98bd382067f35737b4ff7abaf5e6c16bd1406a06b1f52bebc5b4cfacf9a3d221

Analysis

max time kernel
150s
max time network
126s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
29/05/2024, 07:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4b5d3487eaa1e1bd0d37ed6a6a90c180_NeikiAnalytics.exe
Size

184KB
MD5

4b5d3487eaa1e1bd0d37ed6a6a90c180
SHA1

e4cf631e98e3700d4e0fd0bca895c3de8df21be6
SHA256

98bd382067f35737b4ff7abaf5e6c16bd1406a06b1f52bebc5b4cfacf9a3d221
SHA512

1da90b17376cf3e77faf73f047fbc82ce19fc3dd2cb043c7e5679cad23fd36e1c8147b493dbbc954eb1bdeef9f2fd230efd503379219d25d52cce571bbca6313
SSDEEP

1536:/BYp6jZHu3Y8o5x1fDeASdwd1M9yvyc81mddEqL22WQ5tvhl5hj5nizpvF:pFw3Y8ofpDetM1aWxoqL2WvvhlnViF9

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
3004	Unicorn-34864.exe
2896	Unicorn-14713.exe
2536	Unicorn-53286.exe
2128	Unicorn-43297.exe
2424	Unicorn-63120.exe
2664	Unicorn-1112.exe
556	Unicorn-38262.exe
2372	Unicorn-58320.exe
1588	Unicorn-25456.exe
2456	Unicorn-30286.exe
2716	Unicorn-39239.exe
2320	Unicorn-43878.exe
1088	Unicorn-5497.exe
1572	Unicorn-27925.exe
1764	Unicorn-64127.exe
2976	Unicorn-47983.exe
548	Unicorn-16593.exe
1628	Unicorn-17854.exe
2988	Unicorn-46997.exe
1908	Unicorn-16977.exe
932	Unicorn-9877.exe
2332	Unicorn-63717.exe
2136	Unicorn-39020.exe
1828	Unicorn-50718.exe
1668	Unicorn-36110.exe
2808	Unicorn-65445.exe
2856	Unicorn-36816.exe
2304	Unicorn-8590.exe
2476	Unicorn-53344.exe
2680	Unicorn-25310.exe
2168	Unicorn-63816.exe
2488	Unicorn-63816.exe
2524	Unicorn-7516.exe
2624	Unicorn-7516.exe
2760	Unicorn-38845.exe
3040	Unicorn-19171.exe
2724	Unicorn-11003.exe
2076	Unicorn-31061.exe
2844	Unicorn-31061.exe
3032	Unicorn-60588.exe
1888	Unicorn-47589.exe
1304	Unicorn-11387.exe
1936	Unicorn-47610.exe
2336	Unicorn-28813.exe
824	Unicorn-40511.exe
1632	Unicorn-42431.exe
1196	Unicorn-9950.exe
2284	Unicorn-30925.exe
2768	Unicorn-8990.exe
1376	Unicorn-13821.exe
1320	Unicorn-33687.exe
1684	Unicorn-5845.exe
1428	Unicorn-37060.exe
2176	Unicorn-53588.exe
2868	Unicorn-29084.exe
2116	Unicorn-50059.exe
2352	Unicorn-16042.exe
568	Unicorn-20724.exe
1600	Unicorn-65051.exe
2888	Unicorn-36100.exe
800	Unicorn-65435.exe
2660	Unicorn-19764.exe
2676	Unicorn-11595.exe
2872	Unicorn-36484.exe

Loads dropped DLL 64 IoCs

pid	Process
1500	4b5d3487eaa1e1bd0d37ed6a6a90c180_NeikiAnalytics.exe
1500	4b5d3487eaa1e1bd0d37ed6a6a90c180_NeikiAnalytics.exe
3004	Unicorn-34864.exe
1500	4b5d3487eaa1e1bd0d37ed6a6a90c180_NeikiAnalytics.exe
3004	Unicorn-34864.exe
1500	4b5d3487eaa1e1bd0d37ed6a6a90c180_NeikiAnalytics.exe
2896	Unicorn-14713.exe
2896	Unicorn-14713.exe
3004	Unicorn-34864.exe
3004	Unicorn-34864.exe
2536	Unicorn-53286.exe
2536	Unicorn-53286.exe
2836	WerFault.exe
2836	WerFault.exe
2836	WerFault.exe
2836	WerFault.exe
2836	WerFault.exe
2536	Unicorn-53286.exe
2536	Unicorn-53286.exe
2424	Unicorn-63120.exe
2424	Unicorn-63120.exe
2128	Unicorn-43297.exe
2128	Unicorn-43297.exe
2896	Unicorn-14713.exe
2896	Unicorn-14713.exe
760	WerFault.exe
760	WerFault.exe
760	WerFault.exe
760	WerFault.exe
760	WerFault.exe
1092	WerFault.exe
1092	WerFault.exe
1092	WerFault.exe
1092	WerFault.exe
1092	WerFault.exe
2372	Unicorn-58320.exe
2372	Unicorn-58320.exe
2424	Unicorn-63120.exe
2424	Unicorn-63120.exe
1588	Unicorn-25456.exe
1588	Unicorn-25456.exe
2128	Unicorn-43297.exe
2128	Unicorn-43297.exe
2456	Unicorn-30286.exe
2456	Unicorn-30286.exe
556	Unicorn-38262.exe
556	Unicorn-38262.exe
772	WerFault.exe
772	WerFault.exe
772	WerFault.exe
772	WerFault.exe
2924	WerFault.exe
2924	WerFault.exe
772	WerFault.exe
2924	WerFault.exe
2924	WerFault.exe
2924	WerFault.exe
2320	Unicorn-43878.exe
2320	Unicorn-43878.exe
1088	Unicorn-5497.exe
1088	Unicorn-5497.exe
1588	Unicorn-25456.exe
1588	Unicorn-25456.exe
2716	Unicorn-39239.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2592	1500	WerFault.exe	27
2836	3004	WerFault.exe	28
760	2896	WerFault.exe	29
1092	2536	WerFault.exe	30
772	2424	WerFault.exe	33
2924	2128	WerFault.exe	32
2104	2372	WerFault.exe	37
1212	1588	WerFault.exe	38
1388	2456	WerFault.exe	39
2864	556	WerFault.exe	36
1712	2320	WerFault.exe	43
1184	1088	WerFault.exe	44
2376	2716	WerFault.exe	42
940	1764	WerFault.exe	46
2004	1572	WerFault.exe	45
1724	2976	WerFault.exe	47
2204	548	WerFault.exe	50
1540	1628	WerFault.exe	51
2280	2988	WerFault.exe	52
2968	932	WerFault.exe	55
2252	2332	WerFault.exe	54
1716	2136	WerFault.exe	56
2508	1908	WerFault.exe	53
2452	1828	WerFault.exe	57
1068	1668	WerFault.exe	58
1176	2856	WerFault.exe	64
1996	2304	WerFault.exe	65
2140	2476	WerFault.exe	66
2820	2488	WerFault.exe	69
972	2624	WerFault.exe	70
2572	2808	WerFault.exe	59
1824	2724	WerFault.exe	76
1872	2844	WerFault.exe	78
2164	1304	WerFault.exe	81
2672	2168	WerFault.exe	68
3080	2524	WerFault.exe	71
3148	3032	WerFault.exe	79
3184	1632	WerFault.exe	91
3200	1428	WerFault.exe	98
3208	1320	WerFault.exe	96
3428	1888	WerFault.exe	80
3440	1936	WerFault.exe	87
3452	2680	WerFault.exe	67
3472	2760	WerFault.exe	73
3588	1564	WerFault.exe	120
3708	2284	WerFault.exe	93
3732	3040	WerFault.exe	75
3800	2068	WerFault.exe	122
3856	2352	WerFault.exe	103
3880	2872	WerFault.exe	109
3916	1376	WerFault.exe	95
3932	1196	WerFault.exe	92
3948	824	WerFault.exe	90
4052	2888	WerFault.exe	105
4084	1600	WerFault.exe	104
4076	2116	WerFault.exe	101
4092	2412	WerFault.exe	110
3260	2152	WerFault.exe	124
3384	912	WerFault.exe	119
3572	2076	WerFault.exe	77
3644	2336	WerFault.exe	88
3624	2768	WerFault.exe	94
3656	2868	WerFault.exe	99
3668	1684	WerFault.exe	97

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1500	4b5d3487eaa1e1bd0d37ed6a6a90c180_NeikiAnalytics.exe
3004	Unicorn-34864.exe
2896	Unicorn-14713.exe
2536	Unicorn-53286.exe
2128	Unicorn-43297.exe
2424	Unicorn-63120.exe
556	Unicorn-38262.exe
2372	Unicorn-58320.exe
1588	Unicorn-25456.exe
2456	Unicorn-30286.exe
2716	Unicorn-39239.exe
2320	Unicorn-43878.exe
1088	Unicorn-5497.exe
1572	Unicorn-27925.exe
2976	Unicorn-47983.exe
1764	Unicorn-64127.exe
548	Unicorn-16593.exe
1628	Unicorn-17854.exe
2988	Unicorn-46997.exe
1908	Unicorn-16977.exe
2332	Unicorn-63717.exe
932	Unicorn-9877.exe
2136	Unicorn-39020.exe
1828	Unicorn-50718.exe
1668	Unicorn-36110.exe
2808	Unicorn-65445.exe
2856	Unicorn-36816.exe
2304	Unicorn-8590.exe
2680	Unicorn-25310.exe
2476	Unicorn-53344.exe
2168	Unicorn-63816.exe
2488	Unicorn-63816.exe
2524	Unicorn-7516.exe
2624	Unicorn-7516.exe
2760	Unicorn-38845.exe
3040	Unicorn-19171.exe
2724	Unicorn-11003.exe
2844	Unicorn-31061.exe
2076	Unicorn-31061.exe
3032	Unicorn-60588.exe
1888	Unicorn-47589.exe
1304	Unicorn-11387.exe
1936	Unicorn-47610.exe
2336	Unicorn-28813.exe
824	Unicorn-40511.exe
1632	Unicorn-42431.exe
1196	Unicorn-9950.exe
2284	Unicorn-30925.exe
2768	Unicorn-8990.exe
1376	Unicorn-13821.exe
1320	Unicorn-33687.exe
1684	Unicorn-5845.exe
1428	Unicorn-37060.exe
1600	Unicorn-65051.exe
2352	Unicorn-16042.exe
2176	Unicorn-53588.exe
2116	Unicorn-50059.exe
2868	Unicorn-29084.exe
568	Unicorn-20724.exe
2888	Unicorn-36100.exe
2660	Unicorn-19764.exe
1012	Unicorn-49291.exe
800	Unicorn-65435.exe
2872	Unicorn-36484.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1500 wrote to memory of 3004	1500	4b5d3487eaa1e1bd0d37ed6a6a90c180_NeikiAnalytics.exe	28
PID 1500 wrote to memory of 3004	1500	4b5d3487eaa1e1bd0d37ed6a6a90c180_NeikiAnalytics.exe	28
PID 1500 wrote to memory of 3004	1500	4b5d3487eaa1e1bd0d37ed6a6a90c180_NeikiAnalytics.exe	28
PID 1500 wrote to memory of 3004	1500	4b5d3487eaa1e1bd0d37ed6a6a90c180_NeikiAnalytics.exe	28
PID 3004 wrote to memory of 2896	3004	Unicorn-34864.exe	29
PID 3004 wrote to memory of 2896	3004	Unicorn-34864.exe	29
PID 3004 wrote to memory of 2896	3004	Unicorn-34864.exe	29
PID 3004 wrote to memory of 2896	3004	Unicorn-34864.exe	29
PID 1500 wrote to memory of 2536	1500	4b5d3487eaa1e1bd0d37ed6a6a90c180_NeikiAnalytics.exe	30
PID 1500 wrote to memory of 2536	1500	4b5d3487eaa1e1bd0d37ed6a6a90c180_NeikiAnalytics.exe	30
PID 1500 wrote to memory of 2536	1500	4b5d3487eaa1e1bd0d37ed6a6a90c180_NeikiAnalytics.exe	30
PID 1500 wrote to memory of 2536	1500	4b5d3487eaa1e1bd0d37ed6a6a90c180_NeikiAnalytics.exe	30
PID 1500 wrote to memory of 2592	1500	4b5d3487eaa1e1bd0d37ed6a6a90c180_NeikiAnalytics.exe	31
PID 1500 wrote to memory of 2592	1500	4b5d3487eaa1e1bd0d37ed6a6a90c180_NeikiAnalytics.exe	31
PID 1500 wrote to memory of 2592	1500	4b5d3487eaa1e1bd0d37ed6a6a90c180_NeikiAnalytics.exe	31
PID 1500 wrote to memory of 2592	1500	4b5d3487eaa1e1bd0d37ed6a6a90c180_NeikiAnalytics.exe	31
PID 2896 wrote to memory of 2128	2896	Unicorn-14713.exe	32
PID 2896 wrote to memory of 2128	2896	Unicorn-14713.exe	32
PID 2896 wrote to memory of 2128	2896	Unicorn-14713.exe	32
PID 2896 wrote to memory of 2128	2896	Unicorn-14713.exe	32
PID 3004 wrote to memory of 2424	3004	Unicorn-34864.exe	33
PID 3004 wrote to memory of 2424	3004	Unicorn-34864.exe	33
PID 3004 wrote to memory of 2424	3004	Unicorn-34864.exe	33
PID 3004 wrote to memory of 2424	3004	Unicorn-34864.exe	33
PID 2536 wrote to memory of 2664	2536	Unicorn-53286.exe	34
PID 2536 wrote to memory of 2664	2536	Unicorn-53286.exe	34
PID 2536 wrote to memory of 2664	2536	Unicorn-53286.exe	34
PID 2536 wrote to memory of 2664	2536	Unicorn-53286.exe	34
PID 3004 wrote to memory of 2836	3004	Unicorn-34864.exe	35
PID 3004 wrote to memory of 2836	3004	Unicorn-34864.exe	35
PID 3004 wrote to memory of 2836	3004	Unicorn-34864.exe	35
PID 3004 wrote to memory of 2836	3004	Unicorn-34864.exe	35
PID 2536 wrote to memory of 556	2536	Unicorn-53286.exe	36
PID 2536 wrote to memory of 556	2536	Unicorn-53286.exe	36
PID 2536 wrote to memory of 556	2536	Unicorn-53286.exe	36
PID 2536 wrote to memory of 556	2536	Unicorn-53286.exe	36
PID 2424 wrote to memory of 2372	2424	Unicorn-63120.exe	37
PID 2424 wrote to memory of 2372	2424	Unicorn-63120.exe	37
PID 2424 wrote to memory of 2372	2424	Unicorn-63120.exe	37
PID 2424 wrote to memory of 2372	2424	Unicorn-63120.exe	37
PID 2128 wrote to memory of 1588	2128	Unicorn-43297.exe	38
PID 2128 wrote to memory of 1588	2128	Unicorn-43297.exe	38
PID 2128 wrote to memory of 1588	2128	Unicorn-43297.exe	38
PID 2128 wrote to memory of 1588	2128	Unicorn-43297.exe	38
PID 2896 wrote to memory of 2456	2896	Unicorn-14713.exe	39
PID 2896 wrote to memory of 2456	2896	Unicorn-14713.exe	39
PID 2896 wrote to memory of 2456	2896	Unicorn-14713.exe	39
PID 2896 wrote to memory of 2456	2896	Unicorn-14713.exe	39
PID 2896 wrote to memory of 760	2896	Unicorn-14713.exe	40
PID 2896 wrote to memory of 760	2896	Unicorn-14713.exe	40
PID 2896 wrote to memory of 760	2896	Unicorn-14713.exe	40
PID 2896 wrote to memory of 760	2896	Unicorn-14713.exe	40
PID 2536 wrote to memory of 1092	2536	Unicorn-53286.exe	41
PID 2536 wrote to memory of 1092	2536	Unicorn-53286.exe	41
PID 2536 wrote to memory of 1092	2536	Unicorn-53286.exe	41
PID 2536 wrote to memory of 1092	2536	Unicorn-53286.exe	41
PID 2372 wrote to memory of 2716	2372	Unicorn-58320.exe	42
PID 2372 wrote to memory of 2716	2372	Unicorn-58320.exe	42
PID 2372 wrote to memory of 2716	2372	Unicorn-58320.exe	42
PID 2372 wrote to memory of 2716	2372	Unicorn-58320.exe	42
PID 2424 wrote to memory of 2320	2424	Unicorn-63120.exe	43
PID 2424 wrote to memory of 2320	2424	Unicorn-63120.exe	43
PID 2424 wrote to memory of 2320	2424	Unicorn-63120.exe	43
PID 2424 wrote to memory of 2320	2424	Unicorn-63120.exe	43

C:\Users\Admin\AppData\Local\Temp\4b5d3487eaa1e1bd0d37ed6a6a90c180_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\4b5d3487eaa1e1bd0d37ed6a6a90c180_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1500
- C:\Users\Admin\AppData\Local\Temp\Unicorn-34864.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-34864.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3004
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14713.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14713.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43297.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43297.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25456.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5497.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17854.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53344.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9950.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35384.exe
        10⤵
        
        PID:1820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60986.exe
        11⤵
        
        PID:3840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39259.exe
        12⤵
        
        PID:5136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33352.exe
        13⤵
        
        PID:6436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35353.exe
        14⤵
        
        PID:7320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50251.exe
        15⤵
        
        PID:6544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6436 -s 216
        14⤵
        
        PID:8536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5136 -s 216
        13⤵
        
        PID:7648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3840 -s 216
        12⤵
        
        PID:5836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1820 -s 236
        11⤵
        
        PID:5016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1196 -s 236
        10⤵
        Program crash
        
        PID:3932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2476 -s 236
        9⤵
        Program crash
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30925.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42400.exe
        9⤵
        
        PID:844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15127.exe
        10⤵
        
        PID:4028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36353.exe
        11⤵
        
        PID:5104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32755.exe
        12⤵
        
        PID:6912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5104 -s 236
        12⤵
        
        PID:7352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4028 -s 236
        11⤵
        
        PID:5580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 844 -s 236
        10⤵
        
        PID:4784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2284 -s 236
        9⤵
        Program crash
        
        PID:3708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1628 -s 240
        8⤵
        Program crash
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25310.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42431.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30174.exe
        9⤵
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12641.exe
        10⤵
        
        PID:976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51495.exe
        11⤵
        
        PID:3956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63400.exe
        12⤵
        
        PID:5400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14057.exe
        13⤵
        
        PID:6876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25203.exe
        14⤵
        
        PID:8308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21865.exe
        15⤵
        
        PID:8400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6876 -s 236
        14⤵
        
        PID:8372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5400 -s 216
        13⤵
        
        PID:7812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3956 -s 216
        12⤵
        
        PID:5636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 976 -s 236
        11⤵
        
        PID:4540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2152 -s 216
        10⤵
        Program crash
        
        PID:3260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1632 -s 236
        9⤵
        Program crash
        
        PID:3184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19545.exe
        8⤵
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5677.exe
        9⤵
        
        PID:3764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14401.exe
        10⤵
        
        PID:4992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37996.exe
        11⤵
        
        PID:6488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64945.exe
        12⤵
        
        PID:8092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19049.exe
        13⤵
        
        PID:8492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37267.exe
        14⤵
        
        PID:5480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8492 -s 216
        14⤵
        
        PID:9412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8092 -s 236
        13⤵
        
        PID:4304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6488 -s 236
        12⤵
        
        PID:8276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4992 -s 236
        11⤵
        
        PID:6920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3764 -s 236
        10⤵
        
        PID:5932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2584 -s 216
        9⤵
        
        PID:4604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2680 -s 240
        8⤵
        Program crash
        
        PID:3452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1088 -s 240
        7⤵
        Program crash
        
        PID:1184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46997.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7516.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33687.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31518.exe
        9⤵
        
        PID:2068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52714.exe
        10⤵
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13975.exe
        11⤵
        
        PID:3140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62694.exe
        12⤵
        
        PID:4904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3284.exe
        13⤵
        
        PID:6532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13547.exe
        14⤵
        
        PID:8712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48888.exe
        15⤵
        
        PID:8636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8712 -s 216
        15⤵
        
        PID:5464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6532 -s 216
        14⤵
        
        PID:4296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4904 -s 216
        13⤵
        
        PID:7676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3140 -s 216
        12⤵
        
        PID:5828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1640 -s 236
        11⤵
        
        PID:4816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2068 -s 216
        10⤵
        Program crash
        
        PID:3800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49569.exe
        9⤵
        
        PID:840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52190.exe
        10⤵
        
        PID:3636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25943.exe
        11⤵
        
        PID:5092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61561.exe
        12⤵
        
        PID:6564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57631.exe
        13⤵
        
        PID:7408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1389.exe
        14⤵
        
        PID:8884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7408 -s 216
        14⤵
        
        PID:5904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6564 -s 216
        13⤵
        
        PID:8916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5092 -s 216
        12⤵
        
        PID:7088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3636 -s 216
        11⤵
        
        PID:5992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 840 -s 216
        10⤵
        
        PID:4496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1320 -s 240
        9⤵
        Program crash
        
        PID:3208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3209.exe
        8⤵
        
        PID:980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3788.exe
        9⤵
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54868.exe
        10⤵
        
        PID:4160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41457.exe
        11⤵
        
        PID:5384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44307.exe
        12⤵
        
        PID:7280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40209.exe
        13⤵
        
        PID:4476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7280 -s 236
        13⤵
        
        PID:5512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5384 -s 236
        12⤵
        
        PID:7372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4160 -s 216
        11⤵
        
        PID:6832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2348 -s 216
        10⤵
        
        PID:4556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 980 -s 236
        9⤵
        
        PID:3480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2624 -s 240
        8⤵
        Program crash
        
        PID:972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5845.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47662.exe
        8⤵
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12641.exe
        9⤵
        
        PID:1252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30940.exe
        10⤵
        
        PID:3416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64744.exe
        11⤵
        
        PID:5320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61229.exe
        12⤵
        
        PID:6652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22676.exe
        13⤵
        
        PID:8612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6652 -s 216
        13⤵
        
        PID:8840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5320 -s 216
        12⤵
        
        PID:7716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3416 -s 216
        11⤵
        
        PID:5364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1252 -s 216
        10⤵
        
        PID:4480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2788 -s 216
        9⤵
        
        PID:3248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33123.exe
        8⤵
        
        PID:1696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1696 -s 224
        9⤵
        
        PID:3424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1684 -s 240
        8⤵
        Program crash
        
        PID:3668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2988 -s 240
        7⤵
        Program crash
        
        PID:2280
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1588 -s 240
        6⤵
        Program crash
        
        PID:1212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27925.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50718.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47589.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36484.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3479.exe
        9⤵
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42045.exe
        10⤵
        
        PID:3408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31531.exe
        11⤵
        
        PID:5804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24063.exe
        12⤵
        
        PID:6416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6416 -s 220
        13⤵
        
        PID:8216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5804 -s 216
        12⤵
        
        PID:8000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3408 -s 236
        11⤵
        
        PID:6276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2736 -s 216
        10⤵
        
        PID:4884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2872 -s 236
        9⤵
        Program crash
        
        PID:3880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24838.exe
        8⤵
        
        PID:436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5677.exe
        9⤵
        
        PID:3780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42279.exe
        10⤵
        
        PID:3684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11099.exe
        11⤵
        
        PID:6516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33044.exe
        12⤵
        
        PID:8016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22555.exe
        13⤵
        
        PID:5940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8016 -s 236
        13⤵
        
        PID:9328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6516 -s 216
        12⤵
        
        PID:8772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3684 -s 216
        11⤵
        
        PID:6972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3780 -s 236
        10⤵
        
        PID:6028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 436 -s 236
        9⤵
        
        PID:4588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1888 -s 240
        8⤵
        Program crash
        
        PID:3428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49291.exe
        7⤵
        Suspicious use of SetWindowsHookEx
        
        PID:1012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44987.exe
        8⤵
        
        PID:3296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60291.exe
        9⤵
        
        PID:4648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35702.exe
        10⤵
        
        PID:5616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53819.exe
        11⤵
        
        PID:7384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7536.exe
        12⤵
        
        PID:8652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7384 -s 236
        12⤵
        
        PID:6036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5616 -s 236
        11⤵
        
        PID:7632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4648 -s 236
        10⤵
        
        PID:6892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3296 -s 216
        9⤵
        
        PID:5492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1012 -s 216
        8⤵
        
        PID:4212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1828 -s 240
        7⤵
        Program crash
        
        PID:2452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11387.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30921.exe
        7⤵
        
        PID:636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19933.exe
        8⤵
        
        PID:240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33545.exe
        9⤵
        
        PID:4256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58753.exe
        10⤵
        
        PID:5240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62947.exe
        11⤵
        
        PID:7328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26278.exe
        12⤵
        
        PID:4172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23017.exe
        13⤵
        
        PID:9168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7328 -s 216
        12⤵
        
        PID:6068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5240 -s 236
        11⤵
        
        PID:7540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4256 -s 216
        10⤵
        
        PID:6772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 240 -s 216
        9⤵
        
        PID:5008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 636 -s 236
        8⤵
        
        PID:3136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1304 -s 236
        7⤵
        Program crash
        
        PID:2164
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1572 -s 240
        6⤵
        Program crash
        
        PID:2004
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2128 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:2924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30286.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30286.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64127.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9877.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63816.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8990.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50301.exe
        9⤵
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12683.exe
        10⤵
        
        PID:3824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35564.exe
        11⤵
        
        PID:4944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5536.exe
        12⤵
        
        PID:6720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63080.exe
        13⤵
        
        PID:7520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46426.exe
        14⤵
        
        PID:5236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7520 -s 236
        14⤵
        
        PID:6232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6720 -s 216
        13⤵
        
        PID:9092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4944 -s 216
        12⤵
        
        PID:6540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3824 -s 236
        11⤵
        
        PID:5192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1708 -s 216
        10⤵
        
        PID:4892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 236
        9⤵
        Program crash
        
        PID:3624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2488 -s 236
        8⤵
        Program crash
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13821.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28560.exe
        8⤵
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43389.exe
        9⤵
        
        PID:3696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28486.exe
        10⤵
        
        PID:4356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43611.exe
        11⤵
        
        PID:7068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63080.exe
        12⤵
        
        PID:3580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7068 -s 216
        12⤵
        
        PID:9072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4356 -s 236
        11⤵
        
        PID:7480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3696 -s 216
        10⤵
        
        PID:5728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1624 -s 216
        9⤵
        
        PID:4980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1376 -s 236
        8⤵
        Program crash
        
        PID:3916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 932 -s 220
        7⤵
        Program crash
        
        PID:2968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19171.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19764.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13829.exe
        8⤵
        
        PID:3232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50395.exe
        9⤵
        
        PID:4436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19493.exe
        10⤵
        
        PID:5740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14249.exe
        11⤵
        
        PID:6944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29526.exe
        12⤵
        
        PID:8416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53494.exe
        13⤵
        
        PID:5800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8943.exe
        14⤵
        
        PID:5452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8416 -s 236
        13⤵
        
        PID:6320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6944 -s 216
        12⤵
        
        PID:8544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5740 -s 216
        11⤵
        
        PID:7852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4436 -s 216
        10⤵
        
        PID:6212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3232 -s 216
        9⤵
        
        PID:5300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2660 -s 236
        8⤵
        
        PID:4188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14099.exe
        7⤵
        
        PID:2328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30120.exe
        8⤵
        
        PID:2652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57131.exe
        9⤵
        
        PID:5248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19107.exe
        10⤵
        
        PID:7024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39043.exe
        11⤵
        
        PID:8244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1861.exe
        12⤵
        
        PID:8292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8244 -s 236
        12⤵
        
        PID:8328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7024 -s 236
        11⤵
        
        PID:8968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5248 -s 216
        10⤵
        
        PID:7468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2652 -s 236
        9⤵
        
        PID:5264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2328 -s 236
        8⤵
        
        PID:4808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3040 -s 240
        7⤵
        Program crash
        
        PID:3732
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1764 -s 240
        6⤵
        Program crash
        
        PID:940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39020.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38845.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37060.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31627.exe
        8⤵
        
        PID:1768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39772.exe
        9⤵
        
        PID:3304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38745.exe
        10⤵
        
        PID:4332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43997.exe
        11⤵
        
        PID:5688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6465.exe
        12⤵
        
        PID:7012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30543.exe
        13⤵
        
        PID:8796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7012 -s 216
        13⤵
        
        PID:8320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5688 -s 216
        12⤵
        
        PID:7884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4332 -s 216
        11⤵
        
        PID:6192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3304 -s 216
        10⤵
        
        PID:5152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1768 -s 216
        9⤵
        
        PID:3088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1428 -s 236
        8⤵
        Program crash
        
        PID:3200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45586.exe
        7⤵
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5677.exe
        8⤵
        
        PID:3772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32959.exe
        9⤵
        
        PID:4264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19953.exe
        10⤵
        
        PID:6672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32904.exe
        11⤵
        
        PID:8208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6672 -s 216
        11⤵
        
        PID:9192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4264 -s 216
        10⤵
        
        PID:6524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3772 -s 236
        9⤵
        
        PID:6072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2876 -s 216
        8⤵
        
        PID:4596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2760 -s 240
        7⤵
        Program crash
        
        PID:3472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50059.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17437.exe
        7⤵
        
        PID:2560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42751.exe
        8⤵
        
        PID:3564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8828.exe
        9⤵
        
        PID:5608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27981.exe
        10⤵
        
        PID:6484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23366.exe
        11⤵
        
        PID:8360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28862.exe
        12⤵
        
        PID:8408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8360 -s 216
        12⤵
        
        PID:2180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6484 -s 236
        11⤵
        
        PID:9012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5608 -s 216
        10⤵
        
        PID:7656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3564 -s 216
        9⤵
        
        PID:6156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2560 -s 216
        8⤵
        
        PID:4396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2116 -s 236
        7⤵
        Program crash
        
        PID:4076
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2136 -s 240
        6⤵
        Program crash
        
        PID:1716
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2456 -s 240
        5⤵
        Program crash
        
        PID:1388
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2896 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:760
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63120.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63120.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58320.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58320.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39239.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16977.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7516.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53588.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31028.exe
        9⤵
        
        PID:3392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9746.exe
        10⤵
        
        PID:4464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57409.exe
        11⤵
        
        PID:5288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20571.exe
        12⤵
        
        PID:7216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8470.exe
        13⤵
        
        PID:5600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7216 -s 216
        13⤵
        
        PID:5520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5288 -s 236
        12⤵
        
        PID:7296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4464 -s 216
        11⤵
        
        PID:6804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3392 -s 216
        10⤵
        
        PID:5308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2176 -s 236
        9⤵
        
        PID:4220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2524 -s 216
        8⤵
        Program crash
        
        PID:3080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16042.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44437.exe
        8⤵
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50021.exe
        9⤵
        
        PID:3344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1568.exe
        10⤵
        
        PID:4416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14773.exe
        11⤵
        
        PID:6748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25618.exe
        12⤵
        
        PID:8100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-941.exe
        13⤵
        
        PID:9288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6748 -s 216
        12⤵
        
        PID:8952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4416 -s 216
        11⤵
        
        PID:6580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3344 -s 236
        10⤵
        
        PID:5552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2824 -s 236
        9⤵
        
        PID:4856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2352 -s 216
        8⤵
        Program crash
        
        PID:3856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1908 -s 220
        7⤵
        Program crash
        
        PID:2508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11003.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29084.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34925.exe
        8⤵
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28527.exe
        9⤵
        
        PID:3400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56576.exe
        10⤵
        
        PID:5352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53362.exe
        11⤵
        
        PID:6732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29993.exe
        12⤵
        
        PID:8476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53411.exe
        13⤵
        
        PID:4348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8476 -s 236
        13⤵
        
        PID:9404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6732 -s 216
        12⤵
        
        PID:8684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5352 -s 216
        11⤵
        
        PID:7780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3400 -s 216
        10⤵
        
        PID:5424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1728 -s 216
        9⤵
        
        PID:5052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2868 -s 236
        8⤵
        Program crash
        
        PID:3656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2724 -s 216
        7⤵
        Program crash
        
        PID:1824
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2716 -s 240
        6⤵
        Program crash
        
        PID:2376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63717.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63816.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11595.exe
        7⤵
        Executes dropped EXE
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64468.exe
        8⤵
        
        PID:3316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47022.exe
        9⤵
        
        PID:4384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48146.exe
        10⤵
        
        PID:5884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14239.exe
        11⤵
        
        PID:7432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60683.exe
        12⤵
        
        PID:9160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4843.exe
        13⤵
        
        PID:5444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7432 -s 236
        12⤵
        
        PID:4512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5884 -s 236
        11⤵
        
        PID:7608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4384 -s 216
        10⤵
        
        PID:6352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3316 -s 236
        9⤵
        
        PID:5388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2676 -s 216
        8⤵
        
        PID:4132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2168 -s 236
        7⤵
        Program crash
        
        PID:2672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16618.exe
        6⤵
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18781.exe
        7⤵
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49850.exe
        8⤵
        
        PID:3388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41563.exe
        9⤵
        
        PID:5196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17400.exe
        10⤵
        
        PID:6164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40688.exe
        11⤵
        
        PID:7304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12077.exe
        12⤵
        
        PID:5336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6164 -s 216
        11⤵
        
        PID:9144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5196 -s 216
        10⤵
        
        PID:7552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3388 -s 216
        9⤵
        
        PID:6080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3048 -s 216
        8⤵
        
        PID:4300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2412 -s 216
        7⤵
        Program crash
        
        PID:4092
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2332 -s 220
        6⤵
        Program crash
        
        PID:2252
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2372 -s 240
        5⤵
        Program crash
        
        PID:2104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43878.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43878.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16593.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36816.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47610.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37081.exe
        8⤵
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5677.exe
        9⤵
        
        PID:3788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41511.exe
        10⤵
        
        PID:4412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28292.exe
        11⤵
        
        PID:6392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39484.exe
        12⤵
        
        PID:7908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44003.exe
        13⤵
        
        PID:9244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6392 -s 216
        12⤵
        
        PID:8780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4412 -s 216
        11⤵
        
        PID:6688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3788 -s 216
        10⤵
        
        PID:6108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2740 -s 216
        9⤵
        
        PID:4580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1936 -s 236
        8⤵
        Program crash
        
        PID:3440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16940.exe
        7⤵
        
        PID:912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2903.exe
        8⤵
        
        PID:2828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14219.exe
        9⤵
        
        PID:3692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13662.exe
        10⤵
        
        PID:6004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12957.exe
        11⤵
        
        PID:6932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52048.exe
        12⤵
        
        PID:9032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28689.exe
        13⤵
        
        PID:5164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6932 -s 236
        12⤵
        
        PID:3224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6004 -s 216
        11⤵
        
        PID:7212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3692 -s 236
        10⤵
        
        PID:6468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2828 -s 216
        9⤵
        
        PID:4276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 912 -s 236
        8⤵
        Program crash
        
        PID:3384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2856 -s 240
        7⤵
        Program crash
        
        PID:1176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28813.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45358.exe
        7⤵
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59237.exe
        8⤵
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14935.exe
        9⤵
        
        PID:4000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3872.exe
        10⤵
        
        PID:4964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2386.exe
        11⤵
        
        PID:6988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9447.exe
        12⤵
        
        PID:8148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32680.exe
        13⤵
        
        PID:6708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6988 -s 216
        12⤵
        
        PID:8340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4964 -s 216
        11⤵
        
        PID:7420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4000 -s 216
        10⤵
        
        PID:5676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2496 -s 236
        9⤵
        
        PID:4768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1564 -s 236
        8⤵
        Program crash
        
        PID:3588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64260.exe
        7⤵
        
        PID:400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11806.exe
        8⤵
        
        PID:3608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17080.exe
        9⤵
        
        PID:5528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12329.exe
        10⤵
        
        PID:6820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23361.exe
        11⤵
        
        PID:8548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6820 -s 216
        11⤵
        
        PID:8788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5528 -s 216
        10⤵
        
        PID:7800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3608 -s 216
        9⤵
        
        PID:5360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 400 -s 216
        8⤵
        
        PID:5032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2336 -s 240
        7⤵
        Program crash
        
        PID:3644
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 548 -s 240
        6⤵
        Program crash
        
        PID:2204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8590.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40511.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11455.exe
        7⤵
        
        PID:1884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27162.exe
        8⤵
        
        PID:3996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43072.exe
        9⤵
        
        PID:5860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61229.exe
        10⤵
        
        PID:6640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31036.exe
        11⤵
        
        PID:8668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6640 -s 216
        11⤵
        
        PID:8932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5860 -s 236
        10⤵
        
        PID:7708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3996 -s 216
        9⤵
        
        PID:6332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1884 -s 216
        8⤵
        
        PID:5044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 824 -s 216
        7⤵
        Program crash
        
        PID:3948
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2304 -s 236
        6⤵
        Program crash
        
        PID:1996
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2320 -s 240
        5⤵
        Program crash
        
        PID:1712
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2424 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:772
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3004 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2836
- C:\Users\Admin\AppData\Local\Temp\Unicorn-53286.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-53286.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2536
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1112.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1112.exe
    3⤵
    - Executes dropped EXE
    PID:2664
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38262.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38262.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47983.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47983.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36110.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31061.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20724.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11873.exe
        8⤵
        
        PID:1352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53140.exe
        9⤵
        
        PID:3596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63400.exe
        10⤵
        
        PID:5408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49283.exe
        11⤵
        
        PID:6948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48965.exe
        12⤵
        
        PID:7724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6948 -s 216
        12⤵
        
        PID:9024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5408 -s 216
        11⤵
        
        PID:7364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3596 -s 216
        10⤵
        
        PID:5604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1352 -s 216
        9⤵
        
        PID:4100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 568 -s 236
        8⤵
        
        PID:4044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2844 -s 236
        7⤵
        Program crash
        
        PID:1872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65051.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54058.exe
        7⤵
        
        PID:1516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49850.exe
        8⤵
        
        PID:3436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39259.exe
        9⤵
        
        PID:5144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60845.exe
        10⤵
        
        PID:2040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59281.exe
        11⤵
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36494.exe
        12⤵
        
        PID:9368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2040 -s 216
        11⤵
        
        PID:8644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5144 -s 216
        10⤵
        
        PID:7700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3436 -s 216
        9⤵
        
        PID:5844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1516 -s 216
        8⤵
        
        PID:4360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1600 -s 236
        7⤵
        Program crash
        
        PID:4084
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1668 -s 220
        6⤵
        Program crash
        
        PID:1068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60588.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60988.exe
        6⤵
        
        PID:1116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50161.exe
        7⤵
        
        PID:3544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56202.exe
        8⤵
        
        PID:4948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52796.exe
        9⤵
        
        PID:6420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30820.exe
        10⤵
        
        PID:7988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60849.exe
        11⤵
        
        PID:8580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20957.exe
        12⤵
        
        PID:6364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7988 -s 216
        11⤵
        
        PID:5344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6420 -s 216
        10⤵
        
        PID:7496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4948 -s 236
        9⤵
        
        PID:6716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3544 -s 236
        8⤵
        
        PID:5908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1116 -s 216
        7⤵
        
        PID:4372
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3032 -s 236
        6⤵
        Program crash
        
        PID:3148
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2976 -s 240
        5⤵
        Program crash
        
        PID:1724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65445.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65445.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31061.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36100.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50000.exe
        7⤵
        
        PID:1492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25346.exe
        8⤵
        
        PID:3352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41693.exe
        9⤵
        
        PID:5572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6465.exe
        10⤵
        
        PID:7016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43034.exe
        11⤵
        
        PID:8876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44859.exe
        12⤵
        
        PID:5232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8876 -s 236
        12⤵
        
        PID:9336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7016 -s 216
        11⤵
        
        PID:4752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5572 -s 236
        10⤵
        
        PID:7876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3352 -s 216
        9⤵
        
        PID:6148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1492 -s 216
        8⤵
        
        PID:4184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2888 -s 236
        7⤵
        Program crash
        
        PID:4052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14675.exe
        6⤵
        
        PID:1688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35351.exe
        7⤵
        
        PID:3724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63483.exe
        8⤵
        
        PID:5276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44125.exe
        9⤵
        
        PID:6696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55156.exe
        10⤵
        
        PID:8584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10465.exe
        11⤵
        
        PID:3536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54044.exe
        12⤵
        
        PID:5880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8584 -s 236
        11⤵
        
        PID:5340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6696 -s 216
        10⤵
        
        PID:8808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5276 -s 216
        9⤵
        
        PID:7768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3724 -s 216
        8⤵
        
        PID:5328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1688 -s 236
        7⤵
        
        PID:5100
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2076 -s 240
        6⤵
        Program crash
        
        PID:3572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65435.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39367.exe
        6⤵
        
        PID:3116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60358.exe
        7⤵
        
        PID:3600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2782.exe
        8⤵
        
        PID:4628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27737.exe
        9⤵
        
        PID:6600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42693.exe
        10⤵
        
        PID:7624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28561.exe
        11⤵
        
        PID:8624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7624 -s 236
        11⤵
        
        PID:2568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6600 -s 216
        10⤵
        
        PID:7348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4628 -s 216
        9⤵
        
        PID:6292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3600 -s 236
        8⤵
        
        PID:5132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3116 -s 216
        7⤵
        
        PID:4488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16372.exe
        6⤵
        
        PID:3672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17583.exe
        7⤵
        
        PID:5064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60409.exe
        8⤵
        
        PID:6628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34310.exe
        9⤵
        
        PID:7256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52171.exe
        10⤵
        
        PID:6904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6628 -s 216
        9⤵
        
        PID:8524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5064 -s 236
        8⤵
        
        PID:6432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3672 -s 216
        7⤵
        
        PID:5968
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 800 -s 240
        6⤵
        
        PID:4504
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2808 -s 240
        5⤵
        Program crash
        
        PID:2572
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 556 -s 240
      4⤵
      Program crash
      PID:2864
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2536 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:1092
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1500 -s 240
  2⤵
  - Program crash
  PID:2592

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-14219.exe

Filesize
184KB

MD5
5cda1aa3a695ee6ebae6142303f12fc0

SHA1
f9b414d7fd3724f178f66c76d55a553004fa18a6

SHA256
ad4c37f511a4ac713e57c1eac7efc1ea6586ef9f60b99dea0c4e78bfb6fed4cf

SHA512
60bbf7e203e1f406c1a0867a6f5ff46596c85e9910ea69a75cda76d5545d46c73bb123e97f775059b73063582ed05c5fbc808c59d70af189550b04c63e709a33

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14401.exe

Filesize
184KB

MD5
42a521bc39264e504a56fcb3ec5f289b

SHA1
e82c1203b65f5b9a5778453febdc4baf5d5abdb4

SHA256
a987e700766ea6a504641672b28c9feab5b908bad0cdc80e006f11b5680891d8

SHA512
69dcfbfa8c81d423d61b69cdeaa69d241f7590b599333a69c6672f19556c0b105ca7d76e450e1ad854d04185f19464cd9d2641bc0c0b4190b7d7b5f130f998d7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14935.exe

Filesize
184KB

MD5
ca62a1d076181be5c4ab20435d3af696

SHA1
873c4ad929a0d2a1690c30c58a6bf2badb11fba0

SHA256
cea8e91d7ec901bead100a2f74b7379e68f181d0bbcb6d901319248c9e696aa2

SHA512
95134a85df02206c9083c000972a7d8520f7fe2791a7a608b1b49a719f61bde104d1edd31b929cfad49f06b0509d85c9118018ec052acbc4a9c9dce1bcac1d79

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21865.exe

Filesize
184KB

MD5
cd86918e3a8259feeaea7e77c0904641

SHA1
a5c44385f2fd13a7dde068e9ae1a0e4020f5ad75

SHA256
6de984d4ca8e0ce7c7b431d4dbc40ab2a8c1af7a0a2d396f6d9188e040d7ff42

SHA512
73072118f24a4b47ae36db328e5841f76339371af67c46fac969ec82e690633a6882f43ba4cda8a8132473a0d3a899e4faa48f3cc9f190e1df01ce17b8f57ac8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48146.exe

Filesize
184KB

MD5
6a5775664e116347d4bd4893016bb985

SHA1
b590562e187d7fd8fe946da02cc43fdcd95e3e02

SHA256
2283bfc7d83df81e747c2a02f760067e1b151e67a1eff7c591623d138295da95

SHA512
6edf12d70e5264db92d9c9e038190da220fcbadcd0f86bedc7bc7a3f5ba119ae998992b64e33f7bef9b433a7915f9a27232b97ec1935e2cc8311607f2ac8dc86

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5497.exe

Filesize
184KB

MD5
0f9710dc9fb9efe53c708ea3c3e8bd42

SHA1
3897e744da856a5520461e6a2e2fef453f2f01a7

SHA256
5292a3919517f6ee5d9cced4d86fab393c24d26d07b8eba692a7d61997977812

SHA512
3a14b6ed78f91a5b846f1788e89e2df3f07b2713dda7d68f289e6f7e52df523a570408e50104e159c6387d5fa197a8b0b069571b4106b5c130c94309d3fb9636

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-1112.exe

Filesize
184KB

MD5
70ba36e75d16441f2d955037a2daf9dd

SHA1
9af21ba13b4c41ffcb8598fac825c06cdd79b5fe

SHA256
07ef9c61accae8eac192c33c89cf4f6188b1c3d675711914d3457fcfb9c8720c

SHA512
27781466af6a742d6ad864a1ae16be8a119124c7ad33c303d65c568b91e558621d1951d50acbfd654ad83537ca16dd032a6597367bbe16455e9decfabce116f4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-14713.exe

Filesize
184KB

MD5
609a7148295196307afcc69f68b0faa6

SHA1
62276145236b0990c2261ad679ec7fbbda7de8fd

SHA256
2bae834b62bceeb07024d8faa3be870a372a3857277d44fb9503bdf0875414c4

SHA512
028c1e0fb4250e007efdd357c20f19dee207e6b7642a81fb6777fafe5bc029115d4bcaa069ad277702c5d53d3df3a733d9f3b977c62812d12e5688878c18c5a7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-25456.exe

Filesize
184KB

MD5
fb675251108f5ca46b2783161336b897

SHA1
af16b27321d00a0dbc79a54558a7569e5a044787

SHA256
abd63ce01b7cb45b4fa43a9211dc4fb76aa92b8cbda60471bb4caf891e4def8b

SHA512
06781ed3530414d16e52a53ff9906444e54d30f2600c80350f1ce48184a8ef05c7e5ab13e52f055474903c5204367248a6ddaf5c9e7bafa9fdd25ea3e9f37354

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-27925.exe

Filesize
184KB

MD5
02c44d7b0ff45c65a21e0c207da54935

SHA1
b6f3925a850f88c9b01a492bb72de008e68708fb

SHA256
9f8c53479dd5efe270a432c40ab4a6c3bb5262ff9b2772bdb1acec3eb5e58daa

SHA512
eadff0c38cea437e33a543e1696fca7c60f1fe8d2bad1670b5c120bdb39f51a07a8fda0d5fdb7de4edca7bc0659f78dac109bd3ba44bcb3866222493b68f8284

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-30286.exe

Filesize
184KB

MD5
8e74d01758c7b6c12ddf1213d3d85c9c

SHA1
e6aeb48eae88cc87ee2d722304621dad040cef0f

SHA256
73a59294c7bed55afb1436ced3f6dfd3fdf5754b593e8c44ddc977aba3406201

SHA512
687c47e411020f032c710bc93f57cd780cf06e6a59425d6dd640a4d9c5a8a0c75d1be2b7718b4acb20fa9b614a7b17fe69b1d522627229be1d239fdabe3553c9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-34864.exe

Filesize
184KB

MD5
898714b7c65979a704c9ff6ed2f086c9

SHA1
83e26bb15f489ea35645c4be704348adb8fca0eb

SHA256
2ae7e4b261937163ae298d21f3975e1525b450c0ecdef2043cb443a4a7775c88

SHA512
14c4f4a45944ff9285639e4f38f1854f90b150dbb8e1daee8affc5cd561cf841df8711ad75cf7539ea6a50783132bfbd7359dd9c2107c2fc4ef2a0192fbe7235

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-38262.exe

Filesize
184KB

MD5
b68359b2bd6f5752e357c1dced994a9e

SHA1
d027a5ee5f41abbab579034311e83b03ab148abc

SHA256
43bd78fe5b9e1eb06c6a276d1ce9886b4fc9f01a3b30a67984df8e92032c53bd

SHA512
3c14dafdca450754f6b8a3a305a020f3f0b8333e3996a047f8bc476c16801fca37686a91d7dfeccc4724234305e9a83cccc3632017a916e9ca5b209a171201e7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-39239.exe

Filesize
184KB

MD5
bde11c78af703f1fef7d07c567944455

SHA1
486ee2e071bc1b03bf1fac70d55b7913e56af2bd

SHA256
593c62314164e3aae55ac6387dc82efb87f27bbc9eb5ab1e8b3be0ae2f52eeca

SHA512
150692805fecb1ed3d513db81e8b4608bf781da869fd2309c9bc4995b3da8426301fb3e7983a523a0bd1f4d0ef2bb083ad7bed9660378e00c43489e03182c281

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-43297.exe

Filesize
184KB

MD5
2d16eb5a44924c64d984ebe56335494e

SHA1
b0f2e42b9c6fe608f31d5cd4ba9cb981f51db11d

SHA256
8987ee1966dd43c1204cb2ebe5d10d58e1fb0ab45784b7c1f08bf2de60e8d16e

SHA512
de869724f7915c922f331ebbc449fafc32ed681005ae579e213b44672750fac23cb6cc0b1e7e8d6839e6992e14c9fdb3ebacf9ab92b4be881313fea35452568c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-43878.exe

Filesize
184KB

MD5
e4a5e3cfb004500a031fe7d61161579d

SHA1
3e71883e6a9efa4a6c3ff3a714e2dcd3288caacd

SHA256
38de1c9df4fe5c58e87ea43c58109fffd3f95c153b1efdc356b9ee45fed78dbc

SHA512
6f2cab8bfc9532349a6fda6dbef585dfa5a69b14d648993cdd818b19eadf2e62becbbd3d4c3f4745fe027b65d73d1be9a952770a8375f0cb87cbf12ff06eed58

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-53286.exe

Filesize
184KB

MD5
b143a09f5bddae1f8727a19250688a06

SHA1
28dcd87ebe6e367d49d30b5ef87913a529769678

SHA256
14b741231116c3cb2e502053b0f923667b63e74afbaab29816e0c6696be14570

SHA512
c6a20f0c28883763b2a425bad825339af0510b9491a5d76cd43173e2579d5fab0d8b4309cbd03cab72121ec78162f161b6fd6ad7752d172e69ff37482c32bb40

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-58320.exe

Filesize
184KB

MD5
6a26cba5965351e5b2a640749deace5a

SHA1
c6323c55ee8d41de5968a97d2c93dd170a13b260

SHA256
3a0bb94f361bf40777c3ab14c704bf4ffa992a6038ff028e70d36a920631780c

SHA512
9eceae966dd613cf85f8336a14918cd653d1287019cf3714ba91edd5893f33ba8f717950846d745c8e3920037315925821a93e3603dddfb9cfd9dee1f62bc875

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-63120.exe

Filesize
184KB

MD5
9bb47d6b08df76e0e0158f075b82e253

SHA1
91bc74ba99e7492d262f3999d964db51f5db1a7b

SHA256
3d18bd838f6b20647feb1be08a4da4e88818f83cf72da9b5ad698afbd3c6dc70

SHA512
fbb47eeefe567124d9d9fa89428a88ac63dfc7cd51eb7954124c4d4f7e954d166beef6266ed73d2314e98df87083d48c72163fd612d134bb063c4a2f838a2672

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads