c9304f24a903b6302e9ae88a2a70d777e6d329fc10a0697406d3b258c464dbcf

Analysis

max time kernel
147s
max time network
122s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
13-01-2024 10:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

58ae431e9e62c78ab5d4b9385ddbb3ce.exe
Size

184KB
MD5

58ae431e9e62c78ab5d4b9385ddbb3ce
SHA1

86818847c2f9bda3e9e834b71fbef0eb0d3d8d9c
SHA256

c9304f24a903b6302e9ae88a2a70d777e6d329fc10a0697406d3b258c464dbcf
SHA512

93f7b878670b019eaf1a1018e156135f18106b42010df441a84f49740902e4ec1ad56b66702d2d438d2f5523f523a60b72fe2132ae698e47c97812b7413460b8
SSDEEP

3072:y2oKoW2BPxf0nOjLM3+z1J0LQI0MW67A8Kx2zPIHRNlevpFd:y2xoPZ0n8MOz1JFk7qNlevpF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
1468	Unicorn-59453.exe
3040	Unicorn-52520.exe
2140	Unicorn-4066.exe
2604	Unicorn-4554.exe
2640	Unicorn-25721.exe
2244	Unicorn-45587.exe
2476	Unicorn-9837.exe
1220	Unicorn-50870.exe
1928	Unicorn-31004.exe
2356	Unicorn-18560.exe
1268	Unicorn-34342.exe
2972	Unicorn-18364.exe
2132	Unicorn-47507.exe
2336	Unicorn-10003.exe
1124	Unicorn-31170.exe
112	Unicorn-46760.exe
2664	Unicorn-22256.exe
1400	Unicorn-7263.exe
412	Unicorn-32514.exe
1688	Unicorn-64679.exe
1244	Unicorn-28285.exe
1952	Unicorn-23647.exe
2436	Unicorn-11202.exe
2916	Unicorn-65042.exe
2200	Unicorn-56319.exe
2412	Unicorn-33159.exe
2928	Unicorn-62302.exe
1080	Unicorn-57663.exe
2168	Unicorn-45966.exe
1752	Unicorn-41135.exe
2144	Unicorn-4933.exe
2612	Unicorn-33050.exe
2760	Unicorn-24882.exe
2484	Unicorn-5016.exe
2824	Unicorn-53470.exe
1448	Unicorn-6360.exe
1580	Unicorn-1529.exe
616	Unicorn-30118.exe
2308	Unicorn-63537.exe
1656	Unicorn-13589.exe
776	Unicorn-21758.exe
1872	Unicorn-42732.exe
1324	Unicorn-34564.exe
1144	Unicorn-29734.exe
2364	Unicorn-36833.exe
2432	Unicorn-6059.exe
2892	Unicorn-25925.exe
876	Unicorn-25925.exe
2320	Unicorn-5867.exe
1728	Unicorn-1612.exe
1744	Unicorn-38923.exe
2236	Unicorn-42453.exe
2380	Unicorn-25048.exe
2648	Unicorn-31030.exe
2232	Unicorn-50896.exe
1892	Unicorn-63703.exe
1760	Unicorn-1503.exe
596	Unicorn-50704.exe
1332	Unicorn-51067.exe
608	Unicorn-55151.exe
2088	Unicorn-51820.exe
2448	Unicorn-27124.exe
1196	Unicorn-11150.exe
2016	Unicorn-31016.exe

Loads dropped DLL 64 IoCs

pid	Process
2044	58ae431e9e62c78ab5d4b9385ddbb3ce.exe
2044	58ae431e9e62c78ab5d4b9385ddbb3ce.exe
1468	Unicorn-59453.exe
2044	58ae431e9e62c78ab5d4b9385ddbb3ce.exe
1468	Unicorn-59453.exe
2044	58ae431e9e62c78ab5d4b9385ddbb3ce.exe
3040	Unicorn-52520.exe
3040	Unicorn-52520.exe
1468	Unicorn-59453.exe
1468	Unicorn-59453.exe
2140	Unicorn-4066.exe
2140	Unicorn-4066.exe
2776	WerFault.exe
2776	WerFault.exe
2776	WerFault.exe
2776	WerFault.exe
2776	WerFault.exe
2604	Unicorn-4554.exe
2604	Unicorn-4554.exe
2640	Unicorn-25721.exe
2640	Unicorn-25721.exe
3040	Unicorn-52520.exe
3040	Unicorn-52520.exe
2140	Unicorn-4066.exe
2244	Unicorn-45587.exe
2140	Unicorn-4066.exe
2244	Unicorn-45587.exe
1896	WerFault.exe
1896	WerFault.exe
1896	WerFault.exe
1896	WerFault.exe
1896	WerFault.exe
1524	WerFault.exe
1524	WerFault.exe
1524	WerFault.exe
1524	WerFault.exe
1524	WerFault.exe
2476	Unicorn-9837.exe
2476	Unicorn-9837.exe
2604	Unicorn-4554.exe
2604	Unicorn-4554.exe
1220	Unicorn-50870.exe
1220	Unicorn-50870.exe
2640	Unicorn-25721.exe
2640	Unicorn-25721.exe
1928	Unicorn-31004.exe
1928	Unicorn-31004.exe
2356	Unicorn-18560.exe
2356	Unicorn-18560.exe
1268	Unicorn-34342.exe
1268	Unicorn-34342.exe
2244	Unicorn-45587.exe
2244	Unicorn-45587.exe
2748	WerFault.exe
2748	WerFault.exe
2748	WerFault.exe
2748	WerFault.exe
2748	WerFault.exe
1976	WerFault.exe
1976	WerFault.exe
1976	WerFault.exe
1976	WerFault.exe
1976	WerFault.exe
1620	WerFault.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2684	2044	WerFault.exe	15
2776	1468	WerFault.exe	28
2748	412	WerFault.exe	45
1524	2140	WerFault.exe	30
1896	3040	WerFault.exe	29
1976	2604	WerFault.exe	32
1620	2640	WerFault.exe	33
2944	2476	WerFault.exe	40
2592	1220	WerFault.exe	39
2732	2356	WerFault.exe	37
2204	1928	WerFault.exe	38
764	1268	WerFault.exe	36
2408	2972	WerFault.exe	49
1512	2132	WerFault.exe	48
1472	1124	WerFault.exe	41
2384	1400	WerFault.exe	44
2772	112	WerFault.exe	42
2520	2664	WerFault.exe	43
864	2336	WerFault.exe	46
1088	2244	WerFault.exe	34
760	1244	WerFault.exe	55
2968	2916	WerFault.exe	58
2844	1324	WerFault.exe	82
2116	2928	WerFault.exe	61
2220	2168	WerFault.exe	63
2804	1688	WerFault.exe	54
3212	2200	WerFault.exe	59
3280	1952	WerFault.exe	56
3332	2484	WerFault.exe	69
3612	1580	WerFault.exe	75
3708	2432	WerFault.exe	87
3828	2320	WerFault.exe	88
3820	2364	WerFault.exe	84
3936	1752	WerFault.exe	62
4016	1872	WerFault.exe	81
4052	2760	WerFault.exe	70
1072	1144	WerFault.exe	83
3120	2236	WerFault.exe	95
3180	2144	WerFault.exe	65
3248	876	WerFault.exe	85
3296	2308	WerFault.exe	78
3380	1656	WerFault.exe	79
3528	2892	WerFault.exe	86
3628	1080	WerFault.exe	64
3744	1728	WerFault.exe	90
3780	776	WerFault.exe	80
3980	2436	WerFault.exe	57
3676	2412	WerFault.exe	60
3852	2612	WerFault.exe	67
4220	1332	WerFault.exe	106
4340	2648	WerFault.exe	100
4636	1744	WerFault.exe	93
4672	1044	WerFault.exe	111
4852	1892	WerFault.exe	101
4888	616	WerFault.exe	77
4948	596	WerFault.exe	104
5016	1448	WerFault.exe	76
5008	1196	WerFault.exe	110
5068	2824	WerFault.exe	71
5092	608	WerFault.exe	105
4128	2572	WerFault.exe	113
4312	1760	WerFault.exe	102
4408	2380	WerFault.exe	94
4476	940	WerFault.exe	116

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2044	58ae431e9e62c78ab5d4b9385ddbb3ce.exe
1468	Unicorn-59453.exe
3040	Unicorn-52520.exe
2140	Unicorn-4066.exe
2640	Unicorn-25721.exe
2604	Unicorn-4554.exe
2244	Unicorn-45587.exe
2476	Unicorn-9837.exe
1220	Unicorn-50870.exe
1928	Unicorn-31004.exe
1268	Unicorn-34342.exe
2356	Unicorn-18560.exe
2972	Unicorn-18364.exe
2132	Unicorn-47507.exe
2336	Unicorn-10003.exe
1124	Unicorn-31170.exe
112	Unicorn-46760.exe
2664	Unicorn-22256.exe
1400	Unicorn-7263.exe
412	Unicorn-32514.exe
1688	Unicorn-64679.exe
1244	Unicorn-28285.exe
1952	Unicorn-23647.exe
2436	Unicorn-11202.exe
2916	Unicorn-65042.exe
2200	Unicorn-56319.exe
2412	Unicorn-33159.exe
2928	Unicorn-62302.exe
1080	Unicorn-57663.exe
1752	Unicorn-41135.exe
2168	Unicorn-45966.exe
2144	Unicorn-4933.exe
2612	Unicorn-33050.exe
2484	Unicorn-5016.exe
2760	Unicorn-24882.exe
2824	Unicorn-53470.exe
1448	Unicorn-6360.exe
1580	Unicorn-1529.exe
616	Unicorn-30118.exe
2308	Unicorn-63537.exe
1656	Unicorn-13589.exe
776	Unicorn-21758.exe
1872	Unicorn-42732.exe
1324	Unicorn-34564.exe
1144	Unicorn-29734.exe
2364	Unicorn-36833.exe
876	Unicorn-25925.exe
2892	Unicorn-25925.exe
2432	Unicorn-6059.exe
2320	Unicorn-5867.exe
1728	Unicorn-1612.exe
1744	Unicorn-38923.exe
2380	Unicorn-25048.exe
2236	Unicorn-42453.exe
2648	Unicorn-31030.exe
2232	Unicorn-50896.exe
1892	Unicorn-63703.exe
1760	Unicorn-1503.exe
596	Unicorn-50704.exe
1332	Unicorn-51067.exe
608	Unicorn-55151.exe
2088	Unicorn-51820.exe
2448	Unicorn-27124.exe
1196	Unicorn-11150.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2044 wrote to memory of 1468	2044	58ae431e9e62c78ab5d4b9385ddbb3ce.exe	28
PID 2044 wrote to memory of 1468	2044	58ae431e9e62c78ab5d4b9385ddbb3ce.exe	28
PID 2044 wrote to memory of 1468	2044	58ae431e9e62c78ab5d4b9385ddbb3ce.exe	28
PID 2044 wrote to memory of 1468	2044	58ae431e9e62c78ab5d4b9385ddbb3ce.exe	28
PID 1468 wrote to memory of 3040	1468	Unicorn-59453.exe	29
PID 1468 wrote to memory of 3040	1468	Unicorn-59453.exe	29
PID 1468 wrote to memory of 3040	1468	Unicorn-59453.exe	29
PID 1468 wrote to memory of 3040	1468	Unicorn-59453.exe	29
PID 2044 wrote to memory of 2140	2044	58ae431e9e62c78ab5d4b9385ddbb3ce.exe	30
PID 2044 wrote to memory of 2140	2044	58ae431e9e62c78ab5d4b9385ddbb3ce.exe	30
PID 2044 wrote to memory of 2140	2044	58ae431e9e62c78ab5d4b9385ddbb3ce.exe	30
PID 2044 wrote to memory of 2140	2044	58ae431e9e62c78ab5d4b9385ddbb3ce.exe	30
PID 2044 wrote to memory of 2684	2044	58ae431e9e62c78ab5d4b9385ddbb3ce.exe	31
PID 2044 wrote to memory of 2684	2044	58ae431e9e62c78ab5d4b9385ddbb3ce.exe	31
PID 2044 wrote to memory of 2684	2044	58ae431e9e62c78ab5d4b9385ddbb3ce.exe	31
PID 2044 wrote to memory of 2684	2044	58ae431e9e62c78ab5d4b9385ddbb3ce.exe	31
PID 3040 wrote to memory of 2604	3040	Unicorn-52520.exe	32
PID 3040 wrote to memory of 2604	3040	Unicorn-52520.exe	32
PID 3040 wrote to memory of 2604	3040	Unicorn-52520.exe	32
PID 3040 wrote to memory of 2604	3040	Unicorn-52520.exe	32
PID 1468 wrote to memory of 2640	1468	Unicorn-59453.exe	33
PID 1468 wrote to memory of 2640	1468	Unicorn-59453.exe	33
PID 1468 wrote to memory of 2640	1468	Unicorn-59453.exe	33
PID 1468 wrote to memory of 2640	1468	Unicorn-59453.exe	33
PID 2140 wrote to memory of 2244	2140	Unicorn-4066.exe	34
PID 2140 wrote to memory of 2244	2140	Unicorn-4066.exe	34
PID 2140 wrote to memory of 2244	2140	Unicorn-4066.exe	34
PID 2140 wrote to memory of 2244	2140	Unicorn-4066.exe	34
PID 1468 wrote to memory of 2776	1468	Unicorn-59453.exe	35
PID 1468 wrote to memory of 2776	1468	Unicorn-59453.exe	35
PID 1468 wrote to memory of 2776	1468	Unicorn-59453.exe	35
PID 1468 wrote to memory of 2776	1468	Unicorn-59453.exe	35
PID 2604 wrote to memory of 2476	2604	Unicorn-4554.exe	40
PID 2604 wrote to memory of 2476	2604	Unicorn-4554.exe	40
PID 2604 wrote to memory of 2476	2604	Unicorn-4554.exe	40
PID 2604 wrote to memory of 2476	2604	Unicorn-4554.exe	40
PID 2640 wrote to memory of 1220	2640	Unicorn-25721.exe	39
PID 2640 wrote to memory of 1220	2640	Unicorn-25721.exe	39
PID 2640 wrote to memory of 1220	2640	Unicorn-25721.exe	39
PID 2640 wrote to memory of 1220	2640	Unicorn-25721.exe	39
PID 3040 wrote to memory of 1928	3040	Unicorn-52520.exe	38
PID 3040 wrote to memory of 1928	3040	Unicorn-52520.exe	38
PID 3040 wrote to memory of 1928	3040	Unicorn-52520.exe	38
PID 3040 wrote to memory of 1928	3040	Unicorn-52520.exe	38
PID 2140 wrote to memory of 2356	2140	Unicorn-4066.exe	37
PID 2140 wrote to memory of 2356	2140	Unicorn-4066.exe	37
PID 2140 wrote to memory of 2356	2140	Unicorn-4066.exe	37
PID 2140 wrote to memory of 2356	2140	Unicorn-4066.exe	37
PID 2244 wrote to memory of 1268	2244	Unicorn-45587.exe	36
PID 2244 wrote to memory of 1268	2244	Unicorn-45587.exe	36
PID 2244 wrote to memory of 1268	2244	Unicorn-45587.exe	36
PID 2244 wrote to memory of 1268	2244	Unicorn-45587.exe	36
PID 3040 wrote to memory of 1896	3040	Unicorn-52520.exe	51
PID 3040 wrote to memory of 1896	3040	Unicorn-52520.exe	51
PID 3040 wrote to memory of 1896	3040	Unicorn-52520.exe	51
PID 3040 wrote to memory of 1896	3040	Unicorn-52520.exe	51
PID 2140 wrote to memory of 1524	2140	Unicorn-4066.exe	50
PID 2140 wrote to memory of 1524	2140	Unicorn-4066.exe	50
PID 2140 wrote to memory of 1524	2140	Unicorn-4066.exe	50
PID 2140 wrote to memory of 1524	2140	Unicorn-4066.exe	50
PID 2476 wrote to memory of 2972	2476	Unicorn-9837.exe	49
PID 2476 wrote to memory of 2972	2476	Unicorn-9837.exe	49
PID 2476 wrote to memory of 2972	2476	Unicorn-9837.exe	49
PID 2476 wrote to memory of 2972	2476	Unicorn-9837.exe	49

C:\Users\Admin\AppData\Local\Temp\58ae431e9e62c78ab5d4b9385ddbb3ce.exe
"C:\Users\Admin\AppData\Local\Temp\58ae431e9e62c78ab5d4b9385ddbb3ce.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2044
- C:\Users\Admin\AppData\Local\Temp\Unicorn-59453.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-59453.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1468
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52520.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52520.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4554.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4554.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9837.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18364.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64679.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33050.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1612.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27783.exe
        10⤵
        
        PID:2652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63535.exe
        11⤵
        
        PID:4604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63395.exe
        12⤵
        
        PID:5564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28376.exe
        13⤵
        
        PID:8436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46965.exe
        14⤵
        
        PID:10508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5564 -s 376
        13⤵
        
        PID:9888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4604 -s 376
        12⤵
        
        PID:7084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2652 -s 376
        11⤵
        
        PID:4540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1728 -s 380
        10⤵
        Program crash
        
        PID:3744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15701.exe
        9⤵
        
        PID:452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11594.exe
        10⤵
        
        PID:4768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60209.exe
        11⤵
        
        PID:6196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6196 -s 220
        12⤵
        
        PID:9012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4768 -s 376
        11⤵
        
        PID:7912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 452 -s 376
        10⤵
        
        PID:5748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2612 -s 380
        9⤵
        Program crash
        
        PID:3852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38923.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17233.exe
        9⤵
        
        PID:3600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16146.exe
        10⤵
        
        PID:4132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24003.exe
        11⤵
        
        PID:6636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22450.exe
        12⤵
        
        PID:9284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47323.exe
        13⤵
        
        PID:11040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6636 -s 376
        12⤵
        
        PID:10080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4132 -s 376
        11⤵
        
        PID:8044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3600 -s 376
        10⤵
        
        PID:5892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1744 -s 368
        9⤵
        Program crash
        
        PID:4636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1688 -s 376
        8⤵
        Program crash
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5016.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25048.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17233.exe
        9⤵
        
        PID:3592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2980.exe
        10⤵
        
        PID:4428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24003.exe
        11⤵
        
        PID:6652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22450.exe
        12⤵
        
        PID:9252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30987.exe
        13⤵
        
        PID:10984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6652 -s 376
        12⤵
        
        PID:10096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4428 -s 368
        11⤵
        
        PID:8076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3592 -s 380
        10⤵
        
        PID:6496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2380 -s 376
        9⤵
        Program crash
        
        PID:4408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2484 -s 376
        8⤵
        Program crash
        
        PID:3332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2972 -s 380
        7⤵
        Program crash
        
        PID:2408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28285.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24882.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42453.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48971.exe
        9⤵
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46623.exe
        10⤵
        
        PID:4296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14817.exe
        11⤵
        
        PID:5852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59699.exe
        12⤵
        
        PID:8948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63768.exe
        13⤵
        
        PID:10860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5852 -s 380
        12⤵
        
        PID:9812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4296 -s 380
        11⤵
        
        PID:6952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3036 -s 376
        10⤵
        
        PID:5476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2236 -s 380
        9⤵
        Program crash
        
        PID:3120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16661.exe
        8⤵
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5782.exe
        9⤵
        
        PID:4236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63203.exe
        10⤵
        
        PID:5664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62903.exe
        11⤵
        
        PID:9020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50815.exe
        12⤵
        
        PID:9556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17692.exe
        13⤵
        
        PID:10744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9020 -s 380
        12⤵
        
        PID:7732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5664 -s 380
        11⤵
        
        PID:9292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4236 -s 380
        10⤵
        
        PID:7072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2312 -s 376
        9⤵
        
        PID:4708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2760 -s 380
        8⤵
        Program crash
        
        PID:4052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31030.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48779.exe
        8⤵
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43966.exe
        9⤵
        
        PID:4160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59358.exe
        10⤵
        
        PID:5524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55311.exe
        11⤵
        
        PID:8908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1080.exe
        12⤵
        
        PID:10424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5524 -s 376
        11⤵
        
        PID:8660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4160 -s 376
        10⤵
        
        PID:7348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2856 -s 376
        9⤵
        
        PID:5704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2648 -s 368
        8⤵
        Program crash
        
        PID:4340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1244 -s 376
        7⤵
        Program crash
        
        PID:760
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2476 -s 380
        6⤵
        Program crash
        
        PID:2944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47507.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23647.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53470.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63688.exe
        8⤵
        
        PID:1044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11337.exe
        9⤵
        
        PID:3224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40650.exe
        10⤵
        
        PID:4500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22986.exe
        11⤵
        
        PID:5928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1131.exe
        12⤵
        
        PID:8484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46965.exe
        13⤵
        
        PID:10484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5928 -s 376
        12⤵
        
        PID:9832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4500 -s 380
        11⤵
        
        PID:6924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3224 -s 376
        10⤵
        
        PID:5508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1044 -s 376
        9⤵
        Program crash
        
        PID:4672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41824.exe
        8⤵
        
        PID:3372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50271.exe
        9⤵
        
        PID:5032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23635.exe
        10⤵
        
        PID:7800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50815.exe
        11⤵
        
        PID:9564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3021.exe
        12⤵
        
        PID:11196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7800 -s 376
        11⤵
        
        PID:7724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5032 -s 376
        10⤵
        
        PID:8352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3372 -s 376
        9⤵
        
        PID:6828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2824 -s 376
        8⤵
        Program crash
        
        PID:5068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24554.exe
        7⤵
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53797.exe
        8⤵
        
        PID:3732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15617.exe
        9⤵
        
        PID:4920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24003.exe
        10⤵
        
        PID:6660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59014.exe
        11⤵
        
        PID:9372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2398.exe
        12⤵
        
        PID:10996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6660 -s 376
        11⤵
        
        PID:10168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4920 -s 376
        10⤵
        
        PID:8068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3732 -s 376
        9⤵
        
        PID:5648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2572 -s 376
        8⤵
        Program crash
        
        PID:4128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1952 -s 376
        7⤵
        Program crash
        
        PID:3280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6360.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1503.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9064.exe
        8⤵
        
        PID:3552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7256.exe
        9⤵
        
        PID:4208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43842.exe
        10⤵
        
        PID:7056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59014.exe
        11⤵
        
        PID:9364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2398.exe
        12⤵
        
        PID:11004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7056 -s 384
        11⤵
        
        PID:10072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4208 -s 376
        10⤵
        
        PID:8376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3552 -s 376
        9⤵
        
        PID:6736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1760 -s 372
        8⤵
        Program crash
        
        PID:4312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62904.exe
        7⤵
        
        PID:3532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36037.exe
        8⤵
        
        PID:4808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46582.exe
        9⤵
        
        PID:7012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50815.exe
        10⤵
        
        PID:9548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31911.exe
        11⤵
        
        PID:11124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7012 -s 380
        10⤵
        
        PID:7716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4808 -s 376
        9⤵
        
        PID:8272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3532 -s 376
        8⤵
        
        PID:6440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1448 -s 376
        7⤵
        Program crash
        
        PID:5016
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2132 -s 368
        6⤵
        Program crash
        
        PID:1512
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2604 -s 380
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:1976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31004.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31004.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46760.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57663.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13589.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31016.exe
        8⤵
        Executes dropped EXE
        
        PID:2016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63919.exe
        9⤵
        
        PID:4480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48149.exe
        10⤵
        
        PID:6136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22450.exe
        11⤵
        
        PID:9244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7105.exe
        12⤵
        
        PID:11224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6136 -s 376
        11⤵
        
        PID:10044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4480 -s 376
        10⤵
        
        PID:7824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2016 -s 376
        9⤵
        
        PID:5952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1656 -s 376
        8⤵
        Program crash
        
        PID:3380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43823.exe
        7⤵
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39223.exe
        8⤵
        
        PID:4552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6794.exe
        9⤵
        
        PID:6128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6110.exe
        10⤵
        
        PID:8940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40586.exe
        11⤵
        
        PID:10916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8940 -s 376
        11⤵
        
        PID:5264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6128 -s 380
        10⤵
        
        PID:8896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4552 -s 376
        9⤵
        
        PID:7004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2260 -s 380
        8⤵
        
        PID:5372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1080 -s 376
        7⤵
        Program crash
        
        PID:3628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42732.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51820.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59259.exe
        8⤵
        
        PID:4176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5642.exe
        9⤵
        
        PID:5844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28376.exe
        10⤵
        
        PID:8292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8292 -s 376
        11⤵
        
        PID:10300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5844 -s 376
        10⤵
        
        PID:9872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4176 -s 380
        9⤵
        
        PID:7176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2088 -s 380
        8⤵
        
        PID:5144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1872 -s 380
        7⤵
        Program crash
        
        PID:4016
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 112 -s 380
        6⤵
        Program crash
        
        PID:2772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45966.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51067.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20191.exe
        7⤵
        
        PID:2396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14225.exe
        8⤵
        
        PID:4900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64293.exe
        9⤵
        
        PID:6228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6228 -s 220
        10⤵
        
        PID:9036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4900 -s 380
        9⤵
        
        PID:7920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2396 -s 380
        8⤵
        
        PID:6068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1332 -s 376
        7⤵
        Program crash
        
        PID:4220
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2168 -s 376
        6⤵
        Program crash
        
        PID:2220
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1928 -s 364
        5⤵
        Program crash
        
        PID:2204
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3040 -s 372
      4⤵
      Loads dropped DLL
      Program crash
      PID:1896
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25721.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25721.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50870.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50870.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10003.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11202.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21758.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64648.exe
        8⤵
        
        PID:936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44905.exe
        9⤵
        
        PID:4648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5741.exe
        10⤵
        
        PID:6904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11157.exe
        11⤵
        
        PID:9396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63768.exe
        12⤵
        
        PID:10852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6904 -s 376
        11⤵
        
        PID:9388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4648 -s 376
        10⤵
        
        PID:8264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 936 -s 376
        9⤵
        
        PID:6276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 776 -s 376
        8⤵
        Program crash
        
        PID:3780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55966.exe
        7⤵
        
        PID:2940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38839.exe
        8⤵
        
        PID:4684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61169.exe
        9⤵
        
        PID:6352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6352 -s 220
        10⤵
        
        PID:9236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4684 -s 376
        9⤵
        
        PID:7928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2940 -s 376
        8⤵
        
        PID:5616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2436 -s 376
        7⤵
        Program crash
        
        PID:3980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34564.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1324 -s 240
        7⤵
        Program crash
        
        PID:2844
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2336 -s 384
        6⤵
        Program crash
        
        PID:864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65042.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1529.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50896.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43779.exe
        8⤵
        
        PID:3860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14194.exe
        9⤵
        
        PID:5620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28376.exe
        10⤵
        
        PID:1340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40586.exe
        11⤵
        
        PID:10908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5620 -s 376
        10⤵
        
        PID:9824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3860 -s 380
        9⤵
        
        PID:7068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2232 -s 380
        8⤵
        
        PID:4692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1580 -s 376
        7⤵
        Program crash
        
        PID:3612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63703.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52562.exe
        7⤵
        
        PID:3112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41574.exe
        8⤵
        
        PID:4716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24003.exe
        9⤵
        
        PID:6668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22450.exe
        10⤵
        
        PID:9268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5631.exe
        11⤵
        
        PID:10680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6668 -s 376
        10⤵
        
        PID:10104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4716 -s 376
        9⤵
        
        PID:8036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3112 -s 368
        8⤵
        
        PID:6184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1892 -s 380
        7⤵
        Program crash
        
        PID:4852
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2916 -s 376
        6⤵
        Program crash
        
        PID:2968
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1220 -s 368
        5⤵
        Program crash
        
        PID:2592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31170.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31170.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56319.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30118.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50704.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56454.exe
        8⤵
        
        PID:3172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36037.exe
        9⤵
        
        PID:4788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24003.exe
        10⤵
        
        PID:6644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11157.exe
        11⤵
        
        PID:9408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16295.exe
        12⤵
        
        PID:10536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6644 -s 376
        11⤵
        
        PID:9380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4788 -s 376
        10⤵
        
        PID:8052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3172 -s 372
        9⤵
        
        PID:6432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 596 -s 380
        8⤵
        Program crash
        
        PID:4948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13236.exe
        7⤵
        
        PID:3344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41574.exe
        8⤵
        
        PID:4748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26162.exe
        9⤵
        
        PID:6980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22450.exe
        10⤵
        
        PID:9260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35886.exe
        11⤵
        
        PID:11168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6980 -s 376
        10⤵
        
        PID:10088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4748 -s 376
        9⤵
        
        PID:8256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3344 -s 376
        8⤵
        
        PID:6448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 616 -s 376
        7⤵
        Program crash
        
        PID:4888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55151.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17041.exe
        7⤵
        
        PID:3668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36037.exe
        8⤵
        
        PID:4832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23323.exe
        9⤵
        
        PID:6080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58051.exe
        10⤵
        
        PID:8880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40586.exe
        11⤵
        
        PID:10924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6080 -s 376
        10⤵
        
        PID:8516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4832 -s 380
        9⤵
        
        PID:6960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3668 -s 376
        8⤵
        
        PID:5652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 608 -s 376
        7⤵
        Program crash
        
        PID:5092
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2200 -s 376
        6⤵
        Program crash
        
        PID:3212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63537.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44420.exe
        6⤵
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18995.exe
        7⤵
        
        PID:4452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15476.exe
        8⤵
        
        PID:5984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22450.exe
        9⤵
        
        PID:9276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36379.exe
        10⤵
        
        PID:11068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5984 -s 376
        9⤵
        
        PID:10112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4452 -s 376
        8⤵
        
        PID:7596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2728 -s 376
        7⤵
        
        PID:5920
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2308 -s 376
        6⤵
        Program crash
        
        PID:3296
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1124 -s 376
        5⤵
        Program crash
        
        PID:1472
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2640 -s 376
      4⤵
      Loads dropped DLL
      Program crash
      PID:1620
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1468 -s 368
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2776
- C:\Users\Admin\AppData\Local\Temp\Unicorn-4066.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-4066.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2140
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45587.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45587.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34342.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34342.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7263.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33159.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25925.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31784.exe
        8⤵
        
        PID:1816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35139.exe
        9⤵
        
        PID:4524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60702.exe
        10⤵
        
        PID:5896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33804.exe
        11⤵
        
        PID:8624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21885.exe
        12⤵
        
        PID:10640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5896 -s 376
        11⤵
        
        PID:9912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4524 -s 380
        10⤵
        
        PID:7464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1816 -s 376
        9⤵
        
        PID:5988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2892 -s 376
        8⤵
        Program crash
        
        PID:3528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6765.exe
        7⤵
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14334.exe
        8⤵
        
        PID:4724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23946.exe
        9⤵
        
        PID:5764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10114.exe
        10⤵
        
        PID:108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5764 -s 380
        10⤵
        
        PID:9856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4724 -s 376
        9⤵
        
        PID:7372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2880 -s 376
        8⤵
        
        PID:5824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2412 -s 376
        7⤵
        Program crash
        
        PID:3676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5867.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44420.exe
        7⤵
        
        PID:1888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55092.exe
        8⤵
        
        PID:3896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54843.exe
        9⤵
        
        PID:5872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63622.exe
        10⤵
        
        PID:9168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46965.exe
        11⤵
        
        PID:10476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5872 -s 380
        10⤵
        
        PID:9760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3896 -s 376
        9⤵
        
        PID:6928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1888 -s 380
        8⤵
        
        PID:5172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2320 -s 376
        7⤵
        Program crash
        
        PID:3828
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1400 -s 368
        6⤵
        Program crash
        
        PID:2384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62302.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29734.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27124.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1314.exe
        8⤵
        
        PID:4360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30230.exe
        9⤵
        
        PID:5640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10002.exe
        10⤵
        
        PID:8972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46965.exe
        11⤵
        
        PID:10500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5640 -s 380
        10⤵
        
        PID:9204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4360 -s 376
        9⤵
        
        PID:7184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2448 -s 380
        8⤵
        
        PID:5420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1144 -s 376
        7⤵
        Program crash
        
        PID:1072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11150.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9064.exe
        7⤵
        
        PID:3560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36037.exe
        8⤵
        
        PID:4896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24003.exe
        9⤵
        
        PID:6680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55423.exe
        10⤵
        
        PID:4824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22928.exe
        11⤵
        
        PID:10820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6680 -s 376
        10⤵
        
        PID:9896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4896 -s 380
        9⤵
        
        PID:8060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3560 -s 376
        8⤵
        
        PID:6488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1196 -s 376
        7⤵
        Program crash
        
        PID:5008
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2928 -s 376
        6⤵
        Program crash
        
        PID:2116
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1268 -s 376
        5⤵
        Program crash
        
        PID:764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32514.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32514.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:412
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 412 -s 188
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:2748
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2244 -s 376
      4⤵
      Program crash
      PID:1088
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18560.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18560.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22256.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22256.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41135.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36833.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36588.exe
        7⤵
        
        PID:3144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50733.exe
        8⤵
        
        PID:3956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3639.exe
        9⤵
        
        PID:4196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12093.exe
        10⤵
        
        PID:8476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23410.exe
        11⤵
        
        PID:9420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25668.exe
        12⤵
        
        PID:10784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40437.exe
        13⤵
        
        PID:10448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9420 -s 376
        12⤵
        
        PID:7808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8476 -s 376
        11⤵
        
        PID:9404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4196 -s 372
        10⤵
        
        PID:8856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3956 -s 376
        9⤵
        
        PID:6836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3144 -s 380
        8⤵
        
        PID:4956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2364 -s 376
        7⤵
        Program crash
        
        PID:3820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16085.exe
        6⤵
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30204.exe
        7⤵
        
        PID:4148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6794.exe
        8⤵
        
        PID:6120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41972.exe
        9⤵
        
        PID:8828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46965.exe
        10⤵
        
        PID:10492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45782.exe
        11⤵
        
        PID:1032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8828 -s 380
        10⤵
        
        PID:7748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6120 -s 368
        9⤵
        
        PID:9904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4148 -s 376
        8⤵
        
        PID:7000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2720 -s 380
        7⤵
        
        PID:5344
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1752 -s 376
        6⤵
        Program crash
        
        PID:3936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6059.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44420.exe
        6⤵
        
        PID:940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49329.exe
        7⤵
        
        PID:3872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57609.exe
        8⤵
        
        PID:4532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50951.exe
        9⤵
        
        PID:5724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7148.exe
        10⤵
        
        PID:8668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42881.exe
        11⤵
        
        PID:10468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5724 -s 380
        10⤵
        
        PID:9184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4532 -s 380
        9⤵
        
        PID:6944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43145.exe
        8⤵
        
        PID:5800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28376.exe
        9⤵
        
        PID:9212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22077.exe
        10⤵
        
        PID:10556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40437.exe
        11⤵
        
        PID:10516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9212 -s 380
        10⤵
        
        PID:10256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5800 -s 376
        9⤵
        
        PID:9880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3872 -s 376
        8⤵
        
        PID:7032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 940 -s 376
        7⤵
        Program crash
        
        PID:4476
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2432 -s 376
        6⤵
        Program crash
        
        PID:3708
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2664 -s 376
        5⤵
        Program crash
        
        PID:2520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4933.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4933.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25925.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30715.exe
        6⤵
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18995.exe
        7⤵
        
        PID:4460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18710.exe
        8⤵
        
        PID:6076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12999.exe
        9⤵
        
        PID:8920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26161.exe
        10⤵
        
        PID:10584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6076 -s 376
        9⤵
        
        PID:9920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4460 -s 372
        8⤵
        
        PID:6992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1696 -s 376
        7⤵
        
        PID:5552
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 876 -s 380
        6⤵
        Program crash
        
        PID:3248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16085.exe
        5⤵
        
        PID:2560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2658.exe
        6⤵
        
        PID:4412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39659.exe
        7⤵
        
        PID:6052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28376.exe
        8⤵
        
        PID:8204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1848.exe
        9⤵
        
        PID:10520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6052 -s 376
        8⤵
        
        PID:9864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4412 -s 380
        7⤵
        
        PID:6976
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2560 -s 380
        6⤵
        
        PID:5236
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2144 -s 376
        5⤵
        Program crash
        
        PID:3180
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2356 -s 376
      4⤵
      Program crash
      PID:2732
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2140 -s 368
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:1524
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2044 -s 376
  2⤵
  - Program crash
  PID:2684

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-1612.exe

Filesize
184KB

MD5
e263dee781cf1d10dc3efb8d24b94022

SHA1
3ca63c1661fe45f20d6c71c9a1565d0791b63301

SHA256
bc54db72f59192080589f82d4fad99d401102ebaa52a9f5bc36458cd7c084bb9

SHA512
811024d78da01c2487f59e626d7c4f10070dbb3bab5a7577b24fb40b1c861478e984762d168a2e39d7f52b6a84ae7dd1f5b037bc6e1a0dcfaac9735a740309a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18364.exe

Filesize
184KB

MD5
d1480d3da7efc78d5258e911bbead76d

SHA1
9ade0898f43e2ab9a9d60fae5337baebc1c5d649

SHA256
2697c43603560f972f269540d2c6e64d8dcee6bfc2dca9506c0b126e22a8ae0a

SHA512
6c2efcb6eb16205adfaa551d38d018f7fbb202edf879e0a7f677d2070a13360662dbb6b701d0edafe703bf936155a8d07fc64410e0cda1c1b7d041655852b33e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-1848.exe

Filesize
184KB

MD5
2f42a2f6fda0b899de7bae150a3bbce3

SHA1
6569262871e370caa38302ed59587be305bdaaf5

SHA256
2b6d8aa3c63f90d5a42efaf78269031b2c05d2cff0ad8caa76a3189d33727c05

SHA512
fdedcd65a0c374de67513c06cd26abadc066a1e9bf45d63b5f5bab38b0934a18b59bd11b1e48554221c2c0cd9012c2f1822f1043fce3729696c9e478d68f2b20

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18560.exe

Filesize
184KB

MD5
2bec9d3542577e211093710e495ab2d7

SHA1
19835b6707a73303d26f0014866913bb9141e971

SHA256
841fa517e7fdd962b2e69d04e9b5bc034cc61644a39f40d00ee6fc3582f3b677

SHA512
82f5c2633789b0152db996678de66cfa318359b470e3cb7d29deaf8273d2bdc3796103162575eab6bb727e8f06ca1996adcbeb0f7240714932ade60506d1f44d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26162.exe

Filesize
184KB

MD5
8a22d960c6bfa093ae973d6caa220c59

SHA1
dbd5c345cb5110ee5a9b276b9b14cd13622dc844

SHA256
46fa2ff72fb4a68420cd3006e0de5f05dc27d9a285ac6e37a87be58a1ff14fcf

SHA512
dc0140d9139a53f5eb12733f5e73ca9ace16cac50e50432f31ba24264c5616f39dbf2502c63710e38e4daa6c5c1a455b411cc5b7f12ca9fc30ebef87ff0d5627

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31004.exe

Filesize
184KB

MD5
d270c0c22d2bfc5bd1744c0b5d250949

SHA1
974f507106277a856301b16b3449dab226844391

SHA256
16d8719aab78c909c70532fd1ff0b11ace4902b6d3f83e33f7e246491b855e93

SHA512
66edd57ad8e9f3daa6320e0d6183cf91fd9425c63890c267973e6626b51c9fd876fa9cad0bcc38d322e9ae8525f290f2bda6ad67acd506e690340a593daa3054

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34342.exe

Filesize
184KB

MD5
59b57e92ee17904cccf31eacb6241d14

SHA1
2e42577178d4228436baa45cd175af2fa75ac08b

SHA256
86c793ab9195cd73d224881adbe569dd82d4712adbb354d38d1fb93e2a734eb5

SHA512
bfc36dd073ed5a9af879a2ddfe6280468f090a701a98540f4408676a872f718047eef5d79a9f499104f642529d59a82dce1c8e4afb6ca09446216d68d65067ec

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4066.exe

Filesize
184KB

MD5
9d9799aaa6bdc5b3fa798bb0285c8cd6

SHA1
0029ecad921d30c0460c9715dd334d964d452e9d

SHA256
4449b0d7c195e3eaf68791ba1013436eb064db56ec912d6e77e31325e5b9b58f

SHA512
3627050b2ca919f5e1f95c6d726a2c0220f00cceaaec8b46285aaae42052f18f886c33bea02b3085403ac983ab4e1e6cafb303b37fb6afd520dda3850149cd23

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47507.exe

Filesize
184KB

MD5
8f6c64e37d58df8591ef98fb74d347ff

SHA1
38c42bd062e3b7835549d6272ab61d0e9673847b

SHA256
504eb3230a21ad466cb9bd3639ad0ddab3e0db61a6dd2a3c88c621dcaa5e4ca3

SHA512
044a3c2c166e9114bfd408b1d959b2cd5ed75baefa5a5c19fcef0a699c1fccffaa970d5ead7da5c4ff087d11ae2d8ca6c79b8aaa6b9ab86f67c1ed6939394467

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50870.exe

Filesize
184KB

MD5
50d23ea1af8318d6624d3d0e4433a021

SHA1
add5fd831be5773525990a605708154fff3f7585

SHA256
2920aa2b6d4e1376e962f6b54a0c5f1e6f748178f387e9756289f5de29ac2ccf

SHA512
3de16a39995bb7716bc8362c7d6a7cd4a188975703a200e14fc48d6360f93cfed994274b46089f8989b9cd0bfe7d380a354fda33bfc83a1637af36976be7c38b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5642.exe

Filesize
184KB

MD5
23bcde506f68ac074ae16a07ec85c4e1

SHA1
3174fbec8c0af548e8e4d19c0847dac38de9dd13

SHA256
296cfaf794bf09f3586a17aae35b215f3dfe598776256df8cb25e97bf7e4eb80

SHA512
c1e0d872b529d854eb6ea76da348cbbcdc897d7928750788593c65b9d574f2b5c74f45537d83f8ed9b5625b8a957962eb68586fc36e94c20a134d6074e8bf8f2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5782.exe

Filesize
184KB

MD5
2841a4a47c0a3cc3254b7392573029c1

SHA1
2898838c0831e9e374e2d24458098ee170085314

SHA256
e1d1584001ec1336243123c3d223039372999cb5785be89eff328f4efc4adef5

SHA512
f340d6d1e5c1ad03afadd3a17e493abfeaf0e0c0718a98bc63b5ccfbae27297e199c6632fe17df924ed7d5d36821a165ccec22dc2ffa4da640f01a8251cabe6c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59453.exe

Filesize
184KB

MD5
b215ad2bb70129d4e06a43af91cbe964

SHA1
8326719d0e09fd380595a53ab45528efbea232a0

SHA256
9b6aaaaf308110d5fb6de44e9dee37db869ef9acd8fed40298d5c1c56870236d

SHA512
d419ed284c278d7d280bd83b11ca3fd1643c98e6472212d4aa3578cd318bde302e0ad0e579e859635c601d14a751a7075a2a346fb3db16e086a724d446771a2b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63535.exe

Filesize
184KB

MD5
ffa22637a2c10e1d97aa831884684afe

SHA1
5aa48ca08ba13190212cd986244b243caac78f3a

SHA256
80a86e91383db763699c897da38f7acbc9e2d385256e2398319fc0e68b0c4fbb

SHA512
8958886dc526a5b888f508d4123a302359852ca3c67baac4a0d76165a4c91750b99e6d9258b4b7387f9c404b01e64fd7d2bf7c2f21a69af1b53f96035d73ad68

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63622.exe

Filesize
184KB

MD5
85f9131f63e1cb155d25575453ab53fb

SHA1
4c4b40ff836fdbf2981a65b71c6818d83b33e064

SHA256
ef20c53c1efa4c8964a716873f2378a45200462db6a7c6fab548d7ed3b4fa664

SHA512
769b391a147a506c0b1e0badabdfef4058f3e11d4657544174742c29e7982efcf174b9e5545bdf37a19435c6c7f074b5b248f37500a1a2b77f779e351fe2128b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9837.exe

Filesize
184KB

MD5
a7fa0c9cac8bef60686c0ea2c30b1b29

SHA1
e2fabc6a0e4fc63fe1f2fd776932f9efc6ef81d3

SHA256
944f71763408095fe32fe9415e0170fe143916c09396c21d40a6034e694a4722

SHA512
33fb5b917721b32b8871d2f92b1bf9f472c305f115c301293ee0530268289bfd17dcd8eeab13319166699f5bd1c9ab2fd1b399dc84ea3a1409d29cce300870ba

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-10003.exe

Filesize
184KB

MD5
b2b11aa9d3eb7a53b7610287c2de8400

SHA1
3b43b11dbfed5c0df84c4c1c3238846499a5d4af

SHA256
e11fb5fd6ebc415fc052d433a4002fd695a3dac07c8a7d6ba530037436cf7ef6

SHA512
6008291e5bd89a5647a0596ae60afbdb1d2cee6125fd828dbc9c17e7782fe08f46f0851cc09f473ae7bfa3aa6940f744ef93bd6dfd07196ff42c2d5f8572078d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-18560.exe

Filesize
182KB

MD5
9683642799ee1068d3f6274ff7c61989

SHA1
0410dbd8093d437618f0694d16a058d10cc186f4

SHA256
dd7c4b0779181af857234691d4a76f27e28721373c0f924b3477079ae06ab35d

SHA512
269ebf23276ec4f7ce69552f7aa96678b694374fe8e616d98ef3b86f0450a67fad336de60fe0d969c0f9b8aa54e8da79dadf66aca378bacd40b2e0ce08b1a3ea

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-25721.exe

Filesize
184KB

MD5
c8daca570c7c4cc6c46037071386aa34

SHA1
c4f3bad6373f3416d3ba437b9868139d96c96424

SHA256
66409715b94e43ee79ee97881823fb75a514ed90d799b7289dfdbd9188f8b7b0

SHA512
e06f627c0561103c6af6cf3d158125d3e8b0539b5afe0e1d7c6ef6fef9cf3268eb6537ceb203a375bc5a95bad192e463bad30937f58cc569fbaa6c92e5a2f93f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-4066.exe

Filesize
38KB

MD5
f1610f4a37e8e1ad2cc518d2095ef773

SHA1
cba3c1dafade12efb699242ea522c399df238f45

SHA256
476a90e49e2ddd844c70e8ed14c135769fe7576802e32cd5747b2de29a6a6226

SHA512
1679e4988ed81cd18ca0a83400d2245601f3635b051f63ecb937fe46a92675f79dc430831883243cac1780cf2bfe7fcfad1ac0131acc7313362e5a7119e18204

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-4066.exe

Filesize
32KB

MD5
59fe2023381ae7561373d8685ba1c231

SHA1
e2c922a2241727f1a71ecca091315140ad5fdaa5

SHA256
c24da6239924d0b48e8061e77ca0d1debeb2a19ef7dd7ddab270610c6292415f

SHA512
c1c2913f84d785f56043bd02700be898b85703909aab2eb82fcd4747f505620c8f5221b751f5601b7ee07aea47014044ebb0df94f0571c54742c0f8f5c757005

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-4066.exe

Filesize
70KB

MD5
dd2ce63a0ed5e13c60033e26f3a9be1b

SHA1
8924e1c4a2eaf764cbc6662e9d58682aac2ca916

SHA256
d005c588427031001db367c99b6008d983f16bfac1eea490f1019907218a6b89

SHA512
be2ecd4f25929a6b89305539451e33933730deb0f5ec30ada8123c4581770c3927cbf89cf21fa5ab6d4565c842edcbdd2cc60234378ecfede8c058b475d4e4d8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-4066.exe

Filesize
55KB

MD5
c7c2e60720df7ea31ae9aeaa5b31e6d5

SHA1
9eb4ed8197e28df2b9a1f9ce6fc5495c208ac07f

SHA256
7d8dfc744e8b18bd1eea27fa2c8c9af43fd53d6609f8f7518a65bde01e875153

SHA512
79cd91485099408c11040b91cbeb70a896e11fbb8f74571a9b3418b13b73154fc5405e8d1224a72afb531cace480d820836aa74bcfa82b0d48ea8d9787bd369f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-4554.exe

Filesize
184KB

MD5
4ea3f081b8ae4b4a66f35d93477aba66

SHA1
7d1519a2b80e7aa8c3b071427d375c85f4cdace0

SHA256
ed1f99127fbf8b4a30827e24a3774557eb2fd0831053cc9816883aca86c21888

SHA512
b9f1c22569e9c481916a384ef8aec82c88a321f6887ddf1c161b12077d57082c5912ffbe43b7d1a861c88952f5b82d89491e09a9055fc09e7d6e4f870fbda150

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-45587.exe

Filesize
184KB

MD5
701f9f9e0b2872557d7e6413fa174ab7

SHA1
c454f99fd88b664035ac62a30760a660918699cd

SHA256
5b878a20b032fa7435754f8f231f677b3080fb119fc6a8f404fab9ad9ff25ed0

SHA512
988402ef534e90eb9fd0e6461ba38fbff1fe345232a7930b0847366c2ddcee522377f1e49274abbc437d657023ee32aeeb711d09b651307386c381987657afc9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-52520.exe

Filesize
78KB

MD5
38f69f43f44c470b6ed4299ec7031866

SHA1
9a4fbf6f5dde09ad67021b22f1b4af4c4d750229

SHA256
a3c33d6fc518377e88c0020b3b860016066387145ea5d52812199e2fb7913203

SHA512
0b4daae2a8161cd9a53a1b83a4924b88c249bc3d3b4bdfa3c98a7618457e49b90503d43e0322dcfb15641dc758e8cb1c8426099697ff80349ce4486ef378a100

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-52520.exe

Filesize
173KB

MD5
f57c3d729a81e09c8b040e50c268b840

SHA1
9cc97f3f53fed2f4f32eeb2e617b760884eb1ce3

SHA256
94148616e7ce3ae7867f617e8cac56b4c25a6f6110e3e93811d11cd7fd1275cd

SHA512
0abc56ba9a4acd16a144801b7335be7aa7673111c06fe08a5835b0349f1f4324be3bcd86a49b8d8fb80bee7da0d907a3b5908ba81a41a3d8fbffcb3fff9ececd

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-52520.exe

Filesize
184KB

MD5
2bd5e004f8d80d59dd211107df6f4307

SHA1
605d7d3aca5853a5859fb99815a6eb39ddef49ec

SHA256
963b4aee4cc33c740796c38e3636c6a87cc5fff2df8e153a268ddb0b35740fba

SHA512
3b9a6750d1c75b321478468d844cbd78cef762d5dd319fb73ac2f94e0f284ddf50a288cc6ea7284fb8397dd8c47b2e1ce77db8ce3b5cdf6b1a208de49e2f3f60

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-59453.exe

Filesize
182KB

MD5
736a9a9b84a82176290c291bfec7534e

SHA1
083f19b58b562204bc008d292464e731cdbf8d4c

SHA256
5f0eb29e36386573a0f6b8824e1dfc7ae23f6a0a4f2b14f995c24174243a1711

SHA512
1632a4e46b4ad0832cd8dd5c735df1c2779cebe5864a44811b4967809b3b5a6a087991b2a6e999799c22baa9a7bb6dcfc014afa48fe116054ed8d8861017f892

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads