorn-65113.exe

Loads dropped DLL 64 IoCs

pid	Process
1368	1b13fb3066e41359ea33a60e0a3d5830_NeikiAnalytics.exe
1368	1b13fb3066e41359ea33a60e0a3d5830_NeikiAnalytics.exe
1368	1b13fb3066e41359ea33a60e0a3d5830_NeikiAnalytics.exe
2748	Unicorn-52892.exe
2748	Unicorn-52892.exe
1368	1b13fb3066e41359ea33a60e0a3d5830_NeikiAnalytics.exe
2932	Unicorn-11750.exe
2932	Unicorn-11750.exe
2748	Unicorn-52892.exe
2748	Unicorn-52892.exe
2896	Unicorn-26695.exe
2896	Unicorn-26695.exe
2836	WerFault.exe
2836	WerFault.exe
2836	WerFault.exe
2836	WerFault.exe
2836	WerFault.exe
2120	Unicorn-18610.exe
2120	Unicorn-18610.exe
2644	Unicorn-46644.exe
2932	Unicorn-11750.exe
2644	Unicorn-46644.exe
2932	Unicorn-11750.exe
2452	Unicorn-36530.exe
2452	Unicorn-36530.exe
2896	Unicorn-26695.exe
2896	Unicorn-26695.exe
2004	WerFault.exe
2004	WerFault.exe
2004	WerFault.exe
2004	WerFault.exe
2004	WerFault.exe
2716	WerFault.exe
2716	WerFault.exe
2716	WerFault.exe
2716	WerFault.exe
2716	WerFault.exe
392	Unicorn-6919.exe
392	Unicorn-6919.exe
2120	Unicorn-18610.exe
2120	Unicorn-18610.exe
2572	Unicorn-16218.exe
2316	Unicorn-60204.exe
2572	Unicorn-16218.exe
2316	Unicorn-60204.exe
2644	Unicorn-46644.exe
2644	Unicorn-46644.exe
1592	Unicorn-28985.exe
1592	Unicorn-28985.exe
2452	Unicorn-36530.exe
2452	Unicorn-36530.exe
1652	Unicorn-65419.exe
1652	Unicorn-65419.exe
436	WerFault.exe
436	WerFault.exe
436	WerFault.exe
436	WerFault.exe
3068	WerFault.exe
3068	WerFault.exe
3068	WerFault.exe
3068	WerFault.exe
436	WerFault.exe
3068	WerFault.exe
2020	WerFault.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
1132	1368	WerFault.exe	27
2836	2748	WerFault.exe	28
2004	2932	WerFault.exe	29
2716	2896	WerFault.exe	30
436	2120	WerFault.exe	33
3068	2644	WerFault.exe	32
2020	2452	WerFault.exe	34
1716	392	WerFault.exe	36
2828	2572	WerFault.exe	40
2248	2316	WerFault.exe	37
800	1592	WerFault.exe	39
2544	1652	WerFault.exe	38
596	2024	WerFault.exe	43
2964	1744	WerFault.exe	44
1376	1308	WerFault.exe	46
2140	2728	WerFault.exe	47
2344	1656	WerFault.exe	45
2100	2260	WerFault.exe	48
1000	380	WerFault.exe	50
2884	792	WerFault.exe	49
2924	2332	WerFault.exe	54
1676	1824	WerFault.exe	56
928	1760	WerFault.exe	61
1072	2480	WerFault.exe	65
1976	1664	WerFault.exe	57
2512	1512	WerFault.exe	64
2664	2540	WerFault.exe	70
2396	2536	WerFault.exe	71
2620	2804	WerFault.exe	60
2844	2504	WerFault.exe	73
1476	972	WerFault.exe	59
1184	896	WerFault.exe	58
756	2872	WerFault.exe	75
2660	2636	WerFault.exe	80
2668	848	WerFault.exe	81
2948	1684	WerFault.exe	55
2888	2200	WerFault.exe	88
3084	2424	WerFault.exe	74
3164	1480	WerFault.exe	79
3232	2008	WerFault.exe	84
3276	1748	WerFault.exe	87
3300	1092	WerFault.exe	83
3308	2576	WerFault.exe	107
3336	1388	WerFault.exe	104
3448	1668	WerFault.exe	98
3528	2136	WerFault.exe	103
3780	2336	WerFault.exe	85
3800	880	WerFault.exe	63
3812	1212	WerFault.exe	62
3828	292	WerFault.exe	82
3928	2192	WerFault.exe	76
3980	1616	WerFault.exe	108
3988	2292	WerFault.exe	77
4020	2676	WerFault.exe	109
4056	2084	WerFault.exe	106
3252	1932	WerFault.exe	128
3428	2484	WerFault.exe	131
3436	1648	WerFault.exe	97
3464	576	WerFault.exe	78
3576	828	WerFault.exe	125
3588	1532	WerFault.exe	130
3676	2708	WerFault.exe	86
3944	2216	WerFault.exe	118
3996	2928	WerFault.exe	122

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1368	1b13fb3066e41359ea33a60e0a3d5830_NeikiAnalytics.exe
2748	Unicorn-52892.exe
2932	Unicorn-11750.exe
2896	Unicorn-26695.exe
2644	Unicorn-46644.exe
2120	Unicorn-18610.exe
2452	Unicorn-36530.exe
392	Unicorn-6919.exe
2316	Unicorn-60204.exe
2572	Unicorn-16218.exe
1652	Unicorn-65419.exe
1592	Unicorn-28985.exe
2024	Unicorn-58725.exe
1744	Unicorn-30691.exe
1656	Unicorn-13800.exe
2728	Unicorn-53058.exe
1308	Unicorn-17885.exe
2260	Unicorn-34029.exe
792	Unicorn-38667.exe
380	Unicorn-50365.exe
2332	Unicorn-5715.exe
1684	Unicorn-24744.exe
1824	Unicorn-30028.exe
1664	Unicorn-65414.exe
896	Unicorn-34688.exe
1760	Unicorn-624.exe
972	Unicorn-39518.exe
2804	Unicorn-16406.exe
1212	Unicorn-2015.exe
1512	Unicorn-2015.exe
880	Unicorn-2015.exe
2480	Unicorn-59747.exe
2540	Unicorn-8621.exe
2536	Unicorn-43432.exe
2504	Unicorn-50209.exe
2424	UnicoÍn-46639.exe
2872	Unicorn-48263.exe
2192	Unicorn-20381.exe
2292	Unicorn-33209.exe
1480	Unicorn-14734.exe
576	Unicorn-57713.exe
292	Unicorn-15481.exe
848	Unicorn-31263.exe
2636	Unicorn-23649.exe
2336	Unicorn-39985.exe
1092	Unicorn-35347.exe
1748	Unicorn-16873.exe
2008	Unicorn-55767.exe
2708	Unicorn-9259.exe
2200	Unicorn-1091.exe
1648	Unicorn-23827.exe
2264	Unicorn-24381.exe
1668	Unicorn-3961.exe
1388	UnicoÍn-55108.exe
2136	UnicoÍn-36079.exe
2084	Unicorn-60391.exe
1944	Unicorn-60391.exe
2576	Unicorn-18543.exe
1616	Unicorn-7682.exe
2676	Unicorn-43239.exe
2904	Unicorn-32248.exe
2412	Unicorn-39862.exe
1960	Unicorn-48030.exe
2496	Unicorn-19442.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1368 wrote to memory of 2748	1368	1b13fb3066e41359ea33a60e0a3d5830_NeikiAnalytics.exe	28
PID 1368 wrote to memory of 2748	1368	1b13fb3066e41359ea33a60e0a3d5830_NeikiAnalytics.exe	28
PID 1368 wrote to memory of 2748	1368	1b13fb3066e41359ea33a60e0a3d5830_NeikiAnalytics.exe	28
PID 1368 wrote to memory of 2748	1368	1b13fb3066e41359ea33a60e0a3d5830_NeikiAnalytics.exe	28
PID 2748 wrote to memory of 2932	2748	Unicorn-52892.exe	29
PID 2748 wrote to memory of 2932	2748	Unicorn-52892.exe	29
PID 2748 wrote to memory of 2932	2748	Unicorn-52892.exe	29
PID 2748 wrote to memory of 2932	2748	Unicorn-52892.exe	29
PID 1368 wrote to memory of 2896	1368	1b13fb3066e41359ea33a60e0a3d5830_NeikiAnalytics.exe	30
PID 1368 wrote to memory of 2896	1368	1b13fb3066e41359ea33a60e0a3d5830_NeikiAnalytics.exe	30
PID 1368 wrote to memory of 2896	1368	1b13fb3066e41359ea33a60e0a3d5830_NeikiAnalytics.exe	30
PID 1368 wrote to memory of 2896	1368	1b13fb3066e41359ea33a60e0a3d5830_NeikiAnalytics.exe	30
PID 1368 wrote to memory of 1132	1368	1b13fb3066e41359ea33a60e0a3d5830_NeikiAnalytics.exe	31
PID 1368 wrote to memory of 1132	1368	1b13fb3066e41359ea33a60e0a3d5830_NeikiAnalytics.exe	31
PID 1368 wrote to memory of 1132	1368	1b13fb3066e41359ea33a60e0a3d5830_NeikiAnalytics.exe	31
PID 1368 wrote to memory of 1132	1368	1b13fb3066e41359ea33a60e0a3d5830_NeikiAnalytics.exe	31
PID 2932 wrote to memory of 2644	2932	Unicorn-11750.exe	32
PID 2932 wrote to memory of 2644	2932	Unicorn-11750.exe	32
PID 2932 wrote to memory of 2644	2932	Unicorn-11750.exe	32
PID 2932 wrote to memory of 2644	2932	Unicorn-11750.exe	32
PID 2748 wrote to memory of 2120	2748	Unicorn-52892.exe	33
PID 2748 wrote to memory of 2120	2748	Unicorn-52892.exe	33
PID 2748 wrote to memory of 2120	2748	Unicorn-52892.exe	33
PID 2748 wrote to memory of 2120	2748	Unicorn-52892.exe	33
PID 2896 wrote to memory of 2452	2896	Unicorn-26695.exe	34
PID 2896 wrote to memory of 2452	2896	Unicorn-26695.exe	34
PID 2896 wrote to memory of 2452	2896	Unicorn-26695.exe	34
PID 2896 wrote to memory of 2452	2896	Unicorn-26695.exe	34
PID 2748 wrote to memory of 2836	2748	Unicorn-52892.exe	35
PID 2748 wrote to memory of 2836	2748	Unicorn-52892.exe	35
PID 2748 wrote to memory of 2836	2748	Unicorn-52892.exe	35
PID 2748 wrote to memory of 2836	2748	Unicorn-52892.exe	35
PID 2120 wrote to memory of 392	2120	Unicorn-18610.exe	36
PID 2120 wrote to memory of 392	2120	Unicorn-18610.exe	36
PID 2120 wrote to memory of 392	2120	Unicorn-18610.exe	36
PID 2120 wrote to memory of 392	2120	Unicorn-18610.exe	36
PID 2644 wrote to memory of 2316	2644	Unicorn-46644.exe	37
PID 2644 wrote to memory of 2316	2644	Unicorn-46644.exe	37
PID 2644 wrote to memory of 2316	2644	Unicorn-46644.exe	37
PID 2644 wrote to memory of 2316	2644	Unicorn-46644.exe	37
PID 2932 wrote to memory of 1652	2932	Unicorn-11750.exe	38
PID 2932 wrote to memory of 1652	2932	Unicorn-11750.exe	38
PID 2932 wrote to memory of 1652	2932	Unicorn-11750.exe	38
PID 2932 wrote to memory of 1652	2932	Unicorn-11750.exe	38
PID 2452 wrote to memory of 1592	2452	Unicorn-36530.exe	39
PID 2452 wrote to memory of 1592	2452	Unicorn-36530.exe	39
PID 2452 wrote to memory of 1592	2452	Unicorn-36530.exe	39
PID 2452 wrote to memory of 1592	2452	Unicorn-36530.exe	39
PID 2896 wrote to memory of 2572	2896	Unicorn-26695.exe	40
PID 2896 wrote to memory of 2572	2896	Unicorn-26695.exe	40
PID 2896 wrote to memory of 2572	2896	Unicorn-26695.exe	40
PID 2896 wrote to memory of 2572	2896	Unicorn-26695.exe	40
PID 2932 wrote to memory of 2004	2932	Unicorn-11750.exe	41
PID 2932 wrote to memory of 2004	2932	Unicorn-11750.exe	41
PID 2932 wrote to memory of 2004	2932	Unicorn-11750.exe	41
PID 2932 wrote to memory of 2004	2932	Unicorn-11750.exe	41
PID 2896 wrote to memory of 2716	2896	Unicorn-26695.exe	42
PID 2896 wrote to memory of 2716	2896	Unicorn-26695.exe	42
PID 2896 wrote to memory of 2716	2896	Unicorn-26695.exe	42
PID 2896 wrote to memory of 2716	2896	Unicorn-26695.exe	42
PID 392 wrote to memory of 2024	392	Unicorn-6919.exe	43
PID 392 wrote to memory of 2024	392	Unicorn-6919.exe	43
PID 392 wrote to memory of 2024	392	Unicorn-6919.exe	43
PID 392 wrote to memory of 2024	392	Unicorn-6919.exe	43

C:\Users\Admin\AppData\Local\Temp\1b13fb3066e41359ea33a60e0a3d5830_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\1b13fb3066e41359ea33a60e0a3d5830_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1368
- C:\Users\Admin\AppData\Local\Temp\Unicorn-52892.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-52892.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2748
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11750.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11750.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46644.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46644.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60204.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17885.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65414.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57713.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52498.exe
        9⤵
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34683.exe
        10⤵
        
        PID:1968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51315.exe
        11⤵
        
        PID:4072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53832.exe
        12⤵
        
        PID:4700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29982.exe
        13⤵
        
        PID:6428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58526.exe
        14⤵
        
        PID:7268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58516.exe
        15⤵
        
        PID:8788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7268 -s 216
        15⤵
        
        PID:4280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6428 -s 216
        14⤵
        
        PID:8424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4700 -s 216
        13⤵
        
        PID:6676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4072 -s 236
        12⤵
        
        PID:5252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1968 -s 216
        11⤵
        
        PID:4156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1932 -s 236
        10⤵
        Program crash
        
        PID:3252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41459.exe
        9⤵
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10666.exe
        10⤵
        
        PID:3076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56821.exe
        11⤵
        
        PID:5516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11180.exe
        12⤵
        
        PID:6476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61562.exe
        13⤵
        
        PID:7392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64925.exe
        14⤵
        
        PID:9384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6476 -s 216
        13⤵
        
        PID:8908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5516 -s 216
        12⤵
        
        PID:7692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3076 -s 216
        11⤵
        
        PID:5172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2104 -s 236
        10⤵
        
        PID:4560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 576 -s 240
        9⤵
        Program crash
        
        PID:3464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55191.exe
        8⤵
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36437.exe
        9⤵
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16889.exe
        10⤵
        
        PID:3872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25820.exe
        11⤵
        
        PID:5176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5669.exe
        12⤵
        
        PID:6732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54826.exe
        13⤵
        
        PID:7332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63285.exe
        14⤵
        
        PID:4612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7332 -s 216
        14⤵
        
        PID:5956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6732 -s 236
        13⤵
        
        PID:8516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5176 -s 216
        12⤵
        
        PID:6956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3872 -s 216
        11⤵
        
        PID:6028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2640 -s 216
        10⤵
        
        PID:4432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1532 -s 236
        9⤵
        Program crash
        
        PID:3588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1664 -s 220
        8⤵
        Program crash
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23649.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39862.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39727.exe
        9⤵
        
        PID:3384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10557.exe
        10⤵
        
        PID:4200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52270.exe
        11⤵
        
        PID:5148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29406.exe
        12⤵
        
        PID:6364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47644.exe
        13⤵
        
        PID:7924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9424.exe
        14⤵
        
        PID:3096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16092.exe
        14⤵
        
        PID:2404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7924 -s 220
        14⤵
        
        PID:5316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6364 -s 236
        13⤵
        
        PID:3844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5148 -s 216
        12⤵
        
        PID:6580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4200 -s 216
        11⤵
        
        PID:5988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3384 -s 236
        10⤵
        
        PID:4880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2412 -s 236
        9⤵
        
        PID:3792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2636 -s 236
        8⤵
        Program crash
        
        PID:2660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1308 -s 240
        7⤵
        Program crash
        
        PID:1376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39518.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20381.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48414.exe
        8⤵
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19821.exe
        9⤵
        
        PID:3372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11237.exe
        10⤵
        
        PID:4288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40096.exe
        11⤵
        
        PID:6620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46082.exe
        12⤵
        
        PID:7384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5615.exe
        13⤵
        
        PID:8884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7384 -s 216
        13⤵
        
        PID:5144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6620 -s 216
        12⤵
        
        PID:8504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4288 -s 216
        11⤵
        
        PID:7068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3372 -s 216
        10⤵
        
        PID:5524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2036 -s 216
        9⤵
        
        PID:4912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2192 -s 236
        8⤵
        Program crash
        
        PID:3928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51107.exe
        7⤵
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10754.exe
        8⤵
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12503.exe
        9⤵
        
        PID:4132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1636 -s 216
        9⤵
        
        PID:4744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2324 -s 236
        8⤵
        
        PID:3256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 972 -s 240
        7⤵
        Program crash
        
        PID:1476
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2316 -s 240
        6⤵
        Program crash
        
        PID:2248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53058.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34688.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14734.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48030.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2669.exe
        9⤵
        
        PID:3624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19577.exe
        10⤵
        
        PID:4752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25192.exe
        11⤵
        
        PID:5360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24536.exe
        12⤵
        
        PID:7236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58988.exe
        13⤵
        
        PID:8756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7236 -s 236
        13⤵
        
        PID:8848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5360 -s 236
        12⤵
        
        PID:7792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4752 -s 216
        11⤵
        
        PID:6904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3624 -s 216
        10⤵
        
        PID:5568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1960 -s 236
        9⤵
        
        PID:4272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1480 -s 236
        8⤵
        Program crash
        
        PID:3164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32248.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-640.exe
        8⤵
        
        PID:2160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20864.exe
        9⤵
        
        PID:3900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37003.exe
        10⤵
        
        PID:5208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18690.exe
        11⤵
        
        PID:6932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57156.exe
        12⤵
        
        PID:7540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29217.exe
        13⤵
        
        PID:8736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7540 -s 216
        13⤵
        
        PID:9496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6932 -s 236
        12⤵
        
        PID:8604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5208 -s 216
        11⤵
        
        PID:7352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3900 -s 216
        10⤵
        
        PID:5388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2160 -s 216
        9⤵
        
        PID:4976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2904 -s 216
        8⤵
        
        PID:3128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 896 -s 240
        7⤵
        Program crash
        
        PID:1184
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2728 -s 236
        6⤵
        Program crash
        
        PID:2140
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2644 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:3068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65419.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65419.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50365.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2015.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35347.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19442.exe
        8⤵
        Suspicious use of SetWindowsHookEx
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13359.exe
        9⤵
        
        PID:3756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53401.exe
        10⤵
        
        PID:5032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33251.exe
        11⤵
        
        PID:6084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12174.exe
        12⤵
        
        PID:7444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-441.exe
        13⤵
        
        PID:9168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7444 -s 216
        13⤵
        
        PID:8612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6084 -s 236
        12⤵
        
        PID:8092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5032 -s 236
        11⤵
        
        PID:6248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3756 -s 236
        10⤵
        
        PID:5888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2496 -s 236
        9⤵
        
        PID:4412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1092 -s 236
        8⤵
        Program crash
        
        PID:3300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65113.exe
        7⤵
        Executes dropped EXE
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29229.exe
        8⤵
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17164.exe
        9⤵
        
        PID:4308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32893.exe
        10⤵
        
        PID:5920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23625.exe
        11⤵
        
        PID:6968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6715.exe
        12⤵
        
        PID:7360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42943.exe
        13⤵
        
        PID:9412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6968 -s 236
        12⤵
        
        PID:9044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5920 -s 216
        11⤵
        
        PID:7952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4308 -s 236
        10⤵
        
        PID:6460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2224 -s 216
        9⤵
        
        PID:5052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2688 -s 236
        8⤵
        
        PID:3140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1512 -s 240
        7⤵
        Program crash
        
        PID:2512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39985.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11273.exe
        7⤵
        
        PID:904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9130.exe
        8⤵
        
        PID:3144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65508.exe
        9⤵
        
        PID:4828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56432.exe
        10⤵
        
        PID:6524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2335.exe
        11⤵
        
        PID:8076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36643.exe
        12⤵
        
        PID:8348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8076 -s 216
        12⤵
        
        PID:6016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6524 -s 216
        11⤵
        
        PID:8212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4828 -s 216
        10⤵
        
        PID:6864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3144 -s 216
        9⤵
        
        PID:6112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 904 -s 216
        8⤵
        
        PID:4676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2336 -s 236
        7⤵
        Program crash
        
        PID:3780
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 380 -s 220
        6⤵
        Program crash
        
        PID:1000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59747.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18543.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60858.exe
        7⤵
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47895.exe
        8⤵
        
        PID:3356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16370.exe
        9⤵
        
        PID:4552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59343.exe
        10⤵
        
        PID:5980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46375.exe
        11⤵
        
        PID:6708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55340.exe
        12⤵
        
        PID:7420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53742.exe
        13⤵
        
        PID:9264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6708 -s 236
        12⤵
        
        PID:9004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5980 -s 216
        11⤵
        
        PID:7812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4552 -s 216
        10⤵
        
        PID:6548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3356 -s 216
        9⤵
        
        PID:5376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2212 -s 216
        8⤵
        
        PID:3976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2576 -s 236
        7⤵
        Program crash
        
        PID:3308
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2480 -s 216
        6⤵
        Program crash
        
        PID:1072
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1652 -s 240
        5⤵
        Program crash
        
        PID:2544
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2932 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:2004
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18610.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18610.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2120
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6919.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6919.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58725.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5715.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8621.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1268.exe
        8⤵
        Executes dropped EXE
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42938.exe
        8⤵
        
        PID:2484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20293.exe
        9⤵
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15134.exe
        10⤵
        
        PID:2280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-822.exe
        11⤵
        
        PID:5416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43085.exe
        12⤵
        
        PID:7088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31365.exe
        13⤵
        
        PID:7912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31376.exe
        14⤵
        
        PID:9320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7088 -s 216
        13⤵
        
        PID:8864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5416 -s 216
        12⤵
        
        PID:7544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2280 -s 216
        11⤵
        
        PID:5900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2624 -s 216
        10⤵
        
        PID:4324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2484 -s 236
        9⤵
        Program crash
        
        PID:3428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2540 -s 240
        8⤵
        Program crash
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3961.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45098.exe
        8⤵
        
        PID:1876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59846.exe
        9⤵
        
        PID:3668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1102.exe
        10⤵
        
        PID:4788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47065.exe
        11⤵
        
        PID:5864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46409.exe
        12⤵
        
        PID:7372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43036.exe
        13⤵
        
        PID:8804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7372 -s 236
        13⤵
        
        PID:9028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5864 -s 216
        12⤵
        
        PID:8004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4788 -s 216
        11⤵
        
        PID:7052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3668 -s 236
        10⤵
        
        PID:5624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1876 -s 216
        9⤵
        
        PID:4336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1668 -s 236
        8⤵
        Program crash
        
        PID:3448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2332 -s 240
        7⤵
        Program crash
        
        PID:2924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50209.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60391.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47428.exe
        8⤵
        
        PID:1916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65321.exe
        9⤵
        
        PID:3836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39634.exe
        10⤵
        
        PID:4956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30750.exe
        11⤵
        
        PID:6764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58526.exe
        12⤵
        
        PID:7248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3970.exe
        13⤵
        
        PID:9032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7248 -s 216
        13⤵
        
        PID:4192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6764 -s 216
        12⤵
        
        PID:8412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4956 -s 216
        11⤵
        
        PID:7172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3836 -s 236
        10⤵
        
        PID:5660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1916 -s 236
        9⤵
        
        PID:5084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2084 -s 236
        8⤵
        Program crash
        
        PID:4056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2504 -s 216
        7⤵
        Program crash
        
        PID:2844
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2024 -s 240
        6⤵
        Program crash
        
        PID:596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24744.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43432.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23827.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36821.exe
        8⤵
        
        PID:824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43723.exe
        9⤵
        
        PID:3740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48653.exe
        10⤵
        
        PID:5544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41523.exe
        11⤵
        
        PID:6168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43233.exe
        12⤵
        
        PID:7368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58573.exe
        13⤵
        
        PID:8200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7368 -s 236
        13⤵
        
        PID:9628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6168 -s 236
        12⤵
        
        PID:8728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5544 -s 236
        11⤵
        
        PID:7576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3740 -s 236
        10⤵
        
        PID:5668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 824 -s 216
        9⤵
        
        PID:4348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1648 -s 236
        8⤵
        Program crash
        
        PID:3436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2536 -s 236
        7⤵
        Program crash
        
        PID:2396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24381.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23967.exe
        7⤵
        
        PID:3504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37667.exe
        8⤵
        
        PID:4620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5482.exe
        9⤵
        
        PID:5452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37439.exe
        10⤵
        
        PID:7144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59953.exe
        11⤵
        
        PID:7536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24422.exe
        12⤵
        
        PID:5164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7536 -s 216
        12⤵
        
        PID:9764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7144 -s 216
        11⤵
        
        PID:8836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5452 -s 216
        10⤵
        
        PID:7560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4620 -s 216
        9⤵
        
        PID:5976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3504 -s 216
        8⤵
        
        PID:5256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2264 -s 236
        7⤵
        
        PID:3904
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1684 -s 240
        6⤵
        Program crash
        
        PID:2948
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 392 -s 240
        5⤵
        Program crash
        
        PID:1716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30691.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30691.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30028.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1824
      - C:\Users\Admin\AppData\Local\Temp\UnicoÍn-46639.exe
        
        C:\Users\Admin\AppData\Local\Temp\UnicoÍn-46639.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\UnicoÍn-36079.exe
        
        C:\Users\Admin\AppData\Local\Temp\UnicoÍn-36079.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\UnicoÍn-14371.exe
        
        C:\Users\Admin\AppData\Local\Temp\UnicoÍn-14371.exe
        8⤵
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\UnicoÍn-25420.exe
        
        C:\Users\Admin\AppData\Local\Temp\UnicoÍn-25420.exe
        9⤵
        
        PID:3880
        
        C:\Users\Admin\AppData\Local\Temp\UnicoÍn-48741.exe
        
        C:\Users\Admin\AppData\Local\Temp\UnicoÍn-48741.exe
        10⤵
        
        PID:4856
        
        C:\Users\Admin\AppData\Local\Temp\UnicoÍn-21492.exe
        
        C:\Users\Admin\AppData\Local\Temp\UnicoÍn-21492.exe
        11⤵
        
        PID:5532
        
        C:\Users\Admin\AppData\Local\Temp\UnicoÍn-32211.exe
        
        C:\Users\Admin\AppData\Local\Temp\UnicoÍn-32211.exe
        12⤵
        
        PID:7400
        
        C:\Users\Admin\AppData\Local\Temp\UnicoÍn-26700.exe
        
        C:\Users\Admin\AppData\Local\Temp\UnicoÍn-26700.exe
        13⤵
        
        PID:9016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7400 -s 236
        13⤵
        
        PID:4608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5532 -s 236
        12⤵
        
        PID:8044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4856 -s 216
        11⤵
        
        PID:6992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3880 -s 216
        10⤵
        
        PID:5684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2824 -s 216
        9⤵
        
        PID:4472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2136 -s 236
        8⤵
        Program crash
        
        PID:3528
        
        C:\Users\Admin\AppData\Local\Temp\UnicoÍn-25232.exe
        
        C:\Users\Admin\AppData\Local\Temp\UnicoÍn-25232.exe
        7⤵
        
        PID:1516
        
        C:\Users\Admin\AppData\Local\Temp\UnicoÍn-17060.exe
        
        C:\Users\Admin\AppData\Local\Temp\UnicoÍn-17060.exe
        8⤵
        
        PID:3592
        
        C:\Users\Admin\AppData\Local\Temp\UnicoÍn-50303.exe
        
        C:\Users\Admin\AppData\Local\Temp\UnicoÍn-50303.exe
        9⤵
        
        PID:4724
        
        C:\Users\Admin\AppData\Local\Temp\UnicoÍn-17024.exe
        
        C:\Users\Admin\AppData\Local\Temp\UnicoÍn-17024.exe
        10⤵
        
        PID:5424
        
        C:\Users\Admin\AppData\Local\Temp\UnicoÍn-55838.exe
        
        C:\Users\Admin\AppData\Local\Temp\UnicoÍn-55838.exe
        11⤵
        
        PID:7308
        
        C:\Users\Admin\AppData\Local\Temp\UnicoÍn-28454.exe
        
        C:\Users\Admin\AppData\Local\Temp\UnicoÍn-28454.exe
        12⤵
        
        PID:8924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7308 -s 236
        12⤵
        
        PID:9192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5424 -s 236
        11⤵
        
        PID:7920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4724 -s 216
        10⤵
        
        PID:6912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3592 -s 216
        9⤵
        
        PID:5476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1516 -s 236
        8⤵
        
        PID:4224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2424 -s 240
        7⤵
        Program crash
        
        PID:3084
      - C:\Users\Admin\AppData\Local\Temp\UnicoÍn-55108.exe
        
        C:\Users\Admin\AppData\Local\Temp\UnicoÍn-55108.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1388
        
        C:\Users\Admin\AppData\Local\Temp\UnicoÍn-32270.exe
        
        C:\Users\Admin\AppData\Local\Temp\UnicoÍn-32270.exe
        7⤵
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\UnicoÍn-25913.exe
        
        C:\Users\Admin\AppData\Local\Temp\UnicoÍn-25913.exe
        8⤵
        
        PID:3416
        
        C:\Users\Admin\AppData\Local\Temp\UnicoÍn-2581.exe
        
        C:\Users\Admin\AppData\Local\Temp\UnicoÍn-2581.exe
        9⤵
        
        PID:4100
        
        C:\Users\Admin\AppData\Local\Temp\UnicoÍn-61289.exe
        
        C:\Users\Admin\AppData\Local\Temp\UnicoÍn-61289.exe
        10⤵
        
        PID:5808
        
        C:\Users\Admin\AppData\Local\Temp\UnicoÍn-7480.exe
        
        C:\Users\Admin\AppData\Local\Temp\UnicoÍn-7480.exe
        11⤵
        
        PID:6752
        
        C:\Users\Admin\AppData\Local\Temp\UnicoÍn-12745.exe
        
        C:\Users\Admin\AppData\Local\Temp\UnicoÍn-12745.exe
        12⤵
        
        PID:8224
        
        C:\Users\Admin\AppData\Local\Temp\UnicoÍn-48973.exe
        
        C:\Users\Admin\AppData\Local\Temp\UnicoÍn-48973.exe
        13⤵
        
        PID:9452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6752 -s 236
        12⤵
        
        PID:9140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5808 -s 216
        11⤵
        
        PID:7832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4100 -s 236
        10⤵
        
        PID:6308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3416 -s 236
        9⤵
        
        PID:4296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1964 -s 216
        8⤵
        
        PID:3224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1388 -s 236
        7⤵
        Program crash
        
        PID:3336
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1824 -s 240
        6⤵
        Program crash
        
        PID:1676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48263.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60391.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24953.exe
        7⤵
        
        PID:3120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35062.exe
        8⤵
        
        PID:4168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57205.exe
        9⤵
        
        PID:5792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31601.exe
        10⤵
        
        PID:6516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4530.exe
        11⤵
        
        PID:7284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3726.exe
        12⤵
        
        PID:5300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7284 -s 216
        12⤵
        
        PID:9660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6516 -s 216
        11⤵
        
        PID:8708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5792 -s 216
        10⤵
        
        PID:7704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4168 -s 236
        9⤵
        
        PID:6268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3120 -s 236
        8⤵
        
        PID:4576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1944 -s 236
        7⤵
        
        PID:3480
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2872 -s 236
        6⤵
        Program crash
        
        PID:756
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1744 -s 240
        5⤵
        Program crash
        
        PID:2964
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2120 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:436
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2748 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2836
- C:\Users\Admin\AppData\Local\Temp\Unicorn-26695.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-26695.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2896
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36530.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36530.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28985.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28985.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34029.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2015.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16873.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-967.exe
        8⤵
        
        PID:1884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52254.exe
        9⤵
        
        PID:3728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5762.exe
        10⤵
        
        PID:4884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38020.exe
        11⤵
        
        PID:5592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7898.exe
        12⤵
        
        PID:7488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38568.exe
        13⤵
        
        PID:8876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7488 -s 236
        13⤵
        
        PID:9176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5592 -s 236
        12⤵
        
        PID:8120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4884 -s 216
        11⤵
        
        PID:7008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3728 -s 216
        10⤵
        
        PID:5696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1884 -s 216
        9⤵
        
        PID:4396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1748 -s 236
        8⤵
        Program crash
        
        PID:3276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34386.exe
        7⤵
        
        PID:1204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55508.exe
        8⤵
        
        PID:4076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32296.exe
        9⤵
        
        PID:4652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23869.exe
        10⤵
        
        PID:6192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-197.exe
        11⤵
        
        PID:7984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65231.exe
        12⤵
        
        PID:4540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7984 -s 216
        12⤵
        
        PID:8824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6192 -s 236
        11⤵
        
        PID:7412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4652 -s 216
        10⤵
        
        PID:6212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4076 -s 236
        9⤵
        
        PID:6088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1204 -s 216
        8⤵
        
        PID:4644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 880 -s 240
        7⤵
        Program crash
        
        PID:3800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1091.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58144.exe
        7⤵
        
        PID:608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21445.exe
        8⤵
        
        PID:3244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54880.exe
        9⤵
        
        PID:4504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14361.exe
        10⤵
        
        PID:5072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58762.exe
        11⤵
        
        PID:6492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60664.exe
        12⤵
        
        PID:7288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28667.exe
        13⤵
        
        PID:8996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7288 -s 216
        13⤵
        
        PID:5752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6492 -s 216
        12⤵
        
        PID:8448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5072 -s 216
        11⤵
        
        PID:6728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4504 -s 236
        10⤵
        
        PID:5200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3244 -s 236
        9⤵
        
        PID:4480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 608 -s 216
        8⤵
        
        PID:3712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2200 -s 236
        7⤵
        Program crash
        
        PID:2888
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2260 -s 240
        6⤵
        Program crash
        
        PID:2100
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1592 -s 236
        5⤵
        Program crash
        
        PID:800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38667.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38667.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2015.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31263.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54252.exe
        7⤵
        
        PID:2216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45949.exe
        8⤵
        
        PID:3204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57236.exe
        9⤵
        
        PID:3820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57205.exe
        10⤵
        
        PID:5784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13702.exe
        11⤵
        
        PID:6812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4961.exe
        12⤵
        
        PID:8308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23483.exe
        13⤵
        
        PID:9592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6812 -s 236
        12⤵
        
        PID:9204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5784 -s 236
        11⤵
        
        PID:7848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3820 -s 216
        10⤵
        
        PID:6276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3204 -s 216
        9⤵
        
        PID:4876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2216 -s 216
        8⤵
        Program crash
        
        PID:3944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 848 -s 236
        7⤵
        Program crash
        
        PID:2668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58699.exe
        6⤵
        
        PID:1904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34403.exe
        7⤵
        
        PID:3148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20729.exe
        8⤵
        
        PID:4252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47833.exe
        9⤵
        
        PID:5612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12750.exe
        10⤵
        
        PID:7660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51863.exe
        11⤵
        
        PID:8512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7660 -s 236
        11⤵
        
        PID:4732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5612 -s 236
        10⤵
        
        PID:1992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4252 -s 236
        9⤵
        
        PID:6588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3148 -s 216
        8⤵
        
        PID:6044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1904 -s 236
        7⤵
        
        PID:4836
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1212 -s 240
        6⤵
        Program crash
        
        PID:3812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15481.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17112.exe
        6⤵
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6115.exe
        7⤵
        
        PID:3080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20392.exe
        8⤵
        
        PID:4892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15399.exe
        9⤵
        
        PID:6564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4857.exe
        10⤵
        
        PID:8144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40296.exe
        11⤵
        
        PID:7764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8144 -s 236
        11⤵
        
        PID:4144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6564 -s 236
        10⤵
        
        PID:8268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4892 -s 236
        9⤵
        
        PID:2044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3080 -s 236
        8⤵
        
        PID:6128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2284 -s 216
        7⤵
        
        PID:4664
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 292 -s 236
        6⤵
        Program crash
        
        PID:3828
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 792 -s 220
        5⤵
        Program crash
        
        PID:2884
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2452 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:2020
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16218.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16218.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13800.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13800.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16406.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55767.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6997.exe
        7⤵
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39426.exe
        8⤵
        
        PID:3700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32213.exe
        9⤵
        
        PID:4948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-879.exe
        10⤵
        
        PID:5780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44237.exe
        11⤵
        
        PID:7100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10991.exe
        12⤵
        
        PID:8376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44095.exe
        13⤵
        
        PID:9548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7100 -s 216
        12⤵
        
        PID:8240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5780 -s 236
        11⤵
        
        PID:7960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4948 -s 236
        10⤵
        
        PID:7028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3700 -s 216
        9⤵
        
        PID:5756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1628 -s 216
        8⤵
        
        PID:4380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2008 -s 236
        7⤵
        Program crash
        
        PID:3232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52669.exe
        6⤵
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-640.exe
        7⤵
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22426.exe
        8⤵
        
        PID:4092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37387.exe
        9⤵
        
        PID:5344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18306.exe
        10⤵
        
        PID:6856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5324.exe
        11⤵
        
        PID:7868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19487.exe
        12⤵
        
        PID:1556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7868 -s 236
        12⤵
        
        PID:9564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6856 -s 216
        11⤵
        
        PID:8652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5344 -s 216
        10⤵
        
        PID:7260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4092 -s 236
        9⤵
        
        PID:5556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2720 -s 236
        8⤵
        
        PID:4928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2928 -s 216
        7⤵
        Program crash
        
        PID:3996
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2804 -s 240
        6⤵
        Program crash
        
        PID:2620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9259.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58144.exe
        6⤵
        
        PID:828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9794.exe
        7⤵
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25057.exe
        8⤵
        
        PID:3888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62851.exe
        9⤵
        
        PID:5488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28695.exe
        10⤵
        
        PID:7104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11764.exe
        11⤵
        
        PID:7892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58817.exe
        12⤵
        
        PID:8916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7892 -s 236
        12⤵
        
        PID:5672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7104 -s 216
        11⤵
        
        PID:8084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5488 -s 216
        10⤵
        
        PID:7552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3888 -s 216
        9⤵
        
        PID:5608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2236 -s 216
        8⤵
        
        PID:4420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 828 -s 216
        7⤵
        Program crash
        
        PID:3576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57604.exe
        6⤵
        
        PID:2040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37008.exe
        7⤵
        
        PID:3768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31933.exe
        8⤵
        
        PID:5648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62135.exe
        9⤵
        
        PID:6616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53586.exe
        10⤵
        
        PID:3840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44095.exe
        11⤵
        
        PID:9540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6616 -s 236
        10⤵
        
        PID:9096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5648 -s 236
        9⤵
        
        PID:7756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3768 -s 216
        8⤵
        
        PID:5320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2040 -s 216
        7⤵
        
        PID:4772
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2708 -s 240
        6⤵
        Program crash
        
        PID:3676
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1656 -s 240
        5⤵
        Program crash
        
        PID:2344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-624.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-624.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33209.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7682.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3489.exe
        7⤵
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9898.exe
        8⤵
        
        PID:3716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56546.exe
        9⤵
        
        PID:4328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15976.exe
        10⤵
        
        PID:6660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41230.exe
        11⤵
        
        PID:8048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5148.exe
        12⤵
        
        PID:4236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8048 -s 216
        12⤵
        
        PID:8564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6660 -s 216
        11⤵
        
        PID:8204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4328 -s 216
        10⤵
        
        PID:7132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3716 -s 236
        9⤵
        
        PID:5936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2696 -s 236
        8⤵
        
        PID:5020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1616 -s 236
        7⤵
        Program crash
        
        PID:3980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40992.exe
        6⤵
        
        PID:1296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51123.exe
        7⤵
        
        PID:3548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10661.exe
        8⤵
        
        PID:4264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21731.exe
        9⤵
        
        PID:5992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4966.exe
        10⤵
        
        PID:7768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44043.exe
        11⤵
        
        PID:8752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7768 -s 216
        11⤵
        
        PID:5284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5992 -s 236
        10⤵
        
        PID:7992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4264 -s 216
        9⤵
        
        PID:6792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3548 -s 236
        8⤵
        
        PID:5472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1296 -s 216
        7⤵
        
        PID:4984
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2292 -s 240
        6⤵
        Program crash
        
        PID:3988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43239.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42576.exe
        6⤵
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53069.exe
        7⤵
        
        PID:3772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49172.exe
        8⤵
        
        PID:5008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30667.exe
        9⤵
        
        PID:6328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31500.exe
        10⤵
        
        PID:8108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11754.exe
        11⤵
        
        PID:8812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8108 -s 236
        11⤵
        
        PID:4244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6328 -s 216
        10⤵
        
        PID:8276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5008 -s 236
        9⤵
        
        PID:6424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3772 -s 236
        8⤵
        
        PID:5136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1764 -s 236
        7⤵
        
        PID:5076
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2676 -s 236
        6⤵
        Program crash
        
        PID:4020
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1760 -s 240
        5⤵
        Program crash
        
        PID:928
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2572 -s 240
      4⤵
      Program crash
      PID:2828
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2896 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2716
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1368 -s 240
  2⤵
  - Program crash
  PID:1132

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-16092.exe

Filesize
184KB

MD5
1f17ca6dfc566908b518fd1dd32ada16

SHA1
ddeef99928b2f223e97595d6dd9cce5b42e0c104

SHA256
1bb3640cbfdf7041635565cfbd290616b71113cf35e3b4030129e8f8abc8e16d

SHA512
29a3137cfa24ea3f192cb8a95f302fda894e98126249aa840dcd177ce88d9568c6144f696114385ff30df907c10441770e9eadefb55a0e02381649c3ea320e9f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16218.exe

Filesize
184KB

MD5
18a90f74121b2b69cf9d32642eb837a7

SHA1
2df22632d7610317e8ba1ebc7f4a643aac599543

SHA256
28f80c6efbf6cc9ced751f0ff676d7b4cbbdf4e1585ca6bf714fe422fd5325a5

SHA512
249d90843ede7bfc2af3d639d32b2d4d7a6845fe249e979459cbfcf21adf4e9f4bf2522911c0bc074592ca262408004a6d52dbab9d3c3a5e56a33c27e2249eca

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18610.exe

Filesize
184KB

MD5
00835da01de5bca7cd88961a0478bd49

SHA1
c3756af17fcfacfb8bb5b83cf9f44e4cf8069f77

SHA256
2611cf6b6116c0b7dc5dd37c116ca4d6dc7989ff018850e7fc2e71f55335235b

SHA512
36db395d20e8f6cc56275001d8b7bfd2115effaed75431ec1c87e2aaaf3ae96653efb0065b9f209b60069ec5b3c7966094ec87b07789704a19887e3d0b98a91b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26695.exe

Filesize
184KB

MD5
843cd8e16eec1341531784ff885f4623

SHA1
06dcf4a193be441ca5e430530591ac537bd898ec

SHA256
210e576942397d39c6d49dfa8eed4d6ae7e0a6513c5e900a8085078910b77ec9

SHA512
648592418138e29f07d36426a7e21632ef20b03c648e09ab3dce73b88de641b5c2cff150b3f41d3270f04e81794ef9c15f3e3815a31a153b02d2d44f78f4f3da

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28985.exe

Filesize
184KB

MD5
ed83d26bb47702b906e45ead2b385417

SHA1
a642ed0ce9cde961a143656216490546e9604edf

SHA256
ae52b14cf44119bf2ff9d2cc1658c3c3112573806faa9915902e20609618e082

SHA512
e730c7e4283a48d4830ecd576571f0bed79d97369aab7720df277a10db62553fe8932ff6429ed76c7cdd490cffcf73827b36049329079a63b01992b2c8e5a789

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39985.exe

Filesize
184KB

MD5
a860a20bff0e235a9b942fc4719dca19

SHA1
8cfad11b10bd8628702b2f508fce93495fd43c55

SHA256
0ba8d3da828935e632e419649ced0c594092f9587086b05c1d47446857e57246

SHA512
8925cd9985a4434598db256fb4ad313d4ff5c042eead93fb6decf56ab1fea79e0289bd63a0f64afb9836991688296fd85d2185d24341c0e8100404c279229137

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40992.exe

Filesize
184KB

MD5
27d0ee57db5c24fa53db60b3ad7bb8b2

SHA1
0cf2f5896cbd752bf9ba7f77678438d25f79cc25

SHA256
cc248aee268cac64a6bd4a685b29930cc4f0ee592a2307df2dddab515acd5076

SHA512
ebc78db1aa60e0280e6bfea7ceeaf35224210af9186ee7858f3ad348fdb1284a7d47b916de241d675dea1ff58a53d6b244415daf1994c53569721f9fee388760

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47644.exe

Filesize
184KB

MD5
267735fb719767da5cd9acc6da32a2b0

SHA1
67a40a6154a613b9a54a8a089fa0c8a7c721038a

SHA256
80bde73d02520ea0a80f54c0c006de18045600fb003585b77fc0a888b45202d8

SHA512
0aaca8a9cb02eaac136313b8f8cfdd3a1f5a6ed8a12a5779409bead23d9c0ddea84203c7a97cc8ca60132020a9191a25433f8703918cb62814a9b395de143b1e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5482.exe

Filesize
184KB

MD5
fb0bb43a9cf095aa1265611f4f72dbcf

SHA1
ed4cdd6f21ffbe3bf25320430bf8dda026f6f14a

SHA256
b79168f724954a873b5c52979b09dafd55ee8261d4e466670ea7b6ff56016f17

SHA512
b24020b46451128b49bac5cb97ef288ba33a0b8175943728ee694787597728fad039d0050b660a2c3ace02f2128d3a81127f1f9e36db479fde108f72b01ade65

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5715.exe

Filesize
184KB

MD5
e6d427036f3c7f01c14da747a8a84a15

SHA1
dadbd5824f4231ed8c5fda35e4732f6ddc550098

SHA256
41df6183c43a3e4350d33a6389e1ffa4caa598bac296dac285b2b5ae95463c3c

SHA512
814a4b41be61fc3af8eb8057cca4bf6f5298b868214aecbd75a72c117c05cc6f6ad1de13642f6492b2822ee6ad5dc7f1fac681c3d0d7e5a7767269bf060aebce

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6715.exe

Filesize
184KB

MD5
cca2abc4ef093d056612ea3faea1ead1

SHA1
aaae55d8152fcafe50c2c3c0bfedab1349a527ff

SHA256
f89f7f77bb64126007c4581be5153f91c597ec59e0cc405f60a03b942a3a9963

SHA512
6002fdc47f2865880023e12463d0bb3b4c1ee7cd9b777a03a51d82d4cfa95d0f983fc321752c67dc1a63658789dd7a5b86809442f711417d5d7c21d08c9f8220

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6919.exe

Filesize
184KB

MD5
778844b7bf7f14c50e1a3208a8f45ace

SHA1
02f9209faf08601b993c33dd9305b66fff61725f

SHA256
e9c8c8f7db6334b4dd5122e3685ab2e565a4b82cc322aa1d6674ca040b95cac1

SHA512
0a0549c29060a9d097722fdafae0ef9704b8a7771a9c0ada157b33a8b30b53c2ceabb570cee99e0d4240687f034f42db21f4ac221e16e41debfe1008ec303c95

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-11750.exe

Filesize
184KB

MD5
99c56db15e649464830581aac22c22d8

SHA1
e8a93d07d57d46ba0ecc059b36d93a7a165350bb

SHA256
da50d8bffea2610d321a974a620bf3828864b926e80924562d1d327ba71c7b4d

SHA512
8c0e39602ad500e517f0d63d2468618799cd12bc5ea5a63ab11969c1682af0a59207dcf8ee22f35549c1df5f7263c829429661a7ada916081e07ef8cab58b04a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-13800.exe

Filesize
184KB

MD5
02830d03d9831a4d928aa3d9511c82e3

SHA1
d0e0a89ad50be81a27cdc06bcaf796ac7cc0ba8b

SHA256
2abf10900f7999580a527c9b39b20dd2555608c8f8c7e4f406a149f2cafc07a5

SHA512
75bf8dc5849aecb0f24923507b1aabb2f66b3681376ce5d0948eff9b20c2d6f5b6c179cbb95297ea274408e5fb6719174678777c89f9c57c6b00ee25139cbe06

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-30691.exe

Filesize
184KB

MD5
7d7273ba9b8f922f634a9b92acbe7b2b

SHA1
19454b96c0dba16af43070e927e538566710affa

SHA256
9bb372d55d2bbd92feb9d376830e13508fe1d244beadf2d511144b066574ab73

SHA512
de5cb1116b708c46f5587272a26c33ba480d64631c0dd0a71d6b2ed89f9eedcb4b680362e2ac383bff9f711e7d274ffaf44558005e35e770ef53bac48b0f14f1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-36530.exe

Filesize
184KB

MD5
ea99468c5974912724a9f76dff4f76a2

SHA1
1d8b7c5af194b9428aeabbfdfde334376a1baf84

SHA256
ca2fc9641b8cc04e53a4b1dcd9841f3db67ca445bf5e65cea3cb1d116593877a

SHA512
d3ee8b258246808bbfed888bb0992388125428e705dd37d4a4dff33078a4c2e580ddf06020e7b43a1ed2b4ef9b25fe0069fbe97d01b387e9e56d7a0cd53cf8c9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-46644.exe

Filesize
184KB

MD5
503e5ca16cf280353e8fdb6404fde6a3

SHA1
3cbece9fc93dafbfc3457a42e50752a4b9a202fb

SHA256
e5eadec165e052ec62e57dbfd91bf4eeebe8471e318222adbf936002db822a77

SHA512
4fdb8cb0b2c3c5d6b22a49eb3984dfbb5b4411a7ab1c74d24837957a26e14fbac3760755a064dec5ff03fd43582e84ad0992b59f5917eef682b79732c6265d93

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-52892.exe

Filesize
184KB

MD5
07f4e88e0be5e9afda1c791b45f06536

SHA1
55ad6f7a0c964825c646923e82b4e5a631891b4e

SHA256
a0dadb23f8100be946b3a0e1c580f73903afe1b2d1fcc9e616fae67220a59888

SHA512
106a88f8297aefbc8c5769b03883629dabfa82d933bed7e7b294d4ed06b8e19660d8b60e606ff8d6a5d5a6dbda376a088c8aa95f1bb5220005e80f2c29f8bcb3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-58725.exe

Filesize
184KB

MD5
a4cd15b826b522259d0966e4b89b5766

SHA1
2826ad513ece9b47acbf135bb08f6a976fc6c0d8

SHA256
5d993191664c4e9d16848257d542ae05c36b6dfbc1ce061e13199c4ffd20d60e

SHA512
62be3cc5cba9773c7b03e6dd77683d028ef4fedfaf08214cfc1e13e8a765b31ed87b0d008f95523b4300c292d49b488f55a721c2d778e0f0094c22fa5d373240

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60204.exe

Filesize
184KB

MD5
a07ef006fa2d3821f56f603ead775cc6

SHA1
f1fb2c2e65b1013142f14e65153c01028ee8a5af

SHA256
0d9f17895974bc38db74c7bfea29dd8c7abab4c5f9c75875e69e63f89f861f77

SHA512
37de1e6b7775b657cf1462bec1627ea82a66b0274350a382f6fdd7d4bcc89bc619808acb2a6da7aa03a8f3129923dec39d873eeada64c0e25203332ef5e50a4b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-65419.exe

Filesize
184KB

MD5
1417de6013f7162ede7f04e5a0c02c9d

SHA1
6c20e2f6ed9be87ecc292da2781ca29528b0523c

SHA256
02eb465e35cb7fe640d4e79b03be6eae0dfba7f8276df8279521e1b084195a08

SHA512
8a16912a9adb112ad8b54bb8426efb8d9c1531c6f68cb466ac431faaa6586630ac8dbeb8fa596a258669d0d2d075d16dd290bb66151df61bf0a298ae7349e6fa

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads